commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d Author: Greg Kroah-Hartman Date: Mon Oct 22 07:37:37 2018 +0100 Linux 4.19 commit 8e630c31a3dfc7f4ab1007f95dd507cb2fe1dda5 Author: Greg Kroah-Hartman Date: Fri Oct 19 11:30:16 2018 +0200 MAINTAINERS: Add an entry for the code of conduct As I introduced these files, I'm willing to be the maintainer of them as well. Acked-by: Chris Mason Acked-by: Olof Johansson Acked-by: Steven Rostedt (VMware) Acked-by: Theodore Ts'o Acked-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman commit f3f76d640141e9a5aababafb80abbdc1c3c46823 Author: Greg Kroah-Hartman Date: Fri Oct 19 11:08:12 2018 +0200 Code of Conduct: Change the contact email address The contact point for the kernel's Code of Conduct should now be the Code of Conduct Committee, not the full TAB. Change the email address in the file to properly reflect this. Acked-by: Chris Mason Acked-by: Olof Johansson Acked-by: Theodore Ts'o Acked-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman commit d117a85478efaac1338c24c7504a6e759aaecdfc Author: Greg Kroah-Hartman Date: Fri Oct 19 11:04:07 2018 +0200 Code of Conduct Interpretation: Put in the proper URL for the committee There was a blank reference for how to find the Code of Conduct Committee. Fix that up by pointing it to the correct kernel.org website page location. Acked-by: Chris Mason Acked-by: Olof Johansson Acked-by: Theodore Ts'o Acked-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman commit f7e585843217caff0aa9fb7dc9d796f0fa92162b Author: Greg Kroah-Hartman Date: Fri Oct 19 10:45:08 2018 +0200 Code of Conduct: Provide links between the two documents Create a link between the Code of Conduct and the Code of Conduct Interpretation so that people can see that they are related. Acked-by: Chris Mason Acked-by: Olof Johansson Acked-by: Theodore Ts'o Acked-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman commit d84feee76f7f8171550ea2859c16f393599d0f58 Author: Greg Kroah-Hartman Date: Fri Oct 19 10:28:14 2018 +0200 Code of Conduct Interpretation: Properly reference the TAB correctly We use the term "TAB" before defining it later in the document. Fix that up by defining it at the first location. Reported-by: Kuninori Morimoto Acked-by: Chris Mason Acked-by: Olof Johansson Acked-by: Theodore Ts'o Acked-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman commit 79dbeed36f7335ec6432029dbf019ebce28e963e Author: Greg Kroah-Hartman Date: Sun Oct 14 16:16:47 2018 +0200 Code of Conduct Interpretation: Add document explaining how the Code of Conduct is to be interpreted The Contributor Covenant Code of Conduct is a general document meant to provide a set of rules for almost any open source community. Every open-source community is unique and the Linux kernel is no exception. Because of this, this document describes how we in the Linux kernel community will interpret it. We also do not expect this interpretation to be static over time, and will adjust it as needed. This document was created with the input and feedback of the TAB as well as many current kernel maintainers. Co-Developed-by: Thomas Gleixner Co-Developed-by: Olof Johansson Acked-by: Alex Deucher Acked-by: Alexei Starovoitov Acked-by: Amir Goldstein Acked-by: Andrew Morton Acked-by: Andy Lutomirski Acked-by: Anna-Maria Gleixner Acked-by: Ard Biesheuvel Acked-by: Benjamin Herrenschmidt Acked-by: Boris Brezillon Acked-by: Borislav Petkov Acked-by: Chris Mason Acked-by: Christian Lütke-Stetzkamp Acked-by: Colin Ian King Acked-by: Dan Carpenter Acked-by: Dan Williams Acked-by: Daniel Borkmann Acked-by: Daniel Vetter Acked-by: Dave Airlie Acked-by: Dave Hansen Acked-by: David Ahern Acked-by: David Sterba Acked-by: Dmitry Torokhov Acked-by: Dominik Brodowski Acked-by: Eric Dumazet Acked-by: Felipe Balbi Acked-by: Felix Kuehling Acked-by: Florian Fainelli Acked-by: Geert Uytterhoeven Acked-by: Grant Likely Acked-by: Gregory CLEMENT Acked-by: Guenter Roeck Acked-by: Gustavo A. R. Silva Acked-by: Hans Verkuil Acked-by: Hans de Goede Acked-by: Harry Wentland Acked-by: Heiko Stuebner Acked-by: Ingo Molnar Acked-by: Jaegeuk Kim Acked-by: James Smart Acked-by: James Smart Acked-by: Jan Kara Acked-by: Jani Nikula Acked-by: Jason A. Donenfeld Acked-by: Jeff Kirsher Acked-by: Jens Axboe Acked-by: Jessica Yu Acked-by: Jia-Ju Bai Acked-by: Jiri Kosina Acked-by: Jiri Olsa Acked-by: Joerg Roedel Acked-by: Johan Hovold Acked-by: Johannes Thumshirn Acked-by: Jonathan Corbet Acked-by: Julia Lawall Acked-by: Kees Cook Acked-by: Kirill Tkhai Acked-by: Kuninori Morimoto Acked-by: Laurent Pinchart Acked-by: Lina Iyer Acked-by: Linus Torvalds Acked-by: Linus Walleij Acked-by: Mark Brown Acked-by: Masahiro Yamada Acked-by: Masami Hiramatsu Acked-by: Mathieu Desnoyers Acked-by: Matias Bjørling Acked-by: Mauro Carvalho Chehab Acked-by: Maxime Ripard Acked-by: Michael Ellerman Acked-by: Mike Rapoport Acked-by: Mimi Zohar Acked-by: Miquel Raynal Acked-by: Mishi Choudhary Acked-by: Nikolay Borisov Acked-by: Oded Gabbay Acked-by: Palmer Dabbelt Acked-by: Paul E. McKenney Acked-by: Peter Zijlstra Acked-by: Rafael J. Wysocki Acked-by: Richard Weinberger Acked-by: Rik van Riel Acked-by: Rob Clark Acked-by: Rob Herring Acked-by: Rodrigo Vivi Acked-by: Sean Paul Acked-by: Sebastian Andrzej Siewior Acked-by: Sebastian Reichel Acked-by: Sergio Paracuellos Acked-by: Shawn Guo Acked-by: Shuah Khan Acked-by: Simon Horman Acked-by: Srinivas Kandagatla Acked-by: Stephen Hemminger Acked-by: Takashi Iwai Acked-by: Tejun Heo Acked-by: Theodore Ts'o Acked-by: Thierry Reding Acked-by: Todd Poynor Acked-by: Viresh Kumar Acked-by: Wei Yongjun Acked-by: YueHaibing Reviewed-by: Steven Rostedt Signed-off-by: Thomas Gleixner Signed-off-by: Olof Johansson Signed-off-by: Greg Kroah-Hartman commit c1d1ba844f01e747aa0272a4ee5c886024cd90eb Author: Chris Mason Date: Thu Oct 11 09:09:31 2018 -0700 Code of conduct: Fix wording around maintainers enforcing the code of conduct As it was originally worded, this paragraph requires maintainers to enforce the code of conduct, or face potential repercussions. It sends the wrong message, when really we just want maintainers to be part of the solution and not violate the code of conduct themselves. Removing it doesn't limit our ability to enforce the code of conduct, and we can still encourage maintainers to help maintain high standards for the level of discourse in their subsystem. Signed-off-by: Chris Mason Acked-by: Alex Deucher Acked-by: Amir Goldstein Acked-by: Andrew Morton Acked-by: Anna-Maria Gleixner Acked-by: Ard Biesheuvel Acked-by: Benjamin Herrenschmidt Acked-by: Boris Brezillon Acked-by: Borislav Petkov Acked-by: Christian Lütke-Stetzkamp Acked-by: Christoph Hellwig Acked-by: Colin Ian King Acked-by: Dan Carpenter Acked-by: Dan Williams Acked-by: Daniel Borkmann Acked-by: Dave Airlie Acked-by: Dave Hansen Acked-by: David Ahern Acked-by: David Sterba Acked-by: Dmitry Torokhov Acked-by: Dominik Brodowski Acked-by: Eric Dumazet Acked-by: Felipe Balbi Acked-by: Felix Kuehling Acked-by: Florian Fainelli Acked-by: Florian Westphal Acked-by: Geert Uytterhoeven Acked-by: Grant Likely Acked-by: Gregory CLEMENT Acked-by: Guenter Roeck Acked-by: Gustavo A. R. Silva Acked-by: Hans Verkuil Acked-by: Hans de Goede Acked-by: Harry Wentland Acked-by: Heiko Stuebner Acked-by: Ingo Molnar Acked-by: Jaegeuk Kim Acked-by: James Smart Acked-by: James Smart Acked-by: Jan Kara Acked-by: Jason A. Donenfeld Acked-by: Jeff Kirsher Acked-by: Jens Axboe Acked-by: Jessica Yu Acked-by: Jia-Ju Bai Acked-by: Jiri Kosina Acked-by: Jiri Olsa Acked-by: Joerg Roedel Acked-by: Johan Hovold Acked-by: Johannes Thumshirn Acked-by: Jonathan Corbet Acked-by: Julia Lawall Acked-by: Kees Cook Acked-by: Kirill Tkhai Acked-by: Kuninori Morimoto Acked-by: Laurent Pinchart Acked-by: Lina Iyer Acked-by: Linus Torvalds Acked-by: Linus Walleij Acked-by: Mark Brown Acked-by: Masahiro Yamada Acked-by: Masami Hiramatsu Acked-by: Mathieu Desnoyers Acked-by: Matias Bjørling Acked-by: Maxime Ripard Acked-by: Michael Ellerman Acked-by: Mike Rapoport Acked-by: Mimi Zohar Acked-by: Miquel Raynal Acked-by: Nikolay Borisov Acked-by: Oded Gabbay Acked-by: Olof Johansson Acked-by: Palmer Dabbelt Acked-by: Paul E. McKenney Acked-by: Peter Zijlstra Acked-by: Rafael J. Wysocki Acked-by: Richard Weinberger Acked-by: Rik van Riel Acked-by: Rob Clark Acked-by: Rob Herring Acked-by: Rodrigo Vivi Acked-by: Sebastian Andrzej Siewior Acked-by: Sebastian Reichel Acked-by: Sergio Paracuellos Acked-by: Shawn Guo Acked-by: Shuah Khan Acked-by: Simon Horman Acked-by: Srinivas Kandagatla Acked-by: Stephen Hemminger Acked-by: Takashi Iwai Acked-by: Tejun Heo Acked-by: Theodore Ts'o Acked-by: Thierry Reding Acked-by: Thomas Gleixner Acked-by: Tim Bird Acked-by: Todd Poynor Acked-by: Trond Myklebust Acked-by: Viresh Kumar Acked-by: Wei Yongjun Acked-by: YueHaibing Reviewed-by: Mauro Carvalho Chehab Reviewed-by: Steven Rostedt Signed-off-by: Greg Kroah-Hartman commit 467e050e9760fc31dcf854ec88401e18419f5f78 Merge: 23469de647c4 31d86033a074 Author: Greg Kroah-Hartman Date: Sun Oct 21 13:51:36 2018 +0200 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Wolfram writes: "i2c for 4.19 Another driver bugfix and MAINTAINERS addition from I2C." * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: rcar: cleanup DMA for all kinds of failure MAINTAINERS: Add entry for Broadcom STB I2C controller commit 23469de647c4c7b68b5d135927b1c509f0e757e6 Merge: b0d04fb56b31 d2fb4fb8ee91 Author: Greg Kroah-Hartman Date: Sun Oct 21 10:08:38 2018 +0200 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net David writes: "Networking: A few straggler bug fixes: 1) Fix indexing of multi-pass dumps of ipv6 addresses, from David Ahern. 2) Revert RCU locking change for bonding netpoll, causes worse problems than it solves. 3) pskb_trim_rcsum_slow() doesn't handle odd trim offsets, resulting in erroneous bad hw checksum triggers with CHECKSUM_COMPLETE devices. From Dimitris Michailidis. 4) a revert to some neighbour code changes that adjust notifications in a way that confuses some apps." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: Revert "neighbour: force neigh_invalidate when NUD_FAILED update is from admin" net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs net: fix pskb_trim_rcsum_slow() with odd trim offset Revert "bond: take rcu lock in netpoll_send_skb_on_dev" commit d2fb4fb8ee91c1b8a1dbba6afda6f5ed2eb28bdc Author: Roopa Prabhu Date: Sat Oct 20 18:09:31 2018 -0700 Revert "neighbour: force neigh_invalidate when NUD_FAILED update is from admin" This reverts commit 8e326289e3069dfc9fa9c209924668dd031ab8ef. This patch results in unnecessary netlink notification when one tries to delete a neigh entry already in NUD_FAILED state. Found this with a buggy app that tries to delete a NUD_FAILED entry repeatedly. While the notification issue can be fixed with more checks, adding more complexity here seems unnecessary. Also, recent tests with other changes in the neighbour code have shown that the INCOMPLETE and PROBE checks are good enough for the original issue. Signed-off-by: Roopa Prabhu Signed-off-by: David S. Miller commit 4ba4c566ba8448a05e6257e0b98a21f1a0d55315 Author: David Ahern Date: Fri Oct 19 10:00:19 2018 -0700 net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs The loop wants to skip previously dumped addresses, so loops until current index >= saved index. If the message fills it wants to save the index for the next address to dump - ie., the one that did not fit in the current message. Currently, it is incrementing the index counter before comparing to the saved index, and then the saved index is off by 1 - it assumes the current address is going to fit in the message. Change the index handling to increment only after a succesful dump. Fixes: 502a2ffd7376a ("ipv6: convert idev_list to list macros") Signed-off-by: David Ahern Signed-off-by: David S. Miller commit 31d86033a0749a0463ea654130b2de5c163154f1 Author: Wolfram Sang Date: Fri Oct 19 21:15:26 2018 +0200 i2c: rcar: cleanup DMA for all kinds of failure DMA needs to be cleaned up not only on timeout, but on all errors where it has been setup before. Fixes: 73e8b0528346 ("i2c: rcar: add DMA support") Signed-off-by: Wolfram Sang Signed-off-by: Wolfram Sang commit 72a7a4aa77a05876e83f587f4cbe1e00ddc5ede1 Author: Kamal Dasu Date: Wed Oct 17 12:05:09 2018 -0400 MAINTAINERS: Add entry for Broadcom STB I2C controller Add an entry for the Broadcom STB I2C controller in the MAINTAINERS file. Signed-off-by: Kamal Dasu Acked-by: Florian Fainelli [wsa: fixed sorting and a whitespace error] Signed-off-by: Wolfram Sang commit b0d04fb56b3173626a15406d69f3026ca313057f Merge: 14dbc56aa27d 485734f3fc77 Author: Greg Kroah-Hartman Date: Sat Oct 20 15:04:23 2018 +0200 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Ingo writes: "x86 fixes: It's 4 misc fixes, 3 build warning fixes and 3 comment fixes. In hindsight I'd have left out the 3 comment fixes to make the pull request look less scary at such a late point in the cycle. :-/" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/swiotlb: Enable swiotlb for > 4GiG RAM on 32-bit kernels x86/fpu: Fix i486 + no387 boot crash by only saving FPU registers on context switch if there is an FPU x86/fpu: Remove second definition of fpu in __fpu__restore_sig() x86/entry/64: Further improve paranoid_entry comments x86/entry/32: Clear the CS high bits x86/boot: Add -Wno-pointer-sign to KBUILD_CFLAGS x86/time: Correct the attribute on jiffies' definition x86/entry: Add some paranoid entry/exit CR3 handling comments x86/percpu: Fix this_cpu_read() x86/tsc: Force inlining of cyc2ns bits commit 14dbc56aa27d8b3f7cf99fa06e77fdc592b577c1 Merge: 9b00eb8ac273 9845c49cc9bb Author: Greg Kroah-Hartman Date: Sat Oct 20 15:03:45 2018 +0200 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Ingo writes: "scheduler fixes: Two fixes: a CFS-throttling bug fix, and an interactivity fix." * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/fair: Fix the min_vruntime update logic in dequeue_entity() sched/fair: Fix throttle_list starvation with low CFS quota commit 9b00eb8ac2738b27a1469046f2ca76449dcdf04a Merge: 270b77a0f30e 20e8e72d0fa8 Author: Greg Kroah-Hartman Date: Sat Oct 20 15:02:51 2018 +0200 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Ingo writes: "perf fixes: Misc perf tooling fixes." * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf tools: Stop fallbacking to kallsyms for vdso symbols lookup perf tools: Pass build flags to traceevent build perf report: Don't crash on invalid inline debug information perf cpu_map: Align cpu map synthesized events properly. perf tools: Fix tracing_path_mount proper path perf tools: Fix use of alternatives to find JDIR perf evsel: Store ids for events with their own cpus perf_event__synthesize_event_update_cpus perf vendor events intel: Fix wrong filter_band* values for uncore events Revert "perf tools: Fix PMU term format max value calculation" tools headers uapi: Sync kvm.h copy tools arch uapi: Sync the x86 kvm.h copy commit d55bef5059dd057bd077155375c581b49d25be7e Author: Dimitris Michailidis Date: Fri Oct 19 17:07:13 2018 -0700 net: fix pskb_trim_rcsum_slow() with odd trim offset We've been getting checksum errors involving small UDP packets, usually 59B packets with 1 extra non-zero padding byte. netdev_rx_csum_fault() has been complaining that HW is providing bad checksums. Turns out the problem is in pskb_trim_rcsum_slow(), introduced in commit 88078d98d1bb ("net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends"). The source of the problem is that when the bytes we are trimming start at an odd address, as in the case of the 1 padding byte above, skb_checksum() returns a byte-swapped value. We cannot just combine this with skb->csum using csum_sub(). We need to use csum_block_sub() here that takes into account the parity of the start address and handles the swapping. Matches existing code in __skb_postpull_rcsum() and esp_remove_trailer(). Fixes: 88078d98d1bb ("net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends") Signed-off-by: Dimitris Michailidis Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller commit 270b77a0f30e7bc61a9081b86d74dbb62fa6a69d Merge: 6b5201c21d40 fe7acd1e303d Author: Greg Kroah-Hartman Date: Sat Oct 20 09:23:12 2018 +0200 Merge tag 'drm-fixes-2018-10-20-1' of git://anongit.freedesktop.org/drm/drm Dave writes: "drm fixes for 4.19 final (part 2) Looked like two stragglers snuck in, one very urgent the pageflipping was missing a reference that could result in a GPF on non-i915 drivers, the other is an overflow in the sun4i dotclock calcs resulting in a mode not getting set." * tag 'drm-fixes-2018-10-20-1' of git://anongit.freedesktop.org/drm/drm: drm/sun4i: Fix an ulong overflow in the dotclock driver drm: Get ref on CRTC commit object when waiting for flip_done commit 6b5201c21d4022e71058cbd87b9dfe3116143af1 Merge: d4ec49d332ab ba0e41ca81b9 Author: Greg Kroah-Hartman Date: Sat Oct 20 09:20:48 2018 +0200 Merge tag 'trace-v4.19-rc8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Steven writes: "tracing: A few small fixes to synthetic events Masami found some issues with the creation of synthetic events. The first two patches fix handling of unsigned type, and handling of a space before an ending semi-colon. The third patch adds a selftest to test the processing of synthetic events." * tag 'trace-v4.19-rc8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: selftests: ftrace: Add synthetic event syntax testcase tracing: Fix synthetic event to allow semicolon at end tracing: Fix synthetic event to accept unsigned modifier commit d4ec49d332aba29827504cc666205aef91a281c7 Merge: c7b70a641df2 13c1c5e4d7f8 Author: Greg Kroah-Hartman Date: Sat Oct 20 08:42:56 2018 +0200 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Dmitry writes: "Input updates for 4.19-rc8 Just an addition to elan touchpad driver ACPI table." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM commit fe7acd1e303d74584040a902d78726ba5a4b9b4a Merge: f8e6e1b6f0ae e84cb605e02f Author: Dave Airlie Date: Sat Oct 20 07:18:12 2018 +1000 Merge tag 'drm-misc-fixes-2018-10-19' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes Second pull request for v4.19: - Fix ulong overflow in sun4i - Fix a serious GPF in waiting for flip_done from commit_tail(). Signed-off-by: Dave Airlie From: Maarten Lankhorst Link: https://patchwork.freedesktop.org/patch/msgid/97d1ed42-1d99-fcc5-291e-cd1dc29a4252@linux.intel.com commit ba0e41ca81b935b958006c7120466e2217357827 Author: Masami Hiramatsu Date: Thu Oct 18 22:13:02 2018 +0900 selftests: ftrace: Add synthetic event syntax testcase Add a testcase to check the syntax and field types for synthetic_events interface. Link: http://lkml.kernel.org/r/153986838264.18251.16627517536956299922.stgit@devbox Acked-by: Shuah Khan Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit a360d9e4016c1fcf41553b37ad496870dc5723d0 Author: Masami Hiramatsu Date: Thu Oct 18 22:12:34 2018 +0900 tracing: Fix synthetic event to allow semicolon at end Fix synthetic event to allow independent semicolon at end. The synthetic_events interface accepts a semicolon after the last word if there is no space. # echo "myevent u64 var;" >> synthetic_events But if there is a space, it returns an error. # echo "myevent u64 var ;" > synthetic_events sh: write error: Invalid argument This behavior is difficult for users to understand. Let's allow the last independent semicolon too. Link: http://lkml.kernel.org/r/153986835420.18251.2191216690677025744.stgit@devbox Cc: Shuah Khan Cc: Tom Zanussi Cc: stable@vger.kernel.org Fixes: commit 4b147936fa50 ("tracing: Add support for 'synthetic' events") Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit 282447ba6b00c64678ffdf964f44e5c8b1c68377 Author: Masami Hiramatsu Date: Thu Oct 18 22:12:05 2018 +0900 tracing: Fix synthetic event to accept unsigned modifier Fix synthetic event to accept unsigned modifier for its field type correctly. Currently, synthetic_events interface returns error for "unsigned" modifiers as below; # echo "myevent unsigned long var" >> synthetic_events sh: write error: Invalid argument This is because argv_split() breaks "unsigned long" into "unsigned" and "long", but parse_synth_field() doesn't expected it. With this fix, synthetic_events can handle the "unsigned long" correctly like as below; # echo "myevent unsigned long var" >> synthetic_events # cat synthetic_events myevent unsigned long var Link: http://lkml.kernel.org/r/153986832571.18251.8448135724590496531.stgit@devbox Cc: Shuah Khan Cc: Tom Zanussi Cc: stable@vger.kernel.org Fixes: commit 4b147936fa50 ("tracing: Add support for 'synthetic' events") Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit 48995423143a097527802e28d7add20e5a27677a Author: David S. Miller Date: Fri Oct 19 10:45:08 2018 -0700 Revert "bond: take rcu lock in netpoll_send_skb_on_dev" This reverts commit 6fe9487892b32cb1c8b8b0d552ed7222a527fe30. It is causing more serious regressions than the RCU warning it is fixing. Signed-off-by: David S. Miller commit c7b70a641df26002e8f26e2b8122fcb6a1d815a1 Merge: b2a205ff49b9 9ae24af36691 Author: Greg Kroah-Hartman Date: Fri Oct 19 19:25:44 2018 +0200 Merge tag 'usb-4.19-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb I wrote: "USB fixes for 4.19-final Here are a small number of last-minute USB driver fixes Included here are: - spectre fix for usb storage gadgets - xhci fixes - cdc-acm fixes - usbip fixes for reported problems All of these have been in linux-next with no reported issues." * tag 'usb-4.19-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: usb: gadget: storage: Fix Spectre v1 vulnerability USB: fix the usbfs flag sanitization for control transfers usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable cdc-acm: correct counting of UART states in serial state notification cdc-acm: do not reset notification buffer index upon urb unlinking cdc-acm: fix race between reset and control messaging usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() selftests: usbip: add wait after attach and before checking port status commit b2a205ff49b9c55d4bdda1bdb10ad19ebd646221 Merge: 91b15613ce7f 744889b7cbb5 Author: Greg Kroah-Hartman Date: Fri Oct 19 18:51:07 2018 +0200 Merge tag 'for-linus-20181019' of git://git.kernel.dk/linux-block Jens writes: "Block fixes for 4.19-final Two small fixes that should go into this release." * tag 'for-linus-20181019' of git://git.kernel.dk/linux-block: block: don't deal with discard limit in blkdev_issue_discard() nvme: remove ns sibling before clearing path commit e84cb605e02f1b3d0aee8d7157419cd8aaa06038 Author: Boris Brezillon Date: Thu Oct 18 12:02:50 2018 +0200 drm/sun4i: Fix an ulong overflow in the dotclock driver The calculated ideal rate can easily overflow an unsigned long, thus making the best div selection buggy as soon as no ideal match is found before the overflow occurs. Fixes: 4731a72df273 ("drm/sun4i: request exact rates to our parents") Cc: Signed-off-by: Boris Brezillon Acked-by: Maxime Ripard Signed-off-by: Maxime Ripard Link: https://patchwork.freedesktop.org/patch/msgid/20181018100250.12565-1-boris.brezillon@bootlin.com commit 91b15613ce7fb3e724ca0d433eef8e6bf15322af Merge: 2a9666105445 d4d576f5ab7e Author: Greg Kroah-Hartman Date: Fri Oct 19 09:16:20 2018 +0200 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net David writes: "Networking 1) Fix gro_cells leak in xfrm layer, from Li RongQing. 2) BPF selftests change RLIMIT_MEMLOCK blindly, don't do that. From Eric Dumazet. 3) AF_XDP calls synchronize_net() under RCU lock, fix from Björn Töpel. 4) Out of bounds packet access in _decode_session6(), from Alexei Starovoitov. 5) Several ethtool bugs, where we copy a struct into the kernel twice and our validations of the values in the first copy can be invalidated by the second copy due to asynchronous updates to the memory by the user. From Wenwen Wang. 6) Missing netlink attribute validation in cls_api, from Davide Caratti. 7) LLC SAP sockets neet to be SOCK_RCU FREE, from Cong Wang. 8) rxrpc operates on wrong kvec, from Yue Haibing. 9) A regression was introduced by the disassosciation of route neighbour references in rt6_probe(), causing probe for neighbourless routes to not be properly rate limited. Fix from Sabrina Dubroca. 10) Unsafe RCU locking in tipc, from Tung Nguyen. 11) Use after free in inet6_mc_check(), from Eric Dumazet. 12) PMTU from icmp packets should update the SCTP transport pathmtu, from Xin Long. 13) Missing peer put on error in rxrpc, from David Howells. 14) Fix pedit in nfp driver, from Pieter Jansen van Vuuren. 15) Fix overflowing shift statement in qla3xxx driver, from Nathan Chancellor. 16) Fix Spectre v1 in ptp code, from Gustavo A. R. Silva. 17) udp6_unicast_rcv_skb() interprets udpv6_queue_rcv_skb() return value in an inverted manner, fix from Paolo Abeni. 18) Fix missed unresolved entries in ipmr dumps, from Nikolay Aleksandrov. 19) Fix NAPI handling under high load, we can completely miss events when NAPI has to loop more than one time in a cycle. From Heiner Kallweit." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (49 commits) ip6_tunnel: Fix encapsulation layout tipc: fix info leak from kernel tipc_event net: socket: fix a missing-check bug net: sched: Fix for duplicate class dump r8169: fix NAPI handling under high load net: ipmr: fix unresolved entry dumps net: mscc: ocelot: Fix comment in ocelot_vlant_wait_for_completion() sctp: fix the data size calculation in sctp_data_size virtio_net: avoid using netif_tx_disable() for serializing tx routine udp6: fix encap return code for resubmitting mlxsw: core: Fix use-after-free when flashing firmware during init sctp: not free the new asoc when sctp_wait_for_connect returns err sctp: fix race on sctp_id2asoc r8169: re-enable MSI-X on RTL8168g net: bpfilter: use get_pid_task instead of pid_task ptp: fix Spectre v1 vulnerability net: qla3xxx: Remove overflowing shift statement geneve, vxlan: Don't set exceptions if skb->len < mtu geneve, vxlan: Don't check skb_dst() twice sctp: get pr_assoc and pr_stream all status with SCTP_PR_SCTP_ALL instead ... commit 2a96661054452c3016c377d72a38c6d4948ea6ae Merge: 7555c5d5a879 27faeebd0081 Author: Greg Kroah-Hartman Date: Fri Oct 19 09:15:12 2018 +0200 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc David writes: "Sparc fixes: The main bit here is fixing how fallback system calls are handled in the sparc vDSO. Unfortunately, I fat fingered the commit and some perf debugging hacks slipped into the vDSO fix, which I revert in the very next commit." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc: Revert unintended perf changes. sparc: vDSO: Silence an uninitialized variable warning sparc: Fix syscall fallback bugs in VDSO. commit 7555c5d5a87973fbdee201ff63d2edd748933177 Merge: eb6d938ffa48 f8e6e1b6f0ae Author: Greg Kroah-Hartman Date: Fri Oct 19 08:31:22 2018 +0200 Merge tag 'drm-fixes-2018-10-19' of git://anongit.freedesktop.org/drm/drm Dave writes: "drm fixes for 4.19 final Just a last set of misc core fixes for final. 4 fixes, one use after free, one fb integration fix, one EDID fix, and one laptop panel quirk," * tag 'drm-fixes-2018-10-19' of git://anongit.freedesktop.org/drm/drm: drm/edid: VSDB yCBCr420 Deep Color mode bit definitions drm: fix use of freed memory in drm_mode_setcrtc drm: fb-helper: Reject all pixel format changing requests drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl commit eb6d938ffa486dd89331cbfa2137038df6c912d2 Merge: fa520c47eaa1 a3671a4f973e Author: Greg Kroah-Hartman Date: Fri Oct 19 08:30:35 2018 +0200 Merge tag 'for-gkh' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Doug writes: "Really final for-rc pull request for 4.19 Ok, so last week I thought we had sent our final pull request for 4.19. Well, wouldn't ya know someone went and found a couple Spectre v1 fixes were needed :-/. So, a couple *very* small specter patches for this (hopefully) final -rc week." * tag 'for-gkh' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: RDMA/ucma: Fix Spectre v1 vulnerability IB/ucm: Fix Spectre v1 vulnerability commit 485734f3fc77c1eb77ffe138c027b9a4bf0178f3 Author: Christoph Hellwig Date: Sun Oct 14 09:52:08 2018 +0200 x86/swiotlb: Enable swiotlb for > 4GiG RAM on 32-bit kernels We already build the swiotlb code for 32-bit kernels with PAE support, but the code to actually use swiotlb has only been enabled for 64-bit kernels for an unknown reason. Before Linux v4.18 we paper over this fact because the networking code, the SCSI layer and some random block drivers implemented their own bounce buffering scheme. [ mingo: Changelog fixes. ] Fixes: 21e07dba9fb1 ("scsi: reduce use of block bounce buffers") Fixes: ab74cfebafa3 ("net: remove the PCI_DMA_BUS_IS_PHYS check in illegal_highdma") Reported-by: Matthew Whitehead Signed-off-by: Christoph Hellwig Signed-off-by: Thomas Gleixner Tested-by: Matthew Whitehead Cc: konrad.wilk@oracle.com Cc: iommu@lists.linux-foundation.org Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20181014075208.2715-1-hch@lst.de Signed-off-by: Ingo Molnar commit f8e6e1b6f0ae3bb91cdcd08213d36a0ce6e98535 Merge: 35a7f35ad1b1 9068e02f5874 Author: Dave Airlie Date: Fri Oct 19 13:51:55 2018 +1000 Merge tag 'drm-misc-fixes-2018-10-18' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes drm-misc-fixes for v4.19: - Fix use of freed memory in drm_mode_setcrtc. - Reject pixel format changing requests in fb helper. - Add 6 bpc quirk for HP Pavilion 15-n233sl - Fix VSDB yCBCr420 Deep Color mode bit definitions Signed-off-by: Dave Airlie From: Maarten Lankhorst Link: https://patchwork.freedesktop.org/patch/msgid/647fe5d0-4ec5-57cc-9f23-a4836b29e278@linux.intel.com commit d4d576f5ab7edcb757bb33e6a5600666a0b1232d Author: Stefano Brivio Date: Thu Oct 18 21:25:07 2018 +0200 ip6_tunnel: Fix encapsulation layout Commit 058214a4d1df ("ip6_tun: Add infrastructure for doing encapsulation") added the ip6_tnl_encap() call in ip6_tnl_xmit(), before the call to ipv6_push_frag_opts() to append the IPv6 Tunnel Encapsulation Limit option (option 4, RFC 2473, par. 5.1) to the outer IPv6 header. As long as the option didn't actually end up in generated packets, this wasn't an issue. Then commit 89a23c8b528b ("ip6_tunnel: Fix missing tunnel encapsulation limit option") fixed sending of this option, and the resulting layout, e.g. for FoU, is: .-------------------.------------.----------.-------------------.----- - - | Outer IPv6 Header | UDP header | Option 4 | Inner IPv6 Header | Payload '-------------------'------------'----------'-------------------'----- - - Needless to say, FoU and GUE (at least) won't work over IPv6. The option is appended by default, and I couldn't find a way to disable it with the current iproute2. Turn this into a more reasonable: .-------------------.----------.------------.-------------------.----- - - | Outer IPv6 Header | Option 4 | UDP header | Inner IPv6 Header | Payload '-------------------'----------'------------'-------------------'----- - - With this, and with 84dad55951b0 ("udp6: fix encap return code for resubmitting"), FoU and GUE work again over IPv6. Fixes: 058214a4d1df ("ip6_tun: Add infrastructure for doing encapsulation") Signed-off-by: Stefano Brivio Signed-off-by: David S. Miller commit b06f9d9f1a907dd03f203e2ce9e27e318c22ba01 Author: Jon Maloy Date: Thu Oct 18 17:38:29 2018 +0200 tipc: fix info leak from kernel tipc_event We initialize a struct tipc_event allocated on the kernel stack to zero to avert info leak to user space. Reported-by: syzbot+057458894bc8cada4dee@syzkaller.appspotmail.com Signed-off-by: Jon Maloy Signed-off-by: David S. Miller commit b6168562c8ce2bd5a30e213021650422e08764dc Author: Wenwen Wang Date: Thu Oct 18 09:36:46 2018 -0500 net: socket: fix a missing-check bug In ethtool_ioctl(), the ioctl command 'ethcmd' is checked through a switch statement to see whether it is necessary to pre-process the ethtool structure, because, as mentioned in the comment, the structure ethtool_rxnfc is defined with padding. If yes, a user-space buffer 'rxnfc' is allocated through compat_alloc_user_space(). One thing to note here is that, if 'ethcmd' is ETHTOOL_GRXCLSRLALL, the size of the buffer 'rxnfc' is partially determined by 'rule_cnt', which is actually acquired from the user-space buffer 'compat_rxnfc', i.e., 'compat_rxnfc->rule_cnt', through get_user(). After 'rxnfc' is allocated, the data in the original user-space buffer 'compat_rxnfc' is then copied to 'rxnfc' through copy_in_user(), including the 'rule_cnt' field. However, after this copy, no check is re-enforced on 'rxnfc->rule_cnt'. So it is possible that a malicious user race to change the value in the 'compat_rxnfc->rule_cnt' between these two copies. Through this way, the attacker can bypass the previous check on 'rule_cnt' and inject malicious data. This can cause undefined behavior of the kernel and introduce potential security risk. This patch avoids the above issue via copying the value acquired by get_user() to 'rxnfc->rule_cn', if 'ethcmd' is ETHTOOL_GRXCLSRLALL. Signed-off-by: Wenwen Wang Signed-off-by: David S. Miller commit 3c53ed8fef6881a864f0ee8240ed2793ef73ad0d Author: Phil Sutter Date: Thu Oct 18 10:34:26 2018 +0200 net: sched: Fix for duplicate class dump When dumping classes by parent, kernel would return classes twice: | # tc qdisc add dev lo root prio | # tc class show dev lo | class prio 8001:1 parent 8001: | class prio 8001:2 parent 8001: | class prio 8001:3 parent 8001: | # tc class show dev lo parent 8001: | class prio 8001:1 parent 8001: | class prio 8001:2 parent 8001: | class prio 8001:3 parent 8001: | class prio 8001:1 parent 8001: | class prio 8001:2 parent 8001: | class prio 8001:3 parent 8001: This comes from qdisc_match_from_root() potentially returning the root qdisc itself if its handle matched. Though in that case, root's classes were already dumped a few lines above. Fixes: cb395b2010879 ("net: sched: optimize class dumps") Signed-off-by: Phil Sutter Reviewed-by: Jiri Pirko Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller commit 6b839b6cf9eada30b086effb51e5d6076bafc761 Author: Heiner Kallweit Date: Thu Oct 18 19:56:01 2018 +0200 r8169: fix NAPI handling under high load rtl_rx() and rtl_tx() are called only if the respective bits are set in the interrupt status register. Under high load NAPI may not be able to process all data (work_done == budget) and it will schedule subsequent calls to the poll callback. rtl_ack_events() however resets the bits in the interrupt status register, therefore subsequent calls to rtl8169_poll() won't call rtl_rx() and rtl_tx() - chip interrupts are still disabled. Fix this by calling rtl_rx() and rtl_tx() independent of the bits set in the interrupt status register. Both functions will detect if there's nothing to do for them. Fixes: da78dbff2e05 ("r8169: remove work from irq handler.") Signed-off-by: Heiner Kallweit Signed-off-by: David S. Miller commit 27faeebd00813cd52a140e8944b6b32729b50e61 Author: David S. Miller Date: Thu Oct 18 11:32:29 2018 -0700 sparc: Revert unintended perf changes. Some local debugging hacks accidently slipped into the VDSO commit. Sorry! Signed-off-by: David S. Miller commit 4364bcb2cd21d042bde4776448417ddffbc54045 Author: Leo Li Date: Mon Oct 15 09:46:40 2018 -0400 drm: Get ref on CRTC commit object when waiting for flip_done This fixes a general protection fault, caused by accessing the contents of a flip_done completion object that has already been freed. It occurs due to the preemption of a non-blocking commit worker thread W by another commit thread X. X continues to clear its atomic state at the end, destroying the CRTC commit object that W still needs. Switching back to W and accessing the commit objects then leads to bad results. Worker W becomes preemptable when waiting for flip_done to complete. At this point, a frequently occurring commit thread X can take over. Here's an example where W is a worker thread that flips on both CRTCs, and X does a legacy cursor update on both CRTCs: ... 1. W does flip work 2. W runs commit_hw_done() 3. W waits for flip_done on CRTC 1 4. > flip_done for CRTC 1 completes 5. W finishes waiting for CRTC 1 6. W waits for flip_done on CRTC 2 7. > Preempted by X 8. > flip_done for CRTC 2 completes 9. X atomic_check: hw_done and flip_done are complete on all CRTCs 10. X updates cursor on both CRTCs 11. X destroys atomic state 12. X done 13. > Switch back to W 14. W waits for flip_done on CRTC 2 15. W raises general protection fault The error looks like so: general protection fault: 0000 [#1] PREEMPT SMP PTI **snip** Call Trace: lock_acquire+0xa2/0x1b0 _raw_spin_lock_irq+0x39/0x70 wait_for_completion_timeout+0x31/0x130 drm_atomic_helper_wait_for_flip_done+0x64/0x90 [drm_kms_helper] amdgpu_dm_atomic_commit_tail+0xcae/0xdd0 [amdgpu] commit_tail+0x3d/0x70 [drm_kms_helper] process_one_work+0x212/0x650 worker_thread+0x49/0x420 kthread+0xfb/0x130 ret_from_fork+0x3a/0x50 Modules linked in: x86_pkg_temp_thermal amdgpu(O) chash(O) gpu_sched(O) drm_kms_helper(O) syscopyarea sysfillrect sysimgblt fb_sys_fops ttm(O) drm(O) Note that i915 has this issue masked, since hw_done is signaled after waiting for flip_done. Doing so will block the cursor update from happening until hw_done is signaled, preventing the cursor commit from destroying the state. v2: The reference on the commit object needs to be obtained before hw_done() is signaled, since that's the point where another commit is allowed to modify the state. Assuming that the new_crtc_state->commit object still exists within flip_done() is incorrect. Fix by getting a reference in setup_commit(), and releasing it during default_clear(). Signed-off-by: Leo Li Reviewed-by: Daniel Vetter Signed-off-by: Harry Wentland Link: https://patchwork.freedesktop.org/patch/msgid/1539611200-6184-1-git-send-email-sunpeng.li@amd.com commit 2ee653f644ab203364724cac85a7efd371367979 Merge: eddf016b9104 9dffff200fd1 Author: David S. Miller Date: Thu Oct 18 09:55:08 2018 -0700 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec Steffen Klassert says: ==================== pull request (net): ipsec 2018-10-18 1) Free the xfrm interface gro_cells when deleting the interface, otherwise we leak it. From Li RongQing. 2) net/core/flow.c does not exist anymore, so remove it from the MAINTAINERS file. 3) Fix a slab-out-of-bounds in _decode_session6. From Alexei Starovoitov. 4) Fix RCU protection when policies inserted into thei bydst lists. From Florian Westphal. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller commit 744889b7cbb56a64f957e65ade7cb65fe3f35714 Author: Ming Lei Date: Fri Oct 12 15:53:10 2018 +0800 block: don't deal with discard limit in blkdev_issue_discard() blk_queue_split() does respect this limit via bio splitting, so no need to do that in blkdev_issue_discard(), then we can align to normal bio submit(bio_add_page() & submit_bio()). More importantly, this patch fixes one issue introduced in a22c4d7e34402cc ("block: re-add discard_granularity and alignment checks"), in which zero discard bio may be generated in case of zero alignment. Fixes: a22c4d7e34402ccdf3 ("block: re-add discard_granularity and alignment checks") Cc: stable@vger.kernel.org Cc: Ming Lin Cc: Mike Snitzer Cc: Christoph Hellwig Cc: Xiao Ni Tested-by: Mariusz Dabrowski Signed-off-by: Ming Lei Signed-off-by: Jens Axboe commit fa520c47eaa15b9baa8ad66ac18da4a31679693b Author: Eric Sandeen Date: Wed Oct 17 15:23:59 2018 +0100 fscache: Fix out of bound read in long cookie keys fscache_set_key() can incur an out-of-bounds read, reported by KASAN: BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x5b3/0x680 [fscache] Read of size 4 at addr ffff88084ff056d4 by task mount.nfs/32615 and also reported by syzbot at https://lkml.org/lkml/2018/7/8/236 BUG: KASAN: slab-out-of-bounds in fscache_set_key fs/fscache/cookie.c:120 [inline] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7a9/0x880 fs/fscache/cookie.c:171 Read of size 4 at addr ffff8801d3cc8bb4 by task syz-executor907/4466 This happens for any index_key_len which is not divisible by 4 and is larger than the size of the inline key, because the code allocates exactly index_key_len for the key buffer, but the hashing loop is stepping through it 4 bytes (u32) at a time in the buf[] array. Fix this by calculating how many u32 buffers we'll need by using DIV_ROUND_UP, and then using kcalloc() to allocate a precleared allocation buffer to hold the index_key, then using that same count as the hashing index limit. Fixes: ec0328e46d6e ("fscache: Maintain a catalogue of allocated cookies") Reported-by: syzbot+a95b989b2dde8e806af8@syzkaller.appspotmail.com Signed-off-by: Eric Sandeen Cc: stable Signed-off-by: David Howells Signed-off-by: Greg Kroah-Hartman commit 1ff22883b0b2f7a73eb2609ffe879c9fd96f6328 Author: David Howells Date: Wed Oct 17 15:23:45 2018 +0100 fscache: Fix incomplete initialisation of inline key space The inline key in struct rxrpc_cookie is insufficiently initialized, zeroing only 3 of the 4 slots, therefore an index_key_len between 13 and 15 bytes will end up hashing uninitialized memory because the memcpy only partially fills the last buf[] element. Fix this by clearing fscache_cookie objects on allocation rather than using the slab constructor to initialise them. We're going to pretty much fill in the entire struct anyway, so bringing it into our dcache writably shouldn't incur much overhead. This removes the need to do clearance in fscache_set_key() (where we aren't doing it correctly anyway). Also, we don't need to set cookie->key_len in fscache_set_key() as we already did it in the only caller, so remove that. Fixes: ec0328e46d6e ("fscache: Maintain a catalogue of allocated cookies") Reported-by: syzbot+a95b989b2dde8e806af8@syzkaller.appspotmail.com Reported-by: Eric Sandeen Cc: stable Signed-off-by: David Howells Signed-off-by: Greg Kroah-Hartman commit 169b803397499be85bdd1e3d07d6f5e3d4bd669e Author: Al Viro Date: Wed Oct 17 15:23:26 2018 +0100 cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) the victim might've been rmdir'ed just before the lock_rename(); unlike the normal callers, we do not look the source up after the parents are locked - we know it beforehand and just recheck that it's still the child of what used to be its parent. Unfortunately, the check is too weak - we don't spot a dead directory since its ->d_parent is unchanged, dentry is positive, etc. So we sail all the way to ->rename(), with hosting filesystems _not_ expecting to be asked renaming an rmdir'ed subdirectory. The fix is easy, fortunately - the lock on parent is sufficient for making IS_DEADDIR() on child safe. Cc: stable@vger.kernel.org Fixes: 9ae326a69004 (CacheFiles: A cache that backs onto a mounted filesystem) Signed-off-by: Al Viro Signed-off-by: David Howells Signed-off-by: Greg Kroah-Hartman commit eb66ae030829605d61fbef1909ce310e29f78821 Author: Linus Torvalds Date: Fri Oct 12 15:22:59 2018 -0700 mremap: properly flush TLB before releasing the page Jann Horn points out that our TLB flushing was subtly wrong for the mremap() case. What makes mremap() special is that we don't follow the usual "add page to list of pages to be freed, then flush tlb, and then free pages". No, mremap() obviously just _moves_ the page from one page table location to another. That matters, because mremap() thus doesn't directly control the lifetime of the moved page with a freelist: instead, the lifetime of the page is controlled by the page table locking, that serializes access to the entry. As a result, we need to flush the TLB not just before releasing the lock for the source location (to avoid any concurrent accesses to the entry), but also before we release the destination page table lock (to avoid the TLB being flushed after somebody else has already done something to that page). This also makes the whole "need_flush" logic unnecessary, since we now always end up flushing the TLB for every valid entry. Reported-and-tested-by: Jann Horn Acked-by: Will Deacon Tested-by: Ingo Molnar Acked-by: Peter Zijlstra (Intel) Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 19e6420e4170acce7a8651dfb87195dff5adbe72 Author: Christoph Hellwig Date: Thu Oct 18 08:22:39 2018 +0200 LICENSES: Remove CC-BY-SA-4.0 license text Using non-GPL licenses for our documentation is rather problematic, as it can directly include other files, which generally are GPLv2 licensed and thus not compatible. Remove this license now that the only user (idr.rst) is gone to avoid people semi-accidentally using it again. Signed-off-by: Christoph Hellwig Signed-off-by: Greg Kroah-Hartman commit ca9f672f7c6b4f23b9b88600aaa285f35f07386e Merge: 9bd871df56a7 a309d5db5879 Author: Greg Kroah-Hartman Date: Thu Oct 18 11:24:32 2018 +0200 Merge branch 'ida-fixes-4.19-rc8' of git://git.infradead.org/users/willy/linux-dax Matthew writes: "IDA/IDR fixes for 4.19 I have two tiny fixes, one for the IDA test-suite and one for the IDR documentation license." * 'ida-fixes-4.19-rc8' of git://git.infradead.org/users/willy/linux-dax: idr: Change documentation license test_ida: Fix lockdep warning commit 20e8e72d0fa8e26202932c30d592bade73fdc701 Merge: b955a910d7fd edeb0c90df35 Author: Ingo Molnar Date: Thu Oct 18 07:41:29 2018 +0200 Merge tag 'perf-urgent-for-mingo-4.19-20181017' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/urgent fixes from Arnaldo Carvalho de Melo: - Stop falling back to kallsyms for vDSO symbols lookup, this wasn't being really used and is not valid in arches such as Sparc, where user and kernel space don't share the address space, relying only on cpumode to figure out what DSOs to lookup (Arnaldo Carvalho de Melo) - Align CPU map synthesized events properly, fixing SIGBUS in CPUs like Sparc (David Miller) - Fix use of alternatives to find JDIR (Jarod Wilson) - Store IDs for events with their own CPUs when synthesizing user level event details (scale, unit, etc) events, fixing a crash when recording a PMU event with a cpumask defined (Jiri Olsa) - Fix wrong filter_band* values for uncore Intel vendor events (Jiri Olsa) - Fix detection of tracefs path in systems without tracefs, where that path should be the debugfs mountpoint plus "/tracing/" (Jiri Olsa) - Pass build flags to traceevent build, allowing using alternative flags in distro packages, RPM, for instance (Jiri Olsa) - Fix 'perf report' crash on invalid inline debug information (Milian Wolff) - Synch KVM UAPI copies (Arnaldo Carvalho de Melo) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit eddf016b910486d2123675a6b5fd7d64f77cdca8 Author: Nikolay Aleksandrov Date: Wed Oct 17 22:34:34 2018 +0300 net: ipmr: fix unresolved entry dumps If the skb space ends in an unresolved entry while dumping we'll miss some unresolved entries. The reason is due to zeroing the entry counter between dumping resolved and unresolved mfc entries. We should just keep counting until the whole table is dumped and zero when we move to the next as we have a separate table counter. Reported-by: Colin Ian King Fixes: 8fb472c09b9d ("ipmr: improve hash scalability") Signed-off-by: Nikolay Aleksandrov Signed-off-by: David S. Miller commit 06a36ecb5d0ee4b379845a5687f83084d3187521 Author: Gregory CLEMENT Date: Wed Oct 17 17:26:35 2018 +0200 net: mscc: ocelot: Fix comment in ocelot_vlant_wait_for_completion() The ocelot_vlant_wait_for_completion() function is very similar to the ocelot_mact_wait_for_completion(). It seemed to have be copied but the comment was not updated, so let's fix it. Signed-off-by: Gregory CLEMENT Signed-off-by: David S. Miller commit 5660b9d9d6a29c2c3cc12f62ae44bfb56b0a15a9 Author: Xin Long Date: Wed Oct 17 21:11:27 2018 +0800 sctp: fix the data size calculation in sctp_data_size sctp data size should be calculated by subtracting data chunk header's length from chunk_hdr->length, not just data header. Fixes: 668c9beb9020 ("sctp: implement assign_number for sctp_stream_interleave") Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller commit 05c998b738fdd3e5d6a257bcacc8f34b6284d795 Author: Ake Koomsin Date: Wed Oct 17 19:44:12 2018 +0900 virtio_net: avoid using netif_tx_disable() for serializing tx routine Commit 713a98d90c5e ("virtio-net: serialize tx routine during reset") introduces netif_tx_disable() after netif_device_detach() in order to avoid use-after-free of tx queues. However, there are two issues. 1) Its operation is redundant with netif_device_detach() in case the interface is running. 2) In case of the interface is not running before suspending and resuming, the tx does not get resumed by netif_device_attach(). This results in losing network connectivity. It is better to use netif_tx_lock_bh()/netif_tx_unlock_bh() instead for serializing tx routine during reset. This also preserves the symmetry of netif_device_detach() and netif_device_attach(). Fixes commit 713a98d90c5e ("virtio-net: serialize tx routine during reset") Signed-off-by: Ake Koomsin Acked-by: Jason Wang Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller commit 9bd871df56a752029b07dde326d799648994b992 Merge: c343db455eb3 12ad0cb2123a Author: Greg Kroah-Hartman Date: Thu Oct 18 07:29:05 2018 +0200 Merge tag 'trace-v4.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Steven writes: "tracing: Two fixes for 4.19 This fixes two bugs: - Fix size mismatch of tracepoint array - Have preemptirq test module use same clock source of the selftest" * tag 'trace-v4.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Use trace_clock_local() for looping in preemptirq_delay_test.c tracepoint: Fix tracepoint array element size mismatch commit 84dad55951b0d009372ec21760b650634246e144 Author: Paolo Abeni Date: Wed Oct 17 11:44:04 2018 +0200 udp6: fix encap return code for resubmitting The commit eb63f2964dbe ("udp6: add missing checks on edumux packet processing") used the same return code convention of the ipv4 counterpart, but ipv6 uses the opposite one: positive values means resubmit. This change addresses the issue, using positive return value for resubmitting. Also update the related comment, which was broken, too. Fixes: eb63f2964dbe ("udp6: add missing checks on edumux packet processing") Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller commit 9b3bc7db759e64c33471025721817467f8c3ecd4 Author: Ido Schimmel Date: Wed Oct 17 08:05:45 2018 +0000 mlxsw: core: Fix use-after-free when flashing firmware during init When the switch driver (e.g., mlxsw_spectrum) determines it needs to flash a new firmware version it resets the ASIC after the flashing process. The bus driver (e.g., mlxsw_pci) then registers itself again with mlxsw_core which means (among other things) that the device registers itself again with the hwmon subsystem again. Since the device was registered with the hwmon subsystem using devm_hwmon_device_register_with_groups(), then the old hwmon device (registered before the flashing) was never unregistered and was referencing stale data, resulting in a use-after free. Fix by removing reliance on device managed APIs in mlxsw_hwmon_init(). Fixes: c86d62cc410c ("mlxsw: spectrum: Reset FW after flash") Signed-off-by: Ido Schimmel Reported-by: Alexander Petrovskiy Tested-by: Alexander Petrovskiy Reviewed-by: Petr Machata Signed-off-by: David S. Miller commit c863850ce22e1b0bb365d49cadf51f4765153ae4 Author: Xin Long Date: Wed Oct 17 03:06:12 2018 +0800 sctp: not free the new asoc when sctp_wait_for_connect returns err When sctp_wait_for_connect is called to wait for connect ready for sp->strm_interleave in sctp_sendmsg_to_asoc, a panic could be triggered if cpu is scheduled out and the new asoc is freed elsewhere, as it will return err and later the asoc gets freed again in sctp_sendmsg. [ 285.840764] list_del corruption, ffff9f0f7b284078->next is LIST_POISON1 (dead000000000100) [ 285.843590] WARNING: CPU: 1 PID: 8861 at lib/list_debug.c:47 __list_del_entry_valid+0x50/0xa0 [ 285.846193] Kernel panic - not syncing: panic_on_warn set ... [ 285.846193] [ 285.848206] CPU: 1 PID: 8861 Comm: sctp_ndata Kdump: loaded Not tainted 4.19.0-rc7.label #584 [ 285.850559] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 285.852164] Call Trace: ... [ 285.872210] ? __list_del_entry_valid+0x50/0xa0 [ 285.872894] sctp_association_free+0x42/0x2d0 [sctp] [ 285.873612] sctp_sendmsg+0x5a4/0x6b0 [sctp] [ 285.874236] sock_sendmsg+0x30/0x40 [ 285.874741] ___sys_sendmsg+0x27a/0x290 [ 285.875304] ? __switch_to_asm+0x34/0x70 [ 285.875872] ? __switch_to_asm+0x40/0x70 [ 285.876438] ? ptep_set_access_flags+0x2a/0x30 [ 285.877083] ? do_wp_page+0x151/0x540 [ 285.877614] __sys_sendmsg+0x58/0xa0 [ 285.878138] do_syscall_64+0x55/0x180 [ 285.878669] entry_SYSCALL_64_after_hwframe+0x44/0xa9 This is a similar issue with the one fixed in Commit ca3af4dd28cf ("sctp: do not free asoc when it is already dead in sctp_sendmsg"). But this one can't be fixed by returning -ESRCH for the dead asoc in sctp_wait_for_connect, as it will break sctp_connect's return value to users. This patch is to simply set err to -ESRCH before it returns to sctp_sendmsg when any err is returned by sctp_wait_for_connect for sp->strm_interleave, so that no asoc would be freed due to this. When users see this error, they will know the packet hasn't been sent. And it also makes sense to not free asoc because waiting connect fails, like the second call for sctp_wait_for_connect in sctp_sendmsg_to_asoc. Fixes: 668c9beb9020 ("sctp: implement assign_number for sctp_stream_interleave") Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller commit b336decab22158937975293aea79396525f92bb3 Author: Marcelo Ricardo Leitner Date: Tue Oct 16 15:18:17 2018 -0300 sctp: fix race on sctp_id2asoc syzbot reported an use-after-free involving sctp_id2asoc. Dmitry Vyukov helped to root cause it and it is because of reading the asoc after it was freed: CPU 1 CPU 2 (working on socket 1) (working on socket 2) sctp_association_destroy sctp_id2asoc spin lock grab the asoc from idr spin unlock spin lock remove asoc from idr spin unlock free(asoc) if asoc->base.sk != sk ... [*] This can only be hit if trying to fetch asocs from different sockets. As we have a single IDR for all asocs, in all SCTP sockets, their id is unique on the system. An application can try to send stuff on an id that matches on another socket, and the if in [*] will protect from such usage. But it didn't consider that as that asoc may belong to another socket, it may be freed in parallel (read: under another socket lock). We fix it by moving the checks in [*] into the protected region. This fixes it because the asoc cannot be freed while the lock is held. Reported-by: syzbot+c7dd55d7aec49d48e49a@syzkaller.appspotmail.com Acked-by: Dmitry Vyukov Signed-off-by: Marcelo Ricardo Leitner Acked-by: Neil Horman Signed-off-by: David S. Miller commit 9675931e6b65d160d16bcc9472c1acef15524def Author: Heiner Kallweit Date: Tue Oct 16 19:35:17 2018 +0200 r8169: re-enable MSI-X on RTL8168g Similar to d49c88d7677b ("r8169: Enable MSI-X on RTL8106e") after e9d0ba506ea8 ("PCI: Reprogram bridge prefetch registers on resume") we can safely assume that this also fixes the root cause of the issue worked around by 7c53a722459c ("r8169: don't use MSI-X on RTL8168g"). So let's revert it. Fixes: 7c53a722459c ("r8169: don't use MSI-X on RTL8168g") Signed-off-by: Heiner Kallweit Signed-off-by: David S. Miller commit 84258438e8ce12d6888b68a1238bba9cb25307e2 Author: Taehee Yoo Date: Wed Oct 17 00:35:10 2018 +0900 net: bpfilter: use get_pid_task instead of pid_task pid_task() dereferences rcu protected tasks array. But there is no rcu_read_lock() in shutdown_umh() routine so that rcu_read_lock() is needed. get_pid_task() is wrapper function of pid_task. it holds rcu_read_lock() then calls pid_task(). if task isn't NULL, it increases reference count of task. test commands: %modprobe bpfilter %modprobe -rv bpfilter splat looks like: [15102.030932] ============================= [15102.030957] WARNING: suspicious RCU usage [15102.030985] 4.19.0-rc7+ #21 Not tainted [15102.031010] ----------------------------- [15102.031038] kernel/pid.c:330 suspicious rcu_dereference_check() usage! [15102.031063] other info that might help us debug this: [15102.031332] rcu_scheduler_active = 2, debug_locks = 1 [15102.031363] 1 lock held by modprobe/1570: [15102.031389] #0: 00000000580ef2b0 (bpfilter_lock){+.+.}, at: stop_umh+0x13/0x52 [bpfilter] [15102.031552] stack backtrace: [15102.031583] CPU: 1 PID: 1570 Comm: modprobe Not tainted 4.19.0-rc7+ #21 [15102.031607] Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 07/08/2015 [15102.031628] Call Trace: [15102.031676] dump_stack+0xc9/0x16b [15102.031723] ? show_regs_print_info+0x5/0x5 [15102.031801] ? lockdep_rcu_suspicious+0x117/0x160 [15102.031855] pid_task+0x134/0x160 [15102.031900] ? find_vpid+0xf0/0xf0 [15102.032017] shutdown_umh.constprop.1+0x1e/0x53 [bpfilter] [15102.032055] stop_umh+0x46/0x52 [bpfilter] [15102.032092] __x64_sys_delete_module+0x47e/0x570 [ ... ] Fixes: d2ba09c17a06 ("net: add skeleton of bpfilter kernel module") Signed-off-by: Taehee Yoo Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller commit efa61c8cf2950ab5c0e66cff3cabe2a2b24e81ba Author: Gustavo A. R. Silva Date: Tue Oct 16 15:06:41 2018 +0200 ptp: fix Spectre v1 vulnerability pin_index can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: drivers/ptp/ptp_chardev.c:253 ptp_ioctl() warn: potential spectre issue 'ops->pin_config' [r] (local cap) Fix this by sanitizing pin_index before using it to index ops->pin_config, and before passing it as an argument to function ptp_set_pinfunc(), in which it is used to index info->pin_config. Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva Acked-by: Richard Cochran Signed-off-by: David S. Miller commit 62d6f3b7b85e9ba79c96bfd36f501f180908e623 Author: Dan Carpenter Date: Sat Oct 13 13:26:53 2018 +0300 sparc: vDSO: Silence an uninitialized variable warning Smatch complains that "val" would be uninitialized if kstrtoul() fails. Fixes: 9a08862a5d2e ("vDSO for sparc") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller commit 8c3bf9b62b667456a57aefcf1689e826df146159 Author: Nathan Chancellor Date: Fri Oct 12 19:14:58 2018 -0700 net: qla3xxx: Remove overflowing shift statement Clang currently warns: drivers/net/ethernet/qlogic/qla3xxx.c:384:24: warning: signed shift result (0xF00000000) requires 37 bits to represent, but 'int' only has 32 bits [-Wshift-overflow] ((ISP_NVRAM_MASK << 16) | qdev->eeprom_cmd_data)); ~~~~~~~~~~~~~~ ^ ~~ 1 warning generated. The warning is certainly accurate since ISP_NVRAM_MASK is defined as (0x000F << 16) which is then shifted by 16, resulting in 64424509440, well above UINT_MAX. Given that this is the only location in this driver where ISP_NVRAM_MASK is shifted again, it seems likely that ISP_NVRAM_MASK was originally defined without a shift and during the move of the shift to the definition, this statement wasn't properly removed (since ISP_NVRAM_MASK is used in the statenent right above this). Only the maintainers can confirm this since this statment has been here since the driver was first added to the kernel. Link: https://github.com/ClangBuiltLinux/linux/issues/127 Signed-off-by: Nathan Chancellor Signed-off-by: David S. Miller commit dc6d0f0b4340ef6814d5345dbeaa5e909395dd1d Merge: 0ac1077e3a54 6b4f92af3d59 Author: David S. Miller Date: Wed Oct 17 21:51:14 2018 -0700 Merge branch 'geneve-vxlan-mtu' Stefano Brivio says: ==================== geneve, vxlan: Don't set exceptions if skb->len < mtu This series fixes the exception abuse described in 2/2, and 1/2 is just a preparatory change to make 2/2 less ugly. ==================== Signed-off-by: David S. Miller commit 6b4f92af3d59e882d3ba04c44a815266890d188f Author: Stefano Brivio Date: Fri Oct 12 23:53:59 2018 +0200 geneve, vxlan: Don't set exceptions if skb->len < mtu We shouldn't abuse exceptions: if the destination MTU is already higher than what we're transmitting, no exception should be created. Fixes: 52a589d51f10 ("geneve: update skb dst pmtu on tx path") Fixes: a93bf0ff4490 ("vxlan: update skb dst pmtu on tx path") Signed-off-by: Stefano Brivio Reviewed-by: Sabrina Dubroca Signed-off-by: David S. Miller commit 7463e4f9b99c089cc962033b46349ff29f466e40 Author: Stefano Brivio Date: Fri Oct 12 23:53:58 2018 +0200 geneve, vxlan: Don't check skb_dst() twice Commit f15ca723c1eb ("net: don't call update_pmtu unconditionally") avoids that we try updating PMTU for a non-existent destination, but didn't clean up cases where the check was already explicit. Drop those redundant checks. Signed-off-by: Stefano Brivio Reviewed-by: Sabrina Dubroca Signed-off-by: David S. Miller commit 776ca1543b5fe673aaf1beb244fcc2429d378083 Author: David S. Miller Date: Wed Oct 17 21:28:01 2018 -0700 sparc: Fix syscall fallback bugs in VDSO. First, the trap number for 32-bit syscalls is 0x10. Also, only negate the return value when syscall error is indicated by the carry bit being set. Signed-off-by: David S. Miller commit 12ad0cb2123aed30241a14792ef5bef9efcccbcd Author: Steven Rostedt (VMware) Date: Mon Oct 15 23:31:42 2018 -0400 tracing: Use trace_clock_local() for looping in preemptirq_delay_test.c The preemptirq_delay_test module is used for the ftrace selftest code that tests the latency tracers. The problem is that it uses ktime for the delay loop, and then checks the tracer to see if the delay loop is caught, but the tracer uses trace_clock_local() which uses various different other clocks to measure the latency. As ktime uses the clock cycles, and the code then converts that to nanoseconds, it causes rounding errors, and the preemptirq latency tests are failing due to being off by 1 (it expects to see a delay of 500000 us, but the delay is only 499999 us). This is happening due to a rounding error in the ktime (which is totally legit). The purpose of the test is to see if it can catch the delay, not to test the accuracy between trace_clock_local() and ktime_get(). Best to use apples to apples, and have the delay loop use the same clock as the latency tracer does. Cc: stable@vger.kernel.org Fixes: f96e8577da102 ("lib: Add module for testing preemptoff/irqsoff latency tracers") Acked-by: Joel Fernandes (Google) Signed-off-by: Steven Rostedt (VMware) commit 9c0be3f6b5d776dfe3ed249862c244a4486414dc Author: Mathieu Desnoyers Date: Sat Oct 13 15:10:50 2018 -0400 tracepoint: Fix tracepoint array element size mismatch commit 46e0c9be206f ("kernel: tracepoints: add support for relative references") changes the layout of the __tracepoint_ptrs section on architectures supporting relative references. However, it does so without turning struct tracepoint * const into const int elsewhere in the tracepoint code, which has the following side-effect: Setting mod->num_tracepoints is done in by module.c: mod->tracepoints_ptrs = section_objs(info, "__tracepoints_ptrs", sizeof(*mod->tracepoints_ptrs), &mod->num_tracepoints); Basically, since sizeof(*mod->tracepoints_ptrs) is a pointer size (rather than sizeof(int)), num_tracepoints is erroneously set to half the size it should be on 64-bit arch. So a module with an odd number of tracepoints misses the last tracepoint due to effect of integer division. So in the module going notifier: for_each_tracepoint_range(mod->tracepoints_ptrs, mod->tracepoints_ptrs + mod->num_tracepoints, tp_module_going_check_quiescent, NULL); the expression (mod->tracepoints_ptrs + mod->num_tracepoints) actually evaluates to something within the bounds of the array, but miss the last tracepoint if the number of tracepoints is odd on 64-bit arch. Fix this by introducing a new typedef: tracepoint_ptr_t, which is either "const int" on architectures that have PREL32 relocations, or "struct tracepoint * const" on architectures that does not have this feature. Also provide a new tracepoint_ptr_defer() static inline to encapsulate deferencing this type rather than duplicate code and ugly idefs within the for_each_tracepoint_range() implementation. This issue appears in 4.19-rc kernels, and should ideally be fixed before the end of the rc cycle. Acked-by: Ard Biesheuvel Acked-by: Jessica Yu Link: http://lkml.kernel.org/r/20181013191050.22389-1-mathieu.desnoyers@efficios.com Link: http://lkml.kernel.org/r/20180704083651.24360-7-ard.biesheuvel@linaro.org Cc: Michael Ellerman Cc: Ingo Molnar Cc: Ard Biesheuvel Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Bjorn Helgaas Cc: Catalin Marinas Cc: James Morris Cc: James Morris Cc: Josh Poimboeuf Cc: Kees Cook Cc: Nicolas Pitre Cc: Paul Mackerras Cc: Petr Mladek Cc: Russell King Cc: "Serge E. Hallyn" Cc: Sergey Senozhatsky Cc: Thomas Garnier Cc: Thomas Gleixner Cc: Will Deacon Cc: Andrew Morton Cc: Linus Torvalds Cc: Greg Kroah-Hartman Signed-off-by: Mathieu Desnoyers Signed-off-by: Steven Rostedt (VMware) commit 9ae24af3669111d418242caec8dd4ebd9ba26860 Author: Gustavo A. R. Silva Date: Tue Oct 16 12:16:45 2018 +0200 usb: gadget: storage: Fix Spectre v1 vulnerability num can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: drivers/usb/gadget/function/f_mass_storage.c:3177 fsg_lun_make() warn: potential spectre issue 'fsg_opts->common->luns' [r] (local cap) Fix this by sanitizing num before using it to index fsg_opts->common->luns Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva Acked-by: Felipe Balbi Signed-off-by: Greg Kroah-Hartman commit edeb0c90df3581b821a764052d185df985f8b8dc Author: Arnaldo Carvalho de Melo Date: Tue Oct 16 17:08:29 2018 -0300 perf tools: Stop fallbacking to kallsyms for vdso symbols lookup David reports that: Perf has this hack where it uses the kernel symbol map as a backup when a symbol can't be found in the user's symbol table(s). This causes problems because the tests driving this code path use machine__kernel_ip(), and that is completely meaningless on Sparc. On sparc64 the kernel and user live in physically separate virtual address spaces, rather than a shared one. And the kernel lives at a virtual address that overlaps common userspace addresses. So this test passes almost all the time when a user symbol lookup fails. The consequence of this is that, if the unfound user virtual address in the sample doesn't match up to a kernel symbol either, we trigger things like this code in builtin-top.c: if (al.sym == NULL && al.map != NULL) { const char *msg = "Kernel samples will not be resolved.\n"; /* * As we do lazy loading of symtabs we only will know if the * specified vmlinux file is invalid when we actually have a * hit in kernel space and then try to load it. So if we get * here and there are _no_ symbols in the DSO backing the * kernel map, bail out. * * We may never get here, for instance, if we use -K/ * --hide-kernel-symbols, even if the user specifies an * invalid --vmlinux ;-) */ if (!machine->kptr_restrict_warned && !top->vmlinux_warned && __map__is_kernel(al.map) && map__has_symbols(al.map)) { if (symbol_conf.vmlinux_name) { char serr[256]; dso__strerror_load(al.map->dso, serr, sizeof(serr)); ui__warning("The %s file can't be used: %s\n%s", symbol_conf.vmlinux_name, serr, msg); } else { ui__warning("A vmlinux file was not found.\n%s", msg); } if (use_browser <= 0) sleep(5); top->vmlinux_warned = true; } } When I fire up a compilation on sparc, this triggers immediately. I'm trying to figure out what the "backup to kernel map" code is accomplishing. I see some language in the current code and in the changes that have happened in this area talking about vdso. Does that really happen? The vdso is mapped into userspace virtual addresses, not kernel ones. More history. This didn't cause problems on sparc some time ago, because the kernel IP check used to be "ip < 0" :-) Sparc kernel addresses are not negative. But now with machine__kernel_ip(), which works using the symbol table determined kernel address range, it does trigger. What it all boils down to is that on architectures like sparc, machine__kernel_ip() should always return false in this scenerio, and therefore this kind of logic: if (cpumode == PERF_RECORD_MISC_USER && machine && mg != &machine->kmaps && machine__kernel_ip(machine, al->addr)) { is basically invalid. PERF_RECORD_MISC_USER implies no kernel address can possibly match for the sample/event in question (no matter how hard you try!) :-) So, I thought something had changed and in the past we would somehow find that address in the kallsyms, but I couldn't find anything to back that up, the patch introducing this is over a decade old, lots of things changed, so I was just thinking I was missing something. I tried a gtod busy loop to generate vdso activity and added a 'perf probe' at that branch, on x86_64 to see if it ever gets hit: Made thread__find_map() noinline, as 'perf probe' in lines of inline functions seems to not be working, only at function start. (Masami?) # perf probe -x ~/bin/perf -L thread__find_map:57 57 if (cpumode == PERF_RECORD_MISC_USER && machine && 58 mg != &machine->kmaps && 59 machine__kernel_ip(machine, al->addr)) { 60 mg = &machine->kmaps; 61 load_map = true; 62 goto try_again; } } else { /* * Kernel maps might be changed when loading * symbols so loading * must be done prior to using kernel maps. */ 69 if (load_map) 70 map__load(al->map); 71 al->addr = al->map->map_ip(al->map, al->addr); # perf probe -x ~/bin/perf thread__find_map:60 Added new event: probe_perf:thread__find_map (on thread__find_map:60 in /home/acme/bin/perf) You can now use it in all perf tools, such as: perf record -e probe_perf:thread__find_map -aR sleep 1 # Then used this to see if, system wide, those probe points were being hit: # perf trace -e *perf:thread*/max-stack=8/ ^C[root@jouet ~]# No hits when running 'perf top' and: # cat gtod.c #include int main(void) { struct timeval tv; while (1) gettimeofday(&tv, 0); return 0; } [root@jouet c]# ./gtod ^C Pressed 'P' in 'perf top' and the [vdso] samples are there: 62.84% [vdso] [.] __vdso_gettimeofday 8.13% gtod [.] main 7.51% [vdso] [.] 0x0000000000000914 5.78% [vdso] [.] 0x0000000000000917 5.43% gtod [.] _init 2.71% [vdso] [.] 0x000000000000092d 0.35% [kernel] [k] native_io_delay 0.33% libc-2.26.so [.] __memmove_avx_unaligned_erms 0.20% [vdso] [.] 0x000000000000091d 0.17% [i2c_i801] [k] i801_access 0.06% firefox [.] free 0.06% libglib-2.0.so.0.5400.3 [.] g_source_iter_next 0.05% [vdso] [.] 0x0000000000000919 0.05% libpthread-2.26.so [.] __pthread_mutex_lock 0.05% libpixman-1.so.0.34.0 [.] 0x000000000006d3a7 0.04% [kernel] [k] entry_SYSCALL_64_trampoline 0.04% libxul.so [.] style::dom_apis::query_selector_slow 0.04% [kernel] [k] module_get_kallsym 0.04% firefox [.] malloc 0.04% [vdso] [.] 0x0000000000000910 I added a 'perf probe' to thread__find_map:69, and that surely got tons of hits, i.e. for every map found, just to make sure the 'perf probe' command was really working. In the process I noticed a bug, we're only have records for '[vdso]' for pre-existing commands, i.e. ones that are running when we start 'perf top', when we will generate the PERF_RECORD_MMAP by looking at /perf/PID/maps. I.e. like this, for preexisting processes with a vdso map, again, tracing for all the system, only pre-existing processes get a [vdso] map (when having one): [root@jouet ~]# perf probe -x ~/bin/perf __machine__addnew_vdso Added new event: probe_perf:__machine__addnew_vdso (on __machine__addnew_vdso in /home/acme/bin/perf) You can now use it in all perf tools, such as: perf record -e probe_perf:__machine__addnew_vdso -aR sleep 1 [root@jouet ~]# perf trace -e probe_perf:__machine__addnew_vdso/max-stack=8/ 0.000 probe_perf:__machine__addnew_vdso:(568eb3) __machine__addnew_vdso (/home/acme/bin/perf) map__new (/home/acme/bin/perf) machine__process_mmap2_event (/home/acme/bin/perf) machine__process_event (/home/acme/bin/perf) perf_event__process (/home/acme/bin/perf) perf_tool__process_synth_event (/home/acme/bin/perf) perf_event__synthesize_mmap_events (/home/acme/bin/perf) __event__synthesize_thread (/home/acme/bin/perf) The kernel is generating a PERF_RECORD_MMAP for vDSOs, but somehow 'perf top' is not getting those records while 'perf record' is: # perf record ~acme/c/gtod ^C[ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.076 MB perf.data (1499 samples) ] # perf report -D | grep PERF_RECORD_MMAP2 71293612401913 0x11b48 [0x70]: PERF_RECORD_MMAP2 25484/25484: [0x400000(0x1000) @ 0 fd:02 1137 541179306]: r-xp /home/acme/c/gtod 71293612419012 0x11be0 [0x70]: PERF_RECORD_MMAP2 25484/25484: [0x7fa4a2783000(0x227000) @ 0 fd:00 3146370 854107250]: r-xp /usr/lib64/ld-2.26.so 71293612432110 0x11c50 [0x60]: PERF_RECORD_MMAP2 25484/25484: [0x7ffcdb53a000(0x2000) @ 0 00:00 0 0]: r-xp [vdso] 71293612509944 0x11cb0 [0x70]: PERF_RECORD_MMAP2 25484/25484: [0x7fa4a23cd000(0x3b6000) @ 0 fd:00 3149723 262067164]: r-xp /usr/lib64/libc-2.26.so # # perf script | grep vdso | head gtod 25484 71293.612768: 2485554 cycles:ppp: 7ffcdb53a914 [unknown] ([vdso]) gtod 25484 71293.613576: 2149343 cycles:ppp: 7ffcdb53a917 [unknown] ([vdso]) gtod 25484 71293.614274: 1814652 cycles:ppp: 7ffcdb53aca8 __vdso_gettimeofday+0x98 ([vdso]) gtod 25484 71293.614862: 1669070 cycles:ppp: 7ffcdb53acc5 __vdso_gettimeofday+0xb5 ([vdso]) gtod 25484 71293.615404: 1451589 cycles:ppp: 7ffcdb53acc5 __vdso_gettimeofday+0xb5 ([vdso]) gtod 25484 71293.615999: 1269941 cycles:ppp: 7ffcdb53ace6 __vdso_gettimeofday+0xd6 ([vdso]) gtod 25484 71293.616405: 1177946 cycles:ppp: 7ffcdb53a914 [unknown] ([vdso]) gtod 25484 71293.616775: 1121290 cycles:ppp: 7ffcdb53ac47 __vdso_gettimeofday+0x37 ([vdso]) gtod 25484 71293.617150: 1037721 cycles:ppp: 7ffcdb53ace6 __vdso_gettimeofday+0xd6 ([vdso]) gtod 25484 71293.617478: 994526 cycles:ppp: 7ffcdb53ace6 __vdso_gettimeofday+0xd6 ([vdso]) # The patch is the obvious one and with it we also continue to resolve vdso symbols for pre-existing processes in 'perf top' and for all processes in 'perf record' + 'perf report/script'. Suggested-by: David Miller Acked-by: David Miller Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-cs7skq9pp0kjypiju6o7trse@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 7a7080b53467ad96c0b371e9d2a2a312f96f99c2 Merge: 5e65a20341e0 48f78be33260 Author: Jens Axboe Date: Wed Oct 17 09:45:49 2018 -0600 Merge branch 'nvme-4.19' of git://git.infradead.org/nvme into for-linus Pull single NVMe fix from Christoph. * 'nvme-4.19' of git://git.infradead.org/nvme: nvme: remove ns sibling before clearing path commit c343db455eb3105f11bb5ac290d77ab2006b0209 Merge: c0cff31be705 cf8afe5c5362 Author: Greg Kroah-Hartman Date: Wed Oct 17 14:01:00 2018 +0200 Merge branch 'parisc-4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Helge writes: "parisc fix: Fix an unitialized variable usage in the parisc unwind code." * 'parisc-4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Fix uninitialized variable usage in unwind.c commit c0cff31be705014ce127d6a6570b02f8515de3e2 Merge: b955a910d7fd 02621216e1d8 Author: Greg Kroah-Hartman Date: Wed Oct 17 13:40:10 2018 +0200 Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Stephen writes: "clk fixes for v4.19-rc8 One fix for the Allwinner A10 SoC's audio PLL that wasn't properly set and generating noise." * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: sunxi-ng: sun4i: Set VCO and PLL bias current to lowest setting commit 2224d616528194b02424c91c2ee254b3d29942c3 Author: Sebastian Andrzej Siewior Date: Tue Oct 16 22:25:25 2018 +0200 x86/fpu: Fix i486 + no387 boot crash by only saving FPU registers on context switch if there is an FPU Booting an i486 with "no387 nofxsr" ends with with the following crash: math_emulate: 0060:c101987d Kernel panic - not syncing: Math emulation needed in kernel on the first context switch in user land. The reason is that copy_fpregs_to_fpstate() tries FNSAVE which does not work as the FPU is turned off. This bug was introduced in: f1c8cd0176078 ("x86/fpu: Change fpu->fpregs_active users to fpu->fpstate_active") Add a check for X86_FEATURE_FPU before trying to save FPU registers (we have such a check in switch_fpu_finish() already). Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Andy Lutomirski Cc: Borislav Petkov Cc: Dave Hansen Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: stable@vger.kernel.org Fixes: f1c8cd0176078 ("x86/fpu: Change fpu->fpregs_active users to fpu->fpstate_active") Link: http://lkml.kernel.org/r/20181016202525.29437-4-bigeasy@linutronix.de Signed-off-by: Ingo Molnar commit 6aa676761d4c1acfa31320e55fa1f83f3fcbbc7a Author: Sebastian Andrzej Siewior Date: Tue Oct 16 22:25:24 2018 +0200 x86/fpu: Remove second definition of fpu in __fpu__restore_sig() Commit: c5bedc6847c3b ("x86/fpu: Get rid of PF_USED_MATH usage, convert it to fpu->fpstate_active") introduced the 'fpu' variable at top of __restore_xstate_sig(), which now shadows the other definition: arch/x86/kernel/fpu/signal.c:318:28: warning: symbol 'fpu' shadows an earlier one arch/x86/kernel/fpu/signal.c:271:20: originally declared here Remove the shadowed definition of 'fpu', as the two definitions are the same. Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Andy Lutomirski Cc: Borislav Petkov Cc: Dave Hansen Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: c5bedc6847c3b ("x86/fpu: Get rid of PF_USED_MATH usage, convert it to fpu->fpstate_active") Link: http://lkml.kernel.org/r/20181016202525.29437-3-bigeasy@linutronix.de Signed-off-by: Ingo Molnar commit ae852495be365f6be433dde6629d3f0316f8efde Author: Andy Lutomirski Date: Sun Oct 14 11:38:18 2018 -0700 x86/entry/64: Further improve paranoid_entry comments Commit: 16561f27f94e ("x86/entry: Add some paranoid entry/exit CR3 handling comments") ... added some comments. This improves them a bit: - When I first read the new comments, it was unclear to me whether they were referring to the case where paranoid_entry interrupted other entry code or where paranoid_entry was itself interrupted. Clarify it. - Remove the EBX comment. We no longer use EBX as a SWAPGS indicator. Signed-off-by: Andy Lutomirski Acked-by: Thomas Gleixner Cc: Borislav Petkov Cc: Dave Hansen Cc: Linus Torvalds Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/c47daa1888dc2298e7e1d3f82bd76b776ea33393.1539542111.git.luto@kernel.org Signed-off-by: Ingo Molnar commit 04f4f954b69526d7af8ffb8e5780f08b8a6cda2d Author: Jan Kiszka Date: Mon Oct 15 16:09:29 2018 +0200 x86/entry/32: Clear the CS high bits Even if not on an entry stack, the CS's high bits must be initialized because they are unconditionally evaluated in PARANOID_EXIT_TO_KERNEL_MODE. Failing to do so broke the boot on Galileo Gen2 and IOT2000 boards. [ bp: Make the commit message tone passive and impartial. ] Fixes: b92a165df17e ("x86/entry/32: Handle Entry from Kernel-Mode on Entry-Stack") Signed-off-by: Jan Kiszka Signed-off-by: Borislav Petkov Reviewed-by: Joerg Roedel Acked-by: Joerg Roedel CC: "H. Peter Anvin" CC: Andrea Arcangeli CC: Andy Lutomirski CC: Boris Ostrovsky CC: Brian Gerst CC: Dave Hansen CC: David Laight CC: Denys Vlasenko CC: Eduardo Valentin CC: Greg KH CC: Ingo Molnar CC: Jiri Kosina CC: Josh Poimboeuf CC: Juergen Gross CC: Linus Torvalds CC: Peter Zijlstra CC: Thomas Gleixner CC: Will Deacon CC: aliguori@amazon.com CC: daniel.gruss@iaik.tugraz.at CC: hughd@google.com CC: keescook@google.com CC: linux-mm CC: x86-ml Link: http://lkml.kernel.org/r/f271c747-1714-5a5b-a71f-ae189a093b8d@siemens.com Signed-off-by: Ingo Molnar commit 298faf53200fc02af38d32715697df6e661c1257 Author: Jiri Olsa Date: Tue Oct 16 17:06:07 2018 +0200 perf tools: Pass build flags to traceevent build So the extra user build flags are propagated to libtraceevent. Signed-off-by: Jiri Olsa Cc: "Herton R. Krzesinski" Cc: Steven Rostedt (VMware) Cc: Tzvetomir Stoyanov (VMware) Cc: Yordan Karadzhov (VMware) Link: http://lkml.kernel.org/r/20181016150614.21260-3-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit d4046e8e17b9f378cb861982ef71c63911b5dff3 Author: Milian Wolff Date: Wed Sep 26 15:52:07 2018 +0200 perf report: Don't crash on invalid inline debug information When the function name for an inline frame is invalid, we must not try to demangle this symbol, otherwise we crash with: #0 0x0000555555895c01 in bfd_demangle () #1 0x0000555555823262 in demangle_sym (dso=0x555555d92b90, elf_name=0x0, kmodule=0) at util/symbol-elf.c:215 #2 dso__demangle_sym (dso=dso@entry=0x555555d92b90, kmodule=, kmodule@entry=0, elf_name=elf_name@entry=0x0) at util/symbol-elf.c:400 #3 0x00005555557fef4b in new_inline_sym (funcname=0x0, base_sym=0x555555d92b90, dso=0x555555d92b90) at util/srcline.c:89 #4 inline_list__append_dso_a2l (dso=dso@entry=0x555555c7bb00, node=node@entry=0x555555e31810, sym=sym@entry=0x555555d92b90) at util/srcline.c:264 #5 0x00005555557ff27f in addr2line (dso_name=dso_name@entry=0x555555d92430 "/home/milian/.debug/.build-id/f7/186d14bb94f3c6161c010926da66033d24fce5/elf", addr=addr@entry=2888, file=file@entry=0x0, line=line@entry=0x0, dso=dso@entry=0x555555c7bb00, unwind_inlines=unwind_inlines@entry=true, node=0x555555e31810, sym=0x555555d92b90) at util/srcline.c:313 #6 0x00005555557ffe7c in addr2inlines (sym=0x555555d92b90, dso=0x555555c7bb00, addr=2888, dso_name=0x555555d92430 "/home/milian/.debug/.build-id/f7/186d14bb94f3c6161c010926da66033d24fce5/elf") at util/srcline.c:358 So instead handle the case where we get invalid function names for inlined frames and use a fallback '??' function name instead. While this crash was originally reported by Hadrien for rust code, I can now also reproduce it with trivial C++ code. Indeed, it seems like libbfd fails to interpret the debug information for the inline frame symbol name: $ addr2line -e /home/milian/.debug/.build-id/f7/186d14bb94f3c6161c010926da66033d24fce5/elf -if b48 main /usr/include/c++/8.2.1/complex:610 ?? /usr/include/c++/8.2.1/complex:618 ?? /usr/include/c++/8.2.1/complex:675 ?? /usr/include/c++/8.2.1/complex:685 main /home/milian/projects/kdab/rnd/hotspot/tests/test-clients/cpp-inlining/main.cpp:39 I've reported this bug upstream and also attached a patch there which should fix this issue: https://sourceware.org/bugzilla/show_bug.cgi?id=23715 Reported-by: Hadrien Grasland Signed-off-by: Milian Wolff Cc: Jin Yao Cc: Jiri Olsa Cc: Namhyung Kim Fixes: a64489c56c30 ("perf report: Find the inline stack for a given address") [ The above 'Fixes:' cset is where originally the problem was introduced, i.e. using a2l->funcname without checking if it is NULL, but this current patch fixes the current codebase, i.e. multiple csets were applied after a64489c56c30 before the problem was reported by Hadrien ] Link: http://lkml.kernel.org/r/20180926135207.30263-3-milian.wolff@kdab.com Signed-off-by: Arnaldo Carvalho de Melo commit 0ac1077e3a549bf8d35971613e2be05bdbb41a00 Author: Xin Long Date: Tue Oct 16 15:52:02 2018 +0800 sctp: get pr_assoc and pr_stream all status with SCTP_PR_SCTP_ALL instead According to rfc7496 section 4.3 or 4.4: sprstat_policy: This parameter indicates for which PR-SCTP policy the user wants the information. It is an error to use SCTP_PR_SCTP_NONE in sprstat_policy. If SCTP_PR_SCTP_ALL is used, the counters provided are aggregated over all supported policies. We change to dump pr_assoc and pr_stream all status by SCTP_PR_SCTP_ALL instead, and return error for SCTP_PR_SCTP_NONE, as it also said "It is an error to use SCTP_PR_SCTP_NONE in sprstat_policy. " Fixes: 826d253d57b1 ("sctp: add SCTP_PR_ASSOC_STATUS on sctp sockopt") Fixes: d229d48d183f ("sctp: add SCTP_PR_STREAM_STATUS sockopt for prsctp") Reported-by: Ying Xu Signed-off-by: Xin Long Acked-by: Neil Horman Signed-off-by: David S. Miller commit b955a910d7fde877e068f68fada5aac02e3a073d Merge: a886199872db a06ecbfe784c Author: Greg Kroah-Hartman Date: Tue Oct 16 18:53:31 2018 +0200 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc David writes: "Sparc fixes 1) Revert the %pOF change, it causes regressions. 2) Wire up io_pgetevents(). 3) Fix perf events on single-PCR sparc64 cpus. 4) Do proper perf event throttling like arm and x86." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: Revert "sparc: Convert to using %pOFn instead of device_node.name" sparc64: Set %l4 properly on trap return after handling signals. sparc64: Make proc_id signed. sparc: Throttle perf events properly. sparc: Fix single-pcr perf event counter management. sparc: Wire up io_pgetevents system call. sunvdc: Remove VLA usage commit a886199872db1d65e88e2a5b015016ab75b5b168 Merge: f0a7d1883d9f 073c1a781e4a Author: Greg Kroah-Hartman Date: Tue Oct 16 18:52:00 2018 +0200 Merge tag 'selinux-pr-20181015' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux Paul writes: "SELinux fixes for v4.19 We've got one SELinux "fix" that I'd like to get into v4.19 if possible. I'm using double quotes on "fix" as this is just an update to the MAINTAINERS file and not a code change. From my perspective, MAINTAINERS updates generally don't warrant inclusion during the -rcX phase, but this is a change to the mailing list location so it seemed prudent to get this in before v4.19 is released" * tag 'selinux-pr-20181015' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: MAINTAINERS: update the SELinux mailing list location commit a3671a4f973ee9d9621d60166cc3b037c397d604 Author: Gustavo A. R. Silva Date: Tue Oct 16 16:59:01 2018 +0200 RDMA/ucma: Fix Spectre v1 vulnerability hdr.cmd can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: drivers/infiniband/core/ucma.c:1686 ucma_write() warn: potential spectre issue 'ucma_cmd_table' [r] (local cap) Fix this by sanitizing hdr.cmd before using it to index ucm_cmd_table. Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva Signed-off-by: Doug Ledford commit 0295e39595e1146522f2722715dba7f7fba42217 Author: Gustavo A. R. Silva Date: Tue Oct 16 16:32:40 2018 +0200 IB/ucm: Fix Spectre v1 vulnerability hdr.cmd can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: drivers/infiniband/core/ucm.c:1127 ib_ucm_write() warn: potential spectre issue 'ucm_cmd_table' [r] (local cap) Fix this by sanitizing hdr.cmd before using it to index ucm_cmd_table. Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva Signed-off-by: Doug Ledford commit 0ed149cf5239cc6e7e65bf00f769e8f1e91076c0 Author: David Miller Date: Thu Oct 11 22:46:55 2018 -0700 perf cpu_map: Align cpu map synthesized events properly. The size of the resulting cpu map can be smaller than a multiple of sizeof(u64), resulting in SIGBUS on cpus like Sparc as the next event will not be aligned properly. Signed-off-by: David S. Miller Cc: Jiri Olsa Cc: Kan Liang Fixes: 6c872901af07 ("perf cpu_map: Add cpu_map event synthesize function") Link: http://lkml.kernel.org/r/20181011.224655.716771175766946817.davem@davemloft.net Signed-off-by: Arnaldo Carvalho de Melo commit c458a6206d2a8600934617ccf88ba7d3a030faba Author: Jiri Olsa Date: Tue Oct 16 13:48:18 2018 +0200 perf tools: Fix tracing_path_mount proper path If there's no tracefs (RHEL7) support the tracing_path_mount returns debugfs path which results in following fail: # perf probe sys_write kprobe_events file does not exist - please rebuild kernel with CONFIG_KPROBE_EVENTS. Error: Failed to add events. In tracing_path_debugfs_mount function we need to return the 'tracing' path instead of just the mount to make it work: # perf probe sys_write Added new event: probe:sys_write (on sys_write) You can now use it in all perf tools, such as: perf record -e probe:sys_write -aR sleep 1 Adding the 'return tracing_path;' also to tracing_path_tracefs_mount function just for consistency with tracing_path_debugfs_mount. Upstream keeps working, because it has the tracefs support. Link: http://lkml.kernel.org/n/tip-yiwkzexq9fk1ey1xg3gnjlw4@git.kernel.org Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Steven Rostedt Fixes: 23773ca18b39 ("perf tools: Make perf aware of tracefs") Link: http://lkml.kernel.org/r/20181016114818.3595-1-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 36b8d4628d3cc8f5a748e508cce8673bc00fc63c Author: Jarod Wilson Date: Thu Sep 6 18:18:12 2018 -0400 perf tools: Fix use of alternatives to find JDIR When a build is run from something like a cron job, the user's $PATH is rather minimal, of note, not including /usr/sbin in my own case. Because of that, an automated rpm package build ultimately fails to find libperf-jvmti.so, because somewhere within the build, this happens... /bin/sh: alternatives: command not found /bin/sh: alternatives: command not found Makefile.config:849: No openjdk development package found, please install JDK package, e.g. openjdk-8-jdk, java-1.8.0-openjdk-devel ...and while the build continues, libperf-jvmti.so isn't built, and things fall down when rpm tries to find all the %files specified. Exact same system builds everything just fine when the job is launched from a login shell instead of a cron job, since alternatives is in $PATH, so openjdk is actually found. The test required to get into this section of code actually specifies the full path, as does a block just above it, so let's do that here too. Signed-off-by: Jarod Wilson Acked-by: Jiri Olsa Cc: Alexander Shishkin Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Cc: William Cohen Fixes: d4dfdf00d43e ("perf jvmti: Plug compilation into perf build") Link: http://lkml.kernel.org/r/20180906221812.11167-1-jarod@redhat.com Signed-off-by: Arnaldo Carvalho de Melo commit 9068e02f58740778d8270840657f1e250a2cc60f Author: Clint Taylor Date: Fri Oct 5 14:52:15 2018 -0700 drm/edid: VSDB yCBCr420 Deep Color mode bit definitions HDMI Forum VSDB YCBCR420 deep color capability bits are 2:0. Correct definitions in the header for the mask to work correctly. Fixes: e6a9a2c3dc43 ("drm/edid: parse ycbcr 420 deep color information") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107893 Cc: # v4.14+ Signed-off-by: Clint Taylor Reviewed-by: Jani Nikula Reviewed-by: Shashank Sharma Signed-off-by: Jani Nikula Link: https://patchwork.freedesktop.org/patch/msgid/1538776335-12569-1-git-send-email-clinton.a.taylor@intel.com commit 4ab8455f8bd83298bf7f67ab9357e3b1cc765c7d Author: Jiri Olsa Date: Wed Oct 3 23:20:52 2018 +0200 perf evsel: Store ids for events with their own cpus perf_event__synthesize_event_update_cpus John reported crash when recording on an event under PMU with cpumask defined: root@localhost:~# ./perf_debug_ record -e armv8_pmuv3_0/br_mis_pred/ sleep 1 perf: Segmentation fault Obtained 9 stack frames. ./perf_debug_() [0x4c5ef8] [0xffff82ba267c] ./perf_debug_() [0x4bc5a8] ./perf_debug_() [0x419550] ./perf_debug_() [0x41a928] ./perf_debug_() [0x472f58] ./perf_debug_() [0x473210] ./perf_debug_() [0x4070f4] /lib/aarch64-linux-gnu/libc.so.6(__libc_start_main+0xe0) [0xffff8294c8a0] Segmentation fault (core dumped) We synthesize an update event that needs to touch the evsel id array, which is not defined at that time. Fixing this by forcing the id allocation for events with their own cpus. Reported-by: John Garry Signed-off-by: Jiri Olsa Tested-by: John Garry Cc: Alexander Shishkin Cc: Andi Kleen Cc: Mark Rutland Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Will Deacon Cc: linux-arm-kernel@lists.infradead.org Cc: linuxarm@huawei.com Fixes: bfd8f72c2778 ("perf record: Synthesize unit/scale/... in event update") Link: http://lkml.kernel.org/r/20181003212052.GA32371@krava Signed-off-by: Arnaldo Carvalho de Melo commit 665c365a77fbfeabe52694aedf3446d5f2f1ce42 Author: Alan Stern Date: Mon Oct 15 16:55:04 2018 -0400 USB: fix the usbfs flag sanitization for control transfers Commit 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") checks the transfer flags for URBs submitted from userspace via usbfs. However, the check for whether the USBDEVFS_URB_SHORT_NOT_OK flag should be allowed for a control transfer was added in the wrong place, before the code has properly determined the direction of the control transfer. (Control transfers are special because for them, the direction is set by the bRequestType byte of the Setup packet rather than direction bit of the endpoint address.) This patch moves code which sets up the allow_short flag for control transfers down after is_in has been set to the correct value. Signed-off-by: Alan Stern Reported-and-tested-by: syzbot+24a30223a4b609bb802e@syzkaller.appspotmail.com Fixes: 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") CC: Oliver Neukum CC: Signed-off-by: Greg Kroah-Hartman commit cf8afe5c53621eda385be961bc72329a2adcd767 Author: Helge Deller Date: Tue Oct 16 08:21:48 2018 +0200 parisc: Fix uninitialized variable usage in unwind.c As noticed by Dave Anglin, the last commit introduced a small bug where the potentially uninitialized r struct is used instead of the regs pointer as input for unwind_frame_init(). Fix it. Signed-off-by: Helge Deller Reported-by: John David Anglin commit 9845c49cc9bbb317a0bc9e9cf78d8e09d54c9af0 Author: Song Muchun Date: Sun Oct 14 19:26:12 2018 +0800 sched/fair: Fix the min_vruntime update logic in dequeue_entity() The comment and the code around the update_min_vruntime() call in dequeue_entity() are not in agreement. From commit: b60205c7c558 ("sched/fair: Fix min_vruntime tracking") I think that we want to update min_vruntime when a task is sleeping/migrating. So, the check is inverted there - fix it. Signed-off-by: Song Muchun Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: b60205c7c558 ("sched/fair: Fix min_vruntime tracking") Link: http://lkml.kernel.org/r/20181014112612.2614-1-smuchun@gmail.com Signed-off-by: Ingo Molnar commit bd8be2cf8b69573707f837786474c00ff7423a0f Merge: 1890fea7936a 140b6abac26d Author: David S. Miller Date: Mon Oct 15 23:17:25 2018 -0700 Merge branch 'nfp-fix-pedit-set-action-offloads' Jakub Kicinski says: ==================== nfp: fix pedit set action offloads Pieter says: This set fixes set actions when using multiple pedit actions with partial masks and with multiple keys per pedit action. Additionally it fixes set ipv6 pedit action offloads when using it in combination with other header keys. The problem would only trigger if one combines multiple pedit actions of the same type with partial masks, e.g.: $ tc filter add dev netdev protocol ip parent ffff: \ flower indev netdev \ ip_proto tcp \ action pedit ex munge \ ip src set 11.11.11.11 retain 65535 munge \ ip src set 22.22.22.22 retain 4294901760 pipe \ csum ip and tcp pipe \ mirred egress redirect dev netdev ==================== Signed-off-by: David S. Miller commit 140b6abac26d799f75d772ab5e969b34ad8d68f1 Author: Pieter Jansen van Vuuren Date: Mon Oct 15 16:52:25 2018 -0700 nfp: flower: use offsets provided by pedit instead of index for ipv6 Previously when populating the set ipv6 address action, we incorrectly made use of pedit's key index to determine which 32bit word should be set. We now calculate which word has been selected based on the offset provided by the pedit action. Fixes: 354b82bb320e ("nfp: add set ipv6 source and destination address") Signed-off-by: Pieter Jansen van Vuuren Reviewed-by: Jakub Kicinski Signed-off-by: David S. Miller commit d08c9e589300b015e72e5b41ff4dfed6eb8e7421 Author: Pieter Jansen van Vuuren Date: Mon Oct 15 16:52:24 2018 -0700 nfp: flower: fix multiple keys per pedit action Previously we only allowed a single header key per pedit action to change the header. This used to result in the last header key in the pedit action to overwrite previous headers. We now keep track of them and allow multiple header keys per pedit action. Fixes: c0b1bd9a8b8a ("nfp: add set ipv4 header action flower offload") Fixes: 354b82bb320e ("nfp: add set ipv6 source and destination address") Fixes: f8b7b0a6b113 ("nfp: add set tcp and udp header action flower offload") Signed-off-by: Pieter Jansen van Vuuren Reviewed-by: Jakub Kicinski Signed-off-by: David S. Miller commit 8913806f166e47c6b3fe8253e9cfb9caabe64341 Author: Pieter Jansen van Vuuren Date: Mon Oct 15 16:52:23 2018 -0700 nfp: flower: fix pedit set actions for multiple partial masks Previously we did not correctly change headers when using multiple pedit actions with partial masks. We now take this into account and no longer just commit the last pedit action. Fixes: c0b1bd9a8b8a ("nfp: add set ipv4 header action flower offload") Signed-off-by: Pieter Jansen van Vuuren Reviewed-by: Jakub Kicinski Signed-off-by: David S. Miller commit 1890fea7936ad9be0b7caf6a94146b0d905c4b60 Author: David Howells Date: Mon Oct 15 22:37:21 2018 +0100 rxrpc: Fix a missing rxrpc_put_peer() in the error_report handler Fix a missing call to rxrpc_put_peer() on the main path through the rxrpc_error_report() function. This manifests itself as a ref leak whenever an ICMP packet or other error comes in. In commit f334430316e7, the hand-off of the ref to a work item was removed and was not replaced with a put. Fixes: f334430316e7 ("rxrpc: Fix error distribution") Signed-off-by: David Howells Signed-off-by: David S. Miller commit d805397c3822d57ca3884d4bea37b2291fc40992 Author: Xin Long Date: Mon Oct 15 19:58:29 2018 +0800 sctp: use the pmtu from the icmp packet to update transport pathmtu Other than asoc pmtu sync from all transports, sctp_assoc_sync_pmtu is also processing transport pmtu_pending by icmp packets. But it's meaningless to use sctp_dst_mtu(t->dst) as new pmtu for a transport. The right pmtu value should come from the icmp packet, and it would be saved into transport->mtu_info in this patch and used later when the pmtu sync happens in sctp_sendmsg_to_asoc or sctp_packet_config. Besides, without this patch, as pmtu can only be updated correctly when receiving a icmp packet and no place is holding sock lock, it will take long time if the sock is busy with sending packets. Note that it doesn't process transport->mtu_info in .release_cb(), as there is no enough information for pmtu update, like for which asoc or transport. It is not worth traversing all asocs to check pmtu_pending. So unlike tcp, sctp does this in tx path, for which mtu_info needs to be atomic_t. Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller commit ec20a63aa8b8ec3223fb25cdb2a49f9f9dfda88c Author: Fugang Duan Date: Mon Oct 15 05:19:00 2018 +0000 net: fec: don't dump RX FIFO register when not available Commit db65f35f50e0 ("net: fec: add support of ethtool get_regs") introduce ethool "--register-dump" interface to dump all FEC registers. But not all silicon implementations of the Freescale FEC hardware module have the FRBR (FIFO Receive Bound Register) and FRSR (FIFO Receive Start Register) register, so we should not be trying to dump them on those that don't. To fix it we create a quirk flag, FEC_QUIRK_HAS_RFREG, and check it before dump those RX FIFO registers. Signed-off-by: Fugang Duan Signed-off-by: David S. Miller commit fbe1222c63b805e946c3af29b0bfbfee4c2fbeff Author: Colin Ian King Date: Sat Oct 13 16:48:25 2018 +0100 qed: fix spelling mistake "Ireelevant" -> "Irrelevant" Trivial fix to spelling mistake in DP_INFO message Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit dc012f3628eaecfb5ba68404a5c30ef501daf63d Author: Eric Dumazet Date: Fri Oct 12 18:58:53 2018 -0700 ipv6: mcast: fix a use-after-free in inet6_mc_check syzbot found a use-after-free in inet6_mc_check [1] The problem here is that inet6_mc_check() uses rcu and read_lock(&iml->sflock) So the fact that ip6_mc_leave_src() is called under RTNL and the socket lock does not help us, we need to acquire iml->sflock in write mode. In the future, we should convert all this stuff to RCU. [1] BUG: KASAN: use-after-free in ipv6_addr_equal include/net/ipv6.h:521 [inline] BUG: KASAN: use-after-free in inet6_mc_check+0xae7/0xb40 net/ipv6/mcast.c:649 Read of size 8 at addr ffff8801ce7f2510 by task syz-executor0/22432 CPU: 1 PID: 22432 Comm: syz-executor0 Not tainted 4.19.0-rc7+ #280 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 ipv6_addr_equal include/net/ipv6.h:521 [inline] inet6_mc_check+0xae7/0xb40 net/ipv6/mcast.c:649 __raw_v6_lookup+0x320/0x3f0 net/ipv6/raw.c:98 ipv6_raw_deliver net/ipv6/raw.c:183 [inline] raw6_local_deliver+0x3d3/0xcb0 net/ipv6/raw.c:240 ip6_input_finish+0x467/0x1aa0 net/ipv6/ip6_input.c:345 NF_HOOK include/linux/netfilter.h:289 [inline] ip6_input+0xe9/0x600 net/ipv6/ip6_input.c:426 ip6_mc_input+0x48a/0xd20 net/ipv6/ip6_input.c:503 dst_input include/net/dst.h:450 [inline] ip6_rcv_finish+0x17a/0x330 net/ipv6/ip6_input.c:76 NF_HOOK include/linux/netfilter.h:289 [inline] ipv6_rcv+0x120/0x640 net/ipv6/ip6_input.c:271 __netif_receive_skb_one_core+0x14d/0x200 net/core/dev.c:4913 __netif_receive_skb+0x2c/0x1e0 net/core/dev.c:5023 netif_receive_skb_internal+0x12c/0x620 net/core/dev.c:5126 napi_frags_finish net/core/dev.c:5664 [inline] napi_gro_frags+0x75a/0xc90 net/core/dev.c:5737 tun_get_user+0x3189/0x4250 drivers/net/tun.c:1923 tun_chr_write_iter+0xb9/0x154 drivers/net/tun.c:1968 call_write_iter include/linux/fs.h:1808 [inline] do_iter_readv_writev+0x8b0/0xa80 fs/read_write.c:680 do_iter_write+0x185/0x5f0 fs/read_write.c:959 vfs_writev+0x1f1/0x360 fs/read_write.c:1004 do_writev+0x11a/0x310 fs/read_write.c:1039 __do_sys_writev fs/read_write.c:1112 [inline] __se_sys_writev fs/read_write.c:1109 [inline] __x64_sys_writev+0x75/0xb0 fs/read_write.c:1109 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457421 Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 b5 fb ff c3 48 83 ec 08 e8 1a 2d 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 63 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007f2d30ecaba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000000003e RCX: 0000000000457421 RDX: 0000000000000001 RSI: 00007f2d30ecabf0 RDI: 00000000000000f0 RBP: 0000000020000500 R08: 00000000000000f0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00007f2d30ecb6d4 R13: 00000000004c4890 R14: 00000000004d7b90 R15: 00000000ffffffff Allocated by task 22437: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553 __do_kmalloc mm/slab.c:3718 [inline] __kmalloc+0x14e/0x760 mm/slab.c:3727 kmalloc include/linux/slab.h:518 [inline] sock_kmalloc+0x15a/0x1f0 net/core/sock.c:1983 ip6_mc_source+0x14dd/0x1960 net/ipv6/mcast.c:427 do_ipv6_setsockopt.isra.9+0x3afb/0x45d0 net/ipv6/ipv6_sockglue.c:743 ipv6_setsockopt+0xbd/0x170 net/ipv6/ipv6_sockglue.c:933 rawv6_setsockopt+0x59/0x140 net/ipv6/raw.c:1069 sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:3038 __sys_setsockopt+0x1ba/0x3c0 net/socket.c:1902 __do_sys_setsockopt net/socket.c:1913 [inline] __se_sys_setsockopt net/socket.c:1910 [inline] __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1910 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 22430: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0x102/0x150 mm/kasan/kasan.c:521 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528 __cache_free mm/slab.c:3498 [inline] kfree+0xcf/0x230 mm/slab.c:3813 __sock_kfree_s net/core/sock.c:2004 [inline] sock_kfree_s+0x29/0x60 net/core/sock.c:2010 ip6_mc_leave_src+0x11a/0x1d0 net/ipv6/mcast.c:2448 __ipv6_sock_mc_close+0x20b/0x4e0 net/ipv6/mcast.c:310 ipv6_sock_mc_close+0x158/0x1d0 net/ipv6/mcast.c:328 inet6_release+0x40/0x70 net/ipv6/af_inet6.c:452 __sock_release+0xd7/0x250 net/socket.c:579 sock_close+0x19/0x20 net/socket.c:1141 __fput+0x385/0xa30 fs/file_table.c:278 ____fput+0x15/0x20 fs/file_table.c:309 task_work_run+0x1e8/0x2a0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8801ce7f2500 which belongs to the cache kmalloc-192 of size 192 The buggy address is located 16 bytes inside of 192-byte region [ffff8801ce7f2500, ffff8801ce7f25c0) The buggy address belongs to the page: page:ffffea000739fc80 count:1 mapcount:0 mapping:ffff8801da800040 index:0x0 flags: 0x2fffc0000000100(slab) raw: 02fffc0000000100 ffffea0006f6e548 ffffea000737b948 ffff8801da800040 raw: 0000000000000000 ffff8801ce7f2000 0000000100000010 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801ce7f2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8801ce7f2480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc >ffff8801ce7f2500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8801ce7f2580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff8801ce7f2600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: David S. Miller commit d3092b2efca1cd1d492d0b08499a2066c5ca8cec Author: Tung Nguyen Date: Fri Oct 12 22:46:55 2018 +0200 tipc: fix unsafe rcu locking when accessing publication list The binding table's 'cluster_scope' list is rcu protected to handle races between threads changing the list and those traversing the list at the same moment. We have now found that the function named_distribute() uses the regular list_for_each() macro to traverse the said list. Likewise, the function tipc_named_withdraw() is removing items from the same list using the regular list_del() call. When these two functions execute in parallel we see occasional crashes. This commit fixes this by adding the missing _rcu() suffixes. Signed-off-by: Tung Nguyen Signed-off-by: Jon Maloy Signed-off-by: David S. Miller commit 7ec8dc96e1cb45693f28f1287802ef6f2888dae0 Author: David Howells Date: Fri Oct 12 16:38:36 2018 +0100 rxrpc: Fix incorrect conditional on IPV6 The udpv6_encap_enable() function is part of the ipv6 code, and if that is configured as a loadable module and rxrpc is built in then a build failure will occur because the conditional check is wrong: net/rxrpc/local_object.o: In function `rxrpc_lookup_local': local_object.c:(.text+0x2688): undefined reference to `udpv6_encap_enable' Use the correct config symbol (CONFIG_AF_RXRPC_IPV6) in the conditional check rather than CONFIG_IPV6 as that will do the right thing. Fixes: 5271953cad31 ("rxrpc: Use the UDP encap_rcv hook") Reported-by: kbuild-all@01.org Reported-by: Arnd Bergmann Signed-off-by: David Howells Reviewed-by: Arnd Bergmann Signed-off-by: David S. Miller commit f547fac624be53ad8b07e9ebca7654a7827ba61b Author: Sabrina Dubroca Date: Fri Oct 12 16:22:47 2018 +0200 ipv6: rate-limit probes for neighbourless routes When commit 270972554c91 ("[IPV6]: ROUTE: Add Router Reachability Probing (RFC4191).") introduced router probing, the rt6_probe() function required that a neighbour entry existed. This neighbour entry is used to record the timestamp of the last probe via the ->updated field. Later, commit 2152caea7196 ("ipv6: Do not depend on rt->n in rt6_probe().") removed the requirement for a neighbour entry. Neighbourless routes skip the interval check and are not rate-limited. This patch adds rate-limiting for neighbourless routes, by recording the timestamp of the last probe in the fib6_info itself. Fixes: 2152caea7196 ("ipv6: Do not depend on rt->n in rt6_probe().") Signed-off-by: Sabrina Dubroca Reviewed-by: Stefano Brivio Signed-off-by: David S. Miller commit 64bd9c8135751b561f27edaaffe93d07093f81af Author: Florian Fainelli Date: Thu Oct 11 15:06:33 2018 -0700 net: bcmgenet: Poll internal PHY for GENETv5 On GENETv5, there is a hardware issue which prevents the GENET hardware from generating a link UP interrupt when the link is operating at 10Mbits/sec. Since we do not have any way to configure the link detection logic, fallback to polling in that case. Fixes: 421380856d9c ("net: bcmgenet: add support for the GENETv5 hardware") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit d6672a5a97918f92bf2f3a2591f25d02bb0897a4 Author: YueHaibing Date: Thu Oct 11 22:32:39 2018 +0100 rxrpc: use correct kvec num when sending BUSY response packet Fixes gcc '-Wunused-but-set-variable' warning: net/rxrpc/output.c: In function 'rxrpc_reject_packets': net/rxrpc/output.c:527:11: warning: variable 'ioc' set but not used [-Wunused-but-set-variable] 'ioc' is the correct kvec num when sending a BUSY (or an ABORT) response packet. Fixes: ece64fec164f ("rxrpc: Emit BUSY packets when supposed to rather than ABORTs") Signed-off-by: YueHaibing Signed-off-by: David Howells Signed-off-by: David S. Miller commit d7b4c24f45d2efe51b8f213da4593fefd49240ba Author: David Howells Date: Thu Oct 11 22:32:31 2018 +0100 rxrpc: Fix an uninitialised variable Fix an uninitialised variable introduced by the last patch. This can cause a crash when a new call comes in to a local service, such as when an AFS fileserver calls back to the local cache manager. Fixes: c1e15b4944c9 ("rxrpc: Fix the packet reception routine") Signed-off-by: David Howells Signed-off-by: David S. Miller commit 4af00f4cc1ba34da4654ac31830843cae871642d Author: Jon Maloy Date: Thu Oct 11 22:02:29 2018 +0200 tipc: initialize broadcast link stale counter correctly In the commit referred to below we added link tolerance as an additional criteria for declaring broadcast transmission "stale" and resetting the unicast links to the affected node. Unfortunately, this 'improvement' introduced two bugs, which each and one alone cause only limited problems, but combined lead to seemingly stochastic unicast link resets, depending on the amount of broadcast traffic transmitted. The first issue, a missing initialization of the 'tolerance' field of the receiver broadcast link, was recently fixed by commit 047491ea334a ("tipc: set link tolerance correctly in broadcast link"). Ths second issue, where we omit to reset the 'stale_cnt' field of the same link after a 'stale' period is over, leads to this counter accumulating over time, and in the absence of the 'tolerance' criteria leads to the above described symptoms. This commit adds the missing initialization. Fixes: a4dc70d46cf1 ("tipc: extend link reset criteria for stale packet retransmission") Signed-off-by: Jon Maloy Acked-by: Ying Xue Signed-off-by: David S. Miller commit 5a8e7aea953bdb6d4da13aff6f1e7f9c62023499 Author: Cong Wang Date: Thu Oct 11 11:15:13 2018 -0700 llc: set SOCK_RCU_FREE in llc_sap_add_socket() WHen an llc sock is added into the sk_laddr_hash of an llc_sap, it is not marked with SOCK_RCU_FREE. This causes that the sock could be freed while it is still being read by __llc_lookup_established() with RCU read lock. sock is refcounted, but with RCU read lock, nothing prevents the readers getting a zero refcnt. Fix it by setting SOCK_RCU_FREE in llc_sap_add_socket(). Reported-by: syzbot+11e05f04c15e03be5254@syzkaller.appspotmail.com Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit d0f068e5720ac4eea13e184bb7526848f189f909 Merge: e331473fee3d 37fdffb217a4 Author: David S. Miller Date: Mon Oct 15 21:51:28 2018 -0700 Merge tag 'mlx5-fixes-2018-10-10' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux Saeed Mahameed says: ==================== Mellanox, mlx5 fixes 2018-10-10 This pull request includes some fixes to mlx5 driver, Please pull and let me know if there's any problem. For -stable v4.11: ('net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type') For -stable v4.17: ('net/mlx5: Fix memory leak when setting fpga ipsec caps') For -stable v4.18: ('net/mlx5: WQ, fixes for fragmented WQ buffers API') ==================== Signed-off-by: David S. Miller commit e331473fee3d500bb0d2582a1fe598df3326d8cd Author: Davide Caratti Date: Wed Oct 10 22:00:58 2018 +0200 net/sched: cls_api: add missing validation of netlink attributes Similarly to what has been done in 8b4c3cdd9dd8 ("net: sched: Add policy validation for tc attributes"), fix classifier code to add validation of TCA_CHAIN and TCA_KIND netlink attributes. tested with: # ./tdc.py -c filter v2: Let sch_api and cls_api share nla_policy they have in common, thanks to David Ahern. v3: Avoid EXPORT_SYMBOL(), as validation of those attributes is not done by TC modules, thanks to Cong Wang. While at it, restore the 'Delete / get qdisc' comment to its orginal position, just above tc_get_qdisc() function prototype. Fixes: 5bc1701881e39 ("net: sched: introduce multichain support for filters") Signed-off-by: Davide Caratti Signed-off-by: David S. Miller commit 58f5bbe331c566f49c9559568f982202a278aa78 Author: Wenwen Wang Date: Mon Oct 8 10:49:35 2018 -0500 ethtool: fix a privilege escalation bug In dev_ethtool(), the eth command 'ethcmd' is firstly copied from the use-space buffer 'useraddr' and checked to see whether it is ETHTOOL_PERQUEUE. If yes, the sub-command 'sub_cmd' is further copied from the user space. Otherwise, 'sub_cmd' is the same as 'ethcmd'. Next, according to 'sub_cmd', a permission check is enforced through the function ns_capable(). For example, the permission check is required if 'sub_cmd' is ETHTOOL_SCOALESCE, but it is not necessary if 'sub_cmd' is ETHTOOL_GCOALESCE, as suggested in the comment "Allow some commands to be done by anyone". The following execution invokes different handlers according to 'ethcmd'. Specifically, if 'ethcmd' is ETHTOOL_PERQUEUE, ethtool_set_per_queue() is called. In ethtool_set_per_queue(), the kernel object 'per_queue_opt' is copied again from the user-space buffer 'useraddr' and 'per_queue_opt.sub_command' is used to determine which operation should be performed. Given that the buffer 'useraddr' is in the user space, a malicious user can race to change the sub-command between the two copies. In particular, the attacker can supply ETHTOOL_PERQUEUE and ETHTOOL_GCOALESCE to bypass the permission check in dev_ethtool(). Then before ethtool_set_per_queue() is called, the attacker changes ETHTOOL_GCOALESCE to ETHTOOL_SCOALESCE. In this way, the attacker can bypass the permission check and execute ETHTOOL_SCOALESCE. This patch enforces a check in ethtool_set_per_queue() after the second copy from 'useraddr'. If the sub-command is different from the one obtained in the first copy in dev_ethtool(), an error code EINVAL will be returned. Fixes: f38d138a7da6 ("net/ethtool: support set coalesce per queue") Signed-off-by: Wenwen Wang Reviewed-by: Michal Kubecek Signed-off-by: David S. Miller commit 2bb3207dbbd4d30e96dd0e1c8e013104193bd59c Author: Wenwen Wang Date: Tue Oct 9 08:15:38 2018 -0500 ethtool: fix a missing-check bug In ethtool_get_rxnfc(), the eth command 'cmd' is compared against 'ETHTOOL_GRXFH' to see whether it is necessary to adjust the variable 'info_size'. Then the whole structure of 'info' is copied from the user-space buffer 'useraddr' with 'info_size' bytes. In the following execution, 'info' may be copied again from the buffer 'useraddr' depending on the 'cmd' and the 'info.flow_type'. However, after these two copies, there is no check between 'cmd' and 'info.cmd'. In fact, 'cmd' is also copied from the buffer 'useraddr' in dev_ethtool(), which is the caller function of ethtool_get_rxnfc(). Given that 'useraddr' is in the user space, a malicious user can race to change the eth command in the buffer between these copies. By doing so, the attacker can supply inconsistent data and cause undefined behavior because in the following execution 'info' will be passed to ops->get_rxnfc(). This patch adds a necessary check on 'info.cmd' and 'cmd' to confirm that they are still same after the two copies in ethtool_get_rxnfc(). Otherwise, an error code EINVAL will be returned. Signed-off-by: Wenwen Wang Signed-off-by: David S. Miller commit d49c88d7677ba737e9d2759a87db0402d5ab2607 Author: Jian-Hong Pan Date: Thu Sep 27 12:09:48 2018 +0800 r8169: Enable MSI-X on RTL8106e Originally, we have an issue where r8169 MSI-X interrupt is broken after S3 suspend/resume on RTL8106e of ASUS X441UAR. 02:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8101/2/6E PCI Express Fast/Gigabit Ethernet controller [10ec:8136] (rev 07) Subsystem: ASUSTeK Computer Inc. RTL810xE PCI Express Fast Ethernet controller [1043:200f] Flags: bus master, fast devsel, latency 0, IRQ 16 I/O ports at e000 [size=256] Memory at ef100000 (64-bit, non-prefetchable) [size=4K] Memory at e0000000 (64-bit, prefetchable) [size=16K] Capabilities: [40] Power Management version 3 Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+ Capabilities: [70] Express Endpoint, MSI 01 Capabilities: [b0] MSI-X: Enable+ Count=4 Masked- Capabilities: [d0] Vital Product Data Capabilities: [100] Advanced Error Reporting Capabilities: [140] Virtual Channel Capabilities: [160] Device Serial Number 01-00-00-00-36-4c-e0-00 Capabilities: [170] Latency Tolerance Reporting Kernel driver in use: r8169 Kernel modules: r8169 We found the all of the values in PCI BAR=4 of the ethernet adapter become 0xFF after system resumes. That breaks the MSI-X interrupt. Therefore, we can only fall back to MSI interrupt to fix the issue at that time. However, there is a commit which resolves the drivers getting nothing in PCI BAR=4 after system resumes. It is 04cb3ae895d7 "PCI: Reprogram bridge prefetch registers on resume" by Daniel Drake. After apply the patch, the ethernet adapter works fine before suspend and after resume. So, we can revert the workaround after the commit "PCI: Reprogram bridge prefetch registers on resume" is merged into main tree. This patch reverts commit 7bb05b85bc2d1a1b647b91424b2ed4a18e6ecd81 "r8169: don't use MSI-X on RTL8106e". Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=201181 Fixes: 7bb05b85bc2d ("r8169: don't use MSI-X on RTL8106e") Signed-off-by: Jian-Hong Pan Signed-off-by: David S. Miller commit a06ecbfe784ceb22e56ae3cd75fe77138e7cfa0b Author: David S. Miller Date: Mon Oct 15 18:32:54 2018 -0700 Revert "sparc: Convert to using %pOFn instead of device_node.name" This reverts commit 0b9871a3a8cc7234c285b5d9bf66cc6712cfee7c. Causes crashes with qemu, interacts badly with commit commit 6d0a70a284be ("vsprintf: print OF node name using full_name") etc. Reported-by: Guenter Roeck Signed-off-by: David S. Miller commit a309d5db58793d4d91f5a346e3fa58aa6bf60b12 Author: Matthew Wilcox Date: Mon Oct 15 16:28:21 2018 -0400 idr: Change documentation license This documentation was inadvertently released under the CC-BY-SA-4.0 license. It was intended to be released under GPL-2.0 or later. Signed-off-by: Matthew Wilcox commit c994b12945a65cd892ca2cf7ddcf0b7d8b25cdec Author: Matthew Wilcox Date: Mon Oct 15 16:23:08 2018 -0400 test_ida: Fix lockdep warning The IDA was declared on the stack instead of statically, so lockdep triggered a warning that it was improperly initialised. Reported-by: 0day bot Tested-by: Rong Chen Signed-off-by: Matthew Wilcox commit 13c1c5e4d7f887cba36c5e3df3faa22071c1469f Author: Mikhail Nikiforov Date: Mon Oct 15 11:17:56 2018 -0700 Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM Add ELAN061C to the ACPI table to support Elan touchpad found in Lenovo IdeaPad 330-15IGM. Signed-off-by: Mikhail Nikiforov Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov commit f0a7d1883d9f78ae7bf15fc258bf9a2b20f35b76 Author: David Howells Date: Mon Oct 15 12:43:02 2018 +0100 afs: Fix clearance of reply The recent patch to fix the afs_server struct leak didn't actually fix the bug, but rather fixed some of the symptoms. The problem is that an asynchronous call that holds a resource pointed to by call->reply[0] will find the pointer cleared in the call destructor, thereby preventing the resource from being cleaned up. In the case of the server record leak, the afs_fs_get_capabilities() function in devel code sets up a call with reply[0] pointing at the server record that should be altered when the result is obtained, but this was being cleared before the destructor was called, so the put in the destructor does nothing and the record is leaked. Commit f014ffb025c1 removed the additional ref obtained by afs_install_server(), but the removal of this ref is actually used by the garbage collector to mark a server record as being defunct after the record has expired through lack of use. The offending clearance of call->reply[0] upon completion in afs_process_async_call() has been there from the origin of the code, but none of the asynchronous calls actually use that pointer currently, so it should be safe to remove (note that synchronous calls don't involve this function). Fix this by the following means: (1) Revert commit f014ffb025c1. (2) Remove the clearance of reply[0] from afs_process_async_call(). Without this, afs_manage_servers() will suffer an assertion failure if it sees a server record that didn't get used because the usage count is not 1. Fixes: f014ffb025c1 ("afs: Fix afs_server struct leak") Fixes: 08e0e7c82eea ("[AF_RXRPC]: Make the in-kernel AFS filesystem use AF_RXRPC.") Signed-off-by: David Howells Cc: stable Signed-off-by: Greg Kroah-Hartman commit 35a7f35ad1b150ddf59a41dcac7b2fa32982be0e Author: Greg Kroah-Hartman Date: Mon Oct 15 07:20:24 2018 +0200 Linux 4.19-rc8 commit d1f1f98c6d1708a90436e1a3b2aff5e93946731b Author: David S. Miller Date: Sun Oct 14 20:22:28 2018 -0700 sparc64: Set %l4 properly on trap return after handling signals. If we did some signal processing, we have to reload the pt_regs tstate register because it's value may have changed. In doing so we also have to extract the %pil value contained in there anre load that into %l4. This value is at bit 20 and thus needs to be shifted down before we later write it into the %pil register. Most of the time this is harmless as we are returning to userspace and the %pil is zero for that case. Signed-off-by: David S. Miller commit b3e1eb8e7ac9aaa283989496651d99267c4cad6c Author: David S. Miller Date: Sun Oct 14 20:19:31 2018 -0700 sparc64: Make proc_id signed. So that when it is unset, ie. '-1', userspace can see it properly. Signed-off-by: David S. Miller commit 028c99fa912b4ad2174793da97694a9c4b2cd305 Merge: bab5c80b2110 cee271678d0e Author: David S. Miller Date: Sun Oct 14 13:01:20 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Daniel Borkmann says: ==================== pull-request: bpf 2018-10-14 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Fix xsk map update and delete operation to not call synchronize_net() but to piggy back on SOCK_RCU_FREE for sockets instead as we are not allowed to sleep under RCU, from Björn. 2) Do not change RLIMIT_MEMLOCK in reuseport_bpf selftest if the process already has unlimited RLIMIT_MEMLOCK, from Eric. ==================== Signed-off-by: David S. Miller commit dca5203e3fe2f5d8bc8157b205d766142d3a6b77 Author: Nathan Chancellor Date: Fri Oct 12 18:07:14 2018 -0700 x86/boot: Add -Wno-pointer-sign to KBUILD_CFLAGS When compiling the kernel with Clang, this warning appears even though it is disabled for the whole kernel because this folder has its own set of KBUILD_CFLAGS. It was disabled before the beginning of git history. In file included from arch/x86/boot/compressed/kaslr.c:29: In file included from arch/x86/boot/compressed/misc.h:21: In file included from ./include/linux/elf.h:5: In file included from ./arch/x86/include/asm/elf.h:77: In file included from ./arch/x86/include/asm/vdso.h:11: In file included from ./include/linux/mm_types.h:9: In file included from ./include/linux/spinlock.h:88: In file included from ./arch/x86/include/asm/spinlock.h:43: In file included from ./arch/x86/include/asm/qrwlock.h:6: ./include/asm-generic/qrwlock.h:101:53: warning: passing 'u32 *' (aka 'unsigned int *') to parameter of type 'int *' converts between pointers to integer types with different sign [-Wpointer-sign] if (likely(atomic_try_cmpxchg_acquire(&lock->cnts, &cnts, _QW_LOCKED))) ^~~~~ ./include/linux/compiler.h:76:40: note: expanded from macro 'likely' # define likely(x) __builtin_expect(!!(x), 1) ^ ./include/asm-generic/atomic-instrumented.h:69:66: note: passing argument to parameter 'old' here static __always_inline bool atomic_try_cmpxchg(atomic_t *v, int *old, int new) ^ Signed-off-by: Nathan Chancellor Signed-off-by: Thomas Gleixner Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Nick Desaulniers Link: https://lkml.kernel.org/r/20181013010713.6999-1-natechancellor@gmail.com commit 53c13ba8ed39e89f21a0b98f4c8a241bb44e483d Author: Nathan Chancellor Date: Fri Oct 12 17:53:12 2018 -0700 x86/time: Correct the attribute on jiffies' definition Clang warns that the declaration of jiffies in include/linux/jiffies.h doesn't match the definition in arch/x86/time/kernel.c: arch/x86/kernel/time.c:29:42: warning: section does not match previous declaration [-Wsection] __visible volatile unsigned long jiffies __cacheline_aligned = INITIAL_JIFFIES; ^ ./include/linux/cache.h:49:4: note: expanded from macro '__cacheline_aligned' __section__(".data..cacheline_aligned"))) ^ ./include/linux/jiffies.h:81:31: note: previous attribute is here extern unsigned long volatile __cacheline_aligned_in_smp __jiffy_arch_data jiffies; ^ ./arch/x86/include/asm/cache.h:20:2: note: expanded from macro '__cacheline_aligned_in_smp' __page_aligned_data ^ ./include/linux/linkage.h:39:29: note: expanded from macro '__page_aligned_data' #define __page_aligned_data __section(.data..page_aligned) __aligned(PAGE_SIZE) ^ ./include/linux/compiler_attributes.h:233:56: note: expanded from macro '__section' #define __section(S) __attribute__((__section__(#S))) ^ 1 warning generated. The declaration was changed in commit 7c30f352c852 ("jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp") but wasn't updated here. Make them match so Clang no longer warns. Fixes: 7c30f352c852 ("jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp") Signed-off-by: Nathan Chancellor Signed-off-by: Thomas Gleixner Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Nick Desaulniers Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20181013005311.28617-1-natechancellor@gmail.com commit 16561f27f94e6193ee8f5b9b74801e1668c86efc Author: Dave Hansen Date: Fri Oct 12 16:21:18 2018 -0700 x86/entry: Add some paranoid entry/exit CR3 handling comments Andi Kleen was just asking me about the NMI CR3 handling and why we restore it unconditionally. I was *sure* we had documented it well. We did not. Add some documentation. We have common entry code where the CR3 value is stashed, but three places in two big code paths where we restore it. I put bulk of the comments in this common path and then refer to it from the other spots. Signed-off-by: Dave Hansen Signed-off-by: Thomas Gleixner Cc: luto@kernel.org Cc: bp@alien8.de Cc: "H. Peter Anvin" Cc: Borislav Petkov Link: https://lkml.kernel.org/r/20181012232118.3EAAE77B@viggo.jf.intel.com commit b59167ac7bafd804c91e49ad53c6d33a7394d4c8 Author: Peter Zijlstra Date: Thu Oct 11 12:38:27 2018 +0200 x86/percpu: Fix this_cpu_read() Eric reported that a sequence count loop using this_cpu_read() got optimized out. This is wrong, this_cpu_read() must imply READ_ONCE() because the interface is IRQ-safe, therefore an interrupt can have changed the per-cpu value. Fixes: 7c3576d261ce ("[PATCH] i386: Convert PDA into the percpu section") Reported-by: Eric Dumazet Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Acked-by: Eric Dumazet Cc: hpa@zytor.com Cc: eric.dumazet@gmail.com Cc: bp@alien8.de Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20181011104019.748208519@infradead.org commit 4907c68abd3f60f650f98d5a69d4ec77c0bde44f Author: Peter Zijlstra Date: Thu Oct 11 12:38:26 2018 +0200 x86/tsc: Force inlining of cyc2ns bits Looking at the asm for native_sched_clock() I noticed we don't inline enough. Mostly caused by sharing code with cyc2ns_read_begin(), which we didn't used to do. So mark all that __force_inline to make it DTRT. Fixes: 59eaef78bfea ("x86/tsc: Remodel cyc2ns to use seqcount_latch()") Reported-by: Eric Dumazet Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Cc: hpa@zytor.com Cc: eric.dumazet@gmail.com Cc: bp@alien8.de Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20181011104019.695196158@infradead.org commit 3a27203102ebfa67bd0bced05b1def499bb59db2 Merge: a24a0eb9c897 4628a64591e6 Author: Greg Kroah-Hartman Date: Sun Oct 14 08:34:31 2018 +0200 Merge tag 'libnvdimm-fixes-4.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Dan writes: "libnvdimm/dax 4.19-rc8 * Fix a livelock in dax_layout_busy_page() present since v4.18. The lockup triggers when truncating an actively mapped huge page out of a mapping pinned for direct-I/O. * Fix mprotect() clobbers of _PAGE_DEVMAP. Broken since v4.5 mprotect() clears this flag that is needed to communicate the liveness of device pages to the get_user_pages() path." * tag 'libnvdimm-fixes-4.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: mm: Preserve _PAGE_DEVMAP across mprotect() calls filesystem-dax: Fix dax_layout_busy_page() livelock commit a24a0eb9c8972803a8707041fc9ed9080cdaf1b9 Merge: 7ec21823634d 34d1b82cd198 Author: Greg Kroah-Hartman Date: Sun Oct 14 08:33:35 2018 +0200 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Wolfram writes: "i2c fix for 4.19: I2C has one documentation bugfix for something we changed during the v4.19 cycle" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: Fix kerneldoc for renamed i2c dma put function commit 7ec21823634d7cb7ea20539b877c0d31830c6ad4 Merge: f8ccb14fd6c9 5f8bb004bca4 Author: Greg Kroah-Hartman Date: Sat Oct 13 15:11:15 2018 +0200 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Paolo writes: "KVM fixes for 4.19-rc8 Leftover bugfixes." * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: vmx: hyper-v: don't pass EPT configuration info to vmx_hv_remote_flush_tlb() KVM: x86: support CONFIG_KVM_AMD=y with CONFIG_CRYPTO_DEV_CCP_DD=m ARM: KVM: Correctly order SGI register entries in the cp15 array commit 5f8bb004bca43f7b5043c02b4aa5b9b43e15fe50 Author: Vitaly Kuznetsov Date: Thu Oct 11 12:03:12 2018 +0200 KVM: vmx: hyper-v: don't pass EPT configuration info to vmx_hv_remote_flush_tlb() I'm observing random crashes in multi-vCPU L2 guests running on KVM on Hyper-V. I bisected the issue to the commit 877ad952be3d ("KVM: vmx: Add tlb_remote_flush callback support"). Hyper-V TLFS states: "AddressSpace specifies an address space ID (an EPT PML4 table pointer)" So apparently, Hyper-V doesn't expect us to pass naked EPTP, only PML4 pointer should be used. Strip off EPT configuration information before calling into vmx_hv_remote_flush_tlb(). Fixes: 877ad952be3d ("KVM: vmx: Add tlb_remote_flush callback support") Signed-off-by: Vitaly Kuznetsov Signed-off-by: Paolo Bonzini commit f8ccb14fd6c9f58ef766062b7e3929c423580f09 Author: Richard Weinberger Date: Sat Oct 13 10:18:41 2018 +0200 ubifs: Fix WARN_ON logic in exit path ubifs_assert() is not WARN_ON(), so we have to invert the checks. Randy faced this warning with UBIFS being a module, since most users use UBIFS as builtin because UBIFS is the rootfs nobody noticed so far. :-( Including me. Reported-by: Randy Dunlap Fixes: 54169ddd382d ("ubifs: Turn two ubifs_assert() into a WARN_ON()") Signed-off-by: Richard Weinberger Signed-off-by: Greg Kroah-Hartman commit 79fc170b1f5c36f486d886bfbd59eb4e62321128 Merge: cafa017dc5df ac081c3be3fa Author: Greg Kroah-Hartman Date: Sat Oct 13 09:31:19 2018 +0200 Merge branch 'akpm' Fixes from Andrew: * akpm: fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE ocfs2: fix a GCC warning commit ac081c3be3fae6d0cc3e1862507fca3862d30b67 Author: Khazhismel Kumykov Date: Fri Oct 12 21:34:40 2018 -0700 fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() On non-preempt kernels this loop can take a long time (more than 50 ticks) processing through entries. Link: http://lkml.kernel.org/r/20181010172623.57033-1-khazhy@google.com Signed-off-by: Khazhismel Kumykov Acked-by: OGAWA Hirofumi Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit bfba8e5cf28f413aa05571af493871d74438979f Author: Jérôme Glisse Date: Fri Oct 12 21:34:36 2018 -0700 mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Inside set_pmd_migration_entry() we are holding page table locks and thus we can not sleep so we can not call invalidate_range_start/end() So remove call to mmu_notifier_invalidate_range_start/end() because they are call inside the function calling set_pmd_migration_entry() (see try_to_unmap_one()). Link: http://lkml.kernel.org/r/20181012181056.7864-1-jglisse@redhat.com Signed-off-by: Jérôme Glisse Reported-by: Andrea Arcangeli Reviewed-by: Zi Yan Acked-by: Michal Hocko Cc: Greg Kroah-Hartman Cc: Kirill A. Shutemov Cc: "H. Peter Anvin" Cc: Anshuman Khandual Cc: Dave Hansen Cc: David Nellans Cc: Ingo Molnar Cc: Mel Gorman Cc: Minchan Kim Cc: Naoya Horiguchi Cc: Thomas Gleixner Cc: Vlastimil Babka Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 7aa867dd89526e9cfd9714d8b9b587c016eaea34 Author: Jann Horn Date: Fri Oct 12 21:34:32 2018 -0700 mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE Daniel Micay reports that attempting to use MAP_FIXED_NOREPLACE in an application causes that application to randomly crash. The existing check for handling MAP_FIXED_NOREPLACE looks up the first VMA that either overlaps or follows the requested region, and then bails out if that VMA overlaps *the start* of the requested region. It does not bail out if the VMA only overlaps another part of the requested region. Fix it by checking that the found VMA only starts at or after the end of the requested region, in which case there is no overlap. Test case: user@debian:~$ cat mmap_fixed_simple.c #include #include #include #include #include #ifndef MAP_FIXED_NOREPLACE #define MAP_FIXED_NOREPLACE 0x100000 #endif int main(void) { char *p; errno = 0; p = mmap((void*)0x10001000, 0x4000, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0); printf("p1=%p err=%m\n", p); errno = 0; p = mmap((void*)0x10000000, 0x2000, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0); printf("p2=%p err=%m\n", p); char cmd[100]; sprintf(cmd, "cat /proc/%d/maps", getpid()); system(cmd); return 0; } user@debian:~$ gcc -o mmap_fixed_simple mmap_fixed_simple.c user@debian:~$ ./mmap_fixed_simple p1=0x10001000 err=Success p2=0x10000000 err=Success 10000000-10002000 r--p 00000000 00:00 0 10002000-10005000 ---p 00000000 00:00 0 564a9a06f000-564a9a070000 r-xp 00000000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a26f000-564a9a270000 r--p 00000000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a270000-564a9a271000 rw-p 00001000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a54a000-564a9a56b000 rw-p 00000000 00:00 0 [heap] 7f8eba447000-7f8eba5dc000 r-xp 00000000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba5dc000-7f8eba7dc000 ---p 00195000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7dc000-7f8eba7e0000 r--p 00195000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7e0000-7f8eba7e2000 rw-p 00199000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7e2000-7f8eba7e6000 rw-p 00000000 00:00 0 7f8eba7e6000-7f8eba809000 r-xp 00000000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8eba9e9000-7f8eba9eb000 rw-p 00000000 00:00 0 7f8ebaa06000-7f8ebaa09000 rw-p 00000000 00:00 0 7f8ebaa09000-7f8ebaa0a000 r--p 00023000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8ebaa0a000-7f8ebaa0b000 rw-p 00024000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8ebaa0b000-7f8ebaa0c000 rw-p 00000000 00:00 0 7ffcc99fa000-7ffcc9a1b000 rw-p 00000000 00:00 0 [stack] 7ffcc9b44000-7ffcc9b47000 r--p 00000000 00:00 0 [vvar] 7ffcc9b47000-7ffcc9b49000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] user@debian:~$ uname -a Linux debian 4.19.0-rc6+ #181 SMP Wed Oct 3 23:43:42 CEST 2018 x86_64 GNU/Linux user@debian:~$ As you can see, the first page of the mapping at 0x10001000 was clobbered. Link: http://lkml.kernel.org/r/20181010152736.99475-1-jannh@google.com Fixes: a4ff8e8620d3 ("mm: introduce MAP_FIXED_NOREPLACE") Signed-off-by: Jann Horn Reported-by: Daniel Micay Acked-by: Michal Hocko Acked-by: John Hubbard Acked-by: Kees Cook Acked-by: Vlastimil Babka Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 1cff514a5101d514900f0e94613402d8a18359e6 Author: zhong jiang Date: Fri Oct 12 21:34:26 2018 -0700 ocfs2: fix a GCC warning Fix the following compile warning: fs/ocfs2/dlmglue.c:99:30: warning: ‘lockdep_keys’ defined but not used [-Wunused-variable] static struct lock_class_key lockdep_keys[OCFS2_NUM_LOCK_TYPES]; Link: http://lkml.kernel.org/r/1536938148-32110-1-git-send-email-zhongjiang@huawei.com Signed-off-by: zhong jiang Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit cafa017dc5df8abc38308fedae3f1bd7ff67802d Merge: ed66c252d916 5e65a20341e0 Author: Greg Kroah-Hartman Date: Sat Oct 13 09:07:23 2018 +0200 Merge tag 'for-linus-20181012' of git://git.kernel.dk/linux-block Jens writes: "block fix for 4.19-rc Just a single fix that should go in, fixing a regression introduced in the blk-wbt code." * tag 'for-linus-20181012' of git://git.kernel.dk/linux-block: blk-wbt: wake up all when we scale up, not down commit ed66c252d9169698b1052d5e3dc7b7764adb20b9 Merge: e66d001c454b fee5150c484c Author: Greg Kroah-Hartman Date: Sat Oct 13 09:06:27 2018 +0200 Merge tag 'gfs2-4.19.fixes3' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 Andreas writes: "gfs2 4.19 fixes Fix iomap buffered write support for journaled files" * tag 'gfs2-4.19.fixes3' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: gfs2: Fix iomap buffered write support for journaled files (2) commit e66d001c454b9ac8d7b809e84f457b98def209a1 Merge: bab5c80b2110 ca2b497253ad Author: Greg Kroah-Hartman Date: Sat Oct 13 09:05:37 2018 +0200 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Will writes: "More arm64 fixes - Reject CHAIN PMU events when they are not part of a 64-bit counter - Fix WARN_ON_ONCE() that triggers for reserved regions that don't correspond to mapped memory" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: perf: Reject stand-alone CHAIN events for PMUv3 arm64: Fix /proc/iomem for reserved but not memory regions commit 455adb3174d2c8518cef1a61140c211f6ac224d2 Author: David S. Miller Date: Fri Oct 12 10:33:20 2018 -0700 sparc: Throttle perf events properly. Like x86 and arm, call perf_sample_event_took() in perf event NMI interrupt handler. Signed-off-by: David S. Miller commit cfdc3170d214046b9509183fe9b9544dc644d40b Author: David S. Miller Date: Fri Oct 12 10:31:58 2018 -0700 sparc: Fix single-pcr perf event counter management. It is important to clear the hw->state value for non-stopped events when they are added into the PMU. Otherwise when the event is scheduled out, we won't read the counter because HES_UPTODATE is still set. This breaks 'perf stat' and similar use cases, causing all the events to show zero. This worked for multi-pcr because we make explicit sparc_pmu_start() calls in calculate_multiple_pcrs(). calculate_single_pcr() doesn't do this because the idea there is to accumulate all of the counter settings into the single pcr value. So we have to add explicit hw->state handling there. Like x86, we use the PERF_HES_ARCH bit to track truly stopped events so that we don't accidently start them on a reload. Related to all of this, sparc_pmu_start() is missing a userpage update so add it. Signed-off-by: David S. Miller commit bab5c80b211035739997ebd361a679fa85b39465 Merge: f014ffb025c1 3f4258bbe036 Author: Greg Kroah-Hartman Date: Fri Oct 12 17:41:27 2018 +0200 Merge tag 'armsoc-fixes-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Arnd writes: "ARM: SoC fixes for 4.19 Two last minute bugfixes, both for NXP platforms: * The Layerscape 'qbman' infrastructure suffers from probe ordering bugs in some configurations, a two-patch series adds a hotfix for this. 4.20 will have a longer set of patches to rework it. * The old imx53-qsb board regressed in 4.19 after the addition of cpufreq support, adding a set of explicit operating points fixes this." * tag 'armsoc-fixes-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: soc: fsl: qman_portals: defer probe after qman's probe soc: fsl: qbman: add APIs to retrieve the probing status ARM: dts: imx53-qsb: disable 1.2GHz OPP commit f014ffb025c159fd51d19af8af0022a991aaa4f8 Author: David Howells Date: Fri Oct 12 14:00:57 2018 +0100 afs: Fix afs_server struct leak Fix a leak of afs_server structs. The routine that installs them in the various lookup lists and trees gets a ref on leaving the function, whether it added the server or a server already exists. It shouldn't increment the refcount if it added the server. The effect of this that "rmmod kafs" will hang waiting for the leaked server to become unused. Fixes: d2ddc776a458 ("afs: Overhaul volume and server record caching and fileserver rotation") Signed-off-by: David Howells Signed-off-by: Greg Kroah-Hartman commit b40afc0066405e5ecfce73949b56ddd6bb65bd10 Author: Peter Rosin Date: Fri Oct 12 14:46:46 2018 +0000 MAINTAINERS: use the correct location for dt-bindings includes for mux Just drop the "linux" part of the path, it was never correct. Reported-by: Joe Perches Fixes: 256ac0375098 ("dt-bindings: document devicetree bindings for mux-controllers and gpio-mux") Signed-off-by: Peter Rosin Signed-off-by: Greg Kroah-Hartman commit 38a12607a82f3cba4149d36cc54695bd33f5ce04 Author: Peter Rosin Date: Fri Oct 12 14:46:40 2018 +0000 mux: adgs1408: use the correct MODULE_LICENSE The file is GPL v2 or later. Acked-by: Mircea Caprioru Signed-off-by: Peter Rosin Signed-off-by: Greg Kroah-Hartman commit fee5150c484c75c473dc1e2d07cb6151384ef85f Author: Andreas Gruenbacher Date: Wed Oct 10 21:18:18 2018 +0100 gfs2: Fix iomap buffered write support for journaled files (2) It turns out that the fix in commit 6636c3cc56 is bad; the assertion that the iomap code no longer creates buffer heads is incorrect for filesystems that set the IOMAP_F_BUFFER_HEAD flag. Instead, what's happening is that gfs2_iomap_begin_write treats all files that have the jdata flag set as journaled files, which is incorrect as long as those files are inline ("stuffed"). We're handling stuffed files directly via the page cache, which is why we ended up with pages without buffer heads in gfs2_page_add_databufs. Fix this by handling stuffed journaled files correctly in gfs2_iomap_begin_write. This reverts commit 6636c3cc5690c11631e6366cf9a28fb99c8b25bb. Signed-off-by: Andreas Gruenbacher commit ca2b497253ad01c80061a1f3ee9eb91b5d54a849 Author: Will Deacon Date: Fri Oct 5 13:24:36 2018 +0100 arm64: perf: Reject stand-alone CHAIN events for PMUv3 It doesn't make sense for a perf event to be configured as a CHAIN event in isolation, so extend the arm_pmu structure with a ->filter_match() function to allow the backend PMU implementation to reject CHAIN events early. Cc: Reviewed-by: Suzuki K Poulose Signed-off-by: Will Deacon commit d91680e687f47984ffd3200c8e5d587903e7bd11 Author: Will Deacon Date: Thu Oct 11 11:29:14 2018 +0100 arm64: Fix /proc/iomem for reserved but not memory regions We describe ranges of 'reserved' memory to userspace via /proc/iomem. Commit 50d7ba36b916 ("arm64: export memblock_reserve()d regions via /proc/iomem") updated the logic to export regions that were reserved because their contents should be preserved. This allowed kexec-tools to tell the difference between 'reserved' memory that must be preserved and not overwritten, (e.g. the ACPI tables), and 'nomap' memory that must not be touched without knowing the memory-attributes (e.g. RAS CPER regions). The above commit wrongly assumed that memblock_reserve() would not be used to reserve regions that aren't memory. It turns out this is exactly what early_init_dt_reserve_memory_arch() will do if it finds a DT reserved-memory that was also carved out of the memory node, which results in a WARN_ON_ONCE() and the region being reserved instead of ignored. The ramoops description on hikey and dragonboard-410c both do this, so we can't simply write this configuration off as "buggy firmware". Avoid this issue by rewriting reserve_memblock_reserved_regions() so that only the portions of reserved regions which overlap with mapped memory are actually reserved. Fixes: 50d7ba36b916 ("arm64: export memblock_reserve()d regions via /proc/iomem") Reported-by: John Stultz Reported-by: Paolo Pisati CC: Akashi Takahiro CC: Ard Biesheuvel Reviewed-by: James Morse Signed-off-by: Will Deacon commit 6b3944e42e2e554aa5a4be681ecd70dccd459114 Author: David Howells Date: Thu Oct 11 22:45:49 2018 +0100 afs: Fix cell proc list Access to the list of cells by /proc/net/afs/cells has a couple of problems: (1) It should be checking against SEQ_START_TOKEN for the keying the header line. (2) It's only holding the RCU read lock, so it can't just walk over the list without following the proper RCU methods. Fix these by using an hlist instead of an ordinary list and using the appropriate accessor functions to follow it with RCU. Since the code that adds a cell to the list must also necessarily change, sort the list on insertion whilst we're at it. Fixes: 989782dcdc91 ("afs: Overhaul cell database management") Signed-off-by: David Howells Signed-off-by: Greg Kroah-Hartman commit 4ea07abbfbdadb10bc67c2b78dc2dbfafa4b1009 Merge: 60bd7be764e8 4f666675cdff Author: Greg Kroah-Hartman Date: Fri Oct 12 12:57:05 2018 +0200 Merge tag 'mmc-v4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Ulf writes: "MMC core: - Avoid fragile multiblock reads for the last sector in SPI mode WIFI/SDIO: - libertas: Fixup suspend sequence for the SDIO card" * tag 'mmc-v4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: libertas: call into generic suspend code before turning off power mmc: block: avoid multiblock reads for the last sector in SPI mode commit 60bd7be764e8adada97034b4836875b3e449bd7c Merge: ef0e75a47c4a 3e779a2e7f90 Author: Greg Kroah-Hartman Date: Fri Oct 12 12:56:25 2018 +0200 Merge tag 'gpio-v4.19-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Linus writes: "GPIO fix for the v4.19 series: - Fix up the interrupt parent for the irqdomains." * tag 'gpio-v4.19-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpio: Assign gpio_irq_chip::parents to non-stack pointer commit ef0e75a47c4ad518aa3c91bb6a86a329b890f263 Merge: a291ab2d40e9 f259f896f234 Author: Greg Kroah-Hartman Date: Fri Oct 12 12:55:47 2018 +0200 Merge tag 'pinctrl-v4.19-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Linus writes: "pin control fix for v4.19: A single pin control fix for v4.19: - Interrupt setup in the MCP23S08 driver." * tag 'pinctrl-v4.19-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: mcp23s08: fix irq and irqchip setup order commit a291ab2d40e97a5ae0c07bf62f04ad7c438f66d0 Merge: 62d2e531d7f3 f0fe77f601c3 Author: Greg Kroah-Hartman Date: Fri Oct 12 12:54:26 2018 +0200 Merge tag 'mtd/fixes-for-4.19-rc8' of git://git.infradead.org/linux-mtd Boris writes: "mdt: fix for 4.19-rc8 * Fix a stack overflow in lib/bch.c" * tag 'mtd/fixes-for-4.19-rc8' of git://git.infradead.org/linux-mtd: lib/bch: fix possible stack overrun commit 62d2e531d7f353a77356c461bac12a0dc23aff7c Merge: c789174bde28 5ba15878f23c Author: Greg Kroah-Hartman Date: Fri Oct 12 12:53:48 2018 +0200 Merge tag 'drm-fixes-2018-10-12-1' of git://anongit.freedesktop.org/drm/drm Dave writes: "drm fixes for 4.19-rc8 single nouveau runtime reference and mst change" * tag 'drm-fixes-2018-10-12-1' of git://anongit.freedesktop.org/drm/drm: drm/nouveau/drm/nouveau: Grab runtime PM ref in nv50_mstc_detect() commit c789174bde280c90bb8cdc680cf58a8f03fcdca0 Merge: eb81bfb224ce dd9a40349570 Author: Greg Kroah-Hartman Date: Fri Oct 12 12:53:06 2018 +0200 Merge tag 'for-gkh' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Doug writes: "RDMA fixes: Final for-rc pull request for 4.19 We only have one bug to submit this time around. It fixes a DMA unmap issue where we unmapped the DMA address from the IOMMU before we did from the card, resulting in a DMAR error with IOMMU enabled, or possible crash without." * tag 'for-gkh' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: IB/mlx5: Unmap DMA addr from HCA before IOMMU commit eb81bfb224ced3701bcc7b08f309665bf0549252 Merge: 0c53b6a5f82a cecf10704899 Author: Greg Kroah-Hartman Date: Fri Oct 12 12:35:02 2018 +0200 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Dmitry writes: "Input updates for v4.19-rc7 - we added a few scheduling points into various input interfaces to ensure that large writes will not cause RCU stalls - fixed configuring PS/2 keyboards as wakeup devices on newer platforms - added a new Xbox gamepad ID." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: uinput - add a schedule point in uinput_inject_events() Input: evdev - add a schedule point in evdev_write() Input: mousedev - add a schedule point in mousedev_write() Input: i8042 - enable keyboard wakeups by default when s2idle is used Input: xpad - add support for Xbox1 PDP Camo series gamepad commit 0c53b6a5f82a539b59cdd669c4a866238371fa23 Merge: 90ad18418c2d 52c8ee5bad8f Author: Greg Kroah-Hartman Date: Fri Oct 12 12:33:54 2018 +0200 Merge tag 'next-fixes-20181012' of git://git.kernel.org/pub/scm/linux/kernel/git/sfr/next-fixes Stephen writes: "A couple of warning fixes: Two fixes from Peter Oberparleiter : Commit 6b7dca401cb1 ("tracing: Allow gcov profiling on only ftrace subsystem") uncovered linker problems when using gcov kernel profiling on some architectures. These problems were likely introduced earlier, and are possibly related to compiler changes." * tag 'next-fixes-20181012' of git://git.kernel.org/pub/scm/linux/kernel/git/sfr/next-fixes: vmlinux.lds.h: Fix linker warnings about orphan .LPBX sections vmlinux.lds.h: Fix incomplete .text.exit discards commit f0fe77f601c3d6a821198f88f7adb0a05b8fe03e Author: Arnd Bergmann Date: Thu Oct 11 13:06:17 2018 +0200 lib/bch: fix possible stack overrun The previous patch introduced very large kernel stack usage and a Makefile change to hide the warning about it. From what I can tell, a number of things went wrong here: - The BCH_MAX_T constant was set to the maximum value for 'n', not the maximum for 't', which is much smaller. - The stack usage is actually larger than the entire kernel stack on some architectures that can use 4KB stacks (m68k, sh, c6x), which leads to an immediate overrun. - The justification in the patch description claimed that nothing changed, however that is not the case even without the two points above: the configuration is machine specific, and most boards never use the maximum BCH_ECC_WORDS() length but instead have something much smaller. That maximum would only apply to machines that use both the maximum block size and the maximum ECC strength. The largest value for 't' that I could find is '32', which in turn leads to a 60 byte array instead of 2048 bytes. Making it '64' for future extension seems also worthwhile, with 120 bytes for the array. Anything larger won't fit into the OOB area on NAND flash. With that changed, the warning can be enabled again. Only linux-4.19+ contains the breakage, so this is only needed as a stable backport if it does not make it into the release. Fixes: 02361bc77888 ("lib/bch: Remove VLA usage") Reported-by: Ard Biesheuvel Cc: stable@vger.kernel.org Signed-off-by: Arnd Bergmann Signed-off-by: Boris Brezillon commit 90ad18418c2d3db23ee827cdd74fed2ca9b70a18 Merge: 0778a9f2dd92 6b9bab550cac Author: Greg Kroah-Hartman Date: Fri Oct 12 09:01:59 2018 +0200 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net David writes: "Networking 1) RXRPC receive path fixes from David Howells. 2) Re-export __skb_recv_udp(), from Jiri Kosina. 3) Fix refcounting in u32 classificer, from Al Viro. 4) Userspace netlink ABI fixes from Eugene Syromiatnikov. 5) Don't double iounmap on rmmod in ena driver, from Arthur Kiyanovski. 6) Fix devlink string attribute handling, we must pull a copy into a kernel buffer if the lifetime extends past the netlink request. From Moshe Shemesh. 7) Fix hangs in RDS, from Ka-Cheong Poon. 8) Fix recursive locking lockdep warnings in tipc, from Ying Xue. 9) Clear RX irq correctly in socionext, from Ilias Apalodimas. 10) bcm_sf2 fixes from Florian Fainelli." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (38 commits) net: dsa: bcm_sf2: Call setup during switch resume net: dsa: bcm_sf2: Fix unbind ordering net: phy: sfp: remove sfp_mutex's definition r8169: set RX_MULTI_EN bit in RxConfig for 8168F-family chips net: socionext: clear rx irq correctly net/mlx4_core: Fix warnings during boot on driverinit param set failures tipc: eliminate possible recursive locking detected by LOCKDEP selftests: udpgso_bench.sh explicitly requires bash selftests: rtnetlink.sh explicitly requires bash. qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface tipc: queue socket protocol error messages into socket receive buffer tipc: set link tolerance correctly in broadcast link net: ipv4: don't let PMTU updates increase route MTU net: ipv4: update fnhe_pmtu when first hop's MTU changes net/ipv6: stop leaking percpu memory in fib6 info rds: RDS (tcp) hangs on sendto() to unresponding address net: make skb_partial_csum_set() more robust against overflows devlink: Add helper function for safely copy string param devlink: Fix param cmode driverinit for string type devlink: Fix param set handling for string type ... commit 6b9bab550cac108d86c731c207e3e74ea10eb638 Merge: 052858663db3 54baca096386 Author: David S. Miller Date: Thu Oct 11 15:20:00 2018 -0700 Merge branch 'net-dsa-bcm_sf2-Couple-of-fixes' Florian Fainelli says: ==================== net: dsa: bcm_sf2: Couple of fixes Here are two fixes for the bcm_sf2 driver that were found during testing unbind and analysing another issue during system suspend/resume. ==================== Signed-off-by: David S. Miller commit 54baca096386d862d19c10f58f34bf787c6b3cbe Author: Florian Fainelli Date: Tue Oct 9 16:48:58 2018 -0700 net: dsa: bcm_sf2: Call setup during switch resume There is no reason to open code what the switch setup function does, in fact, because we just issued a switch reset, we would make all the register get their default values, including for instance, having unused port be enabled again and wasting power and leading to an inappropriate switch core clock being selected. Fixes: 8cfa94984c9c ("net: dsa: bcm_sf2: add suspend/resume callbacks") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit bf3b452b7af787b8bf27de6490dc4eedf6f97599 Author: Florian Fainelli Date: Tue Oct 9 16:48:57 2018 -0700 net: dsa: bcm_sf2: Fix unbind ordering The order in which we release resources is unfortunately leading to bus errors while dismantling the port. This is because we set priv->wol_ports_mask to 0 to tell bcm_sf2_sw_suspend() that it is now permissible to clock gate the switch. Later on, when dsa_slave_destroy() comes in from dsa_unregister_switch() and calls dsa_switch_ops::port_disable, we perform the same dismantling again, and this time we hit registers that are clock gated. Make sure that dsa_unregister_switch() is the first thing that happens, which takes care of releasing all user visible resources, then proceed with clock gating hardware. We still need to set priv->wol_ports_mask to 0 to make sure that an enabled port properly gets disabled in case it was previously used as part of Wake-on-LAN. Fixes: d9338023fb8e ("net: dsa: bcm_sf2: Make it a real platform device driver") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit 52c8ee5bad8f33d02c567f6609f43d69303fc48d Author: Peter Oberparleiter Date: Thu Sep 13 13:00:00 2018 +0200 vmlinux.lds.h: Fix linker warnings about orphan .LPBX sections Enabling both CONFIG_LD_DEAD_CODE_DATA_ELIMINATION=y and CONFIG_GCOV_PROFILE_ALL=y results in linker warnings: warning: orphan section `.data..LPBX1' being placed in section `.data..LPBX1'. LD_DEAD_CODE_DATA_ELIMINATION adds compiler flag -fdata-sections. This option causes GCC to create separate data sections for data objects, including those generated by GCC internally for gcov profiling. The names of these objects start with a dot (.LPBX0, .LPBX1), resulting in section names starting with 'data..'. As section names starting with 'data..' are used for specific purposes in the Linux kernel, the linker script does not automatically include them in the output data section, resulting in the "orphan section" linker warnings. Fix this by specifically including sections named "data..LPBX*" in the data section. Reported-by: Stephen Rothwell Tested-by: Stephen Rothwell Tested-by: Arnd Bergmann Acked-by: Arnd Bergmann Signed-off-by: Peter Oberparleiter Signed-off-by: Stephen Rothwell commit 8dcf86caa1e3daf4a6ccf38e97f4f752b411f829 Author: Peter Oberparleiter Date: Thu Sep 13 12:59:59 2018 +0200 vmlinux.lds.h: Fix incomplete .text.exit discards Enabling CONFIG_GCOV_PROFILE_ALL=y causes linker errors on ARM: `.text.exit' referenced in section `.ARM.exidx.text.exit': defined in discarded section `.text.exit' `.text.exit' referenced in section `.fini_array.00100': defined in discarded section `.text.exit' And related errors on NDS32: `.text.exit' referenced in section `.dtors.65435': defined in discarded section `.text.exit' The gcov compiler flags cause certain compiler versions to generate additional destructor-related sections that are not yet handled by the linker script, resulting in references between discarded and non-discarded sections. Since destructors are not used in the Linux kernel, fix this by discarding these additional sections. Reported-by: Arnd Bergmann Tested-by: Arnd Bergmann Acked-by: Arnd Bergmann Reported-by: Greentime Hu Tested-by: Masami Hiramatsu Signed-off-by: Peter Oberparleiter Signed-off-by: Stephen Rothwell commit 34d1b82cd198379545ca634119e296fce06252aa Author: Stephen Boyd Date: Mon Oct 8 07:55:20 2018 -0700 i2c: Fix kerneldoc for renamed i2c dma put function This function was renamed in commit 82fe39a6bc7b ("i2c: refactor function to release a DMA safe buffer") but this kernel doc wasn't updated to point at the new function. Rename it. Fixes: 82fe39a6bc7b ("i2c: refactor function to release a DMA safe buffer") Signed-off-by: Stephen Boyd Signed-off-by: Wolfram Sang commit 5e65a20341e02df637d1c16cd487858d2c6a876a Author: Josef Bacik Date: Thu Oct 11 15:29:30 2018 -0400 blk-wbt: wake up all when we scale up, not down Tetsuo brought to my attention that I screwed up the scale_up/scale_down helpers when I factored out the rq-qos code. We need to wake up all the waiters when we add slots for requests to make, not when we shrink the slots. Otherwise we'll end up things waiting forever. This was a mistake and simply puts everything back the way it was. cc: stable@vger.kernel.org Fixes: a79050434b45 ("blk-rq-qos: refactor out common elements of blk-wbt") eported-by: Tetsuo Handa Signed-off-by: Josef Bacik Signed-off-by: Jens Axboe commit 052858663db31bd1ead76744df5d39d8bb703c77 Author: Sebastian Andrzej Siewior Date: Thu Oct 11 17:06:21 2018 +0200 net: phy: sfp: remove sfp_mutex's definition The sfp_mutex variable is defined but never used in this file. Not even in the commit that introduced that variable. Remove sfp_mutex, it has no purpose. Cc: Andrew Lunn Cc: Florian Fainelli Cc: "David S. Miller" Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 511cfd580f23b0e0fcd5659931ef14c6e2c062b0 Author: Maciej S. Szmigiero Date: Thu Oct 11 16:02:10 2018 +0200 r8169: set RX_MULTI_EN bit in RxConfig for 8168F-family chips It has been reported that since commit 05212ba8132b42 ("r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices") at least RTL_GIGA_MAC_VER_38 NICs work erratically after a resume from suspend. The problem has been traced to a missing RX_MULTI_EN bit in the RxConfig register. We already set this bit for RTL_GIGA_MAC_VER_35 NICs of the same 8168F chip family so let's do it also for its other siblings: RTL_GIGA_MAC_VER_36 and RTL_GIGA_MAC_VER_38. Curiously, the NIC seems to work fine after a system boot without having this bit set as long as the system isn't suspended and resumed. Fixes: 05212ba8132b42 ("r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices") Reported-by: Chris Clayton Signed-off-by: Maciej S. Szmigiero Reviewed-by: Heiner Kallweit Tested-by: Chris Clayton Signed-off-by: David S. Miller commit 2a1e89df785082a0fd7264ca6d3d834abe84fa25 Author: Ilias Apalodimas Date: Thu Oct 11 15:28:26 2018 +0300 net: socionext: clear rx irq correctly commit 63ae7949e94a ("net: socionext: Use descriptor info instead of MMIO reads on Rx") removed constant mmio reads from the driver and started using a descriptor field to check if packet should be processed. This lead the napi rx handler being constantly called while no packets needed processing and ksoftirq getting 100% cpu usage. Issue one mmio read to clear the irq correcty after processing packets Signed-off-by: Ilias Apalodimas Reported-by: Ard Biesheuvel Tested-by: Ard Biesheuvel Acked-by: Ard Biesheuvel Signed-off-by: David S. Miller commit 26450608348e91a782691dbfcc836478f4381071 Author: Moshe Shemesh Date: Thu Oct 11 15:01:19 2018 +0300 net/mlx4_core: Fix warnings during boot on driverinit param set failures During boot, mlx4_core sets the driverinit configuration parameters and updates the devlink module on the initial values calling devlink_param_driverinit_value_set(). If devlink_param_driverinit_value_set() returns an error mlx4_core reports kernel module warning. This caused false alarm during boot in case kernel was compiled with CONFIG_NET_DEVLINK off. Fix by removing warning reported in case devlink_param_driverinit_value_set() fails. This actually makes the function mlx4_devlink_set_init_value() redundant to using directly devlink_param_driverinit_value_set() and so removed. It fixes the following kernel trace: mlx4_core 0000:00:06.0: devlink set parameter 0 value failed (err = -95) mlx4_core 0000:00:06.0: devlink set parameter 1 value failed (err = -95) mlx4_core 0000:00:06.0: devlink set parameter 4 value failed (err = -95) mlx4_core 0000:00:06.0: devlink set parameter 5 value failed (err = -95) mlx4_core 0000:00:06.0: devlink set parameter 3 value failed (err = -95) Fixes: bd1b51dc66df ("mlx4: Add mlx4 initial parameters table and register it") Signed-off-by: Moshe Shemesh Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller commit 0778a9f2dd924c3af41971ba40eec44793aea531 Merge: e5337178f702 479adb89a97b Author: Greg Kroah-Hartman Date: Thu Oct 11 19:24:01 2018 +0200 Merge branch 'for-4.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup Tejun writes: "cgroup fixes for v4.19-rc7 One cgroup2 threaded mode fix for v4.19-rc7. While threaded mode isn't used widely (yet) and the bug requires somewhat convoluted sequence of operations, it causes a userland visible malfunction - EINVAL on a valid attempt to enable threaded mode. This pull request contains the fix" * 'for-4.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: cgroup: Fix dom_cgrp propagation when enabling threaded mode commit a1f8dd34e64af689e95122921fb2ca83dedd4c4e Author: Ying Xue Date: Thu Oct 11 19:57:56 2018 +0800 tipc: eliminate possible recursive locking detected by LOCKDEP When booting kernel with LOCKDEP option, below warning info was found: WARNING: possible recursive locking detected 4.19.0-rc7+ #14 Not tainted -------------------------------------------- swapper/0/1 is trying to acquire lock: 00000000dcfc0fc8 (&(&list->lock)->rlock#4){+...}, at: spin_lock_bh include/linux/spinlock.h:334 [inline] 00000000dcfc0fc8 (&(&list->lock)->rlock#4){+...}, at: tipc_link_reset+0x125/0xdf0 net/tipc/link.c:850 but task is already holding lock: 00000000cbb9b036 (&(&list->lock)->rlock#4){+...}, at: spin_lock_bh include/linux/spinlock.h:334 [inline] 00000000cbb9b036 (&(&list->lock)->rlock#4){+...}, at: tipc_link_reset+0xfa/0xdf0 net/tipc/link.c:849 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(&list->lock)->rlock#4); lock(&(&list->lock)->rlock#4); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by swapper/0/1: #0: 00000000f7539d34 (pernet_ops_rwsem){+.+.}, at: register_pernet_subsys+0x19/0x40 net/core/net_namespace.c:1051 #1: 00000000cbb9b036 (&(&list->lock)->rlock#4){+...}, at: spin_lock_bh include/linux/spinlock.h:334 [inline] #1: 00000000cbb9b036 (&(&list->lock)->rlock#4){+...}, at: tipc_link_reset+0xfa/0xdf0 net/tipc/link.c:849 stack backtrace: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.0-rc7+ #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1af/0x295 lib/dump_stack.c:113 print_deadlock_bug kernel/locking/lockdep.c:1759 [inline] check_deadlock kernel/locking/lockdep.c:1803 [inline] validate_chain kernel/locking/lockdep.c:2399 [inline] __lock_acquire+0xf1e/0x3c60 kernel/locking/lockdep.c:3411 lock_acquire+0x1db/0x520 kernel/locking/lockdep.c:3900 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] tipc_link_reset+0x125/0xdf0 net/tipc/link.c:850 tipc_link_bc_create+0xb5/0x1f0 net/tipc/link.c:526 tipc_bcast_init+0x59b/0xab0 net/tipc/bcast.c:521 tipc_init_net+0x472/0x610 net/tipc/core.c:82 ops_init+0xf7/0x520 net/core/net_namespace.c:129 __register_pernet_operations net/core/net_namespace.c:940 [inline] register_pernet_operations+0x453/0xac0 net/core/net_namespace.c:1011 register_pernet_subsys+0x28/0x40 net/core/net_namespace.c:1052 tipc_init+0x83/0x104 net/tipc/core.c:140 do_one_initcall+0x109/0x70a init/main.c:885 do_initcall_level init/main.c:953 [inline] do_initcalls init/main.c:961 [inline] do_basic_setup init/main.c:979 [inline] kernel_init_freeable+0x4bd/0x57f init/main.c:1144 kernel_init+0x13/0x180 init/main.c:1063 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413 The reason why the noise above was complained by LOCKDEP is because we nested to hold l->wakeupq.lock and l->inputq->lock in tipc_link_reset function. In fact it's unnecessary to move skb buffer from l->wakeupq queue to l->inputq queue while holding the two locks at the same time. Instead, we can move skb buffers in l->wakeupq queue to a temporary list first and then move the buffers of the temporary list to l->inputq queue, which is also safe for us. Fixes: 3f32d0be6c16 ("tipc: lock wakeup & inputq at tipc_link_reset()") Reported-by: Dmitry Vyukov Signed-off-by: Ying Xue Acked-by: Jon Maloy Signed-off-by: David S. Miller commit e5337178f7023bd06a39c06e1fab88817559c0f3 Merge: 834d3cd294ab 5318321d367c Author: Greg Kroah-Hartman Date: Thu Oct 11 19:23:07 2018 +0200 Merge tag 'kbuild-fixes-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Masahiro writes: "Kbuild fixes for v4.19 (2nd) - Fix warnings from recordmcount.pl when building with Clang - Allow Clang to use GNU toolchains correctly - Disable CONFIG_SAMPLES for UML to avoid build error" * tag 'kbuild-fixes-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: samples: disable CONFIG_SAMPLES for UML kbuild: allow to use GCC toolchain not in Clang search path ftrace: Build with CPPFLAGS to get -Qunused-arguments commit 26b1f4cb9150ac9662063a3bdc3c0a44bf622981 Merge: 4f7617705bff 12a2ea962c06 Author: David S. Miller Date: Thu Oct 11 10:19:46 2018 -0700 Merge branch 'net-explicitly-requires-bash-when-needed' Paolo Abeni says: ==================== net: explicitly requires bash when needed. Some test scripts require bash-only features but use the default shell. This may cause random failures if the default shell is not bash. Instead of doing a potentially complex rewrite of such scripts, these patches require the bash interpreter, where needed. ==================== Signed-off-by: David S. Miller commit 12a2ea962c06efb30764c47b140d2ec9d3cd7cb0 Author: Paolo Abeni Date: Thu Oct 11 10:54:53 2018 +0200 selftests: udpgso_bench.sh explicitly requires bash The udpgso_bench.sh script requires several bash-only features. This may cause random failures if the default shell is not bash. Address the above explicitly requiring bash as the script interpreter Fixes: 3a687bef148d ("selftests: udp gso benchmark") Signed-off-by: Paolo Abeni Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit 3c718e677c2b35b449992adc36ecce883c467e98 Author: Paolo Abeni Date: Thu Oct 11 10:54:52 2018 +0200 selftests: rtnetlink.sh explicitly requires bash. the script rtnetlink.sh requires a bash-only features (sleep with sub-second precision). This may cause random test failure if the default shell is not bash. Address the above explicitly requiring bash as the script interpreter. Fixes: 33b01b7b4f19 ("selftests: add rtnetlink test script") Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller commit 834d3cd294abd9ad81c6cbaefdda28aa491ceb06 Merge: 9f203e2f2f06 329e09893909 Author: Greg Kroah-Hartman Date: Thu Oct 11 19:10:30 2018 +0200 Merge tag 'alloc-args-v4.19-rc8' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Kees writes: "Fix open-coded multiplication arguments to allocators - Fixes several new open-coded multiplications added in the 4.19 merge window." * tag 'alloc-args-v4.19-rc8' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: treewide: Replace more open-coded allocation size multiplications commit 94aafb74cee0002e2f2eb6dc5376f54d5951ab4d Author: Jiri Olsa Date: Wed Oct 10 10:03:39 2018 +0200 perf vendor events intel: Fix wrong filter_band* values for uncore events Michael reported that he could not stat following event: $ perf stat -e unc_p_freq_ge_1200mhz_cycles -a -- ls event syntax error: '..e_1200mhz_cycles' \___ value too big for format, maximum is 255 Run 'perf list' for a list of valid events The event is unwrapped into: uncore_pcu/event=0xb,filter_band0=1200/ where filter_band0 format says it's one byte only: # cat uncore_pcu/format/filter_band0 config1:0-7 while JSON files specifies bigger number: "Filter": "filter_band0=1200", all the filter_band* formats show 1 byte width: # cat uncore_pcu/format/filter_band1 config1:8-15 # cat uncore_pcu/format/filter_band2 config1:16-23 # cat uncore_pcu/format/filter_band3 config1:24-31 The reason of the issue is that filter_band* values are supposed to be in 100Mhz units.. it's stated in the JSON help for the events, like: filter_band3=XXX, with XXX in 100Mhz units This patch divides the filter_band* values by 100, plus there's couple of changes that actually change the number completely, like: - "Filter": "edge=1,filter_band2=4000", + "Filter": "edge=1,filter_band2=30", Reported-by: Michael Petlan Signed-off-by: Jiri Olsa Acked-by: Andi Kleen Cc: Alexander Shishkin Cc: Kan Liang Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20181010080339.GB15790@krava Signed-off-by: Arnaldo Carvalho de Melo commit 9dffff200fd178f11dd50eb1fd8ccd0650c9284e Author: Florian Westphal Date: Wed Oct 10 18:02:21 2018 +0200 xfrm: policy: use hlist rcu variants on insert bydst table/list lookups use rcu, so insertions must use rcu versions. Fixes: a7c44247f704e ("xfrm: policy: make xfrm_policy_lookup_bytype lockless") Signed-off-by: Florian Westphal Signed-off-by: Steffen Klassert commit 9f7e43da6ae4862b48bac233838ba808c1167a0d Author: Alexei Starovoitov Date: Tue Oct 9 09:59:36 2018 -0700 net/xfrm: fix out-of-bounds packet access BUG: KASAN: slab-out-of-bounds in _decode_session6+0x1331/0x14e0 net/ipv6/xfrm6_policy.c:161 Read of size 1 at addr ffff8801d882eec7 by task syz-executor1/6667 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x30d mm/kasan/report.c:412 __asan_report_load1_noabort+0x14/0x20 mm/kasan/report.c:430 _decode_session6+0x1331/0x14e0 net/ipv6/xfrm6_policy.c:161 __xfrm_decode_session+0x71/0x140 net/xfrm/xfrm_policy.c:2299 xfrm_decode_session include/net/xfrm.h:1232 [inline] vti6_tnl_xmit+0x3c3/0x1bc1 net/ipv6/ip6_vti.c:542 __netdev_start_xmit include/linux/netdevice.h:4313 [inline] netdev_start_xmit include/linux/netdevice.h:4322 [inline] xmit_one net/core/dev.c:3217 [inline] dev_hard_start_xmit+0x272/0xc10 net/core/dev.c:3233 __dev_queue_xmit+0x2ab2/0x3870 net/core/dev.c:3803 dev_queue_xmit+0x17/0x20 net/core/dev.c:3836 Reported-by: syzbot+acffccec848dc13fe459@syzkaller.appspotmail.com Reported-by: Eric Dumazet Signed-off-by: Alexei Starovoitov Signed-off-by: Steffen Klassert commit baa9be4ffb55876923dc9716abc0a448e510ba30 Author: Phil Auld Date: Mon Oct 8 10:36:40 2018 -0400 sched/fair: Fix throttle_list starvation with low CFS quota With a very low cpu.cfs_quota_us setting, such as the minimum of 1000, distribute_cfs_runtime may not empty the throttled_list before it runs out of runtime to distribute. In that case, due to the change from c06f04c7048 to put throttled entries at the head of the list, later entries on the list will starve. Essentially, the same X processes will get pulled off the list, given CPU time and then, when expired, get put back on the head of the list where distribute_cfs_runtime will give runtime to the same set of processes leaving the rest. Fix the issue by setting a bit in struct cfs_bandwidth when distribute_cfs_runtime is running, so that the code in throttle_cfs_rq can decide to put the throttled entry on the tail or the head of the list. The bit is set/cleared by the callers of distribute_cfs_runtime while they hold cfs_bandwidth->lock. This is easy to reproduce with a handful of CPU consumers. I use 'crash' on the live system. In some cases you can simply look at the throttled list and see the later entries are not changing: crash> list cfs_rq.throttled_list -H 0xffff90b54f6ade40 -s cfs_rq.runtime_remaining | paste - - | awk '{print $1" "$4}' | pr -t -n3 1 ffff90b56cb2d200 -976050 2 ffff90b56cb2cc00 -484925 3 ffff90b56cb2bc00 -658814 4 ffff90b56cb2ba00 -275365 5 ffff90b166a45600 -135138 6 ffff90b56cb2da00 -282505 7 ffff90b56cb2e000 -148065 8 ffff90b56cb2fa00 -872591 9 ffff90b56cb2c000 -84687 10 ffff90b56cb2f000 -87237 11 ffff90b166a40a00 -164582 crash> list cfs_rq.throttled_list -H 0xffff90b54f6ade40 -s cfs_rq.runtime_remaining | paste - - | awk '{print $1" "$4}' | pr -t -n3 1 ffff90b56cb2d200 -994147 2 ffff90b56cb2cc00 -306051 3 ffff90b56cb2bc00 -961321 4 ffff90b56cb2ba00 -24490 5 ffff90b166a45600 -135138 6 ffff90b56cb2da00 -282505 7 ffff90b56cb2e000 -148065 8 ffff90b56cb2fa00 -872591 9 ffff90b56cb2c000 -84687 10 ffff90b56cb2f000 -87237 11 ffff90b166a40a00 -164582 Sometimes it is easier to see by finding a process getting starved and looking at the sched_info: crash> task ffff8eb765994500 sched_info PID: 7800 TASK: ffff8eb765994500 CPU: 16 COMMAND: "cputest" sched_info = { pcount = 8, run_delay = 697094208, last_arrival = 240260125039, last_queued = 240260327513 }, crash> task ffff8eb765994500 sched_info PID: 7800 TASK: ffff8eb765994500 CPU: 16 COMMAND: "cputest" sched_info = { pcount = 8, run_delay = 697094208, last_arrival = 240260125039, last_queued = 240260327513 }, Signed-off-by: Phil Auld Reviewed-by: Ben Segall Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: stable@vger.kernel.org Fixes: c06f04c70489 ("sched: Fix potential near-infinite distribute_cfs_runtime() loop") Link: http://lkml.kernel.org/r/20181008143639.GA4019@pauld.bos.csb Signed-off-by: Ingo Molnar commit 9f203e2f2f065cd74553e6474f0ae3675f39fb0f Merge: a22dd3629e25 184d47f0fd36 Author: Greg Kroah-Hartman Date: Thu Oct 11 12:28:23 2018 +0200 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Ingo writes: "x86 fixes An intel_rdt memory access fix and a VLA fix in pgd_alloc()." * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mm: Avoid VLA in pgd_alloc() x86/intel_rdt: Fix out-of-bounds memory access in CBM tests commit a22dd3629e257e5db51ad12610d00bb2856b291d Merge: 6302aad48c5c e054637597ba Author: Greg Kroah-Hartman Date: Thu Oct 11 12:27:47 2018 +0200 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Ingo writes: "scheduler fix: Cleanup of dead code left over from the recent sched/numa fixes." * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: mm, sched/numa: Remove remaining traces of NUMA rate-limiting commit 6302aad48c5cb56c9f9c3fb7aa73d2f1f2f10540 Merge: 9dcd936c5312 c1883f10cfe0 Author: Greg Kroah-Hartman Date: Thu Oct 11 12:27:03 2018 +0200 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Ingo, a man of few words, writes: "perf fixes: misc perf tooling fixes" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf record: Use unmapped IP for inline callchain cursors perf python: Use -Wno-redundant-decls to build with PYTHON=python3 perf report: Don't try to map ip to invalid map perf script python: Fix export-to-sqlite.py sample columns perf script python: Fix export-to-postgresql.py occasional failure commit cee271678d0e3177a25d0fcb2fa5e051d48e4262 Author: Björn Töpel Date: Mon Oct 8 19:40:16 2018 +0200 xsk: do not call synchronize_net() under RCU read lock The XSKMAP update and delete functions called synchronize_net(), which can sleep. It is not allowed to sleep during an RCU read section. Instead we need to make sure that the sock sk_destruct (xsk_destruct) function is asynchronously called after an RCU grace period. Setting the SOCK_RCU_FREE flag for XDP sockets takes care of this. Fixes: fbfc504a24f5 ("bpf: introduce new bpf AF_XDP map type BPF_MAP_TYPE_XSKMAP") Reported-by: Eric Dumazet Signed-off-by: Björn Töpel Acked-by: Song Liu Signed-off-by: Daniel Borkmann commit 4f7617705bfff84d756fe4401a1f4f032f374984 Author: Giacinto Cifelli Date: Wed Oct 10 20:05:53 2018 +0200 qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface Added support for Gemalto's Cinterion ALASxx WWAN interfaces by adding QMI_FIXED_INTF with Cinterion's VID and PID. Signed-off-by: Giacinto Cifelli Acked-by: Bjørn Mork Signed-off-by: David S. Miller commit e7eb05823806502747eadc31039cecfd7836ddeb Author: Parthasarathy Bhuvaragan Date: Wed Oct 10 17:50:23 2018 +0200 tipc: queue socket protocol error messages into socket receive buffer In tipc_sk_filter_rcv(), when we detect protocol messages with error we call tipc_sk_conn_proto_rcv() and let it reset the connection and notify the socket by calling sk->sk_state_change(). However, tipc_sk_filter_rcv() may have been called from the function tipc_backlog_rcv(), in which case the socket lock is held and the socket already awake. This means that the sk_state_change() call is ignored and the error notification lost. Now the receive queue will remain empty and the socket sleeps forever. In this commit, we convert the protocol message into a connection abort message and enqueue it into the socket's receive queue. By this addition to the above state change we cover all conditions. Acked-by: Ying Xue Signed-off-by: Parthasarathy Bhuvaragan Signed-off-by: Jon Maloy Signed-off-by: David S. Miller commit 047491ea334a454fa0647ec99dadcc6dd38417e0 Author: Jon Maloy Date: Wed Oct 10 17:34:01 2018 +0200 tipc: set link tolerance correctly in broadcast link In the patch referred to below we added link tolerance as an additional criteria for declaring broadcast transmission "stale" and resetting the affected links. However, the 'tolerance' field of the broadcast link is never set, and remains at zero. This renders the whole commit without the intended improving effect, but luckily also with no negative effect. In this commit we add the missing initialization. Fixes: a4dc70d46cf1 ("tipc: extend link reset criteria for stale packet retransmission") Signed-off-by: Jon Maloy Signed-off-by: David S. Miller commit 28b6bfebdd2fde5e09aa830bbeb284ec96c2c0a0 Merge: 7abab7b9b498 28d35bcdd392 Author: David S. Miller Date: Wed Oct 10 22:44:47 2018 -0700 Merge branch 'net-ipv4-fixes-for-PMTU-when-link-MTU-changes' Sabrina Dubroca says: ==================== net: ipv4: fixes for PMTU when link MTU changes The first patch adapts the changes that commit e9fa1495d738 ("ipv6: Reflect MTU changes on PMTU of exceptions for MTU-less routes") did in IPv6 to IPv4: lower PMTU when the first hop's MTU drops below it, and raise PMTU when the first hop was limiting PMTU discovery and its MTU is increased. The second patch fixes bugs introduced in commit d52e5a7e7ca4 ("ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu") that only appear once the first patch is applied. Selftests for these cases were introduced in net-next commit e44e428f59e4 ("selftests: pmtu: add basic IPv4 and IPv6 PMTU tests") v2: add cover letter, and fix a few small things in patch 1 ==================== Signed-off-by: David S. Miller commit 28d35bcdd3925e7293408cdb8aa5f2aac5f0d6e3 Author: Sabrina Dubroca Date: Tue Oct 9 17:48:15 2018 +0200 net: ipv4: don't let PMTU updates increase route MTU When an MTU update with PMTU smaller than net.ipv4.route.min_pmtu is received, we must clamp its value. However, we can receive a PMTU exception with PMTU < old_mtu < ip_rt_min_pmtu, which would lead to an increase in PMTU. To fix this, take the smallest of the old MTU and ip_rt_min_pmtu. Before this patch, in case of an update, the exception's MTU would always change. Now, an exception can have only its lock flag updated, but not the MTU, so we need to add a check on locking to the following "is this exception getting updated, or close to expiring?" test. Fixes: d52e5a7e7ca4 ("ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu") Signed-off-by: Sabrina Dubroca Reviewed-by: Stefano Brivio Signed-off-by: David S. Miller commit af7d6cce53694a88d6a1bb60c9a239a6a5144459 Author: Sabrina Dubroca Date: Tue Oct 9 17:48:14 2018 +0200 net: ipv4: update fnhe_pmtu when first hop's MTU changes Since commit 5aad1de5ea2c ("ipv4: use separate genid for next hop exceptions"), exceptions get deprecated separately from cached routes. In particular, administrative changes don't clear PMTU anymore. As Stefano described in commit e9fa1495d738 ("ipv6: Reflect MTU changes on PMTU of exceptions for MTU-less routes"), the PMTU discovered before the local MTU change can become stale: - if the local MTU is now lower than the PMTU, that PMTU is now incorrect - if the local MTU was the lowest value in the path, and is increased, we might discover a higher PMTU Similarly to what commit e9fa1495d738 did for IPv6, update PMTU in those cases. If the exception was locked, the discovered PMTU was smaller than the minimal accepted PMTU. In that case, if the new local MTU is smaller than the current PMTU, let PMTU discovery figure out if locking of the exception is still needed. To do this, we need to know the old link MTU in the NETDEV_CHANGEMTU notifier. By the time the notifier is called, dev->mtu has been changed. This patch adds the old MTU as additional information in the notifier structure, and a new call_netdevice_notifiers_u32() function. Fixes: 5aad1de5ea2c ("ipv4: use separate genid for next hop exceptions") Signed-off-by: Sabrina Dubroca Reviewed-by: Stefano Brivio Reviewed-by: David Ahern Signed-off-by: David S. Miller commit 7abab7b9b498650404800a08765f44929fee8f31 Author: Mike Rapoport Date: Tue Oct 9 07:02:01 2018 +0300 net/ipv6: stop leaking percpu memory in fib6 info The fib6_info_alloc() function allocates percpu memory to hold per CPU pointers to rt6_info, but this memory is never freed. Fix it. Fixes: a64efe142f5e ("net/ipv6: introduce fib6_info struct and helpers") Signed-off-by: Mike Rapoport Reviewed-by: David Ahern Signed-off-by: David S. Miller commit 49b538e79b59378e7ac09742bb4bd57b3b91fd94 Merge: 9a4890bd6d63 c1e15b4944c9 Author: David S. Miller Date: Wed Oct 10 22:27:38 2018 -0700 Merge tag 'rxrpc-fixes-20181008' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs David Howells says: ==================== rxrpc: Fix packet reception code Here are a set of patches that prepares for and fix problems in rxrpc's package reception code. There serious problems are: (A) There's a window between binding the socket and setting the data_ready hook in which packets can find their way into the UDP socket's receive queues. (B) The skb_recv_udp() will return an error (and clear the error state) if there was an error on the Tx side. rxrpc doesn't handle this. (C) The rxrpc data_ready handler doesn't fully drain the UDP receive queue. (D) The rxrpc data_ready handler assumes it is called in a non-reentrant state. The second patch fixes (A) - (C); the third patch renders (B) and (C) non-issues by using the recap_rcv hook instead of data_ready - and the final patch fixes (D). That last is the most complex. The preparatory patches are: (1) Fix some places that are doing things in the wrong net namespace. (2) Stop taking the rcu read lock as it's held by the IP input routine in the call chain. (3) Only end the Tx phase if *we* rotated the final packet out of the Tx buffer. (4) Don't assume that the call state won't change after dropping the call_state lock. (5) Only take receive window and MTU suze parameters from an ACK packet if it's the latest ACK packet. (6) Record connection-level abort information correctly. (7) Fix a trace line. And then there are three main patches - note that these are mixed in with the preparatory patches somewhat: (1) Fix the setup window (A), skb_recv_udp() error check (B) and packet drainage (C). (2) Switch to using the encap_rcv instead of data_ready to cut out the effects of the UDP read queues and get the packets delivered directly. (3) Add more locking into the various packet input paths to defend against re-entrance (D). ==================== Signed-off-by: David S. Miller commit 9a4890bd6d6325a1c88564a20ab310b2d56f6094 Author: Ka-Cheong Poon Date: Mon Oct 8 09:17:11 2018 -0700 rds: RDS (tcp) hangs on sendto() to unresponding address In rds_send_mprds_hash(), if the calculated hash value is non-zero and the MPRDS connections are not yet up, it will wait. But it should not wait if the send is non-blocking. In this case, it should just use the base c_path for sending the message. Signed-off-by: Ka-Cheong Poon Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller commit 9dcd936c5312f870955f108e8a1bfebf3eb6f688 Merge: 4718dcad7dec 118aa47c7072 Author: Greg Kroah-Hartman Date: Thu Oct 11 07:18:39 2018 +0200 Merge tag 'for-4.19/dm-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Mike writes: "device mapper fix for 4.19 final - Fix for earlier 4.19 final DM linear change that incorrectly checked for CONFIG_DM_ZONED rather than CONFIG_BLK_DEV_ZONED." * tag 'for-4.19/dm-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm linear: fix linear_end_io conditional definition commit 4718dcad7decac3a43b7339b2226f3d987cca75c Merge: b8db9e69dba9 b39989009bdb Author: Greg Kroah-Hartman Date: Thu Oct 11 07:17:42 2018 +0200 Merge tag 'xfs-fixes-for-4.19-rc7' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Dave writes: "xfs: fixes for 4.19-rc7 Update for 4.19-rc7 to fix numerous file clone and deduplication issues." * tag 'xfs-fixes-for-4.19-rc7' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: fix data corruption w/ unaligned reflink ranges xfs: fix data corruption w/ unaligned dedupe ranges xfs: update ctime and remove suid before cloning files xfs: zero posteof blocks when cloning above eof xfs: refactor clonerange preparation into a separate helper commit 118aa47c7072bce05fc39bd40a1c0a90caed72ab Author: Damien Le Moal Date: Thu Oct 11 11:45:30 2018 +0900 dm linear: fix linear_end_io conditional definition The dm-linear target is independent of the dm-zoned target. For code requiring support for zoned block devices, use CONFIG_BLK_DEV_ZONED instead of CONFIG_DM_ZONED. While at it, similarly to dm linear, also enable the DM_TARGET_ZONED_HM feature in dm-flakey only if CONFIG_BLK_DEV_ZONED is defined. Fixes: beb9caac211c1 ("dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled") Fixes: 0be12c1c7fce7 ("dm linear: add support for zoned block devices") Cc: stable@vger.kernel.org Signed-off-by: Damien Le Moal Signed-off-by: Mike Snitzer commit 37fdffb217a45609edccbb8b407d031143f551c0 Author: Tariq Toukan Date: Tue Aug 21 14:41:41 2018 +0300 net/mlx5: WQ, fixes for fragmented WQ buffers API mlx5e netdevice used to calculate fragment edges by a call to mlx5_wq_cyc_get_frag_size(). This calculation did not give the correct indication for queues smaller than a PAGE_SIZE, (broken by default on PowerPC, where PAGE_SIZE == 64KB). Here it is replaced by the correct new calls/API. Since (TX/RX) Work Queues buffers are fragmented, here we introduce changes to the API in core driver, so that it gets a stride index and returns the index of last stride on same fragment, and an additional wrapping function that returns the number of physically contiguous strides that can be written contiguously to the work queue. This obsoletes the following API functions, and their buggy usage in EN driver: * mlx5_wq_cyc_get_frag_size() * mlx5_wq_cyc_ctr2fragix() The new API improves modularity and hides the details of such calculation for mlx5e netdevice and mlx5_ib rdma drivers. New calculation is also more efficient, and improves performance as follows: Packet rate test: pktgen, UDP / IPv4, 64byte, single ring, 8K ring size. Before: 16,477,619 pps After: 17,085,793 pps 3.7% improvement Fixes: 3a2f70331226 ("net/mlx5: Use order-0 allocations for all WQ types") Signed-off-by: Tariq Toukan Reviewed-by: Eran Ben Elisha Signed-off-by: Saeed Mahameed commit a48bc513159d4767f9988f0d857b2b0c38a4d614 Author: Huy Nguyen Date: Tue Sep 11 14:58:22 2018 -0500 net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type The HW spec defines only bits 24-26 of pftype_wq as the page fault type, use the required mask to ensure that. Fixes: d9aaed838765 ("{net,IB}/mlx5: Refactor page fault handling") Signed-off-by: Huy Nguyen Signed-off-by: Eli Cohen Signed-off-by: Saeed Mahameed commit fd7e848077c1a466b9187537adce16658f7cb94b Author: Talat Batheesh Date: Thu Aug 30 16:31:52 2018 +0300 net/mlx5: Fix memory leak when setting fpga ipsec caps Allocated memory for context should be freed once finished working with it. Fixes: d6c4f0298cec ("net/mlx5: Refactor accel IPSec code") Signed-off-by: Talat Batheesh Reviewed-by: Or Gerlitz Reviewed-by: Tariq Toukan Signed-off-by: Saeed Mahameed commit b8db9e69dba97075d37d7bc20ef49f39298e3875 Merge: 588b593821b8 beb9caac211c Author: Greg Kroah-Hartman Date: Wed Oct 10 22:13:20 2018 +0200 Merge tag 'for-4.19/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Mike writes: "device mapper fixes for 4.19 final - Fix a DM cache module init error path bug that doesn't properly cleanup a KMEM_CACHE if target registration fails. - Two stable@ fixes for DM zoned target; 4.20 will have changes that eliminate this code entirely but <= 4.19 needs these changes." * tag 'for-4.19/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled dm: fix report zone remapping to account for partition offset dm cache: destroy migration_cache if cache target registration failed commit 588b593821b8dd6efe6b6850930b501fc3c94a13 Merge: f7e59f3895ed 62165600ae73 Author: Greg Kroah-Hartman Date: Wed Oct 10 22:09:44 2018 +0200 Merge tag 'trace-v4.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Steven writes: "vsprint fix: It was reported that trace_printk() was not reporting properly values that came after a dereference pointer. trace_printk() utilizes vbin_printf() and bstr_printf() to keep the overhead of tracing down. vbin_printf() does not do any conversions and just stors the string format and the raw arguments into the buffer. bstr_printf() is used to read the buffer and does the conversions to complete the printf() output. This can be troublesome with dereferenced pointers because the reference may be different from the time vbin_printf() is called to the time bstr_printf() is called. To fix this, a prior commit changed vbin_printf() to convert dereferenced pointers into strings and load the converted string into the buffer. But the change to bstr_printf() had an off-by-one error and didn't account for the nul character at the end of the string and this corrupted the rest of the values in the format that came after a dereferenced pointer." * tag 'trace-v4.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers commit f7e59f3895ed47f5a5a8b19b001effc6dbdbad88 Merge: bb2d8f2f6104 8894891446c9 Author: Greg Kroah-Hartman Date: Wed Oct 10 22:09:02 2018 +0200 Merge tag 'devicetree-fixes-for-4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux Rob writes: "Devicetree fixes for 4.19, part 3: - Fix DT unittest on Oldworld MAC systems" * tag 'devicetree-fixes-for-4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: of: unittest: Disable interrupt node tests for old world MAC systems commit dd9a403495704fc80fb9f399003013ef2be2ee23 Author: Valentine Fatiev Date: Wed Oct 10 09:56:25 2018 +0300 IB/mlx5: Unmap DMA addr from HCA before IOMMU The function that puts back the MR in cache also removes the DMA address from the HCA. Therefore we need to call this function before we remove the DMA mapping from MMU. Otherwise the HCA may access a memory that is no longer DMA mapped. Call trace: NMI: IOCK error (debug interrupt?) for reason 71 on CPU 0. CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.0-rc6+ #4 Hardware name: HP ProLiant DL360p Gen8, BIOS P71 08/20/2012 RIP: 0010:intel_idle+0x73/0x120 Code: 80 5c 01 00 0f ae 38 0f ae f0 31 d2 65 48 8b 04 25 80 5c 01 00 48 89 d1 0f 60 02 RSP: 0018:ffffffff9a403e38 EFLAGS: 00000046 RAX: 0000000000000030 RBX: 0000000000000005 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffffff9a5790c0 RDI: 0000000000000000 RBP: 0000000000000030 R08: 0000000000000000 R09: 0000000000007cf9 R10: 000000000000030a R11: 0000000000000018 R12: 0000000000000000 R13: ffffffff9a5792b8 R14: ffffffff9a5790c0 R15: 0000002b48471e4d FS: 0000000000000000(0000) GS:ffff9c6caf400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5737185000 CR3: 0000000590c0a002 CR4: 00000000000606f0 Call Trace: cpuidle_enter_state+0x7e/0x2e0 do_idle+0x1ed/0x290 cpu_startup_entry+0x6f/0x80 start_kernel+0x524/0x544 ? set_init_arg+0x55/0x55 secondary_startup_64+0xa4/0xb0 DMAR: DRHD: handling fault status reg 2 DMAR: [DMA Read] Request device [04:00.0] fault addr b34d2000 [fault reason 06] PTE Read access is not set DMAR: [DMA Read] Request device [01:00.2] fault addr bff8b000 [fault reason 06] PTE Read access is not set Fixes: f3f134f5260a ("RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory") Signed-off-by: Valentine Fatiev Reviewed-by: Moni Shoua Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford commit 52b5d6f5dcf0e5201392f7d417148ccb537dbf6f Author: Eric Dumazet Date: Wed Oct 10 06:59:35 2018 -0700 net: make skb_partial_csum_set() more robust against overflows syzbot managed to crash in skb_checksum_help() [1] : BUG_ON(offset + sizeof(__sum16) > skb_headlen(skb)); Root cause is the following check in skb_partial_csum_set() if (unlikely(start > skb_headlen(skb)) || unlikely((int)start + off > skb_headlen(skb) - 2)) return false; If skb_headlen(skb) is 1, then (skb_headlen(skb) - 2) becomes 0xffffffff and the check fails to detect that ((int)start + off) is off the limit, since the compare is unsigned. When we fix that, then the first condition (start > skb_headlen(skb)) becomes obsolete. Then we should also check that (skb_headroom(skb) + start) wont overflow 16bit field. [1] kernel BUG at net/core/dev.c:2880! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 7330 Comm: syz-executor4 Not tainted 4.19.0-rc6+ #253 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:skb_checksum_help+0x9e3/0xbb0 net/core/dev.c:2880 Code: 85 00 ff ff ff 48 c1 e8 03 42 80 3c 28 00 0f 84 09 fb ff ff 48 8b bd 00 ff ff ff e8 97 a8 b9 fb e9 f8 fa ff ff e8 2d 09 76 fb <0f> 0b 48 8b bd 28 ff ff ff e8 1f a8 b9 fb e9 b1 f6 ff ff 48 89 cf RSP: 0018:ffff8801d83a6f60 EFLAGS: 00010293 RAX: ffff8801b9834380 RBX: ffff8801b9f8d8c0 RCX: ffffffff8608c6d7 RDX: 0000000000000000 RSI: ffffffff8608cc63 RDI: 0000000000000006 RBP: ffff8801d83a7068 R08: ffff8801b9834380 R09: 0000000000000000 R10: ffff8801d83a76d8 R11: 0000000000000000 R12: 0000000000000001 R13: 0000000000010001 R14: 000000000000ffff R15: 00000000000000a8 FS: 00007f1a66db5700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7d77f091b0 CR3: 00000001ba252000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: skb_csum_hwoffload_help+0x8f/0xe0 net/core/dev.c:3269 validate_xmit_skb+0xa2a/0xf30 net/core/dev.c:3312 __dev_queue_xmit+0xc2f/0x3950 net/core/dev.c:3797 dev_queue_xmit+0x17/0x20 net/core/dev.c:3838 packet_snd net/packet/af_packet.c:2928 [inline] packet_sendmsg+0x422d/0x64c0 net/packet/af_packet.c:2953 Fixes: 5ff8dda3035d ("net: Ensure partial checksum offset is inside the skb head") Signed-off-by: Eric Dumazet Cc: Herbert Xu Reported-by: syzbot Signed-off-by: David S. Miller commit 8b79f410438f5407ff45ceb72ad1eb02409652b4 Merge: 4cf34c0cf60e bde74ad10eb5 Author: David S. Miller Date: Wed Oct 10 10:19:10 2018 -0700 Merge branch 'devlink-param-type-string-fixes' Moshe Shemesh says: ==================== devlink param type string fixes This patchset fixes devlink param infrastructure for string param type. The devlink param infrastructure doesn't handle copying the string data correctly. The first two patches fix it and the third patch adds helper function to safely copy string value without exceeding DEVLINK_PARAM_MAX_STRING_VALUE. ==================== Signed-off-by: David S. Miller commit bde74ad10eb55aaa472c37b107934e6b8563c25e Author: Moshe Shemesh Date: Wed Oct 10 16:09:27 2018 +0300 devlink: Add helper function for safely copy string param Devlink string param buffer is allocated at the size of DEVLINK_PARAM_MAX_STRING_VALUE. Add helper function which makes sure this size is not exceeded. Renamed DEVLINK_PARAM_MAX_STRING_VALUE to __DEVLINK_PARAM_MAX_STRING_VALUE to emphasize that it should be used by devlink only. The driver should use the helper function instead to verify it doesn't exceed the allowed length. Signed-off-by: Moshe Shemesh Acked-by: Jiri Pirko Signed-off-by: David S. Miller commit 1276534c988ba752fa01bf090412a877ee783829 Author: Moshe Shemesh Date: Wed Oct 10 16:09:26 2018 +0300 devlink: Fix param cmode driverinit for string type Driverinit configuration mode value is held by devlink to enable the driver fetch the value after reload command. In case the param type is string devlink should copy the value from driver string buffer to devlink string buffer on devlink_param_driverinit_value_set() and vice-versa on devlink_param_driverinit_value_get(). Fixes: ec01aeb1803e ("devlink: Add support for get/set driverinit value") Signed-off-by: Moshe Shemesh Acked-by: Jiri Pirko Signed-off-by: David S. Miller commit f355cfcdb251e22b9dfb78c0eef4005a9d902a35 Author: Moshe Shemesh Date: Wed Oct 10 16:09:25 2018 +0300 devlink: Fix param set handling for string type In case devlink param type is string, it needs to copy the string value it got from the input to devlink_param_value. Fixes: e3b7ca18ad7b ("devlink: Add param set command") Signed-off-by: Moshe Shemesh Signed-off-by: David S. Miller commit 5318321d367c21ca1fe9eb00caefc239c938750a Author: Masahiro Yamada Date: Tue Sep 18 12:58:33 2018 +0900 samples: disable CONFIG_SAMPLES for UML Some samples require headers installation, so commit 3fca1700c4c3 ("kbuild: make samples really depend on headers_install") added such dependency in the top Makefile. However, UML fails to build with CONFIG_SAMPLES=y because UML does not support headers_install. Fixes: 3fca1700c4c3 ("kbuild: make samples really depend on headers_install") Reported-by: Kees Cook Cc: David Howells Signed-off-by: Masahiro Yamada commit beb9caac211c1be1bc118bb62d5cf09c4107e6a5 Author: Mike Snitzer Date: Wed Oct 10 12:01:55 2018 -0400 dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled It is best to avoid any extra overhead associated with bio completion. DM core will indirectly call a DM target's .end_io if it is defined. In the case of DM linear, there is no need to do so (for every bio that completes) if CONFIG_DM_ZONED is not enabled. Avoiding an extra indirect call for every bio completion is very important for ensuring DM linear doesn't incur more overhead that further widens the performance gap between dm-linear and raw block devices. Fixes: 0be12c1c7fce7 ("dm linear: add support for zoned block devices") Cc: stable@vger.kernel.org Signed-off-by: Mike Snitzer commit f259f896f2348f0302f6f88d4382378cf9d23a7e Author: Marco Felsch Date: Tue Oct 2 10:06:46 2018 +0200 pinctrl: mcp23s08: fix irq and irqchip setup order Since 'commit 02e389e63e35 ("pinctrl: mcp23s08: fix irq setup order")' the irq request isn't the last devm_* allocation. Without a deeper look at the irq and testing this isn't a good solution. Since this driver relies on the devm mechanism, requesting a interrupt should be the last thing to avoid memory corruptions during unbinding. 'Commit 02e389e63e35 ("pinctrl: mcp23s08: fix irq setup order")' fixed the order for the interrupt-controller use case only. The mcp23s08_irq_setup() must be split into two to fix it for the interrupt-controller use case and to register the irq at last. So the irq will be freed first during unbind. Cc: stable@vger.kernel.org Cc: Jan Kundrát Cc: Dmitry Mastykin Cc: Sebastian Reichel Fixes: 82039d244f87 ("pinctrl: mcp23s08: add pinconf support") Fixes: 02e389e63e35 ("pinctrl: mcp23s08: fix irq setup order") Signed-off-by: Marco Felsch Tested-by: Phil Reid Signed-off-by: Linus Walleij commit 3e779a2e7f909015f21428b66834127496110b6d Author: Stephen Boyd Date: Mon Oct 8 09:32:13 2018 -0700 gpio: Assign gpio_irq_chip::parents to non-stack pointer gpiochip_set_cascaded_irqchip() is passed 'parent_irq' as an argument and then the address of that argument is assigned to the gpio chips gpio_irq_chip 'parents' pointer shortly thereafter. This can't ever work, because we've just assigned some stack address to a pointer that we plan to dereference later in gpiochip_irq_map(). I ran into this issue with the KASAN report below when gpiochip_irq_map() tried to setup the parent irq with a total junk pointer for the 'parents' array. BUG: KASAN: stack-out-of-bounds in gpiochip_irq_map+0x228/0x248 Read of size 4 at addr ffffffc0dde472e0 by task swapper/0/1 CPU: 7 PID: 1 Comm: swapper/0 Not tainted 4.14.72 #34 Call trace: [] dump_backtrace+0x0/0x718 [] show_stack+0x20/0x2c [] __dump_stack+0x20/0x28 [] dump_stack+0x80/0xbc [] print_address_description+0x70/0x238 [] kasan_report+0x1cc/0x260 [] __asan_report_load4_noabort+0x2c/0x38 [] gpiochip_irq_map+0x228/0x248 [] irq_domain_associate+0x114/0x2ec [] irq_create_mapping+0x120/0x234 [] irq_create_fwspec_mapping+0x4c8/0x88c [] irq_create_of_mapping+0x180/0x210 [] of_irq_get+0x138/0x198 [] spi_drv_probe+0x94/0x178 [] driver_probe_device+0x51c/0x824 [] __device_attach_driver+0x148/0x20c [] bus_for_each_drv+0x120/0x188 [] __device_attach+0x19c/0x2dc [] device_initial_probe+0x20/0x2c [] bus_probe_device+0x80/0x154 [] device_add+0x9b8/0xbdc [] spi_add_device+0x1b8/0x380 [] spi_register_controller+0x111c/0x1378 [] spi_geni_probe+0x4dc/0x6f8 [] platform_drv_probe+0xdc/0x130 [] driver_probe_device+0x51c/0x824 [] __driver_attach+0x100/0x194 [] bus_for_each_dev+0x104/0x16c [] driver_attach+0x48/0x54 [] bus_add_driver+0x274/0x498 [] driver_register+0x1ac/0x230 [] __platform_driver_register+0xcc/0xdc [] spi_geni_driver_init+0x1c/0x24 [] do_one_initcall+0x240/0x3dc [] kernel_init_freeable+0x378/0x468 [] kernel_init+0x14/0x110 [] ret_from_fork+0x10/0x18 The buggy address belongs to the page: page:ffffffbf037791c0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x4000000000000000() raw: 4000000000000000 0000000000000000 0000000000000000 00000000ffffffff raw: ffffffbf037791e0 ffffffbf037791e0 0000000000000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffffc0dde47180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffc0dde47200: f1 f1 f1 f1 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f2 f2 >ffffffc0dde47280: f2 f2 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 ^ ffffffc0dde47300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffc0dde47380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Let's leave around one unsigned int in the gpio_irq_chip struct for the single parent irq case and repoint the 'parents' array at it. This way code is left mostly intact to setup parents and we waste an extra few bytes per structure of which there should be only a handful in a system. Cc: Evan Green Cc: Thierry Reding Cc: Grygorii Strashko Fixes: e0d897289813 ("gpio: Implement tighter IRQ chip integration") Signed-off-by: Stephen Boyd Signed-off-by: Linus Walleij commit 4f666675cdff0b986195413215eb062b7da6586f Author: Daniel Mack Date: Mon Oct 8 22:03:57 2018 +0200 libertas: call into generic suspend code before turning off power When powering down a SDIO connected card during suspend, make sure to call into the generic lbs_suspend() function before pulling the plug. This will make sure the card is successfully deregistered from the system to avoid communication to the card starving out. Fixes: 7444a8092906 ("libertas: fix suspend and resume for SDIO connected cards") Signed-off-by: Daniel Mack Reviewed-by: Ulf Hansson Acked-by: Kalle Valo Signed-off-by: Ulf Hansson commit 8894891446c9380709451b99ab45c5c53adfd2fc Author: Guenter Roeck Date: Tue Sep 25 21:06:24 2018 -0700 of: unittest: Disable interrupt node tests for old world MAC systems On systems with OF_IMAP_OLDWORLD_MAC set in of_irq_workarounds, the devicetree interrupt parsing code is different, causing unit tests of devicetree interrupt nodes to fail. Due to a bug in unittest code, which tries to dereference an uninitialized pointer, this results in a crash. OF: /testcase-data/phandle-tests/consumer-a: arguments longer than property Unable to handle kernel paging request for data at address 0x00bc616e Faulting instruction address: 0xc08e9468 Oops: Kernel access of bad area, sig: 11 [#1] BE PREEMPT PowerMac Modules linked in: CPU: 0 PID: 1 Comm: swapper Not tainted 4.14.72-rc1-yocto-standard+ #1 task: cf8e0000 task.stack: cf8da000 NIP: c08e9468 LR: c08ea5bc CTR: c08ea5ac REGS: cf8dbb50 TRAP: 0300 Not tainted (4.14.72-rc1-yocto-standard+) MSR: 00001032 CR: 82004044 XER: 00000000 DAR: 00bc616e DSISR: 40000000 GPR00: c08ea5bc cf8dbc00 cf8e0000 c13ca517 c13ca517 c13ca8a0 00000066 00000002 GPR08: 00000063 00bc614e c0b05865 000affff 82004048 00000000 c00047f0 00000000 GPR16: c0a80000 c0a9cc34 c13ca517 c0ad1134 05ffffff 000affff c0b05860 c0abeef8 GPR24: cecec278 cecec278 c0a8c4d0 c0a885e0 c13ca8a0 05ffffff c13ca8a0 c13ca517 NIP [c08e9468] device_node_gen_full_name+0x30/0x15c LR [c08ea5bc] device_node_string+0x190/0x3c8 Call Trace: [cf8dbc00] [c007f670] trace_hardirqs_on_caller+0x118/0x1fc (unreliable) [cf8dbc40] [c08ea5bc] device_node_string+0x190/0x3c8 [cf8dbcb0] [c08eb794] pointer+0x25c/0x4d0 [cf8dbd00] [c08ebcbc] vsnprintf+0x2b4/0x5ec [cf8dbd60] [c08ec00c] vscnprintf+0x18/0x48 [cf8dbd70] [c008e268] vprintk_store+0x4c/0x22c [cf8dbda0] [c008ecac] vprintk_emit+0x94/0x130 [cf8dbdd0] [c008ff54] printk+0x5c/0x6c [cf8dbe10] [c0b8ddd4] of_unittest+0x2220/0x26f8 [cf8dbea0] [c0004434] do_one_initcall+0x4c/0x184 [cf8dbf00] [c0b4534c] kernel_init_freeable+0x13c/0x1d8 [cf8dbf30] [c0004814] kernel_init+0x24/0x118 [cf8dbf40] [c0013398] ret_from_kernel_thread+0x5c/0x64 The problem was observed when running a qemu test for the g3beige machine with devicetree unittests enabled. Disable interrupt node tests on affected systems to avoid both false unittest failures and the crash. With this patch in place, unittest on the affected system passes with the following message. dt-test ### end of unittest - 144 passed, 0 failed Fixes: 53a42093d96ef ("of: Add device tree selftests") Signed-off-by: Guenter Roeck Reviewed-by: Frank Rowand Signed-off-by: Rob Herring commit bb2d8f2f61047cbde08b78ec03e4ebdb01ee5434 Merge: c350a1d46670 d4d2313a3c17 Author: Greg Kroah-Hartman Date: Wed Oct 10 08:48:39 2018 +0200 Merge tag 'tag-chrome-platform-fixes-for-v4.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/bleung/chrome-platform Benson writes: "chrome-platform fix for v4.19-rc8 This contains a fix to 57e94c8b974d ("mfd: cros-ec: Increase maximum mkbp event size"), which caused cros_ec based chromebooks to truncate an entire column of their built-in keyboard." * tag 'tag-chrome-platform-fixes-for-v4.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/bleung/chrome-platform: mfd: cros-ec: copy the whole event in get_next_event_xfer commit c350a1d466707eb01333ed22238664f3482df25a Merge: 3a0671e7ba19 6685b357363b Author: Greg Kroah-Hartman Date: Wed Oct 10 08:47:32 2018 +0200 Merge branch 'for-4.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu Dennis writes: "percpu fixes for-4.19-rc8 The new percpu allocator introduced in 4.14 had a missing free for the percpu metadata. This caused a memory leak when percpu memory is being churned resulting in the allocation and deallocation of percpu memory chunks" * 'for-4.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu: percpu: stop leaking bitmap metadata blocks commit 3a0671e7ba195c5cb9b1a43265ef24a0875afcaa Merge: 3d647e62686f dc480feb454a Author: Greg Kroah-Hartman Date: Wed Oct 10 08:46:11 2018 +0200 Merge tag 'gfs2-4.19.fixes2' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 Andreas writes: "gfs2 4.19 fix: This fixes a regression introduced in commit 64bc06bb32ee "gfs2: iomap buffered write support"" * tag 'gfs2-4.19.fixes2' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: gfs2: Fix iomap buffered write support for journaled files commit 3d647e62686f447ca4c9ba6b4500fed5f0368a98 Merge: 701f2eb6f938 7c75544983ed Author: Greg Kroah-Hartman Date: Wed Oct 10 08:44:35 2018 +0200 Merge tag 's390-4.19-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Martin writes: "s390 fixes for 4.19-rc8 Four more patches for 4.19: - Fix resume after suspend-to-disk if resume-CPU != suspend-CPU - Fix vfio-ccw check for pinned pages - Two patches to avoid a usercopy-whitelist warning in vfio-ccw" * tag 's390-4.19-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/cio: Fix how vfio-ccw checks pinned pages s390/cio: Refactor alloc of ccw_io_region s390/cio: Convert ccw_io_region to pointer s390/hibernate: fix error handling when suspend cpu != resume cpu commit 701f2eb6f9382409bfa1e68a62729d6e5de54eef Merge: 64c5e530ac2c 148b9aba99e0 Author: Greg Kroah-Hartman Date: Wed Oct 10 08:43:15 2018 +0200 Merge tag 'mips_fixes_4.19_2' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux Paul writes: "A few MIPS fixes for 4.19: - Avoid suboptimal placement of our VDSO when using the legacy mmap layout, which can prevent statically linked programs that were able to allocate large amounts of memory using the brk syscall prior to the introduction of our VDSO from functioning correctly. - Fix up CONFIG_CMDLINE handling for platforms which ought to ignore DT arguments but have incorrectly used them & lost other arguments since v3.16. - Fix a path in MAINTAINERS to use valid wildcards. - Fixup a regression from v4.17 in memset() for systems using CPU_DADDI_WORKAROUNDS." * tag 'mips_fixes_4.19_2' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression MAINTAINERS: MIPS/LOONGSON2 ARCHITECTURE - Use the normal wildcard style MIPS: Fix CONFIG_CMDLINE handling MIPS: VDSO: Always map near top of user memory commit 073c1a781e4a1217d572506621434cd6d750969b Author: Paul Moore Date: Wed Oct 10 01:50:15 2018 -0400 MAINTAINERS: update the SELinux mailing list location Signed-off-by: Paul Moore commit d4d2313a3c17eff4aef9a544023c2df5b9f5bedc Author: Emil Karlson Date: Wed Oct 3 21:43:18 2018 +0300 mfd: cros-ec: copy the whole event in get_next_event_xfer Commit 57e94c8b974db2d83c60e1139c89a70806abbea0 caused cros-ec keyboard events be truncated on many chromebooks so that Left and Right keys on Column 12 were always 0. Use ret as memcpy len to fix this. The old code was using ec_dev->event_size, which is the event payload/data size excluding event_type header, for the length of the memcpy operation. Use ret as memcpy length to avoid the off by one and copy the whole msg->data. Fixes: 57e94c8b974d ("mfd: cros-ec: Increase maximum mkbp event size") Acked-by: Enric Balletbo i Serra Tested-by: Emil Renner Berthing Signed-off-by: Emil Karlson Signed-off-by: Benson Leung commit 7c26701a77ec4569d9054b334d70724a06ad62f9 Author: David S. Miller Date: Tue Oct 9 16:52:38 2018 -0700 sparc: Wire up io_pgetevents system call. Signed-off-by: David S. Miller commit 4628a64591e6cee181237060961e98c615c33966 Author: Jan Kara Date: Tue Oct 9 12:19:17 2018 +0200 mm: Preserve _PAGE_DEVMAP across mprotect() calls Currently _PAGE_DEVMAP bit is not preserved in mprotect(2) calls. As a result we will see warnings such as: BUG: Bad page map in process JobWrk0013 pte:800001803875ea25 pmd:7624381067 addr:00007f0930720000 vm_flags:280000f9 anon_vma: (null) mapping:ffff97f2384056f0 index:0 file:457-000000fe00000030-00000009-000000ca-00000001_2001.fileblock fault:xfs_filemap_fault [xfs] mmap:xfs_file_mmap [xfs] readpage: (null) CPU: 3 PID: 15848 Comm: JobWrk0013 Tainted: G W 4.12.14-2.g7573215-default #1 SLE12-SP4 (unreleased) Hardware name: Intel Corporation S2600WFD/S2600WFD, BIOS SE5C620.86B.01.00.0833.051120182255 05/11/2018 Call Trace: dump_stack+0x5a/0x75 print_bad_pte+0x217/0x2c0 ? enqueue_task_fair+0x76/0x9f0 _vm_normal_page+0xe5/0x100 zap_pte_range+0x148/0x740 unmap_page_range+0x39a/0x4b0 unmap_vmas+0x42/0x90 unmap_region+0x99/0xf0 ? vma_gap_callbacks_rotate+0x1a/0x20 do_munmap+0x255/0x3a0 vm_munmap+0x54/0x80 SyS_munmap+0x1d/0x30 do_syscall_64+0x74/0x150 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 ... when mprotect(2) gets used on DAX mappings. Also there is a wide variety of other failures that can result from the missing _PAGE_DEVMAP flag when the area gets used by get_user_pages() later. Fix the problem by including _PAGE_DEVMAP in a set of flags that get preserved by mprotect(2). Fixes: 69660fd797c3 ("x86, mm: introduce _PAGE_DEVMAP") Fixes: ebd31197931d ("powerpc/mm: Add devmap support for ppc64") Cc: Signed-off-by: Jan Kara Acked-by: Michal Hocko Reviewed-by: Johannes Thumshirn Signed-off-by: Dan Williams commit 9864cd5dc54cade89fd4b0954c2e522841aa247c Author: Damien Le Moal Date: Tue Oct 9 14:24:31 2018 +0900 dm: fix report zone remapping to account for partition offset If dm-linear or dm-flakey are layered on top of a partition of a zoned block device, remapping of the start sector and write pointer position of the zones reported by a report zones BIO must be modified to account for the target table entry mapping (start offset within the device and entry mapping with the dm device). If the target's backing device is a partition of a whole disk, the start sector on the physical device of the partition must also be accounted for when modifying the zone information. However, dm_remap_zone_report() was not considering this last case, resulting in incorrect zone information remapping with targets using disk partitions. Fix this by calculating the target backing device start sector using the position of the completed report zones BIO and the unchanged position and size of the original report zone BIO. With this value calculated, the start sector and write pointer position of the target zones can be correctly remapped. Fixes: 10999307c14e ("dm: introduce dm_remap_zone_report()") Cc: stable@vger.kernel.org Signed-off-by: Damien Le Moal Signed-off-by: Mike Snitzer commit c7cd55504a5b0fc826a2cd9540845979d24ae542 Author: Shenghui Wang Date: Sun Oct 7 14:45:41 2018 +0800 dm cache: destroy migration_cache if cache target registration failed Commit 7e6358d244e47 ("dm: fix various targets to dm_register_target after module __init resources created") inadvertently introduced this bug when it moved dm_register_target() after the call to KMEM_CACHE(). Fixes: 7e6358d244e47 ("dm: fix various targets to dm_register_target after module __init resources created") Cc: stable@vger.kernel.org Signed-off-by: Shenghui Wang Signed-off-by: Mike Snitzer commit 4cf34c0cf60e328b72ae17016b7c12fc66dbf76b Merge: e2a322a0c8ce 248ab77342d0 Author: David S. Miller Date: Tue Oct 9 10:49:50 2018 -0700 Merge branch 'ena-fixes' Arthur Kiyanovski says: ==================== minor bug fixes for ENA Ethernet driver Arthur Kiyanovski (4): net: ena: fix warning in rmmod caused by double iounmap net: ena: fix rare bug when failed restart/resume is followed by driver removal net: ena: fix NULL dereference due to untimely napi initialization net: ena: fix auto casting to boolean ==================== Signed-off-by: David S. Miller commit 248ab77342d0453f067b666b36f0f517ea66c361 Author: Arthur Kiyanovski Date: Tue Oct 9 11:21:30 2018 +0300 net: ena: fix auto casting to boolean Eliminate potential auto casting compilation error. Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)") Signed-off-by: Arthur Kiyanovski Signed-off-by: David S. Miller commit 78a55d05def95144ca5fa9a64c49b2a0636a9866 Author: Arthur Kiyanovski Date: Tue Oct 9 11:21:29 2018 +0300 net: ena: fix NULL dereference due to untimely napi initialization napi poll functions should be initialized before running request_irq(), to handle a rare condition where there is a pending interrupt, causing the ISR to fire immediately while the poll function wasn't set yet, causing a NULL dereference. Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)") Signed-off-by: Arthur Kiyanovski Signed-off-by: David S. Miller commit d7703ddbd7c9cb1ab7c08e1b85b314ff8cea38e9 Author: Arthur Kiyanovski Date: Tue Oct 9 11:21:28 2018 +0300 net: ena: fix rare bug when failed restart/resume is followed by driver removal In a rare scenario when ena_device_restore() fails, followed by device remove, an FLR will not be issued. In this case, the device will keep sending asynchronous AENQ keep-alive events, even after driver removal, leading to memory corruption. Fixes: 8c5c7abdeb2d ("net: ena: add power management ops to the ENA driver") Signed-off-by: Arthur Kiyanovski Signed-off-by: David S. Miller commit d79c3888bde6581da7ff9f9d6f581900ecb5e632 Author: Arthur Kiyanovski Date: Tue Oct 9 11:21:27 2018 +0300 net: ena: fix warning in rmmod caused by double iounmap Memory mapped with devm_ioremap is automatically freed when the driver is disconnected from the device. Therefore there is no need to explicitly call devm_iounmap. Fixes: 0857d92f71b6 ("net: ena: add missing unmap bars on device removal") Fixes: 411838e7b41c ("net: ena: fix rare kernel crash when bar memory remap fails") Signed-off-by: Arthur Kiyanovski Signed-off-by: David S. Miller commit 4cebf459b6eb834eb28149da7ff51fadd83f2b19 Merge: 853c110982ea ec876f4b252c Author: Paolo Bonzini Date: Tue Oct 9 18:49:32 2018 +0200 Merge tag 'kvmarm-fixes-for-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into kvm-master KVM/arm fixes for 4.19, take #2 - Correctly order GICv3 SGI registers in the cp15 array commit 853c110982eaff0d99dace3f66f1ba58b5bfd9d5 Author: Paolo Bonzini Date: Tue Oct 9 18:35:29 2018 +0200 KVM: x86: support CONFIG_KVM_AMD=y with CONFIG_CRYPTO_DEV_CCP_DD=m SEV requires access to the AMD cryptographic device APIs, and this does not work when KVM is builtin and the crypto driver is a module. Actually the Kconfig conditions for CONFIG_KVM_AMD_SEV try to disable SEV in that case, but it does not work because the actual crypto calls are not culled, only sev_hardware_setup() is. This patch adds two CONFIG_KVM_AMD_SEV checks that gate all the remaining SEV code; it fixes this particular configuration, and drops 5 KiB of code when CONFIG_KVM_AMD_SEV=n. Reported-by: Guenter Roeck Signed-off-by: Paolo Bonzini commit dc480feb454a975b7ee2c18a2f98fb34e04d3baf Author: Andreas Gruenbacher Date: Tue Oct 9 13:20:05 2018 +0200 gfs2: Fix iomap buffered write support for journaled files Commit 64bc06bb32ee broke buffered writes to journaled files (chattr +j): we'll try to journal the buffer heads of the page being written to in gfs2_iomap_journaled_page_done. However, the iomap code no longer creates buffer heads, so we'll BUG() in gfs2_page_add_databufs. Fix that by creating buffer heads ourself when needed. Signed-off-by: Andreas Gruenbacher commit c02588a352defaf985fc1816eb6232663159e1b8 Author: Heikki Krogerus Date: Mon Oct 1 18:53:05 2018 +0300 usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms Intel Apollo Lake has the same internal USB role mux as Intel Cherry Trail. Cc: Signed-off-by: Heikki Krogerus Signed-off-by: Greg Kroah-Hartman commit 009b1948e153ae448f62f1887e2b58d0e05db51b Author: Wan Ahmad Zainie Date: Tue Oct 9 12:52:47 2018 +0800 usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable Add missing pm_runtime_disable() to remove(), in order to avoid an Unbalanced pm_runtime_enable when the module is removed and re-probed. Error log: root@intel-corei7-64:~# modprobe -r intel_xhci_usb_role_switch root@intel-corei7-64:~# modprobe intel_xhci_usb_role_switch intel_xhci_usb_sw intel_xhci_usb_sw: Unbalanced pm_runtime_enable! Fixes: cb2968468605 (usb: roles: intel_xhci: Enable runtime PM) Cc: Reviewed-by: Heikki Krogerus Signed-off-by: Wan Ahmad Zainie Signed-off-by: Greg Kroah-Hartman commit f976d0e5747ca65ccd0fb2a4118b193d70aa1836 Author: Tobias Herzog Date: Sat Sep 22 22:11:11 2018 +0200 cdc-acm: correct counting of UART states in serial state notification The usb standard ("Universal Serial Bus Class Definitions for Communication Devices") distiguishes between "consistent signals" (DSR, DCD), and "irregular signals" (break, ring, parity error, framing error, overrun). The bits of "irregular signals" are set, if this error/event occurred on the device side and are immeadeatly unset, if the serial state notification was sent. Like other drivers of real serial ports do, just the occurence of those events should be counted in serial_icounter_struct (but no 1->0 transitions). Signed-off-by: Tobias Herzog Acked-by: Oliver Neukum Cc: stable Signed-off-by: Greg Kroah-Hartman commit dae3ddba36f8c337fb59cef07d564da6fc9b7551 Author: Tobias Herzog Date: Sat Sep 22 22:11:10 2018 +0200 cdc-acm: do not reset notification buffer index upon urb unlinking Resetting the write index of the notification buffer on urb unlink (e.g. closing a cdc-acm device from userspace) may lead to wrong interpretation of further received notifications, in case the index is not 0 when urb unlink happens (i.e. when parts of a notification already have been transferred). On the device side there is no "reset" of the notification transimission and thus we would get out of sync with the device. Signed-off-by: Tobias Herzog Acked-by: Oliver Neukum Cc: stable Signed-off-by: Greg Kroah-Hartman commit 9397940ed812b942c520e0c25ed4b2c64d57e8b9 Author: Oliver Neukum Date: Thu Oct 4 15:49:06 2018 +0200 cdc-acm: fix race between reset and control messaging If a device splits up a control message and a reset() happens between the parts, the message is lost and already recieved parts must be dropped. Signed-off-by: Oliver Neukum Fixes: 1aba579f3cf51 ("cdc-acm: handle read pipe errors") Cc: stable Signed-off-by: Greg Kroah-Hartman commit 81f7567c51ad97668d1c3a48e8ecc482e64d4161 Author: Shuah Khan (Samsung OSG) Date: Fri Oct 5 16:17:44 2018 -0600 usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() vhci_hub_control() accesses port_status array with out of bounds port value. Fix it to reference port_status[] only with a valid rhport value when invalid_rhport flag is true. The invalid_rhport flag is set early on after detecting in port value is within the bounds or not. The following is used reproduce the problem and verify the fix: C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14ed8ab6400000 Reported-by: syzbot+bccc1fe10b70fadc78d0@syzkaller.appspotmail.com Cc: stable Signed-off-by: Shuah Khan (Samsung OSG) Signed-off-by: Greg Kroah-Hartman commit 4b0aaacee51eb6592a03fdefd5ce97558518e291 Author: Shuah Khan (Samsung OSG) Date: Fri Oct 5 16:17:43 2018 -0600 selftests: usbip: add wait after attach and before checking port status Add sleep between attach and "usbip port" check to make sure status is updated. Running attach and query back shows incorrect status. Signed-off-by: Shuah Khan (Samsung OSG) Signed-off-by: Greg Kroah-Hartman commit 1b9caa10b31dda0866f4028e4bfb923fb6e4072f Author: Jiri Olsa Date: Wed Oct 3 09:20:46 2018 +0200 Revert "perf tools: Fix PMU term format max value calculation" This reverts commit ac0e2cd555373ae6f8f3a3ad3fbbf5b6d1e7aaaa. Michael reported an issue with oversized terms values assignment and I noticed there was actually a misunderstanding of the max value check in the past. The above commit's changelog says: If bit 21 is set, there is parsing issues as below. $ perf stat -a -e uncore_qpi_0/event=0x200002,umask=0x8/ event syntax error: '..pi_0/event=0x200002,umask=0x8/' \___ value too big for format, maximum is 511 But there's no issue there, because the event value is distributed along the value defined by the format. Even if the format defines separated bit, the value is treated as a continual number, which should follow the format definition. In above case it's 9-bit value with last bit separated: $ cat uncore_qpi_0/format/event config:0-7,21 Hence the value 0x200002 is correctly reported as format violation, because it exceeds 9 bits. It should have been 0x102 instead, which sets the 9th bit - the bit 21 of the format. $ perf stat -vv -a -e uncore_qpi_0/event=0x102,umask=0x8/ Using CPUID GenuineIntel-6-2D ... ------------------------------------------------------------ perf_event_attr: type 10 size 112 config 0x200802 sample_type IDENTIFIER ... Reported-by: Michael Petlan Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: Andi Kleen Cc: Kan Liang Cc: Namhyung Kim Cc: Peter Zijlstra Fixes: ac0e2cd55537 ("perf tools: Fix PMU term format max value calculation") Link: http://lkml.kernel.org/r/20181003072046.29276-1-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit ec876f4b252c4084acad259ce3e65ad97f44f040 Author: Marc Zyngier Date: Thu Oct 4 09:35:35 2018 +0100 ARM: KVM: Correctly order SGI register entries in the cp15 array The ICC_ASGI1R and ICC_SGI0R register entries in the cp15 array are not correctly ordered, leading to a BUG() at boot time. Move them to their natural location. Fixes: 3e8a8a50c7ef ("KVM: arm: vgic-v3: Add support for ICC_SGI0R and ICC_ASGI1R accesses") Reported-by: Florian Fainelli Tested-by: Florian Fainelli Signed-off-by: Marc Zyngier commit 41591b38f5f8f78344954b68582b5f00e56ffe61 Author: Chris Boot Date: Mon Oct 8 17:07:30 2018 +0200 mmc: block: avoid multiblock reads for the last sector in SPI mode On some SD cards over SPI, reading with the multiblock read command the last sector will leave the card in a bad state. Remove last sectors from the multiblock reading cmd. Signed-off-by: Chris Boot Signed-off-by: Clément Péron Cc: stable@vger.kernel.org # v4.10+ Signed-off-by: Ulf Hansson commit 64c5e530ac2cab7e710c3bd08ef8594a016e4f9a Merge: 0854ba5ff5c9 c58a584f05e3 Author: Greg Kroah-Hartman Date: Tue Oct 9 09:17:46 2018 +0200 Merge tag 'arc-4.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Vineet writes: "ARC updates for 4.19-rc8 - Fix clone syscall to update Thread pointer register - Make/build updates (needed for AGL/OE builds) [Alexey] - Typo fix [Colin Ian King]" * tag 'arc-4.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: clone syscall to setp r25 as thread pointer ARC: build: Don't set CROSS_COMPILE in arch's Makefile ARC: fix spelling mistake "entires" -> "entries" ARC: build: Get rid of toolchain check ARCv2: build: use mcpu=hs38 iso generic mcpu=archs commit 184d47f0fd365108bd06ab26cdb3450b716269fd Author: Kees Cook Date: Mon Oct 8 16:54:34 2018 -0700 x86/mm: Avoid VLA in pgd_alloc() Arnd Bergmann reported that turning on -Wvla found a new (unintended) VLA usage: arch/x86/mm/pgtable.c: In function 'pgd_alloc': include/linux/build_bug.h:29:45: error: ISO C90 forbids variable length array 'u_pmds' [-Werror=vla] arch/x86/mm/pgtable.c:190:34: note: in expansion of macro 'static_cpu_has' #define PREALLOCATED_USER_PMDS (static_cpu_has(X86_FEATURE_PTI) ? \ ^~~~~~~~~~~~~~ arch/x86/mm/pgtable.c:431:16: note: in expansion of macro 'PREALLOCATED_USER_PMDS' pmd_t *u_pmds[PREALLOCATED_USER_PMDS]; ^~~~~~~~~~~~~~~~~~~~~~ Use the actual size of the array that is used for X86_FEATURE_PTI, which is known at build time, instead of the variable size. [ mingo: Squashed original fix with followup fix to avoid bisection breakage, wrote new changelog. ] Reported-by: Arnd Bergmann Original-written-by: Arnd Bergmann Reported-by: Borislav Petkov Signed-off-by: Kees Cook Cc: Andrew Morton Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: Joerg Roedel Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Toshi Kani Fixes: 1be3f247c288 ("x86/mm: Avoid VLA in pgd_alloc()") Link: http://lkml.kernel.org/r/20181008235434.GA35035@beast Signed-off-by: Ingo Molnar commit e054637597ba36d3729ba6a3a3dd7aad8e2a3003 Author: Srikar Dronamraju Date: Sat Oct 6 16:53:19 2018 +0530 mm, sched/numa: Remove remaining traces of NUMA rate-limiting Remove the leftover pglist_data::numabalancing_migrate_lock and its initialization, we stopped using this lock with: efaffc5e40ae ("mm, sched/numa: Remove rate-limiting of automatic NUMA balancing migration") [ mingo: Rewrote the changelog. ] Signed-off-by: Srikar Dronamraju Acked-by: Mel Gorman Cc: Linus Torvalds Cc: Linux-MM Cc: Peter Zijlstra Cc: Rik van Riel Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1538824999-31230-1-git-send-email-srikar@linux.vnet.ibm.com Signed-off-by: Ingo Molnar commit 49e00eee00612b1357596fed8a88b621a7648c14 Author: Reinette Chatre Date: Thu Oct 4 14:05:23 2018 -0700 x86/intel_rdt: Fix out-of-bounds memory access in CBM tests While the DOC at the beginning of lib/bitmap.c explicitly states that "The number of valid bits in a given bitmap does _not_ need to be an exact multiple of BITS_PER_LONG.", some of the bitmap operations do indeed access BITS_PER_LONG portions of the provided bitmap no matter the size of the provided bitmap. For example, if bitmap_intersects() is provided with an 8 bit bitmap the operation will access BITS_PER_LONG bits from the provided bitmap. While the operation ensures that these extra bits do not affect the result, the memory is still accessed. The capacity bitmasks (CBMs) are typically stored in u32 since they can never exceed 32 bits. A few instances exist where a bitmap_* operation is performed on a CBM by simply pointing the bitmap operation to the stored u32 value. The consequence of this pattern is that some bitmap_* operations will access out-of-bounds memory when interacting with the provided CBM. This is confirmed with a KASAN test that reports: BUG: KASAN: stack-out-of-bounds in __bitmap_intersects+0xa2/0x100 and BUG: KASAN: stack-out-of-bounds in __bitmap_weight+0x58/0x90 Fix this by moving any CBM provided to a bitmap operation needing BITS_PER_LONG to an 'unsigned long' variable. [ tglx: Changed related function arguments to unsigned long and got rid of the _cbm extra step ] Fixes: 72d505056604 ("x86/intel_rdt: Add utilities to test pseudo-locked region possibility") Fixes: 49f7b4efa110 ("x86/intel_rdt: Enable setting of exclusive mode") Fixes: d9b48c86eb38 ("x86/intel_rdt: Display resource groups' allocations' size in bytes") Fixes: 95f0b77efa57 ("x86/intel_rdt: Initialize new resource group with sane defaults") Signed-off-by: Reinette Chatre Signed-off-by: Thomas Gleixner Cc: fenghua.yu@intel.com Cc: tony.luck@intel.com Cc: gavin.hindman@intel.com Cc: jithu.joseph@intel.com Cc: dave.hansen@intel.com Cc: hpa@zytor.com Link: https://lkml.kernel.org/r/69a428613a53f10e80594679ac726246020ff94f.1538686926.git.reinette.chatre@intel.com Signed-off-by: Ingo Molnar commit c1e15b4944c9fa7fbbb74f7a5920a1e31b4b965a Author: David Howells Date: Mon Oct 8 15:46:25 2018 +0100 rxrpc: Fix the packet reception routine The rxrpc_input_packet() function and its call tree was built around the assumption that data_ready() handler called from UDP to inform a kernel service that there is data to be had was non-reentrant. This means that certain locking could be dispensed with. This, however, turns out not to be the case with a multi-queue network card that can deliver packets to multiple cpus simultaneously. Each of those cpus can be in the rxrpc_input_packet() function at the same time. Fix by adding or changing some structure members: (1) Add peer->rtt_input_lock to serialise access to the RTT buffer. (2) Make conn->service_id into a 32-bit variable so that it can be cmpxchg'd on all arches. (3) Add call->input_lock to serialise access to the Rx/Tx state. Note that although the Rx and Tx states are (almost) entirely separate, there's no point completing the separation and having separate locks since it's a bi-phasal RPC protocol rather than a bi-direction streaming protocol. Data transmission and data reception do not take place simultaneously on any particular call. and making the following functional changes: (1) In rxrpc_input_data(), hold call->input_lock around the core to prevent simultaneous producing of packets into the Rx ring and updating of tracking state for a particular call. (2) In rxrpc_input_ping_response(), only read call->ping_serial once, and check it before checking RXRPC_CALL_PINGING as that's a cheaper test. The bit test and bit clear can then be combined. No further locking is needed here. (3) In rxrpc_input_ack(), take call->input_lock after we've parsed much of the ACK packet. The superseded ACK check is then done both before and after the lock is taken. The handing of ackinfo data is split, parsing before the lock is taken and processing with it held. This is keyed on rxMTU being non-zero. Congestion management is also done within the locked section. (4) In rxrpc_input_ackall(), take call->input_lock around the Tx window rotation. The ACKALL packet carries no information and is only really useful after all packets have been transmitted since it's imprecise. (5) In rxrpc_input_implicit_end_call(), we use rx->incoming_lock to prevent calls being simultaneously implicitly ended on two cpus and also to prevent any races with incoming call setup. (6) In rxrpc_input_packet(), use cmpxchg() to effect the service upgrade on a connection. It is only permitted to happen once for a connection. (7) In rxrpc_new_incoming_call(), we have to recheck the routing inside rx->incoming_lock to see if someone else set up the call, connection or peer whilst we were getting there. We can't trust the values from the earlier routing check unless we pin refs on them - which we want to avoid. Further, we need to allow for an incoming call to have its state changed on another CPU between us making it live and us adjusting it because the conn is now in the RXRPC_CONN_SERVICE state. (8) In rxrpc_peer_add_rtt(), take peer->rtt_input_lock around the access to the RTT buffer. Don't need to lock around setting peer->rtt. For reference, the inventory of state-accessing or state-altering functions used by the packet input procedure is: > rxrpc_input_packet() * PACKET CHECKING * ROUTING > rxrpc_post_packet_to_local() > rxrpc_find_connection_rcu() - uses RCU > rxrpc_lookup_peer_rcu() - uses RCU > rxrpc_find_service_conn_rcu() - uses RCU > idr_find() - uses RCU * CONNECTION-LEVEL PROCESSING - Service upgrade - Can only happen once per conn ! Changed to use cmpxchg > rxrpc_post_packet_to_conn() - Setting conn->hi_serial - Probably safe not using locks - Maybe use cmpxchg * CALL-LEVEL PROCESSING > Old-call checking > rxrpc_input_implicit_end_call() > rxrpc_call_completed() > rxrpc_queue_call() ! Need to take rx->incoming_lock > __rxrpc_disconnect_call() > rxrpc_notify_socket() > rxrpc_new_incoming_call() - Uses rx->incoming_lock for the entire process - Might be able to drop this earlier in favour of the call lock > rxrpc_incoming_call() ! Conflicts with rxrpc_input_implicit_end_call() > rxrpc_send_ping() - Don't need locks to check rtt state > rxrpc_propose_ACK * PACKET DISTRIBUTION > rxrpc_input_call_packet() > rxrpc_input_data() * QUEUE DATA PACKET ON CALL > rxrpc_reduce_call_timer() - Uses timer_reduce() ! Needs call->input_lock() > rxrpc_receiving_reply() ! Needs locking around ack state > rxrpc_rotate_tx_window() > rxrpc_end_tx_phase() > rxrpc_proto_abort() > rxrpc_input_dup_data() - Fills the Rx buffer - rxrpc_propose_ACK() - rxrpc_notify_socket() > rxrpc_input_ack() * APPLY ACK PACKET TO CALL AND DISCARD PACKET > rxrpc_input_ping_response() - Probably doesn't need any extra locking ! Need READ_ONCE() on call->ping_serial > rxrpc_input_check_for_lost_ack() - Takes call->lock to consult Tx buffer > rxrpc_peer_add_rtt() ! Needs to take a lock (peer->rtt_input_lock) ! Could perhaps manage with cmpxchg() and xadd() instead > rxrpc_input_requested_ack - Consults Tx buffer ! Probably needs a lock > rxrpc_peer_add_rtt() > rxrpc_propose_ack() > rxrpc_input_ackinfo() - Changes call->tx_winsize ! Use cmpxchg to handle change ! Should perhaps track serial number - Uses peer->lock to record MTU specification changes > rxrpc_proto_abort() ! Need to take call->input_lock > rxrpc_rotate_tx_window() > rxrpc_end_tx_phase() > rxrpc_input_soft_acks() - Consults the Tx buffer > rxrpc_congestion_management() - Modifies the Tx annotations ! Needs call->input_lock() > rxrpc_queue_call() > rxrpc_input_abort() * APPLY ABORT PACKET TO CALL AND DISCARD PACKET > rxrpc_set_call_completion() > rxrpc_notify_socket() > rxrpc_input_ackall() * APPLY ACKALL PACKET TO CALL AND DISCARD PACKET ! Need to take call->input_lock > rxrpc_rotate_tx_window() > rxrpc_end_tx_phase() > rxrpc_reject_packet() There are some functions used by the above that queue the packet, after which the procedure is terminated: - rxrpc_post_packet_to_local() - local->event_queue is an sk_buff_head - local->processor is a work_struct - rxrpc_post_packet_to_conn() - conn->rx_queue is an sk_buff_head - conn->processor is a work_struct - rxrpc_reject_packet() - local->reject_queue is an sk_buff_head - local->processor is a work_struct And some that offload processing to process context: - rxrpc_notify_socket() - Uses RCU lock - Uses call->notify_lock to call call->notify_rx - Uses call->recvmsg_lock to queue recvmsg side - rxrpc_queue_call() - call->processor is a work_struct - rxrpc_propose_ACK() - Uses call->lock to wrap __rxrpc_propose_ACK() And a bunch that complete a call, all of which use call->state_lock to protect the call state: - rxrpc_call_completed() - rxrpc_set_call_completion() - rxrpc_abort_call() - rxrpc_proto_abort() - Also uses rxrpc_queue_call() Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both") Signed-off-by: David Howells commit 4e2abd3c051830a0d4189340fe79f2549bdf36de Author: David Howells Date: Mon Oct 8 19:44:39 2018 +0100 rxrpc: Fix the rxrpc_tx_packet trace line Fix the rxrpc_tx_packet trace line by storing the where parameter. Fixes: 4764c0da69dc ("rxrpc: Trace packet transmission") Signed-off-by: David Howells commit 647530924f47c93db472ee3cf43b7ef1425581b6 Author: David Howells Date: Mon Oct 8 15:46:17 2018 +0100 rxrpc: Fix connection-level abort handling Fix connection-level abort handling to cache the abort and error codes properly so that a new incoming call can be properly aborted if it races with the parent connection being aborted by another CPU. The abort_code and error parameters can then be dropped from rxrpc_abort_calls(). Fixes: f5c17aaeb2ae ("rxrpc: Calls should only have one terminal state") Signed-off-by: David Howells commit 298bc15b2079c324e82d0a6fda39c3d762af7282 Author: David Howells Date: Mon Oct 8 15:46:11 2018 +0100 rxrpc: Only take the rwind and mtu values from latest ACK Move the out-of-order and duplicate ACK packet check to before the call to rxrpc_input_ackinfo() so that the receive window size and MTU size are only checked in the latest ACK packet and don't regress. Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code") Signed-off-by: David Howells commit d7782145e1ad537df4ce74e58c50f1f732a1462d Author: Dan Williams Date: Sat Oct 6 10:56:11 2018 -0700 filesystem-dax: Fix dax_layout_busy_page() livelock In the presence of multi-order entries the typical pagevec_lookup_entries() pattern may loop forever: while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { ... for (i = 0; i < pagevec_count(&pvec); i++) { index = indices[i]; ... } index++; /* BUG */ } The loop updates 'index' for each index found and then increments to the next possible page to continue the lookup. However, if the last entry in the pagevec is multi-order then the next possible page index is more than 1 page away. Fix this locally for the filesystem-dax case by checking for dax-multi-order entries. Going forward new users of multi-order entries need to be similarly careful, or we need a generic way to report the page increment in the radix iterator. Fixes: 5fac7408d828 ("mm, fs, dax: handle layout changes to pinned dax...") Cc: Cc: Ross Zwisler Cc: Matthew Wilcox Reviewed-by: Jan Kara Signed-off-by: Dan Williams commit ff5d1a42096cd96e70546c97d92f01d10cbddc2d Author: Kees Cook Date: Mon Oct 8 08:46:51 2018 -0700 sunvdc: Remove VLA usage In the quest to remove all stack VLA usage from the kernel[1], this moves the math for cookies calculation into macros and allocates a fixed size array for the maximum number of cookies and adds a runtime sanity check. (Note that the size was always fixed, but just hidden from the compiler.) [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Cc: Jens Axboe Cc: linux-block@vger.kernel.org Signed-off-by: Kees Cook Signed-off-by: David S. Miller commit 25fe15e54fe5e15b4963fe101f7cd8bad4f11393 Author: Arnaldo Carvalho de Melo Date: Mon Oct 8 12:09:14 2018 -0300 tools headers uapi: Sync kvm.h copy To pick up the changes introduced in: 6fbbde9a1969 ("KVM: x86: Control guest reads of MSR_PLATFORM_INFO") That is not yet used in tools such as 'perf trace'. The type of the change in this file, a simple integer parameter to the KVM_CHECK_EXTENSION ioctl should be easier to implement tho, adding to the libbeauty TODO list. This silences this perf build warning: Warning: Kernel ABI header at 'tools/include/uapi/linux/kvm.h' differs from latest version at 'include/uapi/linux/kvm.h' diff -u tools/include/uapi/linux/kvm.h include/uapi/linux/kvm.h Cc: Adrian Hunter Cc: David Ahern Cc: Drew Schmitt Cc: Jiri Olsa Cc: Namhyung Kim Cc: Paolo Bonzini Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-67h1bio5bihi1q6dy7hgwwx8@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 4312f2ab136a5f1a7b247f6e4a75b95afaf9d23b Author: Arnaldo Carvalho de Melo Date: Mon Oct 8 12:04:51 2018 -0300 tools arch uapi: Sync the x86 kvm.h copy To get the changes in: d1766202779e ("x86/kvm/lapic: always disable MMIO interface in x2APIC mode") That at this time will not generate changes in tools such as 'perf trace', that still needs more work in tools/perf/examples/bpf/augmented_syscalls.c to need such id -> string tables. This silences the following perf build warning: Warning: Kernel ABI header at 'tools/arch/x86/include/uapi/asm/kvm.h' differs from latest version at 'arch/x86/include/uapi/asm/kvm.h' diff -u tools/arch/x86/include/uapi/asm/kvm.h arch/x86/include/uapi/asm/kvm.h Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Paolo Bonzini Cc: Vitaly Kuznetsov Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-yadntj2ok6zpzjwi656onuh0@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit dfe995224693798e554ab4770f6d8a096afc60cd Author: David Howells Date: Mon Oct 8 15:46:05 2018 +0100 rxrpc: Carry call state out of locked section in rxrpc_rotate_tx_window() Carry the call state out of the locked section in rxrpc_rotate_tx_window() rather than sampling it afterwards. This is only used to select tracepoint data, but could have changed by the time we do the tracepoint. Signed-off-by: David Howells commit c479d5f2c2e1ce609da08c075054440d97ddff52 Author: David Howells Date: Mon Oct 8 15:46:01 2018 +0100 rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window() We should only call the function to end a call's Tx phase if we rotated the marked-last packet out of the transmission buffer. Make rxrpc_rotate_tx_window() return an indication of whether it just rotated the packet marked as the last out of the transmit buffer, carrying the information out of the locked section in that function. We can then check the return value instead of examining RXRPC_CALL_TX_LAST. Fixes: 70790dbe3f66 ("rxrpc: Pass the last Tx packet marker in the annotation buffer") Signed-off-by: David Howells commit bfd2821117a751763718f1b5e57216c0d9b19a49 Author: David Howells Date: Mon Oct 8 15:45:56 2018 +0100 rxrpc: Don't need to take the RCU read lock in the packet receiver We don't need to take the RCU read lock in the rxrpc packet receive function because it's held further up the stack in the IP input routine around the UDP receive routines. Fix this by dropping the RCU read lock calls from rxrpc_input_packet(). This simplifies the code. Fixes: 70790dbe3f66 ("rxrpc: Pass the last Tx packet marker in the annotation buffer") Signed-off-by: David Howells commit 5271953cad31b97dea80f848c16e96ad66401199 Author: David Howells Date: Thu Oct 4 11:10:51 2018 +0100 rxrpc: Use the UDP encap_rcv hook Use the UDP encap_rcv hook to cut the bit out of the rxrpc packet reception in which a packet is placed onto the UDP receive queue and then immediately removed again by rxrpc. Going via the queue in this manner seems like it should be unnecessary. This does, however, require the invention of a value to place in encap_type as that's one of the conditions to switch packets out to the encap_rcv hook. Possibly the value doesn't actually matter for anything other than sockopts on the UDP socket, which aren't accessible outside of rxrpc anyway. This seems to cut a bit of time out of the time elapsed between each sk_buff being timestamped and turning up in rxrpc (the final number in the following trace excerpts). I measured this by making the rxrpc_rx_packet trace point print the time elapsed between the skb being timestamped and the current time (in ns), e.g.: ... 424.278721: rxrpc_rx_packet: ... ACK 25026 So doing a 512MiB DIO read from my test server, with an unmodified kernel: N min max sum mean stddev 27605 2626 7581 7.83992e+07 2840.04 181.029 and with the patch applied: N min max sum mean stddev 27547 1895 12165 6.77461e+07 2459.29 255.02 Signed-off-by: David Howells commit 0854ba5ff5c938307cd783e996b62c83f1ce923b Merge: 0238df646e62 b7dc10b64f61 Author: Greg Kroah-Hartman Date: Mon Oct 8 16:25:01 2018 +0200 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc David writes: "Sparc fixes: 1) Minor fallthru comment tweaks from Gustavo A. R. Silva. 2) VLA removal from Kees Cook. 3) Make sparc vdso Makefile match x86, from Masahiro Yamada. 4) Fix clock divider programming in mach64 driver, from Mikulas Patocka." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc64: fix fall-through annotation sparc32: fix fall-through annotation sparc: vdso: clean-up vdso Makefile oradax: remove redundant null check before kfree sparc64: viohs: Remove VLA usage sbus: Use of_get_child_by_name helper sparc: Convert to using %pOFn instead of device_node.name mach64: detect the dot clock divider correctly on sparc commit 48f78be3326052a7718678ff9a78d6d884a50323 Author: Keith Busch Date: Fri Oct 5 08:57:06 2018 -0600 nvme: remove ns sibling before clearing path The code had been clearing a namespace being deleted as the current path while that namespace was still in the path siblings list. It is possible a new IO could set that namespace back to the current path since it appeared to be an eligable path to select, which may result in a use-after-free error. This patch ensures a namespace being removed is not eligable to be reset as a current path prior to clearing it as the current path. Signed-off-by: Keith Busch Reviewed-by: Sagi Grimberg Signed-off-by: Christoph Hellwig commit 262f9d811c7608f1e74258ceecfe1fa213bdf912 Author: Eric Dumazet Date: Fri Oct 5 19:38:46 2018 -0700 bpf: do not blindly change rlimit in reuseport net selftest If the current process has unlimited RLIMIT_MEMLOCK, we should should leave it as is. Fixes: 941ff6f11c02 ("bpf: fix rlimit in reuseport net selftest") Signed-off-by: John Sperbeck Signed-off-by: Eric Dumazet Acked-by: Daniel Borkmann Signed-off-by: Daniel Borkmann commit 7c75544983edece1b745367922cf1053606cd369 Merge: c458dda3d07c 24abf2901b18 Author: Martin Schwidefsky Date: Mon Oct 8 09:08:21 2018 +0200 Merge tag 'vfio-ccw-20181002' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/vfio-ccw into fixes Pull vfio-ccw from Cornelia Huck with the following changes: - Another fix for vfio-ccw: make sure it accesses the correct entries in the pfn_array_table arrays when checking pinned pages. commit 5ba15878f23c4bafb95afa0dabe9d08d89520259 Merge: 0238df646e62 e46368cf77f2 Author: Dave Airlie Date: Mon Oct 8 16:37:56 2018 +1000 Merge branch 'linux-4.19' of git://github.com/skeggsb/linux into drm-fixes runtime refcount fix for mst connectors. Signed-off-by: Dave Airlie From: Ben Skeggs Link: https://patchwork.freedesktop.org/patch/msgid/CABDvA=nydWjs26=TZHqistLXjCwm-vHmrisbP6K=FMZ5gW1wnQ@mail.gmail.com commit b7dc10b64f6190a008f05baf697d4d8fa9b8ed51 Author: Gustavo A. R. Silva Date: Tue Oct 2 12:19:54 2018 +0200 sparc64: fix fall-through annotation Replace "fallthru" with a proper "fall through" annotation. This fix is part of the ongoing efforts to enabling -Wimplicit-fallthrough Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit c4beb225f93a2fdaffbe2a610eccb0f6c86b3e45 Author: Gustavo A. R. Silva Date: Tue Oct 2 12:15:17 2018 +0200 sparc32: fix fall-through annotation Replace "fallthru" with a proper "fall through" annotation. This fix is part of the ongoing efforts to enabling -Wimplicit-fallthrough Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 8cf7765d33ae894cd7722502fbb737efad0eaa9b Author: Masahiro Yamada Date: Wed Sep 12 12:39:13 2018 +0900 sparc: vdso: clean-up vdso Makefile arch/sparc/vdso/Makefile is a replica of arch/x86/entry/vdso/Makefile. Clean-up the Makefile in the same way as I did for x86: - Remove unnecessary export - Put the generated linker script to $(obj)/ instead of $(src)/ - Simplify cmd_vdso2c The corresponding x86 commits are: - 61615faf0a89 ("x86/build/vdso: Remove unnecessary export in Makefile") - 1742ed2088cc ("x86/build/vdso: Put generated linker scripts to $(obj)/") - c5fcdbf15523 ("x86/build/vdso: Simplify 'cmd_vdso2c'") Signed-off-by: Masahiro Yamada Signed-off-by: David S. Miller commit 16e2a9d396c140d9a47d6b22e2a631f36c31e844 Author: Colin Ian King Date: Fri Sep 7 11:35:00 2018 +0100 oradax: remove redundant null check before kfree A null check before a kfree is redundant, so remove it. Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit 31a43fa7945a1de8c550b35c211be5670e32f12b Author: Kees Cook Date: Wed Sep 5 15:03:51 2018 -0700 sparc64: viohs: Remove VLA usage In the quest to remove all stack VLA usage from the kernel[1], this allocates a fixed size array for the maximum number of cookies and adds a runtime sanity check. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1 RqZWA@mail.gmail.com Signed-off-by: Kees Cook Signed-off-by: David S. Miller commit df58f37b5d8f883fb18ba85e8d9a624154879832 Author: Rob Herring Date: Wed Aug 29 15:03:37 2018 -0500 sbus: Use of_get_child_by_name helper Use the of_get_child_by_name() helper instead of open coding searching for the '/options' node. This removes directly accessing the name pointer as well. Cc: "David S. Miller" Cc: sparclinux@vger.kernel.org Signed-off-by: Rob Herring Signed-off-by: David S. Miller commit 0b9871a3a8cc7234c285b5d9bf66cc6712cfee7c Author: Rob Herring Date: Tue Aug 28 10:44:32 2018 -0500 sparc: Convert to using %pOFn instead of device_node.name In preparation to remove the node name pointer from struct device_node, convert printf users to use the %pOFn format specifier. Cc: "David S. Miller" Cc: sparclinux@vger.kernel.org Signed-off-by: Rob Herring Signed-off-by: David S. Miller commit 76ebebd2464c5c8a4453c98b6dbf9c95a599e810 Author: Mikulas Patocka Date: Fri Aug 17 15:19:37 2018 -0400 mach64: detect the dot clock divider correctly on sparc On Sun Ultra 5, it happens that the dot clock is not set up properly for some videomodes. For example, if we set the videomode "r1024x768x60" in the firmware, Linux would incorrectly set a videomode with refresh rate 180Hz when booting (suprisingly, my LCD monitor can display it, although display quality is very low). The reason is this: Older mach64 cards set the divider in the register VCLK_POST_DIV. The register has four 2-bit fields (the field that is actually used is specified in the lowest two bits of the register CLOCK_CNTL). The 2 bits select divider "1, 2, 4, 8". On newer mach64 cards, there's another bit added - the top four bits of PLL_EXT_CNTL extend the divider selection, so we have possible dividers "1, 2, 4, 8, 3, 5, 6, 12". The Linux driver clears the top four bits of PLL_EXT_CNTL and never sets them, so it can work regardless if the card supports them. However, the sparc64 firmware may set these extended dividers during boot - and the mach64 driver detects incorrect dot clock in this case. This patch makes the driver read the additional divider bit from PLL_EXT_CNTL and calculate the initial refresh rate properly. Signed-off-by: Mikulas Patocka Cc: stable@vger.kernel.org Acked-by: David S. Miller Reviewed-by: Ville Syrjälä Signed-off-by: David S. Miller commit e2a322a0c8ce3d825e8a56c063ce3f81b719083c Merge: 6d4c407744dd d4f0006a08f5 Author: David S. Miller Date: Sun Oct 7 21:06:28 2018 -0700 Merge branch 'net-smc-userspace-breakage-fixes' Eugene Syromiatnikov says: ==================== net/smc: userspace breakage fixes These two patches correct some userspace-affecting issues introduced during 4.19 development cycle, specifically: * New structure "struct smcd_diag_dmbinfo" has been defined in a way that would lead to different layout of the structure on most 32-bit ABIs in comparison with layout on 64-bit ABIs; * One of the commits renamed an UAPI-exposed field name. Changes since v1: * Managed not to forget to add --cover-letter. * Commit ID format in commit message has been changed in accordance with Sergei Shtylyov's recommendations. ==================== Signed-off-by: David S. Miller commit d4f0006a08f52b5320f038780286ef312535fc64 Author: Eugene Syromiatnikov Date: Sun Oct 7 16:57:37 2018 +0200 net/smc: retain old name for diag_mode field Commit c601171d7a60 ("net/smc: provide smc mode in smc_diag.c") changed the name of diag_fallback field of struct smc_diag_msg structure to diag_mode. However, this structure is a part of UAPI, and this change breaks user space applications that use it ([1], for example). Since the new name is more suitable, convert the field to a union that provides access to the data via both the new and the old name. [1] https://gitlab.com/strace/strace/blob/v4.24/netlink_smc_diag.c#L165 Fixes: c601171d7a60 ("net/smc: provide smc mode in smc_diag.c") Signed-off-by: Eugene Syromiatnikov Signed-off-by: David S. Miller commit a21048c8ec7caf4def353b00b75bf75535deba80 Author: Eugene Syromiatnikov Date: Sun Oct 7 16:57:31 2018 +0200 net/smc: use __aligned_u64 for 64-bit smc_diag fields Commit 4b1b7d3b30a6 ("net/smc: add SMC-D diag support") introduced new UAPI-exposed structure, struct smcd_diag_dmbinfo. However, it's not usable by compat binaries, as it has different layout there. Probably, the most straightforward fix that will avoid similar issues in the future is to use __aligned_u64 for 64-bit fields. Fixes: 4b1b7d3b30a6 ("net/smc: add SMC-D diag support") Signed-off-by: Eugene Syromiatnikov Signed-off-by: David S. Miller commit 6d4c407744dd0338da5d5d76f40dce5adabfb30a Author: Al Viro Date: Sun Oct 7 07:40:17 2018 -0400 net: sched: cls_u32: fix hnode refcounting cls_u32.c misuses refcounts for struct tc_u_hnode - it counts references via ->hlist and via ->tp_root together. u32_destroy() drops the former and, in case when there had been links, leaves the sucker on the list. As the result, there's nothing to protect it from getting freed once links are dropped. That also makes the "is it busy" check incapable of catching the root hnode - it *is* busy (there's a reference from tp), but we don't see it as something separate. "Is it our root?" check partially covers that, but the problem exists for others' roots as well. AFAICS, the minimal fix preserving the existing behaviour (where it doesn't include oopsen, that is) would be this: * count tp->root and tp_c->hlist as separate references. I.e. have u32_init() set refcount to 2, not 1. * in u32_destroy() we always drop the former; in u32_destroy_hnode() - the latter. That way we have *all* references contributing to refcount. List removal happens in u32_destroy_hnode() (called only when ->refcnt is 1) an in u32_destroy() in case of tc_u_common going away, along with everything reachable from it. IOW, that way we know that u32_destroy_key() won't free something still on the list (or pointed to by someone's ->root). Reproducer: tc qdisc add dev eth0 ingress tc filter add dev eth0 parent ffff: protocol ip prio 100 handle 1: \ u32 divisor 1 tc filter add dev eth0 parent ffff: protocol ip prio 200 handle 2: \ u32 divisor 1 tc filter add dev eth0 parent ffff: protocol ip prio 100 \ handle 1:0:11 u32 ht 1: link 801: offset at 0 mask 0f00 shift 6 \ plus 0 eat match ip protocol 6 ff tc filter delete dev eth0 parent ffff: protocol ip prio 200 tc filter change dev eth0 parent ffff: protocol ip prio 100 \ handle 1:0:11 u32 ht 1: link 0: offset at 0 mask 0f00 shift 6 plus 0 \ eat match ip protocol 6 ff tc filter delete dev eth0 parent ffff: protocol ip prio 100 Signed-off-by: Al Viro Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 7e823644b60555f70f241274b8d0120dd919269a Author: Jiri Kosina Date: Thu Oct 4 13:37:32 2018 +0200 udp: Unbreak modules that rely on external __skb_recv_udp() availability Commit 2276f58ac589 ("udp: use a separate rx queue for packet reception") turned static inline __skb_recv_udp() from being a trivial helper around __skb_recv_datagram() into a UDP specific implementaion, making it EXPORT_SYMBOL_GPL() at the same time. There are external modules that got broken by __skb_recv_udp() not being visible to them. Let's unbreak them by making __skb_recv_udp EXPORT_SYMBOL(). Rationale (one of those) why this is actually "technically correct" thing to do: __skb_recv_udp() used to be an inline wrapper around __skb_recv_datagram(), which itself (still, and correctly so, I believe) is EXPORT_SYMBOL(). Cc: Paolo Abeni Cc: Eric Dumazet Fixes: 2276f58ac589 ("udp: use a separate rx queue for packet reception") Signed-off-by: Jiri Kosina Signed-off-by: David S. Miller commit 6685b357363bfe295e3ae73665014db4aed62c58 Author: Mike Rapoport Date: Sun Oct 7 11:31:51 2018 +0300 percpu: stop leaking bitmap metadata blocks The commit ca460b3c9627 ("percpu: introduce bitmap metadata blocks") introduced bitmap metadata blocks. These metadata blocks are allocated whenever a new chunk is created, but they are never freed. Fix it. Fixes: ca460b3c9627 ("percpu: introduce bitmap metadata blocks") Signed-off-by: Mike Rapoport Cc: stable@vger.kernel.org Signed-off-by: Dennis Zhou commit 0238df646e6224016a45505d2c111a24669ebe21 Author: Greg Kroah-Hartman Date: Sun Oct 7 17:26:02 2018 +0200 Linux 4.19-rc7 commit fb1c592cf4c9eeb84ec6bce13c13c11c7d05b6c7 Merge: 4ebaf0754c7a eafa717bc145 Author: Greg Kroah-Hartman Date: Sun Oct 7 08:15:57 2018 +0200 Merge tag 'char-misc-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc I wrote: "Char/Misc fixes for 4.19-rc7 Here are 8 small fixes for some char/misc driver issues Included here are: - fpga driver fixes - thunderbolt bugfixes - firmware core revert/fix - hv core fix - hv tool fix All of these have been in linux-next with no reported issues." * tag 'char-misc-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: thunderbolt: Initialize after IOMMUs thunderbolt: Do not handle ICM events after domain is stopped firmware: Always initialize the fw_priv list object docs: fpga: document fpga manager flags fpga: bridge: fix obvious function documentation error tools: hv: fcopy: set 'error' in case an unknown operation was requested fpga: do not access region struct after fpga_region_unregister Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() commit 4ebaf0754c7a1109e66693f488f02b78f5875fee Merge: cc02f852872d 5b162cc4ac27 Author: Greg Kroah-Hartman Date: Sun Oct 7 08:14:59 2018 +0200 Merge tag 'tty-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty I wrote: "Serial driver fixes for 4.19-rc7 Here are 3 small serial driver fixes for 4.19-rc7 - 2 sh-sci bugfixes for reported issues - a revert of the PM handling for the 8250_dw code All of these have been in linux-next with no reported issues." * tag 'tty-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: Revert "serial: sh-sci: Allow for compressed SCIF address" Revert "serial: sh-sci: Remove SCIx_RZ_SCIFA_REGTYPE" Revert "serial: 8250_dw: Fix runtime PM handling" commit cc02f852872d2f9f3a15b3429b77998271814de0 Merge: 055d8d9eae35 555df5820e73 Author: Greg Kroah-Hartman Date: Sun Oct 7 08:14:06 2018 +0200 Merge tag 'usb-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb I wrote: "USB fixes for 4.19-rc7 Here are some small USB fixes for 4.19-rc7 These include: - the usual xhci bugfixes for reported issues - some new serial driver device ids - bugfix for the option serial driver for some devices - bugfix for the cdc_acm driver that has been there for a long time. All of these have been in linux-next for a while with no reported issues." * tag 'usb-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: usb: xhci-mtk: resume USB3 roothub first xhci: Add missing CAS workaround for Intel Sunrise Point xHCI usb: cdc_acm: Do not leak URB buffers USB: serial: simple: add Motorola Tetra MTP6550 id USB: serial: option: add two-endpoints device-id flag USB: serial: option: improve Quectel EP06 detection commit 055d8d9eae35ac1edb97fcf70f357cea227bf3b2 Merge: 40fa9167d307 9ce7610e6d20 Author: Greg Kroah-Hartman Date: Sun Oct 7 07:07:33 2018 +0200 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Wolfram writes: "i2c for 4.19 I2C has three driver bugfixes and a fix for a typo for you." * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: designware: Call i2c_dw_clk_rate() only when calculating timings i2c: i2c-scmi: fix for i2c_smbus_write_block_data i2c: i2c-isch: fix spelling mistake "unitialized" -> "uninitialized" i2c: i2c-qcom-geni: Properly handle DMA safe buffers commit 40fa9167d307de29be2740bc10c4093502a917ed Merge: cd2093cb45a4 3cc5746e5ad7 Author: Greg Kroah-Hartman Date: Sun Oct 7 07:06:52 2018 +0200 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi James writes: "SCSI fixes on 20181006 Small fix for an unititialized mutex in the qedi driver." * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: qedi: Initialize the stats mutex lock commit cd2093cb45a4d9332d4e5a2170602f74bca298a4 Merge: c1d84a1b42ef ac1788cc7da4 Author: Greg Kroah-Hartman Date: Sun Oct 7 07:05:43 2018 +0200 Merge tag 'powerpc-4.19-4' of https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Michael writes: "powerpc fixes for 4.19 #4 Four regression fixes. A fix for a change to lib/xz which broke our zImage loader when building with XZ compression. OK'ed by Herbert who merged the original patch. The recent fix we did to avoid patching __init text broke some 32-bit machines, fix that. Our show_user_instructions() could be tricked into printing kernel memory, add a check to avoid that. And a fix for a change to our NUMA initialisation logic, which causes crashes in some kdump configurations. Thanks to: Christophe Leroy, Hari Bathini, Jann Horn, Joel Stanley, Meelis Roos, Murilo Opsfelder Araujo, Srikar Dronamraju." * tag 'powerpc-4.19-4' of https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/numa: Skip onlining a offline node in kdump path powerpc: Don't print kernel instructions in show_user_instructions() powerpc/lib: fix book3s/32 boot failure due to code patching lib/xz: Put CRC32_POLY_LE in xz_private.h commit c1d84a1b42ef70d8ae601df9cadedc7ed4f1beb1 Merge: 091a1eaa0e30 35f3625c2185 Author: Greg Kroah-Hartman Date: Sat Oct 6 02:11:30 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Dave writes: "Networking fixes: 1) Fix truncation of 32-bit right shift in bpf, from Jann Horn. 2) Fix memory leak in wireless wext compat, from Stefan Seyfried. 3) Use after free in cfg80211's reg_process_hint(), from Yu Zhao. 4) Need to cancel pending work when unbinding in smsc75xx otherwise we oops, also from Yu Zhao. 5) Don't allow enslaving a team device to itself, from Ido Schimmel. 6) Fix backwards compat with older userspace for rtnetlink FDB dumps. From Mauricio Faria. 7) Add validation of tc policy netlink attributes, from David Ahern. 8) Fix RCU locking in rawv6_send_hdrinc(), from Wei Wang." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (26 commits) net: mvpp2: Extract the correct ethtype from the skb for tx csum offload ipv6: take rcu lock in rawv6_send_hdrinc() net: sched: Add policy validation for tc attributes rtnetlink: fix rtnl_fdb_dump() for ndmsg header yam: fix a missing-check bug net: bpfilter: Fix type cast and pointer warnings net: cxgb3_main: fix a missing-check bug bpf: 32-bit RSH verification must truncate input before the ALU op net: phy: phylink: fix SFP interface autodetection be2net: don't flip hw_features when VXLANs are added/deleted net/packet: fix packet drop as of virtio gso net: dsa: b53: Keep CPU port as tagged in all VLANs openvswitch: load NAT helper bnxt_en: get the reduced max_irqs by the ones used by RDMA bnxt_en: free hwrm resources, if driver probe fails. bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request bnxt_en: Fix VNIC reservations on the PF. team: Forbid enslaving team device to itself net/usb: cancel pending work when unbinding smsc75xx mlxsw: spectrum: Delete RIF when VLAN device is removed ... commit b39989009bdb84992915c9869f58094ed5becf10 Author: Dave Chinner Date: Sat Oct 6 11:44:39 2018 +1000 xfs: fix data corruption w/ unaligned reflink ranges When reflinking sub-file ranges, a data corruption can occur when the source file range includes a partial EOF block. This shares the unknown data beyond EOF into the second file at a position inside EOF, exposing stale data in the second file. XFS only supports whole block sharing, but we still need to support whole file reflink correctly. Hence if the reflink request includes the last block of the souce file, only proceed with the reflink operation if it lands at or past the destination file's current EOF. If it lands within the destination file EOF, reject the entire request with -EINVAL and make the caller go the hard way. This avoids the data corruption vector, but also avoids disruption of returning EINVAL to userspace for the common case of whole file cloning. Signed-off-by: Dave Chinner Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner commit dceeb47b0ed65e14de53507a8a9c32a90831cfa1 Author: Dave Chinner Date: Sat Oct 6 11:44:19 2018 +1000 xfs: fix data corruption w/ unaligned dedupe ranges A deduplication data corruption is Exposed by fstests generic/505 on XFS. It is caused by extending the block match range to include the partial EOF block, but then allowing unknown data beyond EOF to be considered a "match" to data in the destination file because the comparison is only made to the end of the source file. This corrupts the destination file when the source extent is shared with it. XFS only supports whole block dedupe, but we still need to appear to support whole file dedupe correctly. Hence if the dedupe request includes the last block of the souce file, don't include it in the actual XFS dedupe operation. If the rest of the range dedupes successfully, then report the partial last block as deduped, too, so that userspace sees it as a successful dedupe rather than return EINVAL because we can't dedupe unaligned blocks. Signed-off-by: Dave Chinner Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner commit 329e09893909d409039f6a79757d9b80b67efe39 Author: Kees Cook Date: Fri Oct 5 16:21:46 2018 -0700 treewide: Replace more open-coded allocation size multiplications As done treewide earlier, this catches several more open-coded allocation size calculations that were added to the kernel during the merge window. This performs the following mechanical transformations using Coccinelle: kvmalloc(a * b, ...) -> kvmalloc_array(a, b, ...) kvzalloc(a * b, ...) -> kvcalloc(a, b, ...) devm_kzalloc(..., a * b, ...) -> devm_kcalloc(..., a, b, ...) Signed-off-by: Kees Cook commit 091a1eaa0e309b0e8dcbf3f2da12c7f3d03ed182 Merge: 5943a9bbbb98 d41aa5252394 Author: Greg Kroah-Hartman Date: Fri Oct 5 16:33:03 2018 -0700 Merge branch 'akpm' * akpm: mm: madvise(MADV_DODUMP): allow hugetlbfs pages ocfs2: fix locking for res->tracking and dlm->tracking_list mm/vmscan.c: fix int overflow in callers of do_shrink_slab() mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly mm/vmstat.c: fix outdated vmstat_text proc: restrict kernel stack dumps to root mm/hugetlb: add mmap() encodings for 32MB and 512MB page sizes mm/migrate.c: split only transparent huge pages when allocation fails ipc/shm.c: use ERR_CAST() for shm_lock() error return mm/gup_benchmark: fix unsigned comparison to zero in __gup_benchmark_ioctl mm, thp: fix mlocking THP page with migration enabled ocfs2: fix crash in ocfs2_duplicate_clusters_by_page() hugetlb: take PMD sharing into account when flushing tlb/caches mm: migration: fix migration of huge PMD shared pages commit d41aa5252394c065d1f04d1ceea885b70d00c9c6 Author: Daniel Black Date: Fri Oct 5 15:52:19 2018 -0700 mm: madvise(MADV_DODUMP): allow hugetlbfs pages Reproducer, assuming 2M of hugetlbfs available: Hugetlbfs mounted, size=2M and option user=testuser # mount | grep ^hugetlbfs hugetlbfs on /dev/hugepages type hugetlbfs (rw,pagesize=2M,user=dan) # sysctl vm.nr_hugepages=1 vm.nr_hugepages = 1 # grep Huge /proc/meminfo AnonHugePages: 0 kB ShmemHugePages: 0 kB HugePages_Total: 1 HugePages_Free: 1 HugePages_Rsvd: 0 HugePages_Surp: 0 Hugepagesize: 2048 kB Hugetlb: 2048 kB Code: #include #include #define SIZE 2*1024*1024 int main() { void *ptr; ptr = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_HUGETLB | MAP_ANONYMOUS, -1, 0); madvise(ptr, SIZE, MADV_DONTDUMP); madvise(ptr, SIZE, MADV_DODUMP); } Compile and strace: mmap(NULL, 2097152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_HUGETLB, -1, 0) = 0x7ff7c9200000 madvise(0x7ff7c9200000, 2097152, MADV_DONTDUMP) = 0 madvise(0x7ff7c9200000, 2097152, MADV_DODUMP) = -1 EINVAL (Invalid argument) hugetlbfs pages have VM_DONTEXPAND in the VmFlags driver pages based on author testing with analysis from Florian Weimer[1]. The inclusion of VM_DONTEXPAND into the VM_SPECIAL defination was a consequence of the large useage of VM_DONTEXPAND in device drivers. A consequence of [2] is that VM_DONTEXPAND marked pages are unable to be marked DODUMP. A user could quite legitimately madvise(MADV_DONTDUMP) their hugetlbfs memory for a while and later request that madvise(MADV_DODUMP) on the same memory. We correct this omission by allowing madvice(MADV_DODUMP) on hugetlbfs pages. [1] https://stackoverflow.com/questions/52548260/madvisedodump-on-the-same-ptr-size-as-a-successful-madvisedontdump-fails-wit [2] commit 0103bd16fb90 ("mm: prepare VM_DONTDUMP for using in drivers") Link: http://lkml.kernel.org/r/20180930054629.29150-1-daniel@linux.ibm.com Link: https://lists.launchpad.net/maria-discuss/msg05245.html Fixes: 0103bd16fb90 ("mm: prepare VM_DONTDUMP for using in drivers") Reported-by: Kenneth Penza Signed-off-by: Daniel Black Reviewed-by: Mike Kravetz Cc: Konstantin Khlebnikov Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit cbe355f57c8074bc4f452e5b6e35509044c6fa23 Author: Ashish Samant Date: Fri Oct 5 15:52:15 2018 -0700 ocfs2: fix locking for res->tracking and dlm->tracking_list In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This can cause list corruptions and can end up in kernel panic. Fix this by locking res->tracking and dlm->tracking_list with dlm->track_lock instead of dlm->spinlock. Link: http://lkml.kernel.org/r/1529951192-4686-1-git-send-email-ashish.samant@oracle.com Signed-off-by: Ashish Samant Reviewed-by: Changwei Ge Acked-by: Joseph Qi Acked-by: Jun Piao Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Changwei Ge Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit b8e57efa2c98cc56c49461c4950cf026422c29e9 Author: Kirill Tkhai Date: Fri Oct 5 15:52:10 2018 -0700 mm/vmscan.c: fix int overflow in callers of do_shrink_slab() do_shrink_slab() returns unsigned long value, and the placing into int variable cuts high bytes off. Then we compare ret and 0xfffffffe (since SHRINK_EMPTY is converted to ret type). Thus a large number of objects returned by do_shrink_slab() may be interpreted as SHRINK_EMPTY, if low bytes of their value are equal to 0xfffffffe. Fix that by declaration ret as unsigned long in these functions. Link: http://lkml.kernel.org/r/153813407177.17544.14888305435570723973.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Reported-by: Cyrill Gorcunov Acked-by: Cyrill Gorcunov Reviewed-by: Josef Bacik Cc: Michal Hocko Cc: Andrey Ryabinin Cc: Johannes Weiner Cc: Tetsuo Handa Cc: Shakeel Butt Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 58bc4c34d249bf1bc50730a9a209139347cfacfe Author: Jann Horn Date: Fri Oct 5 15:52:07 2018 -0700 mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the NR_TLB_REMOTE_FLUSH* counters inside the kernel unconditional to reduce #ifdef soup, but (either to avoid showing dummy zero counters to userspace, or because that code was missed) didn't update the vmstat_array, meaning that all following counters would be shown with incorrect values. This only affects kernel builds with CONFIG_VM_EVENT_COUNTERS=y && CONFIG_DEBUG_TLBFLUSH=y && CONFIG_SMP=n. Link: http://lkml.kernel.org/r/20181001143138.95119-2-jannh@google.com Fixes: 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") Signed-off-by: Jann Horn Reviewed-by: Kees Cook Reviewed-by: Andrew Morton Acked-by: Michal Hocko Acked-by: Roman Gushchin Cc: Davidlohr Bueso Cc: Oleg Nesterov Cc: Christoph Lameter Cc: Kemi Wang Cc: Andy Lutomirski Cc: Ingo Molnar Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 28e2c4bb99aa40f9d5f07ac130cbc4da0ea93079 Author: Jann Horn Date: Fri Oct 5 15:52:03 2018 -0700 mm/vmstat.c: fix outdated vmstat_text 7a9cdebdcc17 ("mm: get rid of vmacache_flush_all() entirely") removed the VMACACHE_FULL_FLUSHES statistics, but didn't remove the corresponding entry in vmstat_text. This causes an out-of-bounds access in vmstat_show(). Luckily this only affects kernels with CONFIG_DEBUG_VM_VMACACHE=y, which is probably very rare. Link: http://lkml.kernel.org/r/20181001143138.95119-1-jannh@google.com Fixes: 7a9cdebdcc17 ("mm: get rid of vmacache_flush_all() entirely") Signed-off-by: Jann Horn Reviewed-by: Kees Cook Reviewed-by: Andrew Morton Acked-by: Michal Hocko Acked-by: Roman Gushchin Cc: Davidlohr Bueso Cc: Oleg Nesterov Cc: Christoph Lameter Cc: Kemi Wang Cc: Andy Lutomirski Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit f8a00cef17206ecd1b30d3d9f99e10d9fa707aa7 Author: Jann Horn Date: Fri Oct 5 15:51:58 2018 -0700 proc: restrict kernel stack dumps to root Currently, you can use /proc/self/task/*/stack to cause a stack walk on a task you control while it is running on another CPU. That means that the stack can change under the stack walker. The stack walker does have guards against going completely off the rails and into random kernel memory, but it can interpret random data from your kernel stack as instruction pointers and stack pointers. This can cause exposure of kernel stack contents to userspace. Restrict the ability to inspect kernel stacks of arbitrary tasks to root in order to prevent a local attacker from exploiting racy stack unwinding to leak kernel task stack contents. See the added comment for a longer rationale. There don't seem to be any users of this userspace API that can't gracefully bail out if reading from the file fails. Therefore, I believe that this change is unlikely to break things. In the case that this patch does end up needing a revert, the next-best solution might be to fake a single-entry stack based on wchan. Link: http://lkml.kernel.org/r/20180927153316.200286-1-jannh@google.com Fixes: 2ec220e27f50 ("proc: add /proc/*/stack") Signed-off-by: Jann Horn Acked-by: Kees Cook Cc: Alexey Dobriyan Cc: Ken Chen Cc: Will Deacon Cc: Laura Abbott Cc: Andy Lutomirski Cc: Catalin Marinas Cc: Josh Poimboeuf Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H . Peter Anvin" Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 20916d4636a9b3c1bf562b305f91d126771edaf9 Author: Anshuman Khandual Date: Fri Oct 5 15:51:54 2018 -0700 mm/hugetlb: add mmap() encodings for 32MB and 512MB page sizes ARM64 architecture also supports 32MB and 512MB HugeTLB page sizes. This just adds mmap() system call argument encoding for them. Link: http://lkml.kernel.org/r/1537841300-6979-1-git-send-email-anshuman.khandual@arm.com Signed-off-by: Anshuman Khandual Acked-by: Punit Agrawal Acked-by: Mike Kravetz Cc: Michal Hocko Cc: Will Deacon Cc: Catalin Marinas Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit e6112fc300702f96374f34368513d57795fc6d23 Author: Anshuman Khandual Date: Fri Oct 5 15:51:51 2018 -0700 mm/migrate.c: split only transparent huge pages when allocation fails split_huge_page_to_list() fails on HugeTLB pages. I was experimenting with moving 32MB contig HugeTLB pages on arm64 (with a debug patch applied) and hit the following stack trace when the kernel crashed. [ 3732.462797] Call trace: [ 3732.462835] split_huge_page_to_list+0x3b0/0x858 [ 3732.462913] migrate_pages+0x728/0xc20 [ 3732.462999] soft_offline_page+0x448/0x8b0 [ 3732.463097] __arm64_sys_madvise+0x724/0x850 [ 3732.463197] el0_svc_handler+0x74/0x110 [ 3732.463297] el0_svc+0x8/0xc [ 3732.463347] Code: d1000400 f90b0e60 f2fbd5a2 a94982a1 (f9000420) When unmap_and_move[_huge_page]() fails due to lack of memory, the splitting should happen only for transparent huge pages not for HugeTLB pages. PageTransHuge() returns true for both THP and HugeTLB pages. Hence the conditonal check should test PagesHuge() flag to make sure that given pages is not a HugeTLB one. Link: http://lkml.kernel.org/r/1537798495-4996-1-git-send-email-anshuman.khandual@arm.com Fixes: 94723aafb9 ("mm: unclutter THP migration") Signed-off-by: Anshuman Khandual Acked-by: Michal Hocko Acked-by: Naoya Horiguchi Cc: Kirill A. Shutemov Cc: Zi Yan Cc: Mike Kravetz Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 59cf0a9339ca4b0226e9b4329dfb0a5b8b0b9bc2 Author: Kees Cook Date: Fri Oct 5 15:51:48 2018 -0700 ipc/shm.c: use ERR_CAST() for shm_lock() error return This uses ERR_CAST() instead of an open-coded cast, as it is casting across structure pointers, which upsets __randomize_layout: ipc/shm.c: In function `shm_lock': ipc/shm.c:209:9: note: randstruct: casting between randomized structure pointer types (ssa): `struct shmid_kernel' and `struct kern_ipc_perm' return (void *)ipcp; ^~~~~~~~~~~~ Link: http://lkml.kernel.org/r/20180919180722.GA15073@beast Fixes: 82061c57ce93 ("ipc: drop ipc_lock()") Signed-off-by: Kees Cook Cc: Davidlohr Bueso Cc: Manfred Spraul Cc: Arnd Bergmann Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 51896864579d5a3349740847083f4db5c6487164 Author: YueHaibing Date: Fri Oct 5 15:51:44 2018 -0700 mm/gup_benchmark: fix unsigned comparison to zero in __gup_benchmark_ioctl get_user_pages_fast() will return negative value if no pages were pinned, then be converted to a unsigned, which is compared to zero, giving the wrong result. Link: http://lkml.kernel.org/r/20180921095015.26088-1-yuehaibing@huawei.com Fixes: 09e35a4a1ca8 ("mm/gup_benchmark: handle gup failures") Signed-off-by: YueHaibing Reviewed-by: Andrew Morton Cc: Michael S. Tsirkin Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit e125fe405abedc1dc8a5b2229b80ee91c1434015 Author: Kirill A. Shutemov Date: Fri Oct 5 15:51:41 2018 -0700 mm, thp: fix mlocking THP page with migration enabled A transparent huge page is represented by a single entry on an LRU list. Therefore, we can only make unevictable an entire compound page, not individual subpages. If a user tries to mlock() part of a huge page, we want the rest of the page to be reclaimable. We handle this by keeping PTE-mapped huge pages on normal LRU lists: the PMD on border of VM_LOCKED VMA will be split into PTE table. Introduction of THP migration breaks[1] the rules around mlocking THP pages. If we had a single PMD mapping of the page in mlocked VMA, the page will get mlocked, regardless of PTE mappings of the page. For tmpfs/shmem it's easy to fix by checking PageDoubleMap() in remove_migration_pmd(). Anon THP pages can only be shared between processes via fork(). Mlocked page can only be shared if parent mlocked it before forking, otherwise CoW will be triggered on mlock(). For Anon-THP, we can fix the issue by munlocking the page on removing PTE migration entry for the page. PTEs for the page will always come after mlocked PMD: rmap walks VMAs from oldest to newest. Test-case: #include #include #include #include #include int main(void) { unsigned long nodemask = 4; void *addr; addr = mmap((void *)0x20000000UL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_LOCKED, -1, 0); if (fork()) { wait(NULL); return 0; } mlock(addr, 4UL << 10); mbind(addr, 2UL << 20, MPOL_PREFERRED | MPOL_F_RELATIVE_NODES, &nodemask, 4, MPOL_MF_MOVE); return 0; } [1] https://lkml.kernel.org/r/CAOMGZ=G52R-30rZvhGxEbkTw7rLLwBGadVYeo--iizcD3upL3A@mail.gmail.com Link: http://lkml.kernel.org/r/20180917133816.43995-1-kirill.shutemov@linux.intel.com Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Kirill A. Shutemov Reported-by: Vegard Nossum Reviewed-by: Zi Yan Cc: Naoya Horiguchi Cc: Vlastimil Babka Cc: Andrea Arcangeli Cc: [4.14+] Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 69eb7765b9c6902444c89c54e7043242faf981e5 Author: Larry Chen Date: Fri Oct 5 15:51:37 2018 -0700 ocfs2: fix crash in ocfs2_duplicate_clusters_by_page() ocfs2_duplicate_clusters_by_page() may crash if one of the extent's pages is dirty. When a page has not been written back, it is still in dirty state. If ocfs2_duplicate_clusters_by_page() is called against the dirty page, the crash happens. To fix this bug, we can just unlock the page and wait until the page until its not dirty. The following is the backtrace: kernel BUG at /root/code/ocfs2/refcounttree.c:2961! [exception RIP: ocfs2_duplicate_clusters_by_page+822] __ocfs2_move_extent+0x80/0x450 [ocfs2] ? __ocfs2_claim_clusters+0x130/0x250 [ocfs2] ocfs2_defrag_extent+0x5b8/0x5e0 [ocfs2] __ocfs2_move_extents_range+0x2a4/0x470 [ocfs2] ocfs2_move_extents+0x180/0x3b0 [ocfs2] ? ocfs2_wait_for_recovery+0x13/0x70 [ocfs2] ocfs2_ioctl_move_extents+0x133/0x2d0 [ocfs2] ocfs2_ioctl+0x253/0x640 [ocfs2] do_vfs_ioctl+0x90/0x5f0 SyS_ioctl+0x74/0x80 do_syscall_64+0x74/0x140 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Once we find the page is dirty, we do not wait until it's clean, rather we use write_one_page() to write it back Link: http://lkml.kernel.org/r/20180829074740.9438-1-lchen@suse.com [lchen@suse.com: update comments] Link: http://lkml.kernel.org/r/20180830075041.14879-1-lchen@suse.com [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Larry Chen Acked-by: Changwei Ge Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit dff11abe280b47c21b804a8ace318e0638bb9a49 Author: Mike Kravetz Date: Fri Oct 5 15:51:33 2018 -0700 hugetlb: take PMD sharing into account when flushing tlb/caches When fixing an issue with PMD sharing and migration, it was discovered via code inspection that other callers of huge_pmd_unshare potentially have an issue with cache and tlb flushing. Use the routine adjust_range_if_pmd_sharing_possible() to calculate worst case ranges for mmu notifiers. Ensure that this range is flushed if huge_pmd_unshare succeeds and unmaps a PUD_SUZE area. Link: http://lkml.kernel.org/r/20180823205917.16297-3-mike.kravetz@oracle.com Signed-off-by: Mike Kravetz Acked-by: Kirill A. Shutemov Reviewed-by: Naoya Horiguchi Cc: Vlastimil Babka Cc: Davidlohr Bueso Cc: Michal Hocko Cc: Jerome Glisse Cc: Mike Kravetz Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 017b1660df89f5fb4bfe66c34e35f7d2031100c7 Author: Mike Kravetz Date: Fri Oct 5 15:51:29 2018 -0700 mm: migration: fix migration of huge PMD shared pages The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk to find all vmas where the page is mapped. This search stops when page mapcount is zero. For shared PMD huge pages, the page map count is always 1 no matter the number of mappings. Shared mappings are tracked via the reference count of the PMD page. Therefore, try_to_unmap stops prematurely and does not completely unmap all mappings of the source page. This problem can result is data corruption as writes to the original source page can happen after contents of the page are copied to the target page. Hence, data is lost. This problem was originally seen as DB corruption of shared global areas after a huge page was soft offlined due to ECC memory errors. DB developers noticed they could reproduce the issue by (hotplug) offlining memory used to back huge pages. A simple testcase can reproduce the problem by creating a shared PMD mapping (note that this must be at least PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using migrate_pages() to migrate process pages between nodes while continually writing to the huge pages being migrated. To fix, have the try_to_unmap_one routine check for huge PMD sharing by calling huge_pmd_unshare for hugetlbfs huge pages. If it is a shared mapping it will be 'unshared' which removes the page table entry and drops the reference on the PMD page. After this, flush caches and TLB. mmu notifiers are called before locking page tables, but we can not be sure of PMD sharing until page tables are locked. Therefore, check for the possibility of PMD sharing before locking so that notifiers can prepare for the worst possible case. Link: http://lkml.kernel.org/r/20180823205917.16297-2-mike.kravetz@oracle.com [mike.kravetz@oracle.com: make _range_in_vma() a static inline] Link: http://lkml.kernel.org/r/6063f215-a5c8-2f0c-465a-2c515ddc952d@oracle.com Fixes: 39dde65c9940 ("shared page table for hugetlb page") Signed-off-by: Mike Kravetz Acked-by: Kirill A. Shutemov Reviewed-by: Naoya Horiguchi Acked-by: Michal Hocko Cc: Vlastimil Babka Cc: Davidlohr Bueso Cc: Jerome Glisse Cc: Mike Kravetz Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 5943a9bbbb98b5c957662edd2fc902cc14e65895 Merge: b98d6cb80b0d 95375f2ab296 Author: Greg Kroah-Hartman Date: Fri Oct 5 16:11:16 2018 -0700 Merge tag 'pci-v4.19-fixes-3' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Bjorn writes: "PCI fixes for v4.19: - Reprogram bridge prefetch registers to fix NVIDIA and Radeon issues after suspend/resume (Daniel Drake) - Fix mvebu I/O mapping creation sequence (Thomas Petazzoni) - Fix minor MAINTAINERS file match issue (Bjorn Helgaas)" * tag 'pci-v4.19-fixes-3' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: mvebu: Fix PCI I/O mapping creation sequence MAINTAINERS: Remove obsolete drivers/pci pattern from ACPI section PCI: Reprogram bridge prefetch registers on resume commit b98d6cb80b0dc44e1d3382bc8c530eaa80ad5b6c Merge: 3830711f3e93 5d07384a666d Author: Greg Kroah-Hartman Date: Fri Oct 5 16:09:56 2018 -0700 Merge tag 'for-4.19/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Mike writes: "device mapper fixes - Fix a DM thinp __udivdi3 undefined on 32-bit bug introduced during 4.19 merge window. - Fix leak and dangling pointer in DM multipath's scsi_dh related code. - A couple stable@ fixes for DM cache's resize support. - A DM raid fix to remove "const" from decipher_sync_action()'s return type." * tag 'for-4.19/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm cache: fix resize crash if user doesn't reload cache table dm cache metadata: ignore hints array being too small during resize dm raid: remove bogus const from decipher_sync_action() return type dm mpath: fix attached_handler_name leak and dangling hw_handler_name pointer dm thin metadata: fix __udivdi3 undefined on 32-bit commit 3830711f3e93b056e3e3597f2b39da2df4636e0b Merge: 5aebc7d2780d 19a4fbffc94e Author: Greg Kroah-Hartman Date: Fri Oct 5 16:09:11 2018 -0700 Merge tag 'gpio-v4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Linus writes: "A single GPIO fix: Free the last used descriptor, an off by one error. This is tagged for stable as well." * tag 'gpio-v4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpiolib: Free the last requested descriptor commit 5aebc7d2780df9176ee92f6d3bfd54b04457e349 Merge: 31d099085d54 69e445ab8b66 Author: Greg Kroah-Hartman Date: Fri Oct 5 16:08:12 2018 -0700 Merge tag 'pm-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Rafael writes: "Power management fix for 4.19-rc7 Fix a bug that may cause runtime PM to misbehave for some devices after a failing or aborted system suspend which is nasty enough for an -rc7 time frame fix." * tag 'pm-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: PM / core: Clear the direct_complete flag on errors commit 31d099085d5415a073b52358a5fc61d50e9ab614 Merge: 247373b5dd68 d7cbbe49a930 Author: Greg Kroah-Hartman Date: Fri Oct 5 16:07:13 2018 -0700 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Ingo writes: "perf fixes: - fix a CPU#0 hot unplug bug and a PCI enumeration bug in the x86 Intel uncore PMU driver - fix a CPU event enumeration bug in the x86 AMD PMU driver - fix a perf ring-buffer corruption bug when using tracepoints - fix a PMU unregister locking bug" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX perf/ring_buffer: Prevent concurent ring buffer access perf/x86/intel/uncore: Use boot_cpu_data.phys_proc_id instead of hardcorded physical package ID 0 perf/core: Fix perf_pmu_unregister() locking commit 247373b5dd685fd307d2ea7fd0e58353486e4ad4 Merge: 8be673735e51 02e425668f5c Author: Greg Kroah-Hartman Date: Fri Oct 5 15:40:57 2018 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Ingo writes: "x86 fixes: Misc fixes: - fix various vDSO bugs: asm constraints and retpolines - add vDSO test units to make sure they never re-appear - fix UV platform TSC initialization bug - fix build warning on Clang" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/vdso: Fix vDSO syscall fallback asm constraint regression x86/cpu/amd: Remove unnecessary parentheses x86/vdso: Only enable vDSO retpolines when enabled and supported x86/tsc: Fix UV TSC initialization x86/platform/uv: Provide is_early_uv_system() selftests/x86: Add clock_gettime() tests to test_vdso x86/vdso: Fix asm constraints on vDSO syscall fallbacks commit 8be673735e5144e13fe739fba5a0a33fc50f3a16 Merge: 1df377db3d01 37355bdc5a12 Author: Greg Kroah-Hartman Date: Fri Oct 5 15:39:38 2018 -0700 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Ingo writes: "scheduler fixes: These fixes address a rather involved performance regression between v4.17->v4.19 in the sched/numa auto-balancing code. Since distros really need this fix we accelerated it to sched/urgent for a faster upstream merge. NUMA scheduling and balancing performance is now largely back to v4.17 levels, without reintroducing the NUMA placement bugs that v4.18 and v4.19 fixed. Many thanks to Srikar Dronamraju, Mel Gorman and Jirka Hladky, for reporting, testing, re-testing and solving this rather complex set of bugs." * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/numa: Migrate pages to local nodes quicker early in the lifetime of a task mm, sched/numa: Remove rate-limiting of automatic NUMA balancing migration sched/numa: Avoid task migration for small NUMA improvement mm/migrate: Use spin_trylock() while resetting rate limit sched/numa: Limit the conditions where scan period is reset sched/numa: Reset scan rate whenever task moves across nodes sched/numa: Pass destination CPU as a parameter to migrate_task_rq sched/numa: Stop multiple tasks from moving to the CPU at the same time commit 1df377db3d0131057fa33b4dcda05c3e341308ab Merge: 8b6b383c1fa3 e4a02ed2aaf4 Author: Greg Kroah-Hartman Date: Fri Oct 5 15:38:32 2018 -0700 Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Ingo writes: "locking fixes: A fix in the ww_mutex self-test that produces a scary splat, plus an updates to the maintained-filed patters in MAINTAINER." * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: locking/ww_mutex: Fix runtime warning in the WW mutex selftest MAINTAINERS: Remove dead path from LOCKING PRIMITIVES entry commit 8b6b383c1fa33c7ed49885672cc2ddf61d6b46f0 Merge: b2e45b46d85b 709ae62e8e6d Author: Greg Kroah-Hartman Date: Fri Oct 5 15:37:22 2018 -0700 Merge tag 'sound-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Takashi writes: "sound fixes for 4.19-rc7 Just two small fixes for HD-audio: one is for a typo in completion timeout, and another a fixup for Dell machines as usual" * tag 'sound-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 ALSA: hda: Fix the audio-component completion timeout commit 35f3625c21852ad839f20c91c7d81c4c1101e207 Author: Maxime Chevallier Date: Fri Oct 5 09:04:40 2018 +0200 net: mvpp2: Extract the correct ethtype from the skb for tx csum offload When offloading the L3 and L4 csum computation on TX, we need to extract the l3_proto from the ethtype, independently of the presence of a vlan tag. The actual driver uses skb->protocol as-is, resulting in packets with the wrong L4 checksum being sent when there's a vlan tag in the packet header and checksum offloading is enabled. This commit makes use of vlan_protocol_get() to get the correct ethtype regardless the presence of a vlan tag. Fixes: 3f518509dedc ("ethernet: Add new driver for Marvell Armada 375 network unit") Signed-off-by: Maxime Chevallier Signed-off-by: David S. Miller commit a688caa34beb2fd2a92f1b6d33e40cde433ba160 Author: Wei Wang Date: Thu Oct 4 10:12:37 2018 -0700 ipv6: take rcu lock in rawv6_send_hdrinc() In rawv6_send_hdrinc(), in order to avoid an extra dst_hold(), we directly assign the dst to skb and set passed in dst to NULL to avoid double free. However, in error case, we free skb and then do stats update with the dst pointer passed in. This causes use-after-free on the dst. Fix it by taking rcu read lock right before dst could get released to make sure dst does not get freed until the stats update is done. Note: we don't have this issue in ipv4 cause dst is not used for stats update in v4. Syzkaller reported following crash: BUG: KASAN: use-after-free in rawv6_send_hdrinc net/ipv6/raw.c:692 [inline] BUG: KASAN: use-after-free in rawv6_sendmsg+0x4421/0x4630 net/ipv6/raw.c:921 Read of size 8 at addr ffff8801d95ba730 by task syz-executor0/32088 CPU: 1 PID: 32088 Comm: syz-executor0 Not tainted 4.19.0-rc2+ #93 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 rawv6_send_hdrinc net/ipv6/raw.c:692 [inline] rawv6_sendmsg+0x4421/0x4630 net/ipv6/raw.c:921 inet_sendmsg+0x1a1/0x690 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2114 __sys_sendmsg+0x11d/0x280 net/socket.c:2152 __do_sys_sendmsg net/socket.c:2161 [inline] __se_sys_sendmsg net/socket.c:2159 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457099 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f83756edc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f83756ee6d4 RCX: 0000000000457099 RDX: 0000000000000000 RSI: 0000000020003840 RDI: 0000000000000004 RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004d4b30 R14: 00000000004c90b1 R15: 0000000000000000 Allocated by task 32088: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:490 kmem_cache_alloc+0x12e/0x730 mm/slab.c:3554 dst_alloc+0xbb/0x1d0 net/core/dst.c:105 ip6_dst_alloc+0x35/0xa0 net/ipv6/route.c:353 ip6_rt_cache_alloc+0x247/0x7b0 net/ipv6/route.c:1186 ip6_pol_route+0x8f8/0xd90 net/ipv6/route.c:1895 ip6_pol_route_output+0x54/0x70 net/ipv6/route.c:2093 fib6_rule_lookup+0x277/0x860 net/ipv6/fib6_rules.c:122 ip6_route_output_flags+0x2c5/0x350 net/ipv6/route.c:2121 ip6_route_output include/net/ip6_route.h:88 [inline] ip6_dst_lookup_tail+0xe27/0x1d60 net/ipv6/ip6_output.c:951 ip6_dst_lookup_flow+0xc8/0x270 net/ipv6/ip6_output.c:1079 rawv6_sendmsg+0x12d9/0x4630 net/ipv6/raw.c:905 inet_sendmsg+0x1a1/0x690 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2114 __sys_sendmsg+0x11d/0x280 net/socket.c:2152 __do_sys_sendmsg net/socket.c:2161 [inline] __se_sys_sendmsg net/socket.c:2159 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 5356: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0x102/0x150 mm/kasan/kasan.c:521 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528 __cache_free mm/slab.c:3498 [inline] kmem_cache_free+0x83/0x290 mm/slab.c:3756 dst_destroy+0x267/0x3c0 net/core/dst.c:141 dst_destroy_rcu+0x16/0x19 net/core/dst.c:154 __rcu_reclaim kernel/rcu/rcu.h:236 [inline] rcu_do_batch kernel/rcu/tree.c:2576 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2880 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2847 [inline] rcu_process_callbacks+0xf23/0x2670 kernel/rcu/tree.c:2864 __do_softirq+0x30b/0xad8 kernel/softirq.c:292 Fixes: 1789a640f556 ("raw: avoid two atomics in xmit") Signed-off-by: Wei Wang Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller commit c58a584f05e35d1d4342923cd7aac07d9c3d3d16 Author: Vineet Gupta Date: Fri Oct 5 12:48:48 2018 -0700 ARC: clone syscall to setp r25 as thread pointer Per ARC TLS ABI, r25 is designated TP (thread pointer register). However so far kernel didn't do any special treatment, like setting up usermode r25, even for CLONE_SETTLS. We instead relied on libc runtime to do this, in say clone libc wrapper [1]. This was deliberate to keep kernel ABI agnostic (userspace could potentially change TP, specially for different ARC ISA say ARCompact vs. ARCv2 with different spare registers etc) However userspace setting up r25, after clone syscall opens a race, if child is not scheduled and gets a signal instead. It starts off in userspace not in clone but in a signal handler and anything TP sepcific there such as pthread_self() fails which showed up with uClibc testsuite nptl/tst-kill6 [2] Fix this by having kernel populate r25 to TP value. So this locks in ABI, but it was not going to change anyways, and fwiw is same for both ARCompact (arc700 core) and ARCvs (HS3x cores) [1] https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libc/sysdeps/linux/arc/clone.S [2] https://github.com/wbx-github/uclibc-ng-test/blob/master/test/nptl/tst-kill6.c Fixes: ARC STAR 9001378481 Cc: stable@vger.kernel.org Reported-by: Nikita Sobolev Signed-off-by: Vineet Gupta commit 8b4c3cdd9dd8290343ce959a132d3b334062c5b9 Author: David Ahern Date: Wed Oct 3 15:05:36 2018 -0700 net: sched: Add policy validation for tc attributes A number of TC attributes are processed without proper validation (e.g., length checks). Add a tca policy for all input attributes and use when invoking nlmsg_parse. The 2 Fixes tags below cover the latest additions. The other attributes are a string (KIND), nested attribute (OPTIONS which does seem to have validation in most cases), for dumps only or a flag. Fixes: 5bc1701881e39 ("net: sched: introduce multichain support for filters") Fixes: d47a6b0e7c492 ("net: sched: introduce ingress/egress block index attributes for qdisc") Signed-off-by: David Ahern Signed-off-by: David S. Miller commit bd961c9bc66497f0c63f4ba1d02900bb85078366 Author: Mauricio Faria de Oliveira Date: Mon Oct 1 22:46:40 2018 -0300 rtnetlink: fix rtnl_fdb_dump() for ndmsg header Currently, rtnl_fdb_dump() assumes the family header is 'struct ifinfomsg', which is not always true -- 'struct ndmsg' is used by iproute2 ('ip neigh'). The problem is, the function bails out early if nlmsg_parse() fails, which does occur for iproute2 usage of 'struct ndmsg' because the payload length is shorter than the family header alone (as 'struct ifinfomsg' is assumed). This breaks backward compatibility with userspace -- nothing is sent back. Some examples with iproute2 and netlink library for go [1]: 1) $ bridge fdb show 33:33:00:00:00:01 dev ens3 self permanent 01:00:5e:00:00:01 dev ens3 self permanent 33:33:ff:15:98:30 dev ens3 self permanent This one works, as it uses 'struct ifinfomsg'. fdb_show() @ iproute2/bridge/fdb.c """ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)), ... if (rtnl_dump_request(&rth, RTM_GETNEIGH, [...] """ 2) $ ip --family bridge neigh RTNETLINK answers: Invalid argument Dump terminated This one fails, as it uses 'struct ndmsg'. do_show_or_flush() @ iproute2/ip/ipneigh.c """ .n.nlmsg_type = RTM_GETNEIGH, .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ndmsg)), """ 3) $ ./neighlist < no output > This one fails, as it uses 'struct ndmsg'-based. neighList() @ netlink/neigh_linux.go """ req := h.newNetlinkRequest(unix.RTM_GETNEIGH, [...] msg := Ndmsg{ """ The actual breakage was introduced by commit 0ff50e83b512 ("net: rtnetlink: bail out from rtnl_fdb_dump() on parse error"), because nlmsg_parse() fails if the payload length (with the _actual_ family header) is less than the family header length alone (which is assumed, in parameter 'hdrlen'). This is true in the examples above with struct ndmsg, with size and payload length shorter than struct ifinfomsg. However, that commit just intends to fix something under the assumption the family header is indeed an 'struct ifinfomsg' - by preventing access to the payload as such (via 'ifm' pointer) if the payload length is not sufficient to actually contain it. The assumption was introduced by commit 5e6d24358799 ("bridge: netlink dump interface at par with brctl"), to support iproute2's 'bridge fdb' command (not 'ip neigh') which indeed uses 'struct ifinfomsg', thus is not broken. So, in order to unbreak the 'struct ndmsg' family headers and still allow 'struct ifinfomsg' to continue to work, check for the known message sizes used with 'struct ndmsg' in iproute2 (with zero or one attribute which is not used in this function anyway) then do not parse the data as ifinfomsg. Same examples with this patch applied (or revert/before the original fix): $ bridge fdb show 33:33:00:00:00:01 dev ens3 self permanent 01:00:5e:00:00:01 dev ens3 self permanent 33:33:ff:15:98:30 dev ens3 self permanent $ ip --family bridge neigh dev ens3 lladdr 33:33:00:00:00:01 PERMANENT dev ens3 lladdr 01:00:5e:00:00:01 PERMANENT dev ens3 lladdr 33:33:ff:15:98:30 PERMANENT $ ./neighlist netlink.Neigh{LinkIndex:2, Family:7, State:128, Type:0, Flags:2, IP:net.IP(nil), HardwareAddr:net.HardwareAddr{0x33, 0x33, 0x0, 0x0, 0x0, 0x1}, LLIPAddr:net.IP(nil), Vlan:0, VNI:0} netlink.Neigh{LinkIndex:2, Family:7, State:128, Type:0, Flags:2, IP:net.IP(nil), HardwareAddr:net.HardwareAddr{0x1, 0x0, 0x5e, 0x0, 0x0, 0x1}, LLIPAddr:net.IP(nil), Vlan:0, VNI:0} netlink.Neigh{LinkIndex:2, Family:7, State:128, Type:0, Flags:2, IP:net.IP(nil), HardwareAddr:net.HardwareAddr{0x33, 0x33, 0xff, 0x15, 0x98, 0x30}, LLIPAddr:net.IP(nil), Vlan:0, VNI:0} Tested on mainline (v4.19-rc6) and net-next (3bd09b05b068). References: [1] netlink library for go (test-case) https://github.com/vishvananda/netlink $ cat ~/go/src/neighlist/main.go package main import ("fmt"; "syscall"; "github.com/vishvananda/netlink") func main() { neighs, _ := netlink.NeighList(0, syscall.AF_BRIDGE) for _, neigh := range neighs { fmt.Printf("%#v\n", neigh) } } $ export GOPATH=~/go $ go get github.com/vishvananda/netlink $ go build neighlist $ ~/go/src/neighlist/neighlist Thanks to David Ahern for suggestions to improve this patch. Fixes: 0ff50e83b512 ("net: rtnetlink: bail out from rtnl_fdb_dump() on parse error") Fixes: 5e6d24358799 ("bridge: netlink dump interface at par with brctl") Reported-by: Aidan Obley Signed-off-by: Mauricio Faria de Oliveira Reviewed-by: David Ahern Signed-off-by: David S. Miller commit 0781168e23a2fc8dceb989f11fc5b39b3ccacc35 Author: Wenwen Wang Date: Fri Oct 5 10:59:36 2018 -0500 yam: fix a missing-check bug In yam_ioctl(), the concrete ioctl command is firstly copied from the user-space buffer 'ifr->ifr_data' to 'ioctl_cmd' and checked through the following switch statement. If the command is not as expected, an error code EINVAL is returned. In the following execution the buffer 'ifr->ifr_data' is copied again in the cases of the switch statement to specific data structures according to what kind of ioctl command is requested. However, after the second copy, no re-check is enforced on the newly-copied command. Given that the buffer 'ifr->ifr_data' is in the user space, a malicious user can race to change the command between the two copies. This way, the attacker can inject inconsistent data and cause undefined behavior. This patch adds a re-check in each case of the switch statement if there is a second copy in that case, to re-check whether the command obtained in the second copy is the same as the one in the first copy. If not, an error code EINVAL will be returned. Signed-off-by: Wenwen Wang Signed-off-by: David S. Miller commit 33aa8da1f8a7dc050b9d68f1db761ab787621065 Author: Shanthosh RK Date: Fri Oct 5 20:57:48 2018 +0530 net: bpfilter: Fix type cast and pointer warnings Fixes the following Sparse warnings: net/bpfilter/bpfilter_kern.c:62:21: warning: cast removes address space of expression net/bpfilter/bpfilter_kern.c:101:49: warning: Using plain integer as NULL pointer Signed-off-by: Shanthosh RK Signed-off-by: David S. Miller commit 2c05d88818ab6571816b93edce4d53703870d7ae Author: Wenwen Wang Date: Fri Oct 5 08:48:27 2018 -0500 net: cxgb3_main: fix a missing-check bug In cxgb_extension_ioctl(), the command of the ioctl is firstly copied from the user-space buffer 'useraddr' to 'cmd' and checked through the switch statement. If the command is not as expected, an error code EOPNOTSUPP is returned. In the following execution, i.e., the cases of the switch statement, the whole buffer of 'useraddr' is copied again to a specific data structure, according to what kind of command is requested. However, after the second copy, there is no re-check on the newly-copied command. Given that the buffer 'useraddr' is in the user space, a malicious user can race to change the command between the two copies. By doing so, the attacker can supply malicious data to the kernel and cause undefined behavior. This patch adds a re-check in each case of the switch statement if there is a second copy in that case, to re-check whether the command obtained in the second copy is the same as the one in the first copy. If not, an error code EINVAL is returned. Signed-off-by: Wenwen Wang Signed-off-by: David S. Miller commit cecf10704899467a787975e3d94a1f0129b9688e Author: Dmitry Torokhov Date: Thu Oct 4 17:50:48 2018 -0700 Input: uinput - add a schedule point in uinput_inject_events() Large writes to uinput interface may cause rcu stalls. Let's add cond_resched() to the loop to avoid this. Reviewed-by: Paul E. McKenney Signed-off-by: Dmitry Torokhov commit 36d2582ff235b4e01ad64a734c877a52dc762d9c Author: Dmitry Torokhov Date: Thu Oct 4 17:45:54 2018 -0700 Input: evdev - add a schedule point in evdev_write() Large writes to evdev interface may cause rcu stalls. Let's add cond_resched() to the loop to avoid this. Reviewed-by: Paul E. McKenney Signed-off-by: Dmitry Torokhov commit b8d5b7cec43618c8f91a9fbe80067ef2dcbc4d35 Merge: 7e4183752735 b799207e1e18 Author: David S. Miller Date: Fri Oct 5 10:53:13 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Daniel Borkmann says: ==================== pull-request: bpf 2018-10-05 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Fix to truncate input on ALU operations in 32 bit mode, from Jann. 2) Fixes for cgroup local storage to reject reserved flags on element update and rejection of map allocation with zero-sized value, from Roman. ==================== Signed-off-by: David S. Miller commit b799207e1e1816b09e7a5920fbb2d5fcf6edd681 Author: Jann Horn Date: Fri Oct 5 18:17:59 2018 +0200 bpf: 32-bit RSH verification must truncate input before the ALU op When I wrote commit 468f6eafa6c4 ("bpf: fix 32-bit ALU op verification"), I assumed that, in order to emulate 64-bit arithmetic with 32-bit logic, it is sufficient to just truncate the output to 32 bits; and so I just moved the register size coercion that used to be at the start of the function to the end of the function. That assumption is true for almost every op, but not for 32-bit right shifts, because those can propagate information towards the least significant bit. Fix it by always truncating inputs for 32-bit ops to 32 bits. Also get rid of the coerce_reg_to_size() after the ALU op, since that has no effect. Fixes: 468f6eafa6c4 ("bpf: fix 32-bit ALU op verification") Acked-by: Daniel Borkmann Signed-off-by: Jann Horn Signed-off-by: Daniel Borkmann commit 148b9aba99e0bbadf361747d21456e1589015f74 Author: Maciej W. Rozycki Date: Tue Oct 2 12:50:11 2018 +0100 MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression Fix a commit 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") regression and remove assembly warnings: arch/mips/lib/memset.S: Assembler messages: arch/mips/lib/memset.S:243: Warning: Macro instruction expanded into multiple instructions in a branch delay slot triggering with the CPU_DADDI_WORKAROUNDS option set and this code: PTR_SUBU a2, t1, a0 jr ra PTR_ADDIU a2, 1 This is because with that option in place the DADDIU instruction, which the PTR_ADDIU CPP macro expands to, becomes a GAS macro, which in turn expands to an LI/DADDU (or actually ADDIU/DADDU) sequence: 13c: 01a4302f dsubu a2,t1,a0 140: 03e00008 jr ra 144: 24010001 li at,1 148: 00c1302d daddu a2,a2,at ... Correct this by switching off the `noreorder' assembly mode and letting GAS schedule this jump's delay slot, as there is nothing special about it that would require manual scheduling. With this change in place correct code is produced: 13c: 01a4302f dsubu a2,t1,a0 140: 24010001 li at,1 144: 03e00008 jr ra 148: 00c1302d daddu a2,a2,at ... Signed-off-by: Maciej W. Rozycki Signed-off-by: Paul Burton Fixes: 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") Patchwork: https://patchwork.linux-mips.org/patch/20833/ Cc: Ralf Baechle Cc: stable@vger.kernel.org # 4.17+ commit c1883f10cfe05c707cce46d6999411c50a2413ca Merge: d7cbbe49a930 7a8a8fcf7b86 Author: Ingo Molnar Date: Fri Oct 5 18:14:00 2018 +0200 Merge tag 'perf-urgent-for-mingo-4.19-20181005' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/urgent fixes from Arnaldo Carvalho de Melo: - Fix the build on Clear Linux, coping with redundant declarations of function prototypes in python3 header files by adding -Wno-redundant-decls to build with PYTHON=python3 (Arnaldo Carvalho de Melo) - Fixes for processing inline frames in backtraces using DWARF based unwinding (Milian Wolff) - Cope with bad DWARF info for function names for inline frames,not trying to demangle this symbol. Problem reported with rust but reproduced as well with C++. Problem reported to the libbpf maintainers (Milian Wolff) - Fix python export to postgresql and sqlite code (Adrian Hunter) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit b2e45b46d85bfc67b7b28e0e0c1c7e9b9a35892c Merge: 08b297bb10d6 b3e9b515b08e Author: Greg Kroah-Hartman Date: Fri Oct 5 08:30:40 2018 -0700 Merge tag 'iommu-fixes-v4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Joerg writes: "IOMMU Fix for Linux v4.19-rc6 One important fix: - Fix a memory leak with AMD IOMMU when SME is active and a VM has assigned devices. In that case the complete guest memory will be leaked without this fix." * tag 'iommu-fixes-v4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/amd: Clear memory encryption mask from physical address commit 08b297bb10d6a270739d92098adabe3c550377e9 Merge: 4fbeba43b9b6 cc906f07d7d5 Author: Greg Kroah-Hartman Date: Fri Oct 5 08:29:44 2018 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Paolo writes: "KVM changes for 4.19-rc7 x86 and PPC bugfixes, mostly introduced in 4.19-rc1." * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: kvm: nVMX: fix entry with pending interrupt if APICv is enabled KVM: VMX: hide flexpriority from guest when disabled at the module level KVM: VMX: check for existence of secondary exec controls before accessing KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault KVM: x86: fix L1TF's MMIO GFN calculation tools/kvm_stat: cut down decimal places in update interval dialog KVM: nVMX: Fix emulation of VM_ENTRY_LOAD_BNDCFGS KVM: x86: Do not use kvm_x86_ops->mpx_supported() directly KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled KVM: x86: never trap MSR_KERNEL_GS_BASE commit 4fbeba43b9b6f76a270108edcf5305dc1882a478 Merge: 087f759a4155 ba439a6cbfa2 Author: Greg Kroah-Hartman Date: Fri Oct 5 08:28:35 2018 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Herbert writes: "Crypto Fixes for 4.19 This push fixes the following issues: - Out-of-bound stack access in qat. - Illegal schedule in mxs-dcp. - Memory corruption in chelsio. - Incorrect pointer computation in caam." * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() crypto: mxs-dcp - Fix wait logic on chan threads crypto: chelsio - Fix memory corruption in DMA Mapped buffers. crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic commit 087f759a4155dcae08fb82841af2bafd231c7c9b Merge: befad944e231 7af929d6d05b Author: Greg Kroah-Hartman Date: Fri Oct 5 08:27:47 2018 -0700 Merge tag '4.19-rc6-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 Steve writes: "SMB3 fixes four small SMB3 fixes: one for stable, the others to address a more recent regression" * tag '4.19-rc6-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6: smb3: fix lease break problem introduced by compounding cifs: only wake the thread for the very last PDU in a compound cifs: add a warning if we try to to dequeue a deleted mid smb2: fix missing files in root share directory listing commit 7a8a8fcf7b860e4b2d4edc787c844d41cad9dfcf Author: Milian Wolff Date: Wed Sep 26 15:52:06 2018 +0200 perf record: Use unmapped IP for inline callchain cursors Only use the mapped IP to find inline frames, but keep using the unmapped IP for the callchain cursor. This ensures we properly show the unmapped IP when displaying a frame we received via the dso__parse_addr_inlines API for a module which does not contain sufficient debug symbols to show the srcline. This is another follow-up to commit 19610184693c ("perf script: Show virtual addresses instead of offsets"). Signed-off-by: Milian Wolff Acked-by: Jiri Olsa Tested-by: Ravi Bangoria Tested-by: Arnaldo Carvalho de Melo Cc: Jin Yao Cc: Namhyung Kim Cc: Sandipan Das Fixes: 19610184693c ("perf script: Show virtual addresses instead of offsets") Link: http://lkml.kernel.org/r/20180926135207.30263-2-milian.wolff@kdab.com Link: http://lkml.kernel.org/r/20181002073949.3297-1-milian.wolff@kdab.com [ Squashed a fix from Milian for a problem reported by Ravi, fixed up space damage ] Signed-off-by: Arnaldo Carvalho de Melo commit 62165600ae73ebd76e2d9b992b36360408d570d8 Author: Steven Rostedt (VMware) Date: Fri Oct 5 10:08:03 2018 -0400 vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers The functions vbin_printf() and bstr_printf() are used by trace_printk() to try to keep the overhead down during printing. trace_printk() uses vbin_printf() at the time of execution, as it only scans the fmt string to record the printf values into the buffer, and then uses vbin_printf() to do the conversions to print the string based on the format and the saved values in the buffer. This is an issue for dereferenced pointers, as before commit 841a915d20c7b, the processing of the pointer could happen some time after the pointer value was recorded (reading the trace buffer). This means the processing of the value at a later time could show different results, or even crash the system, if the pointer no longer existed. Commit 841a915d20c7b addressed this by processing dereferenced pointers at the time of execution and save the result in the ring buffer as a string. The bstr_printf() would then treat these pointers as normal strings, and print the value. But there was an off-by-one bug here, where after processing the argument, it move the pointer only "strlen(arg)" which made the arg pointer not point to the next argument in the ring buffer, but instead point to the nul character of the last argument. This causes any values after a dereferenced pointer to be corrupted. Cc: stable@vger.kernel.org Fixes: 841a915d20c7b ("vsprintf: Do not have bprintf dereference pointers") Reported-by: Nikolay Borisov Tested-by: Nikolay Borisov Signed-off-by: Steven Rostedt (VMware) commit 05a2f54679861deb188750ba2a70187000b2c71f Author: Arnaldo Carvalho de Melo Date: Tue Sep 18 16:08:02 2018 -0300 perf python: Use -Wno-redundant-decls to build with PYTHON=python3 When building in ClearLinux using 'make PYTHON=python3' with gcc 8.2.1 it fails with: GEN /tmp/build/perf/python/perf.so In file included from /usr/include/python3.7m/Python.h:126, from /git/linux/tools/perf/util/python.c:2: /usr/include/python3.7m/import.h:58:24: error: redundant redeclaration of ‘_PyImport_AddModuleObject’ [-Werror=redundant-decls] PyAPI_FUNC(PyObject *) _PyImport_AddModuleObject(PyObject *, PyObject *); ^~~~~~~~~~~~~~~~~~~~~~~~~ /usr/include/python3.7m/import.h:47:24: note: previous declaration of ‘_PyImport_AddModuleObject’ was here PyAPI_FUNC(PyObject *) _PyImport_AddModuleObject(PyObject *name, ^~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors error: command 'gcc' failed with exit status 1 And indeed there is a redundant declaration in that Python.h file, one with parameter names and the other without, so just add -Wno-error=redundant-decls to the python setup instructions. Now perf builds with gcc in ClearLinux with the following Dockerfile: # docker.io/acmel/linux-perf-tools-build-clearlinux:latest FROM docker.io/clearlinux:latest MAINTAINER Arnaldo Carvalho de Melo RUN swupd update && \ swupd bundle-add sysadmin-basic-dev RUN mkdir -m 777 -p /git /tmp/build/perf /tmp/build/objtool /tmp/build/linux && \ groupadd -r perfbuilder && \ useradd -m -r -g perfbuilder perfbuilder && \ chown -R perfbuilder.perfbuilder /tmp/build/ /git/ USER perfbuilder COPY rx_and_build.sh / ENV EXTRA_MAKE_ARGS=PYTHON=python3 ENTRYPOINT ["/rx_and_build.sh"] Now to figure out why the build fails with clang, that is present in the above container as detected by the rx_and_build.sh script: clang version 6.0.1 (tags/RELEASE_601/final) Target: x86_64-unknown-linux-gnu Thread model: posix InstalledDir: /usr/sbin make: Entering directory '/git/linux/tools/perf' BUILD: Doing 'make -j4' parallel build HOSTCC /tmp/build/perf/fixdep.o HOSTLD /tmp/build/perf/fixdep-in.o LINK /tmp/build/perf/fixdep Auto-detecting system features: ... dwarf: [ OFF ] ... dwarf_getlocations: [ OFF ] ... glibc: [ OFF ] ... gtk2: [ OFF ] ... libaudit: [ OFF ] ... libbfd: [ OFF ] ... libelf: [ OFF ] ... libnuma: [ OFF ] ... numa_num_possible_cpus: [ OFF ] ... libperl: [ OFF ] ... libpython: [ OFF ] ... libslang: [ OFF ] ... libcrypto: [ OFF ] ... libunwind: [ OFF ] ... libdw-dwarf-unwind: [ OFF ] ... zlib: [ OFF ] ... lzma: [ OFF ] ... get_cpuid: [ OFF ] ... bpf: [ OFF ] Makefile.config:331: *** No gnu/libc-version.h found, please install glibc-dev[el]. Stop. make[1]: *** [Makefile.perf:206: sub-make] Error 2 make: *** [Makefile:70: all] Error 2 make: Leaving directory '/git/linux/tools/perf' Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Thiago Macieira Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-c3khb9ac86s00qxzjrueomme@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 2cfa2271604bb26e75b828d38f357ed084464795 Author: David Howells Date: Fri Oct 5 14:05:35 2018 +0100 rxrpc: Fix the data_ready handler Fix the rxrpc_data_ready() function to pick up all packets and to not miss any. There are two problems: (1) The sk_data_ready pointer on the UDP socket is set *after* it is bound. This means that it's open for business before we're ready to dequeue packets and there's a tiny window exists in which a packet can sneak onto the receive queue, but we never know about it. Fix this by setting the pointers on the socket prior to binding it. (2) skb_recv_udp() will return an error (such as ENETUNREACH) if there was an error on the transmission side, even though we set the sk_error_report hook. Because rxrpc_data_ready() returns immediately in such a case, it never actually removes its packet from the receive queue. Fix this by abstracting out the UDP dequeuing and checksumming into a separate function that keeps hammering on skb_recv_udp() until it returns -EAGAIN, passing the packets extracted to the remainder of the function. and two potential problems: (3) It might be possible in some circumstances or in the future for packets to be being added to the UDP receive queue whilst rxrpc is running consuming them, so the data_ready() handler might get called less often than once per packet. Allow for this by fully draining the queue on each call as (2). (4) If a packet fails the checksum check, the code currently returns after discarding the packet without checking for more. Allow for this by fully draining the queue on each call as (2). Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both") Signed-off-by: David Howells Acked-by: Paolo Abeni commit 5e33a23ba4b56c109b732d57a0a76558a37d9ec5 Author: David Howells Date: Fri Oct 5 14:05:34 2018 +0100 rxrpc: Fix some missed refs to init_net Fix some refs to init_net that should've been changed to the appropriate network namespace. Fixes: 2baec2c3f854 ("rxrpc: Support network namespacing") Signed-off-by: David Howells Acked-by: Paolo Abeni commit ac1788cc7da4ce54edcfd2e499afdb0a23d5c41d Author: Srikar Dronamraju Date: Fri Sep 28 09:17:32 2018 +0530 powerpc/numa: Skip onlining a offline node in kdump path With commit 2ea626306810 ("powerpc/topology: Get topology for shared processors at boot"), kdump kernel on shared LPAR may crash. The necessary conditions are - Shared LPAR with at least 2 nodes having memory and CPUs. - Memory requirement for kdump kernel must be met by the first N-1 nodes where there are at least N nodes with memory and CPUs. Example numactl of such a machine. $ numactl -H available: 5 nodes (0,2,5-7) node 0 cpus: node 0 size: 0 MB node 0 free: 0 MB node 2 cpus: node 2 size: 255 MB node 2 free: 189 MB node 5 cpus: 24 25 26 27 28 29 30 31 node 5 size: 4095 MB node 5 free: 4024 MB node 6 cpus: 0 1 2 3 4 5 6 7 16 17 18 19 20 21 22 23 node 6 size: 6353 MB node 6 free: 5998 MB node 7 cpus: 8 9 10 11 12 13 14 15 32 33 34 35 36 37 38 39 node 7 size: 7640 MB node 7 free: 7164 MB node distances: node 0 2 5 6 7 0: 10 40 40 40 40 2: 40 10 40 40 40 5: 40 40 10 40 40 6: 40 40 40 10 20 7: 40 40 40 20 10 Steps to reproduce. 1. Load / start kdump service. 2. Trigger a kdump (for example : echo c > /proc/sysrq-trigger) When booting a kdump kernel with 2048M: kexec: Starting switchover sequence. I'm in purgatory Using 1TB segments hash-mmu: Initializing hash mmu with SLB Linux version 4.19.0-rc5-master+ (srikar@linux-xxu6) (gcc version 4.8.5 (SUSE Linux)) #1 SMP Thu Sep 27 19:45:00 IST 2018 Found initrd at 0xc000000009e70000:0xc00000000ae554b4 Using pSeries machine description ----------------------------------------------------- ppc64_pft_size = 0x1e phys_mem_size = 0x88000000 dcache_bsize = 0x80 icache_bsize = 0x80 cpu_features = 0x000000ff8f5d91a7 possible = 0x0000fbffcf5fb1a7 always = 0x0000006f8b5c91a1 cpu_user_features = 0xdc0065c2 0xef000000 mmu_features = 0x7c006001 firmware_features = 0x00000007c45bfc57 htab_hash_mask = 0x7fffff physical_start = 0x8000000 ----------------------------------------------------- numa: NODE_DATA [mem 0x87d5e300-0x87d67fff] numa: NODE_DATA(0) on node 6 numa: NODE_DATA [mem 0x87d54600-0x87d5e2ff] Top of RAM: 0x88000000, Total RAM: 0x88000000 Memory hole size: 0MB Zone ranges: DMA [mem 0x0000000000000000-0x0000000087ffffff] DMA32 empty Normal empty Movable zone start for each node Early memory node ranges node 6: [mem 0x0000000000000000-0x0000000087ffffff] Could not find start_pfn for node 0 Initmem setup node 0 [mem 0x0000000000000000-0x0000000000000000] On node 0 totalpages: 0 Initmem setup node 6 [mem 0x0000000000000000-0x0000000087ffffff] On node 6 totalpages: 34816 Unable to handle kernel paging request for data at address 0x00000060 Faulting instruction address: 0xc000000008703a54 Oops: Kernel access of bad area, sig: 11 [#1] LE SMP NR_CPUS=2048 NUMA pSeries Modules linked in: CPU: 11 PID: 1 Comm: swapper/11 Not tainted 4.19.0-rc5-master+ #1 NIP: c000000008703a54 LR: c000000008703a38 CTR: 0000000000000000 REGS: c00000000b673440 TRAP: 0380 Not tainted (4.19.0-rc5-master+) MSR: 8000000002009033 CR: 24022022 XER: 20000002 CFAR: c0000000086fc238 IRQMASK: 0 GPR00: c000000008703a38 c00000000b6736c0 c000000009281900 0000000000000000 GPR04: 0000000000000000 0000000000000000 fffffffffffff001 c00000000b660080 GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000220 GPR12: 0000000000002200 c000000009e51400 0000000000000000 0000000000000008 GPR16: 0000000000000000 c000000008c152e8 c000000008c152a8 0000000000000000 GPR20: c000000009422fd8 c000000009412fd8 c000000009426040 0000000000000008 GPR24: 0000000000000000 0000000000000000 c000000009168bc8 c000000009168c78 GPR28: c00000000b126410 0000000000000000 c00000000916a0b8 c00000000b126400 NIP [c000000008703a54] bus_add_device+0x84/0x1e0 LR [c000000008703a38] bus_add_device+0x68/0x1e0 Call Trace: [c00000000b6736c0] [c000000008703a38] bus_add_device+0x68/0x1e0 (unreliable) [c00000000b673740] [c000000008700194] device_add+0x454/0x7c0 [c00000000b673800] [c00000000872e660] __register_one_node+0xb0/0x240 [c00000000b673860] [c00000000839a6bc] __try_online_node+0x12c/0x180 [c00000000b673900] [c00000000839b978] try_online_node+0x58/0x90 [c00000000b673930] [c0000000080846d8] find_and_online_cpu_nid+0x158/0x190 [c00000000b673a10] [c0000000080848a0] numa_update_cpu_topology+0x190/0x580 [c00000000b673c00] [c000000008d3f2e4] smp_cpus_done+0x94/0x108 [c00000000b673c70] [c000000008d5c00c] smp_init+0x174/0x19c [c00000000b673d00] [c000000008d346b8] kernel_init_freeable+0x1e0/0x450 [c00000000b673dc0] [c0000000080102e8] kernel_init+0x28/0x160 [c00000000b673e30] [c00000000800b65c] ret_from_kernel_thread+0x5c/0x80 Instruction dump: 60000000 60000000 e89e0020 7fe3fb78 4bff87d5 60000000 7c7d1b79 4082008c e8bf0050 e93e0098 3b9f0010 2fa50000 38630018 419e0114 7f84e378 ---[ end trace 593577668c2daa65 ]--- However a regular kernel with 4096M (2048 gets reserved for crash kernel) boots properly. Unlike regular kernels, which mark all available nodes as online, kdump kernel only marks just enough nodes as online and marks the rest as offline at boot. However kdump kernel boots with all available CPUs. With Commit 2ea626306810 ("powerpc/topology: Get topology for shared processors at boot"), all CPUs are onlined on their respective nodes at boot time. try_online_node() tries to online the offline nodes but fails as all needed subsystems are not yet initialized. As part of fix, detect and skip early onlining of a offline node. Fixes: 2ea626306810 ("powerpc/topology: Get topology for shared processors at boot") Reported-by: Pavithra Prakash Signed-off-by: Srikar Dronamraju Tested-by: Hari Bathini Signed-off-by: Michael Ellerman commit a932ed3b718147c6537da290b7a91e990fdedb43 Author: Michael Ellerman Date: Fri Oct 5 16:43:55 2018 +1000 powerpc: Don't print kernel instructions in show_user_instructions() Recently we implemented show_user_instructions() which dumps the code around the NIP when a user space process dies with an unhandled signal. This was modelled on the x86 code, and we even went so far as to implement the exact same bug, namely that if the user process crashed with its NIP pointing into the kernel we will dump kernel text to dmesg. eg: bad-bctr[2996]: segfault (11) at c000000000010000 nip c000000000010000 lr 12d0b0894 code 1 bad-bctr[2996]: code: fbe10068 7cbe2b78 7c7f1b78 fb610048 38a10028 38810020 fb810050 7f8802a6 bad-bctr[2996]: code: 3860001c f8010080 48242371 60000000 <7c7b1b79> 4082002c e8010080 eb610048 This was discovered on x86 by Jann Horn and fixed in commit 342db04ae712 ("x86/dumpstack: Don't dump kernel memory based on usermode RIP"). Fix it by checking the adjusted NIP value (pc) and number of instructions against USER_DS, and bail if we fail the check, eg: bad-bctr[2969]: segfault (11) at c000000000010000 nip c000000000010000 lr 107930894 code 1 bad-bctr[2969]: Bad NIP, not dumping instructions. Fixes: 88b0fe175735 ("powerpc: Add show_user_instructions()") Signed-off-by: Michael Ellerman commit 064253c1c0625efd0362a0b7ecdbe8bee2a2904d Author: Tomi Valkeinen Date: Mon Sep 17 14:00:54 2018 +0300 drm: fix use of freed memory in drm_mode_setcrtc drm_mode_setcrtc() retries modesetting in case one of the functions it calls returns -EDEADLK. connector_set, mode and fb are freed before retrying, but they are not set to NULL. This can cause drm_mode_setcrtc() to use those variables. For example: On the first try __drm_mode_set_config_internal() returns -EDEADLK. connector_set, mode and fb are freed. Next retry starts, and drm_modeset_lock_all_ctx() returns -EDEADLK, and we jump to 'out'. The code will happily try to release all three again. This leads to crashes of different kinds, depending on the sequence the EDEADLKs happen. Fix this by setting the three variables to NULL at the start of the retry loop. Signed-off-by: Tomi Valkeinen Reviewed-by: Ville Syrjälä Reviewed-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20180917110054.4053-1-tomi.valkeinen@ti.com commit 9ce7610e6d201e3923c0b2f454f2e1d54f5da49e Author: Jarkko Nikula Date: Mon Oct 1 14:49:05 2018 +0300 i2c: designware: Call i2c_dw_clk_rate() only when calculating timings There are platforms which don't provide input clock rate but provide I2C timing parameters. Commit 3bd4f277274b ("i2c: designware: Call i2c_dw_clk_rate() only once in i2c_dw_init_master()") causes needless warning during probe on those platforms since i2c_dw_clk_rate(), which causes the warning when input clock is unknown, is called even when there is no need to calculate timing parameters. Fixes: 3bd4f277274b ("i2c: designware: Call i2c_dw_clk_rate() only once in i2c_dw_init_master()") Reported-by: Ard Biesheuvel Cc: # 4.19 Signed-off-by: Jarkko Nikula Tested-by: Ard Biesheuvel Signed-off-by: Wolfram Sang commit 7debbf015f580693680f3d2a3cef0cf99dcef688 Author: Darrick J. Wong Date: Fri Oct 5 19:05:41 2018 +1000 xfs: update ctime and remove suid before cloning files Before cloning into a file, update the ctime and remove sensitive attributes like suid, just like we'd do for a regular file write. Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner commit 410fdc72b05afabef3afb51167085799dcc7b3cf Author: Darrick J. Wong Date: Fri Oct 5 19:04:27 2018 +1000 xfs: zero posteof blocks when cloning above eof When we're reflinking between two files and the destination file range is well beyond the destination file's EOF marker, zero any posteof speculative preallocations in the destination file so that we don't expose stale disk contents. The previous strategy of trying to clear the preallocations does not work if the destination file has the PREALLOC flag set. Uncovered by shared/010. Reported-by: Zorro Lang Bugzilla-id: https://bugzilla.kernel.org/show_bug.cgi?id=201259 Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner commit 0d41e1d28c2e969094ef7933b8521f1e08d30251 Author: Darrick J. Wong Date: Fri Oct 5 19:04:22 2018 +1000 xfs: refactor clonerange preparation into a separate helper Refactor all the reflink preparation steps into a separate helper that we'll use to land all the upcoming fixes for insufficient input checks. This rework also moves the invalidation of the destination range to the prep function so that it is done before the range is remapped. This ensures that nobody can access the data in range being remapped until the remap is complete. [dgc: fix xfs_reflink_remap_prep() return value and caller check to handle vfs_clone_file_prep_inodes() returning 0 to mean "nothing to do". ] [dgc: make sure length changed by vfs_clone_file_prep_inodes() gets propagated back to XFS code that does the remapping. ] Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner commit b3e9b515b08e407ab3a026dc2e4d935c48d05f69 Author: Singh, Brijesh Date: Thu Oct 4 21:40:23 2018 +0000 iommu/amd: Clear memory encryption mask from physical address Boris Ostrovsky reported a memory leak with device passthrough when SME is active. The VFIO driver uses iommu_iova_to_phys() to get the physical address for an iova. This physical address is later passed into vfio_unmap_unpin() to unpin the memory. The vfio_unmap_unpin() uses pfn_valid() before unpinning the memory. The pfn_valid() check was failing because encryption mask was part of the physical address returned. This resulted in the memory not being unpinned and therefore leaked after the guest terminates. The memory encryption mask must be cleared from the physical address in iommu_iova_to_phys(). Fixes: 2543a786aa25 ("iommu/amd: Allow the AMD IOMMU to work with memory encryption") Reported-by: Boris Ostrovsky Cc: Tom Lendacky Cc: Joerg Roedel Cc: Cc: Borislav Petkov Cc: Paolo Bonzini Cc: Radim Krčmář Cc: kvm@vger.kernel.org Cc: Boris Ostrovsky Cc: # 4.14+ Signed-off-by: Brijesh Singh Signed-off-by: Joerg Roedel commit 7e4183752735deb7543e179a44f4f4b44917cd6f Author: Baruch Siach Date: Wed Oct 3 19:04:49 2018 +0300 net: phy: phylink: fix SFP interface autodetection When connecting SFP PHY to phylink use the detected interface. Otherwise, the link fails to come up when the configured 'phy-mode' differs from the SFP detected mode. Move most of phylink_connect_phy() into __phylink_connect_phy(), and leave phylink_connect_phy() as a wrapper. phylink_sfp_connect_phy() can now pass the SFP detected PHY interface to __phylink_connect_phy(). This fixes 1GB SFP module link up on eth3 of the Macchiatobin board that is configured in the DT to "2500base-x" phy-mode. Fixes: 9525ae83959b6 ("phylink: add phylink infrastructure") Suggested-by: Russell King Signed-off-by: Baruch Siach Signed-off-by: David S. Miller commit 2d52527e80c2dc0c5f43f50adf183781262ec565 Author: Davide Caratti Date: Wed Oct 3 15:20:58 2018 +0200 be2net: don't flip hw_features when VXLANs are added/deleted the be2net implementation of .ndo_tunnel_{add,del}() changes the value of NETIF_F_GSO_UDP_TUNNEL bit in 'features' and 'hw_features', but it forgets to call netdev_features_change(). Moreover, ethtool setting for that bit can potentially be reverted after a tunnel is added or removed. GSO already does software segmentation when 'hw_enc_features' is 0, even if VXLAN offload is turned on. In addition, commit 096de2f83ebc ("benet: stricter vxlan offloading check in be_features_check") avoids hardware segmentation of non-VXLAN tunneled packets, or VXLAN packets having wrong destination port. So, it's safe to avoid flipping the above feature on addition/deletion of VXLAN tunnels. Fixes: 630f4b70567f ("be2net: Export tunnel offloads only when a VxLAN tunnel is created") Signed-off-by: Davide Caratti Signed-off-by: David S. Miller commit cc906f07d7d569a30bb6f0baf8f80b2968353dc9 Merge: 7e7126846c95 6579804c4317 Author: Paolo Bonzini Date: Fri Oct 5 09:39:53 2018 +0200 Merge tag 'kvm-ppc-fixes-4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into kvm-master Third set of PPC KVM fixes for 4.19 One patch here, fixing a potential host crash introduced (or at least exacerbated) by a previous fix for corruption relating to radix guest page faults and THP operations. commit e46368cf77f2cb6304c51d9ff5f147cfb7dc0074 Author: Lyude Paul Date: Fri Sep 14 16:44:03 2018 -0400 drm/nouveau/drm/nouveau: Grab runtime PM ref in nv50_mstc_detect() While we currently grab a runtime PM ref in nouveau's normal connector detection code, we apparently don't do this for MST. This means if we're in a scenario where the GPU is suspended and userspace attempts to do a connector probe on an MSTC connector, the probe will fail entirely due to the DP aux channel and GPU not being woken up: [ 316.633489] nouveau 0000:01:00.0: i2c: aux 000a: begin idle timeout ffffffff [ 316.635713] nouveau 0000:01:00.0: i2c: aux 000a: begin idle timeout ffffffff [ 316.637785] nouveau 0000:01:00.0: i2c: aux 000a: begin idle timeout ffffffff ... So, grab a runtime PM ref here. Signed-off-by: Lyude Paul Cc: stable@vger.kernel.org Reviewed-by: Karol Herbst Signed-off-by: Ben Skeggs commit 9d2f67e43b73e8af7438be219b66a5de0cfa8bd9 Author: Jianfeng Tan Date: Sat Sep 29 15:41:27 2018 +0000 net/packet: fix packet drop as of virtio gso When we use raw socket as the vhost backend, a packet from virito with gso offloading information, cannot be sent out in later validaton at xmit path, as we did not set correct skb->protocol which is further used for looking up the gso function. To fix this, we set this field according to virito hdr information. Fixes: e858fae2b0b8f4 ("virtio_net: use common code for virtio_net_hdr and skb GSO conversion") Signed-off-by: Jianfeng Tan Signed-off-by: David S. Miller commit ca8931948344c485569b04821d1f6bcebccd376b Author: Florian Fainelli Date: Thu Oct 4 20:24:13 2018 -0700 net: dsa: b53: Keep CPU port as tagged in all VLANs Commit c499696e7901 ("net: dsa: b53: Stop using dev->cpu_port incorrectly") was a bit too trigger happy in removing the CPU port from the VLAN membership because we rely on DSA to program the CPU port VLAN, which it does, except it does not bother itself with tagged/untagged and just usese untagged. Having the CPU port "follow" the user ports tagged/untagged is not great and does not allow for properly differentiating, so keep the CPU port tagged in all VLANs. Reported-by: Gerhard Wiesinger Fixes: c499696e7901 ("net: dsa: b53: Stop using dev->cpu_port incorrectly") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit 17c357efe5eceebdc3971a48b3d4d61a03c1178b Author: Flavio Leitner Date: Fri Sep 28 14:51:28 2018 -0300 openvswitch: load NAT helper Load the respective NAT helper module if the flow uses it. Signed-off-by: Flavio Leitner Signed-off-by: David S. Miller commit 508646aa2ba57cea501e0300468f84d5cc3dd8cd Merge: 471b83bd8bbe c78fe058879b Author: David S. Miller Date: Thu Oct 4 21:41:16 2018 -0700 Merge branch 'bnxt_en-fixes' Michael Chan says: ==================== bnxt_en: Misc. bug fixes. 4 small bug fixes related to setting firmware message enables bits, possible memory leak when probe fails, and ring accouting when RDMA driver is loaded. Please queue these for -stable as well. Thanks. ==================== Signed-off-by: David S. Miller commit c78fe058879bdea919d44f23e21da26f603e9166 Author: Vasundhara Volam Date: Fri Oct 5 00:26:03 2018 -0400 bnxt_en: get the reduced max_irqs by the ones used by RDMA When getting the max rings supported, get the reduced max_irqs by the ones used by RDMA. If the number MSIX is the limiting factor, this bug may cause the max ring count to be higher than it should be when RDMA driver is loaded and may result in ring allocation failures. Fixes: 30f529473ec9 ("bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs.") Signed-off-by: Vasundhara Volam Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit a2bf74f4e1b82395dad2b08d2a911d9151db71c1 Author: Venkat Duvvuru Date: Fri Oct 5 00:26:02 2018 -0400 bnxt_en: free hwrm resources, if driver probe fails. When the driver probe fails, all the resources that were allocated prior to the failure must be freed. However, hwrm dma response memory is not getting freed. This patch fixes the problem described above. Fixes: c0c050c58d84 ("bnxt_en: New Broadcom ethernet driver.") Signed-off-by: Venkat Duvvuru Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 5db0e0969af6501ad45fe0494039d3b9c797822b Author: Vasundhara Volam Date: Fri Oct 5 00:26:01 2018 -0400 bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request In HWRM_QUEUE_COS2BW_CFG request, enables field should have the bits set only for the queue ids which are having the valid parameters. This causes firmware to return error when the TC to hardware CoS queue mapping is not 1:1 during DCBNL ETS setup. Fixes: 2e8ef77ee0ff ("bnxt_en: Add TC to hardware QoS queue mapping logic.") Signed-off-by: Vasundhara Volam Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit dbe80d446c859873820eedfff4abc61c71f1927b Author: Michael Chan Date: Fri Oct 5 00:26:00 2018 -0400 bnxt_en: Fix VNIC reservations on the PF. The enables bit for VNIC was set wrong when calling the HWRM_FUNC_CFG firmware call to reserve VNICs. This has the effect that the firmware will keep a large number of VNICs for the PF, and having very few for VFs. DPDK driver running on the VFs, which requires more VNICs, may not work properly as a result. Fixes: 674f50a5b026 ("bnxt_en: Implement new method to reserve rings.") Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit f74c371fe72a4f820d287db8067683fb533e4ede Author: Eric Dumazet Date: Thu Oct 4 17:41:37 2018 -0700 Input: mousedev - add a schedule point in mousedev_write() syzbot was able to trigger rcu stalls by calling write() with large number of bytes. Add a cond_resched() in the loop to avoid this. Link: https://lkml.org/lkml/2018/8/23/1106 Signed-off-by: Eric Dumazet Reported-by: syzbot+9436b02171ac0894d33e@syzkaller.appspotmail.com Reviewed-by: Paul E. McKenney Signed-off-by: Dmitry Torokhov commit befad944e2312c18d855013ce154ca7d2b110ade Merge: 010bd965f971 bdf800c6fdf5 Author: Greg Kroah-Hartman Date: Thu Oct 4 17:23:58 2018 -0700 Merge tag 'drm-fixes-2018-10-05' of git://anongit.freedesktop.org/drm/drm Dave writes: "amdgpu and two core fixes Two fixes for amdgpu: one corrects a use of process->mm one fix for display code race condition that can result in a crash Two core fixes: One for a use-after-free in the leasing code One for a cma/fbdev crash." * tag 'drm-fixes-2018-10-05' of git://anongit.freedesktop.org/drm/drm: drm/amdkfd: Fix incorrect use of process->mm drm/amd/display: Signal hw_done() after waiting for flip_done() drm/cma-helper: Fix crash in fbdev error path drm: fix use-after-free read in drm_mode_create_lease_ioctl() commit bdf800c6fdf5674999bc0228d5040cc0ae218fa8 Merge: 3a9df1e92593 11b29c9e2578 Author: Dave Airlie Date: Fri Oct 5 08:39:31 2018 +1000 Merge branch 'drm-fixes-4.19' of git://people.freedesktop.org/~agd5f/linux into drm-fixes - Fix an ordering issue in DC with respect to atomic flips that could result in a crash - Fix incorrect use of process->mm in KFD Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/1538668374-22334-1-git-send-email-alexander.deucher@amd.com commit 3a9df1e9259362ed1ec321ce4229f1cd992355e6 Merge: d8938c981f58 4d4c2d89913e Author: Dave Airlie Date: Fri Oct 5 08:39:01 2018 +1000 Merge tag 'drm-misc-fixes-2018-10-04' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes drm-misc-fixes for v4.19-rc7: - Fix use-after-free in drm_mode_create_lease_ioctl() - Fix crash in fbdev error path. Signed-off-by: Dave Airlie From: Maarten Lankhorst Link: https://patchwork.freedesktop.org/patch/msgid/13b2c3ac-9a96-710e-ceb9-890af164f10e@linux.intel.com commit 471b83bd8bbe4e89743683ef8ecb78f7029d8288 Author: Ido Schimmel Date: Mon Oct 1 12:21:59 2018 +0300 team: Forbid enslaving team device to itself team's ndo_add_slave() acquires 'team->lock' and later tries to open the newly enslaved device via dev_open(). This emits a 'NETDEV_UP' event that causes the VLAN driver to add VLAN 0 on the team device. team's ndo_vlan_rx_add_vid() will also try to acquire 'team->lock' and deadlock. Fix this by checking early at the enslavement function that a team device is not being enslaved to itself. A similar check was added to the bond driver in commit 09a89c219baf ("bonding: disallow enslaving a bond to itself"). WARNING: possible recursive locking detected 4.18.0-rc7+ #176 Not tainted -------------------------------------------- syz-executor4/6391 is trying to acquire lock: (____ptrval____) (&team->lock){+.+.}, at: team_vlan_rx_add_vid+0x3b/0x1e0 drivers/net/team/team.c:1868 but task is already holding lock: (____ptrval____) (&team->lock){+.+.}, at: team_add_slave+0xdb/0x1c30 drivers/net/team/team.c:1947 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&team->lock); lock(&team->lock); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by syz-executor4/6391: #0: (____ptrval____) (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: (____ptrval____) (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x412/0xc30 net/core/rtnetlink.c:4662 #1: (____ptrval____) (&team->lock){+.+.}, at: team_add_slave+0xdb/0x1c30 drivers/net/team/team.c:1947 stack backtrace: CPU: 1 PID: 6391 Comm: syz-executor4 Not tainted 4.18.0-rc7+ #176 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 print_deadlock_bug kernel/locking/lockdep.c:1765 [inline] check_deadlock kernel/locking/lockdep.c:1809 [inline] validate_chain kernel/locking/lockdep.c:2405 [inline] __lock_acquire.cold.64+0x1fb/0x486 kernel/locking/lockdep.c:3435 lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 __mutex_lock_common kernel/locking/mutex.c:757 [inline] __mutex_lock+0x176/0x1820 kernel/locking/mutex.c:894 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:909 team_vlan_rx_add_vid+0x3b/0x1e0 drivers/net/team/team.c:1868 vlan_add_rx_filter_info+0x14a/0x1d0 net/8021q/vlan_core.c:210 __vlan_vid_add net/8021q/vlan_core.c:278 [inline] vlan_vid_add+0x63e/0x9d0 net/8021q/vlan_core.c:308 vlan_device_event.cold.12+0x2a/0x2f net/8021q/vlan.c:381 notifier_call_chain+0x180/0x390 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x3f/0x90 net/core/dev.c:1735 call_netdevice_notifiers net/core/dev.c:1753 [inline] dev_open+0x173/0x1b0 net/core/dev.c:1433 team_port_add drivers/net/team/team.c:1219 [inline] team_add_slave+0xa8b/0x1c30 drivers/net/team/team.c:1948 do_set_master+0x1c9/0x220 net/core/rtnetlink.c:2248 do_setlink+0xba4/0x3e10 net/core/rtnetlink.c:2382 rtnl_setlink+0x2a9/0x400 net/core/rtnetlink.c:2636 rtnetlink_rcv_msg+0x46e/0xc30 net/core/rtnetlink.c:4665 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2455 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4683 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x5a0/0x760 net/netlink/af_netlink.c:1343 netlink_sendmsg+0xa18/0xfd0 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:642 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:652 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2126 __sys_sendmsg+0x11d/0x290 net/socket.c:2164 __do_sys_sendmsg net/socket.c:2173 [inline] __se_sys_sendmsg net/socket.c:2171 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2171 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x456b29 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f9706bf8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f9706bf96d4 RCX: 0000000000456b29 RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004 RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004d3548 R14: 00000000004c8227 R15: 0000000000000000 Fixes: 87002b03baab ("net: introduce vlan_vid_[add/del] and use them instead of direct [add/kill]_vid ndo calls") Signed-off-by: Ido Schimmel Reported-and-tested-by: syzbot+bd051aba086537515cdb@syzkaller.appspotmail.com Signed-off-by: David S. Miller commit f7b2a56e1f3dcbdb4cf09b2b63e859ffe0e09df8 Author: Yu Zhao Date: Fri Sep 28 17:04:30 2018 -0600 net/usb: cancel pending work when unbinding smsc75xx Cancel pending work before freeing smsc75xx private data structure during binding. This fixes the following crash in the driver: BUG: unable to handle kernel NULL pointer dereference at 0000000000000050 IP: mutex_lock+0x2b/0x3f Workqueue: events smsc75xx_deferred_multicast_write [smsc75xx] task: ffff8caa83e85700 task.stack: ffff948b80518000 RIP: 0010:mutex_lock+0x2b/0x3f Call Trace: smsc75xx_deferred_multicast_write+0x40/0x1af [smsc75xx] process_one_work+0x18d/0x2fc worker_thread+0x1a2/0x269 ? pr_cont_work+0x58/0x58 kthread+0xfa/0x10a ? pr_cont_work+0x58/0x58 ? rcu_read_unlock_sched_notrace+0x48/0x48 ret_from_fork+0x22/0x40 Signed-off-by: Yu Zhao Signed-off-by: David S. Miller commit 9e15ff7b89b6d9c51c296499539ea884220ab590 Merge: b576eddb5d8d 1db585294547 Author: David S. Miller Date: Thu Oct 4 13:47:39 2018 -0700 Merge tag 'mac80211-for-davem-2018-10-04' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Just three small fixes: * fix use-after-free in regulatory code * fix rx-mgmt key flag in AP mode (mac80211) * fix wireless extensions compat code memory leak ==================== Signed-off-by: David S. Miller commit 479adb89a97b0a33e5a9d702119872cc82ca21aa Author: Tejun Heo Date: Thu Oct 4 13:28:08 2018 -0700 cgroup: Fix dom_cgrp propagation when enabling threaded mode A cgroup which is already a threaded domain may be converted into a threaded cgroup if the prerequisite conditions are met. When this happens, all threaded descendant should also have their ->dom_cgrp updated to the new threaded domain cgroup. Unfortunately, this propagation was missing leading to the following failure. # cd /sys/fs/cgroup/unified # cat cgroup.subtree_control # show that no controllers are enabled # mkdir -p mycgrp/a/b/c # echo threaded > mycgrp/a/b/cgroup.type At this point, the hierarchy looks as follows: mycgrp [d] a [dt] b [t] c [inv] Now let's make node "a" threaded (and thus "mycgrp" s made "domain threaded"): # echo threaded > mycgrp/a/cgroup.type By this point, we now have a hierarchy that looks as follows: mycgrp [dt] a [t] b [t] c [inv] But, when we try to convert the node "c" from "domain invalid" to "threaded", we get ENOTSUP on the write(): # echo threaded > mycgrp/a/b/c/cgroup.type sh: echo: write error: Operation not supported This patch fixes the problem by * Moving the opencoded ->dom_cgrp save and restoration in cgroup_enable_threaded() into cgroup_{save|restore}_control() so that mulitple cgroups can be handled. * Updating all threaded descendants' ->dom_cgrp to point to the new dom_cgrp when enabling threaded mode. Signed-off-by: Tejun Heo Reported-and-tested-by: "Michael Kerrisk (man-pages)" Reported-by: Amin Jamali Reported-by: Joao De Almeida Pereira Link: https://lore.kernel.org/r/CAKgNAkhHYCMn74TCNiMJ=ccLd7DcmXSbvw3CbZ1YREeG7iJM5g@mail.gmail.com Fixes: 454000adaa2a ("cgroup: introduce cgroup->dom_cgrp and threaded css_set handling") Cc: stable@vger.kernel.org # v4.14+ commit 010bd965f9711f801f2902ec3a6a2826c6656491 Merge: ac0657edb13a 1a8f8d2a443e Author: Greg Kroah-Hartman Date: Thu Oct 4 13:24:38 2018 -0700 Merge tag 'ovl-fixes-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Miklos writes: "overlayfs fixes for 4.19-rc7 This update fixes a couple of regressions in the stacked file update added in this cycle, as well as some older bugs uncovered by syzkaller. There's also one trivial naming change that touches other parts of the fs subsystem." * tag 'ovl-fixes-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: ovl: fix format of setxattr debug ovl: fix access beyond unterminated strings ovl: make symbol 'ovl_aops' static vfs: swap names of {do,vfs}_clone_file_range() ovl: fix freeze protection bypass in ovl_clone_file_range() ovl: fix freeze protection bypass in ovl_write_iter() ovl: fix memory leak on unlink of indexed file commit 5d07384a666d4b2f781dc056bfeec2c27fbdf383 Author: Mike Snitzer Date: Tue Sep 25 20:56:02 2018 -0400 dm cache: fix resize crash if user doesn't reload cache table A reload of the cache's DM table is needed during resize because otherwise a crash will occur when attempting to access smq policy entries associated with the portion of the cache that was recently extended. The reason is cache-size based data structures in the policy will not be resized, the only way to safely extend the cache is to allow for a proper cache policy initialization that occurs when the cache table is loaded. For example the smq policy's space_init(), init_allocator(), calc_hotspot_params() must be sized based on the extended cache size. The fix for this is to disallow cache resizes of this pattern: 1) suspend "cache" target's device 2) resize the fast device used for the cache 3) resume "cache" target's device Instead, the last step must be a full reload of the cache's DM table. Fixes: 66a636356 ("dm cache: add stochastic-multi-queue (smq) policy") Cc: stable@vger.kernel.org Signed-off-by: Mike Snitzer commit 4561ffca88c546f96367f94b8f1e4715a9c62314 Author: Joe Thornber Date: Mon Sep 24 16:19:30 2018 -0400 dm cache metadata: ignore hints array being too small during resize Commit fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") enabled previously written policy hints to be used after a cache is reactivated. But in doing so the cache metadata's hint array was left exposed to out of bounds access because on resize the metadata's on-disk hint array wasn't ever extended. Fix this by ignoring that there are no on-disk hints associated with the newly added cache blocks. An expanded on-disk hint array is later rewritten upon the next clean shutdown of the cache. Fixes: fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") Cc: stable@vger.kernel.org Signed-off-by: Joe Thornber Signed-off-by: Mike Snitzer commit 69e445ab8b66a9f30519842ef18be555d3ee9b51 Author: Rafael J. Wysocki Date: Thu Oct 4 11:08:12 2018 +0200 PM / core: Clear the direct_complete flag on errors If __device_suspend() runs asynchronously (in which case the device passed to it is in dpm_suspended_list at that point) and it returns early on an error or pending wakeup, and the power.direct_complete flag has been set for the device already, the subsequent device_resume() will be confused by that and it will call pm_runtime_enable() incorrectly, as runtime PM has not been disabled for the device by __device_suspend(). To avoid that, clear power.direct_complete if __device_suspend() is not going to disable runtime PM for the device before returning. Fixes: aae4518b3124 (PM / sleep: Mechanism to avoid resuming runtime-suspended devices unnecessarily) Reported-by: Al Cooper Tested-by: Al Cooper Reviewed-by: Ulf Hansson Cc: 3.16+ # 3.16+ Signed-off-by: Rafael J. Wysocki commit b576eddb5d8d8bdd5fe4fada5e397c19b7ea4ffc Merge: cec4de302c5f c360867ec46a Author: David S. Miller Date: Thu Oct 4 09:53:03 2018 -0700 Merge branch 'mlxsw-fixes' Ido Schimmel says: ==================== mlxsw: Couple of fixes First patch works around an hardware issue in Spectrum-2 where a field indicating the event type is always set to the same value. Since there are only two event types and they are reported using different queues, we can use the queue number to derive the event type. Second patch prevents a router interface (RIF) leakage when a VLAN device is deleted from on top a bridge device. ==================== Signed-off-by: David S. Miller commit c360867ec46a4ec5cb19e5c329d65dff522cc69d Author: Ido Schimmel Date: Thu Oct 4 15:48:03 2018 +0000 mlxsw: spectrum: Delete RIF when VLAN device is removed In commit 602b74eda813 ("mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge") I handled the case where RIFs created for VLAN devices were not properly cleaned up when their real device (a bridge) was removed. However, I forgot to handle the case of the VLAN device itself being removed. Do so now when the VLAN device is being unlinked from its real device. Fixes: 99f44bb3527b ("mlxsw: spectrum: Enable L3 interfaces on top of bridge devices") Signed-off-by: Ido Schimmel Reviewed-by: Jiri Pirko Reported-by: Artem Shvorin Tested-by: Artem Shvorin Signed-off-by: David S. Miller commit f3c84a8e3e922afdcbc55f04df8fdf8a548f5a21 Author: Nir Dotan Date: Thu Oct 4 15:48:02 2018 +0000 mlxsw: pci: Derive event type from event queue number Due to a hardware issue in Spectrum-2, the field event_type of the event queue element (EQE) has become reserved. It was used to distinguish between command interface completion events and completion events. Use queue number to determine event type, as command interface completion events are always received on EQ0 and mlxsw driver maps completion events to EQ1. Fixes: c3ab435466d5 ("mlxsw: spectrum: Extend to support Spectrum-2 ASIC") Signed-off-by: Nir Dotan Reviewed-by: Jiri Pirko Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit ac0657edb13ac7971569aa88cc6f27ea26deb883 Merge: 10be83cc6418 3a58ac65e2d7 Author: Greg Kroah-Hartman Date: Thu Oct 4 09:48:10 2018 -0700 Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm Russell writes: "A couple of small ARM fixes from Stefan and Thomas: - Adding the io_pgetevents syscall - Fixing a bounds check in pci_ioremap_io()" * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: 8799/1: mm: fix pci_ioremap_io() offset check ARM: 8787/1: wire up io_pgetevents syscall commit 10be83cc641884e7c5dfcc0d3e74ba9f3b332e27 Merge: 1b0350c355b2 d8938c981f58 Author: Greg Kroah-Hartman Date: Thu Oct 4 09:18:44 2018 -0700 Merge tag 'drm-fixes-2018-10-04' of git://anongit.freedesktop.org/drm/drm Dave writes: "drm exynos, tda9950 and intel fixes 3 i915 fixes: compressed error handling zlib fix compiler warning cleanup and a minor code cleanup 2 tda9950: Two fixes for the HDMI CEC 1 exynos: A fix required for IOMMU interaction." * tag 'drm-fixes-2018-10-04' of git://anongit.freedesktop.org/drm/drm: drm/i915: Handle incomplete Z_FINISH for compressed error states drm/i915: Avoid compiler warning for maybe unused gu_misc_iir drm/i915: Do not redefine the has_csr parameter. drm/exynos: Use selected dma_dev default iommu domain instead of a fake one drm/i2c: tda9950: set MAX_RETRIES for errors only drm/i2c: tda9950: fix timeout counter check commit 1b0350c355b2f32bcbd453310bf6dfb50cbe965f Merge: d2467adb6610 e55ec4ddbef9 Author: Greg Kroah-Hartman Date: Thu Oct 4 09:17:38 2018 -0700 Merge tag 'xfs-fixes-for-4.19-rc6' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Dave writes: "XFS fixes for 4.19-rc6 Accumlated regression and bug fixes for 4.19-rc6, including: o make iomap correctly mark dirty pages for sub-page block sizes o fix regression in handling extent-to-btree format conversion errors o fix torn log wrap detection for new logs o various corrupt inode detection fixes o various delalloc state fixes o cleanup all the missed transaction cancel cases missed from changes merged in 4.19-rc1 o fix lockdep false positive on transaction allocation o fix locking and reference counting on buffer log items" * tag 'xfs-fixes-for-4.19-rc6' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: fix error handling in xfs_bmap_extents_to_btree iomap: set page dirty after partial delalloc on mkwrite xfs: remove invalid log recovery first/last cycle check xfs: validate inode di_forkoff xfs: skip delalloc COW blocks in xfs_reflink_end_cow xfs: don't treat unknown di_flags2 as corruption in scrub xfs: remove duplicated include from alloc.c xfs: don't bring in extents in xfs_bmap_punch_delalloc_range xfs: fix transaction leak in xfs_reflink_allocate_cow() xfs: avoid lockdep false positives in xfs_trans_alloc xfs: refactor xfs_buf_log_item reference count handling xfs: clean up xfs_trans_brelse() xfs: don't unlock invalidated buf on aborted tx commit xfs: remove last of unnecessary xfs_defer_cancel() callers xfs: don't crash the vfs on a garbage inline symlink commit d2467adb66108f1b7fec8cadbdb8ca140e88effe Merge: cec4de302c5f ef1f2258748b Author: Greg Kroah-Hartman Date: Thu Oct 4 09:16:11 2018 -0700 Merge tag 'riscv-for-linus-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux Palmer writes: "A Single RISC-V Fix for 4.19-rc7 This tag contains a single patch that managed to get lost in the shuffle, which explains why it's so late. This single line has been floating around in various patch sets for months, and fixes our DMA32 region." * tag 'riscv-for-linus-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux: RISCV: Fix end PFN for low memory commit 3f4258bbe0363b3d5330b93de0e86b7796ff1a74 Merge: 30a0af882694 5a1eb8b95428 Author: Arnd Bergmann Date: Thu Oct 4 17:37:17 2018 +0200 Merge tag 'soc-fsl-fix-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/leo/linux into fixes NXP/FSL SoC driver fixes for v4.19 round 2 - Fix crash of qman_portal by deferring its probe if qman is not probed * tag 'soc-fsl-fix-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/leo/linux: soc: fsl: qman_portals: defer probe after qman's probe soc: fsl: qbman: add APIs to retrieve the probing status soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift() soc: fsl: qbman: qman: avoid allocating from non existing gen_pool ARM: dts: BCM63xx: Fix incorrect interrupt specifiers MAINTAINERS: update the Annapurna Labs maintainer email ARM: dts: sun8i: drop A64 HDMI PHY fallback compatible from R40 DT ARM: dts: at91: sama5d2_ptc_ek: fix nand pinctrl Signed-off-by: Arnd Bergmann commit 11b29c9e25788d0afb2ddb67bcd89424bd25f2f7 Author: Felix Kuehling Date: Tue Oct 2 18:41:12 2018 -0400 drm/amdkfd: Fix incorrect use of process->mm This mm_struct pointer should never be dereferenced. If running in a user thread, just use current->mm. If running in a kernel worker use get_task_mm to get a safe reference to the mm_struct. Reviewed-by: Oded Gabbay Acked-by: Christian König Signed-off-by: Felix Kuehling Signed-off-by: Alex Deucher commit 30a0af8826942cc6b1277f89a6ed3e3b986d1643 Merge: 17b57b1883c1 eea96566c189 Author: Arnd Bergmann Date: Thu Oct 4 17:33:37 2018 +0200 Merge tag 'imx-fixes-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes i.MX fixes for 4.19, round 2: - i.MX53 QSB board stops working when cpufreq driver is enabled, because the default OPP table has the maximum CPU frequency at 1.2GHz, while the board is only capable of running 1GHz. Fix up the OPP table for the board to get it work with cpufreq driver. * tag 'imx-fixes-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux: ARM: dts: imx53-qsb: disable 1.2GHz OPP Signed-off-by: Arnd Bergmann commit 987bf116445db5d63a5c2ed94c4479687d9c9973 Author: Shirish S Date: Mon Sep 24 19:01:47 2018 +0530 drm/amd/display: Signal hw_done() after waiting for flip_done() In amdgpu_dm_commit_tail(), wait until flip_done() is signaled before we signal hw_done(). [Why] This is to temporarily address a paging error that occurs when a nonblocking commit contends with another commit, particularly in a mirrored display configuration where at least 2 CRTCs are updated. The error occurs in drm_atomic_helper_wait_for_flip_done(), when we attempt to access the contents of new_crtc_state->commit. Here's the sequence for a mirrored 2 display setup (irrelevant steps left out for clarity): **THREAD 1** | **THREAD 2** | Initialize atomic state for flip | | Queue worker | ... | Do work for flip | | Signal hw_done() on CRTC 1 | Signal hw_done() on CRTC 2 | | Wait for flip_done() on CRTC 1 <---- **PREEMPTED BY THREAD 1** Initialize atomic state for cursor | update (1) | | Do cursor update work on both CRTCs | | Clear atomic state (2) | **DONE** | ... | | Wait for flip_done() on CRTC 2 | *ERROR* | The issue starts with (1). When the atomic state is initialized, the current CRTC states are duplicated to be the new_crtc_states, and referenced to be the old_crtc_states. (The new_crtc_states are to be filled with update data.) Some things to note: * Due to the mirrored configuration, the cursor updates on both CRTCs. * At this point, the pflip IRQ has already been handled, and flip_done signaled on all CRTCs. The cursor commit can therefore continue. * The old_crtc_states used by the cursor update are the **same states** as the new_crtc_states used by the flip worker. At (2), the old_crtc_state is freed (*), and the cursor commit completes. We then context switch back to the flip worker, where we attempt to access the new_crtc_state->commit object. This is problematic, as this state has already been freed. (*) Technically, 'state->crtcs[i].state' is freed, which was made to reference old_crtc_state in drm_atomic_helper_swap_state() [How] By moving hw_done() after wait_for_flip_done(), we're guaranteed that the new_crtc_state (from the flip worker's perspective) still exists. This is because any other commit will be blocked, waiting for the hw_done() signal. Note that both the i915 and imx drivers have this sequence flipped already, masking this problem. Signed-off-by: Shirish S Signed-off-by: Leo Li Reviewed-by: Harry Wentland Signed-off-by: Alex Deucher commit 7e7126846c95a34f98a1524d5c473af1f0783735 Author: Paolo Bonzini Date: Wed Oct 3 13:44:26 2018 +0200 kvm: nVMX: fix entry with pending interrupt if APICv is enabled Commit b5861e5cf2fcf83031ea3e26b0a69d887adf7d21 introduced a check on the interrupt-window and NMI-window CPU execution controls in order to inject an external interrupt vmexit before the first guest instruction executes. However, when APIC virtualization is enabled the host does not need a vmexit in order to inject an interrupt at the next interrupt window; instead, it just places the interrupt vector in RVI and the processor will inject it as soon as possible. Therefore, on machines with APICv it is not enough to check the CPU execution controls: the same scenario can also happen if RVI>vPPR. Fixes: b5861e5cf2fcf83031ea3e26b0a69d887adf7d21 Reviewed-by: Nikita Leshchenko Cc: Sean Christopherson Cc: Liran Alon Cc: Radim Krčmář Signed-off-by: Paolo Bonzini commit 1a8f8d2a443ef9ad9a3065ba8c8119df714240fa Author: Miklos Szeredi Date: Thu Oct 4 14:49:10 2018 +0200 ovl: fix format of setxattr debug Format has a typo: it was meant to be "%.*s", not "%*s". But at some point callers grew nonprintable values as well, so use "%*pE" instead with a maximized length. Reported-by: Amir Goldstein Signed-off-by: Miklos Szeredi Fixes: 3a1e819b4e80 ("ovl: store file handle of lower inode on copy up") Cc: # v4.12 commit 601350ff58d5415a001769532f6b8333820e5786 Author: Amir Goldstein Date: Fri Sep 28 21:00:48 2018 +0300 ovl: fix access beyond unterminated strings KASAN detected slab-out-of-bounds access in printk from overlayfs, because string format used %*s instead of %.*s. > BUG: KASAN: slab-out-of-bounds in string+0x298/0x2d0 lib/vsprintf.c:604 > Read of size 1 at addr ffff8801c36c66ba by task syz-executor2/27811 > > CPU: 0 PID: 27811 Comm: syz-executor2 Not tainted 4.19.0-rc5+ #36 ... > printk+0xa7/0xcf kernel/printk/printk.c:1996 > ovl_lookup_index.cold.15+0xe8/0x1f8 fs/overlayfs/namei.c:689 Reported-by: syzbot+376cea2b0ef340db3dd4@syzkaller.appspotmail.com Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi Fixes: 359f392ca53e ("ovl: lookup index entry for copy up origin") Cc: # v4.13 commit 2cf7ea9f40fabee0f8b40db4eb2d1e85cc6c0a95 Author: Paolo Bonzini Date: Wed Oct 3 10:34:00 2018 +0200 KVM: VMX: hide flexpriority from guest when disabled at the module level As of commit 8d860bbeedef ("kvm: vmx: Basic APIC virtualization controls have three settings"), KVM will disable VIRTUALIZE_APIC_ACCESSES when a nested guest writes APIC_BASE MSR and kvm-intel.flexpriority=0, whereas previously KVM would allow a nested guest to enable VIRTUALIZE_APIC_ACCESSES so long as it's supported in hardware. That is, KVM now advertises VIRTUALIZE_APIC_ACCESSES to a guest but doesn't (always) allow setting it when kvm-intel.flexpriority=0, and may even initially allow the control and then clear it when the nested guest writes APIC_BASE MSR, which is decidedly odd even if it doesn't cause functional issues. Hide the control completely when the module parameter is cleared. reported-by: Sean Christopherson Fixes: 8d860bbeedef ("kvm: vmx: Basic APIC virtualization controls have three settings") Cc: Jim Mattson Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini commit fd6b6d9b82f97a851fb0078201ddc38fe9728cda Author: Sean Christopherson Date: Mon Oct 1 14:25:34 2018 -0700 KVM: VMX: check for existence of secondary exec controls before accessing Return early from vmx_set_virtual_apic_mode() if the processor doesn't support VIRTUALIZE_APIC_ACCESSES or VIRTUALIZE_X2APIC_MODE, both of which reside in SECONDARY_VM_EXEC_CONTROL. This eliminates warnings due to VMWRITEs to SECONDARY_VM_EXEC_CONTROL (VMCS field 401e) failing on processors without secondary exec controls. Remove the similar check for TPR shadowing as it is incorporated in the flexpriority_enabled check and the APIC-related code in vmx_update_msr_bitmap() is further gated by VIRTUALIZE_X2APIC_MODE. Reported-by: Gerhard Wiesinger Fixes: 8d860bbeedef ("kvm: vmx: Basic APIC virtualization controls have three settings") Cc: Jim Mattson Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit db05c481977599236f12a85e55de9f5ab37b0a2c Author: Eugeniy Paltsev Date: Wed Oct 3 19:45:38 2018 +0300 drm: fb-helper: Reject all pixel format changing requests drm fbdev emulation doesn't support changing the pixel format at all, so reject all pixel format changing requests. Cc: stable@vger.kernel.org Signed-off-by: Eugeniy Paltsev Reviewed-by: Ville Syrjälä Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20181003164538.5534-1-Eugeniy.Paltsev@synopsys.com commit 02e425668f5c9deb42787d10001a3b605993ad15 Author: Andy Lutomirski Date: Wed Oct 3 16:23:49 2018 -0700 x86/vdso: Fix vDSO syscall fallback asm constraint regression When I added the missing memory outputs, I failed to update the index of the first argument (ebx) on 32-bit builds, which broke the fallbacks. Somehow I must have screwed up my testing or gotten lucky. Add another test to cover gettimeofday() as well. Signed-off-by: Andy Lutomirski Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: stable@vger.kernel.org Fixes: 715bd9d12f84 ("x86/vdso: Fix asm constraints on vDSO syscall fallbacks") Link: http://lkml.kernel.org/r/21bd45ab04b6d838278fa5bebfa9163eceffa13c.1538608971.git.luto@kernel.org Signed-off-by: Ingo Molnar commit 709ae62e8e6d9ac4df7dadb3b8ae432675c45ef9 Author: Kai-Heng Feng Date: Thu Oct 4 11:39:42 2018 +0800 ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 The issue is the same as commit dd9aa335c880 ("ALSA: hda/realtek - Can't adjust speaker's volume on a Dell AIO"), the output requires to connect to a node with Amp-out capability. Applying the same fixup ALC298_FIXUP_SPK_VOLUME can fix the issue. BugLink: https://bugs.launchpad.net/bugs/1775068 Signed-off-by: Kai-Heng Feng Cc: Signed-off-by: Takashi Iwai commit 5f78aec0d7e9f239d64b2cd1c9e671345ff92f94 Author: Steffen Klassert Date: Thu Oct 4 07:21:48 2018 +0200 MAINTAINERS: Remove net/core/flow.c net/core/flow.c does not exist anymore, so remove it from the IPSEC NETWORKING section of the MAINTAINERS file. Signed-off-by: Steffen Klassert commit 6579804c431712d56956a63b1a01509441cc6800 Author: Paul Mackerras Date: Thu Oct 4 14:51:11 2018 +1000 KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault Commit 71d29f43b633 ("KVM: PPC: Book3S HV: Don't use compound_order to determine host mapping size", 2018-09-11) added a call to __find_linux_pte() and a dereference of the returned PTE pointer to the radix page fault path in the common case where the page is normal system memory. Previously, __find_linux_pte() was only called for mappings to physical addresses which don't have a page struct (e.g. memory-mapped I/O) or where the page struct is marked as reserved memory. This exposes us to the possibility that the returned PTE pointer could be NULL, for example in the case of a concurrent THP collapse operation. Dereferencing the returned NULL pointer causes a host crash. To fix this, we check for NULL, and if it is NULL, we retry the operation by returning to the guest, with the expectation that it will generate the same page fault again (unless of course it has been fixed up by another CPU in the meantime). Fixes: 71d29f43b633 ("KVM: PPC: Book3S HV: Don't use compound_order to determine host mapping size") Signed-off-by: Paul Mackerras commit d8938c981f58ee344687b7910a611ac345960045 Merge: 659c9370e53c e0dccce1193f Author: Dave Airlie Date: Thu Oct 4 10:28:27 2018 +1000 Merge branch 'drm-tda9950-fixes' of git://git.armlinux.org.uk/~rmk/linux-arm into drm-fixes two tda9950 fixes. Signed-off-by: Dave Airlie From: Russell King Link: https://patchwork.freedesktop.org/patch/msgid/20181001162948.GA9508@rmk-PC.armlinux.org.uk commit 659c9370e53c99b2e98eba0c07161f839dbf8521 Merge: 77d981b16f2d 4c9613ce556f Author: Dave Airlie Date: Thu Oct 4 10:04:38 2018 +1000 Merge tag 'drm-intel-fixes-2018-10-03' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes There's one fix for our zlib incomlete Z_FINISH on our error state handling, plus a compilation warning fix and a tiny code clean up. Signed-off-by: Dave Airlie From: Rodrigo Vivi Link: https://patchwork.freedesktop.org/patch/msgid/20181003202840.GA23560@intel.com commit cec4de302c5ff2c5eb3bfcb0c4845a095f5149b9 Merge: 95773dc08627 4233cfe6ec46 Author: Greg Kroah-Hartman Date: Wed Oct 3 16:09:11 2018 -0700 Merge gitolite.kernel.org:/pub/scm/linux/kernel/git/davem/net David writes: "Networking fixes: 1) Prefix length validation in xfrm layer, from Steffen Klassert. 2) TX status reporting fix in mac80211, from Andrei Otcheretianski. 3) Fix hangs due to TX_DROP in mac80211, from Bob Copeland. 4) Fix DMA error regression in b43, from Larry Finger. 5) Add input validation to xenvif_set_hash_mapping(), from Jan Beulich. 6) SMMU unmapping fix in hns driver, from Yunsheng Lin. 7) Bluetooh crash in unpairing on SMP, from Matias Karhumaa. 8) WoL handling fixes in the phy layer, from Heiner Kallweit. 9) Fix deadlock in bonding, from Mahesh Bandewar. 10) Fill ttl inherit infor in vxlan driver, from Hangbin Liu. 11) Fix TX timeouts during netpoll, from Michael Chan. 12) RXRPC layer fixes from David Howells. 13) Another batch of ndo_poll_controller() removals to deal with excessive resource consumption during load. From Eric Dumazet. 14) Fix a specific TIPC failure secnario, from LUU Duc Canh. 15) Really disable clocks in r8169 during suspend so that low power states can actually be reached. 16) Fix SYN backlog lockdep issue in tcp and dccp, from Eric Dumazet. 17) Fix RCU locking in netpoll SKB send, which shows up in bonding, from Dave Jones. 18) Fix TX stalls in r8169, from Heiner Kallweit. 19) Fix locksup in nfp due to control message storms, from Jakub Kicinski. 20) Various rmnet bug fixes from Subash Abhinov Kasiviswanathan and Sean Tranchetti. 21) Fix use after free in ip_cmsg_recv_dstaddr(), from Eric Dumazet." * gitolite.kernel.org:/pub/scm/linux/kernel/git/davem/net: (122 commits) ixgbe: check return value of napi_complete_done() sctp: fix fall-through annotation r8169: always autoneg on resume ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() net: qualcomm: rmnet: Fix incorrect allocation flag in receive path net: qualcomm: rmnet: Fix incorrect allocation flag in transmit net: qualcomm: rmnet: Skip processing loopback packets net: systemport: Fix wake-up interrupt race during resume rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 bonding: fix warning message inet: make sure to grab rcu_read_lock before using ireq->ireq_opt nfp: avoid soft lockups under control message storm declance: Fix continuation with the adapter identification message net: fec: fix rare tx timeout r8169: fix network stalls due to missing bit TXCFG_AUTO_FIFO tun: napi flags belong to tfile tun: initialize napi_mutex unconditionally tun: remove unused parameters bond: take rcu lock in netpoll_send_skb_on_dev rtnetlink: Fail dump if target netnsid is invalid ... commit 4233cfe6ec4683497d7318f55ce7617e97f2e610 Author: Song Liu Date: Wed Oct 3 11:30:35 2018 -0700 ixgbe: check return value of napi_complete_done() The NIC driver should only enable interrupts when napi_complete_done() returns true. This patch adds the check for ixgbe. Cc: stable@vger.kernel.org # 4.10+ Suggested-by: Eric Dumazet Signed-off-by: Song Liu Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher Signed-off-by: David S. Miller commit 95773dc0862717ab9612d69bc07d0386bd104603 Merge: 6bebe37927f3 ce01a1575f45 Author: Greg Kroah-Hartman Date: Wed Oct 3 11:06:49 2018 -0700 Merge tag 'linux-kselftest-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Shuah writes: "kselftest fixes for 4.19-rc7 This fixes update for 4.19-rc7 consists one fix to rseq test to prevent it from seg-faulting when compiled with -fpie." * tag 'linux-kselftest-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: rseq/selftests: fix parametrized test with -fpie commit 2cc543f5cd6deda27ef463686fa08c16c8c0990b Author: Gustavo A. R. Silva Date: Wed Oct 3 12:45:56 2018 +0200 sctp: fix fall-through annotation Replace "fallthru" with a proper "fall through" annotation. This fix is part of the ongoing efforts to enabling -Wimplicit-fallthrough Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 4c9613ce556fdeb671e779668b627ea3a2b61728 Author: Chris Wilson Date: Wed Oct 3 09:24:22 2018 +0100 drm/i915: Handle incomplete Z_FINISH for compressed error states The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. v2: Check against overrunning our pre-allocated page array v3: Drop Z_SYNC_FLUSH entirely Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson Cc: Joonas Lahtinen Cc: # v4.10+ Cc: Tvrtko Ursulin Reviewed-by: Tvrtko Ursulin Link: https://patchwork.freedesktop.org/patch/msgid/20181003082422.23214-1-chris@chris-wilson.co.uk (cherry picked from commit 83bc0f5b432f60394466deef16fc753e27371d0b) Signed-off-by: Rodrigo Vivi commit 6bebe37927f3023e92de66964df8ff75151dcea9 Merge: 5b372600ccf1 ad608fbcf166 Author: Greg Kroah-Hartman Date: Wed Oct 3 04:23:46 2018 -0700 Merge tag 'media/v4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Mauro writes: "media fixes for v4.19-rc6" * tag 'media/v4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: media: v4l: event: Prevent freeing event subscriptions while accessed commit 5b372600ccf1116701e96cf593559a60c9bee7e0 Merge: 73dec82d8d2b 9ff3541e3ddf Author: Greg Kroah-Hartman Date: Wed Oct 3 04:22:30 2018 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Jiri writes: "HID fixes: - hantick touchpad fix from Anisse Astier - device ID addition for Ice Lake mobile from Srinivas Pandruvada - touchscreen resume fix for certain i2c-hid driven devices from Hans de Goede" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: intel-ish-hid: Enable Ice Lake mobile HID: i2c-hid: Remove RESEND_REPORT_DESCR quirk and its handling HID: i2c-hid: disable runtime PM operations on hantick touchpad commit 73dec82d8d2b2c6c9c9a66a1c8daae3fcd71d602 Merge: 1d2ba7fee28b ffc4c92227db Author: Greg Kroah-Hartman Date: Wed Oct 3 04:21:23 2018 -0700 Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Al writes: "xattrs regression fix from Andreas; sat in -next for quite a while." * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: sysfs: Do not return POSIX ACL xattrs via listxattr commit ad608fbcf166fec809e402d548761768f602702c Author: Sakari Ailus Date: Tue Sep 11 05:32:37 2018 -0400 media: v4l: event: Prevent freeing event subscriptions while accessed The event subscriptions are added to the subscribed event list while holding a spinlock, but that lock is subsequently released while still accessing the subscription object. This makes it possible to unsubscribe the event --- and freeing the subscription object's memory --- while the subscription object is simultaneously accessed. Prevent this by adding a mutex to serialise the event subscription and unsubscription. This also gives a guarantee to the callback ops that the add op has returned before the del op is called. This change also results in making the elems field less special: subscriptions are only added to the event list once they are fully initialised. Signed-off-by: Sakari Ailus Reviewed-by: Hans Verkuil Reviewed-by: Laurent Pinchart Cc: stable@vger.kernel.org # for 4.14 and up Fixes: c3b5b0241f62 ("V4L/DVB: V4L: Events: Add backend") Signed-off-by: Mauro Carvalho Chehab commit 0711a43b6d84ff9189adfbf83c8bbf56eef794bf Author: Kai-Heng Feng Date: Tue Oct 2 23:29:11 2018 +0800 drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl There's another panel that reports "DFP 1.x compliant TMDS" but it supports 6bpc instead of 8 bpc. Apply 6 bpc quirk for the panel to fix it. BugLink: https://bugs.launchpad.net/bugs/1794387 Cc: # v4.8+ Signed-off-by: Kai-Heng Feng Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20181002152911.4370-1-kai.heng.feng@canonical.com commit e4a02ed2aaf447fa849e3254bfdb3b9b01e1e520 Author: Guenter Roeck Date: Tue Oct 2 14:48:49 2018 -0700 locking/ww_mutex: Fix runtime warning in the WW mutex selftest If CONFIG_WW_MUTEX_SELFTEST=y is enabled, booting an image in an arm64 virtual machine results in the following traceback if 8 CPUs are enabled: DEBUG_LOCKS_WARN_ON(__owner_task(owner) != current) WARNING: CPU: 2 PID: 537 at kernel/locking/mutex.c:1033 __mutex_unlock_slowpath+0x1a8/0x2e0 ... Call trace: __mutex_unlock_slowpath() ww_mutex_unlock() test_cycle_work() process_one_work() worker_thread() kthread() ret_from_fork() If requesting b_mutex fails with -EDEADLK, the error variable is reassigned to the return value from calling ww_mutex_lock on a_mutex again. If this call fails, a_mutex is not locked. It is, however, unconditionally unlocked subsequently, causing the reported warning. Fix the problem by using two error variables. With this change, the selftest still fails as follows: cyclic deadlock not resolved, ret[7/8] = -35 However, the traceback is gone. Signed-off-by: Guenter Roeck Cc: Chris Wilson Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Will Deacon Fixes: d1b42b800e5d0 ("locking/ww_mutex: Add kselftests for resolving ww_mutex cyclic deadlocks") Link: http://lkml.kernel.org/r/1538516929-9734-1-git-send-email-linux@roeck-us.net Signed-off-by: Ingo Molnar commit 77d981b16f2db81ba6c7792a9102652045535127 Merge: 17b57b1883c1 1feda5eb77fc Author: Dave Airlie Date: Wed Oct 3 16:31:11 2018 +1000 Merge tag 'exynos-drm-fixes-for-v4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes Use default iommu domain instead of fake one - This patch makes it to reuse default IOMMU domain instead of allocating a fake IOMMU domain, and allows some design changes for enhancement of IOMMU framework[1] without breaking Exynos DRM. [1] https://www.spinics.net/lists/arm-kernel/msg676098.html Signed-off-by: Dave Airlie From: Inki Dae Link: https://patchwork.freedesktop.org/patch/msgid/1538360696-23579-1-git-send-email-inki.dae@samsung.com commit 88296bd42b4e9d24e138a68b337c235b5cac89a7 Author: Nathan Chancellor Date: Tue Oct 2 15:45:11 2018 -0700 x86/cpu/amd: Remove unnecessary parentheses Clang warns when multiple pairs of parentheses are used for a single conditional statement. arch/x86/kernel/cpu/amd.c:925:14: warning: equality comparison with extraneous parentheses [-Wparentheses-equality] if ((c->x86 == 6)) { ~~~~~~~^~~~ arch/x86/kernel/cpu/amd.c:925:14: note: remove extraneous parentheses around the comparison to silence this warning if ((c->x86 == 6)) { ~ ^ ~ arch/x86/kernel/cpu/amd.c:925:14: note: use '=' to turn this equality comparison into an assignment if ((c->x86 == 6)) { ^~ = 1 warning generated. Signed-off-by: Nathan Chancellor Cc: Borislav Petkov Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20181002224511.14929-1-natechancellor@gmail.com Link: https://github.com/ClangBuiltLinux/linux/issues/187 Signed-off-by: Ingo Molnar commit 4f166564014aba65ad6f15b612f6711fd0f117ee Author: Andy Lutomirski Date: Tue Oct 2 21:26:50 2018 -0700 x86/vdso: Only enable vDSO retpolines when enabled and supported When I fixed the vDSO build to use inline retpolines, I messed up the Makefile logic and made it unconditional. It should have depended on CONFIG_RETPOLINE and on the availability of compiler support. This broke the build on some older compilers. Reported-by: nikola.ciprich@linuxbox.cz Signed-off-by: Andy Lutomirski Cc: Borislav Petkov Cc: David Woodhouse Cc: Linus Torvalds Cc: Matt Rickard Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: jason.vas.dias@gmail.com Cc: stable@vger.kernel.org Fixes: 2e549b2ee0e3 ("x86/vdso: Fix vDSO build if a retpoline is emitted") Link: http://lkml.kernel.org/r/08a1f29f2c238dd1f493945e702a521f8a5aa3ae.1538540801.git.luto@kernel.org Signed-off-by: Ingo Molnar commit 9003b369499b3320d3f16145145b729fb6ff3bd4 Author: Alex Xu (Hello71) Date: Sun Sep 30 11:06:39 2018 -0400 r8169: always autoneg on resume This affects at least versions 25 and 33, so assume all cards are broken and just renegotiate by default. Fixes: 10bc6a6042c9 ("r8169: fix autoneg issue on resume with RTL8168E") Signed-off-by: Alex Xu (Hello71) Signed-off-by: David S. Miller commit 64199fc0a46ba211362472f7f942f900af9492fd Author: Eric Dumazet Date: Sun Sep 30 11:33:39 2018 -0700 ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() Caching ip_hdr(skb) before a call to pskb_may_pull() is buggy, do not do it. Fixes: 2efd4fca703a ("ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull") Signed-off-by: Eric Dumazet Cc: Willem de Bruijn Reported-by: syzbot Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit b9f1bcb22091aacc0202c9ff6181e696cd1dc7dc Merge: 31c73cb5e296 cee26487620b Author: David S. Miller Date: Tue Oct 2 22:20:24 2018 -0700 Merge tag 'mlx5-fixes-2018-10-01' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux Saeed Mahameed says: ==================== Mellanox, mlx5 fixes 2018-10-01 This pull request includes some fixes to mlx5 driver, Please pull and let me know if there's any problem. For -stable v4.11: "6e0a4a23c59a ('net/mlx5: E-Switch, Fix out of bound access when setting vport rate')" For -stable v4.18: "98d6627c372a ('net/mlx5e: Set vlan masks for all offloaded TC rules')" ==================== Signed-off-by: David S. Miller commit 31c73cb5e296fa56093c1df270e1ebc818cae211 Merge: 45ec318578c0 ec405641e2b7 Author: David S. Miller Date: Tue Oct 2 22:16:00 2018 -0700 Merge branch 'rmnet-fixes' Subash Abhinov Kasiviswanathan says: ==================== net: qualcomm: rmnet: Updates 2018-10-02 This series is a set of small fixes for rmnet driver Patch 1 is a fix for a scenario reported by syzkaller Patch 2 & 3 are fixes for incorrect allocation flags ==================== Signed-off-by: David S. Miller commit ec405641e2b73160e26ef17580d0cf28565d146c Author: Subash Abhinov Kasiviswanathan Date: Tue Oct 2 18:52:03 2018 -0600 net: qualcomm: rmnet: Fix incorrect allocation flag in receive path The incoming skb needs to be reallocated in case the headroom is not sufficient to adjust the ethernet header. This allocation needs to be atomic otherwise it results in this splat [<600601bb>] ___might_sleep+0x185/0x1a3 [<603f6314>] ? _raw_spin_unlock_irqrestore+0x0/0x27 [<60069bb0>] ? __wake_up_common_lock+0x95/0xd1 [<600602b0>] __might_sleep+0xd7/0xe2 [<60065598>] ? enqueue_task_fair+0x112/0x209 [<600eea13>] __kmalloc_track_caller+0x5d/0x124 [<600ee9b6>] ? __kmalloc_track_caller+0x0/0x124 [<602696d5>] __kmalloc_reserve.isra.34+0x30/0x7e [<603f629b>] ? _raw_spin_lock_irqsave+0x0/0x3d [<6026b744>] pskb_expand_head+0xbf/0x310 [<6025ca6a>] rmnet_rx_handler+0x7e/0x16b [<6025c9ec>] ? rmnet_rx_handler+0x0/0x16b [<6027ad0c>] __netif_receive_skb_core+0x301/0x96f [<60033c17>] ? set_signals+0x0/0x40 [<6027bbcb>] __netif_receive_skb+0x24/0x8e Fixes: 74692caf1b0b ("net: qualcomm: rmnet: Process packets over ethernet") Signed-off-by: Sean Tranchetti Signed-off-by: Subash Abhinov Kasiviswanathan Signed-off-by: David S. Miller commit 6392ff3c8e4c23d0a09b0ae9f94feb3effed490b Author: Subash Abhinov Kasiviswanathan Date: Tue Oct 2 18:52:02 2018 -0600 net: qualcomm: rmnet: Fix incorrect allocation flag in transmit The incoming skb needs to be reallocated in case the headroom is not sufficient to add the MAP header. This allocation needs to be atomic otherwise it results in the following splat [32805.801456] BUG: sleeping function called from invalid context [32805.841141] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP [32805.904773] task: ffffffd7c5f62280 task.stack: ffffff80464a8000 [32805.910851] pc : ___might_sleep+0x180/0x188 [32805.915143] lr : ___might_sleep+0x180/0x188 [32806.131520] Call trace: [32806.134041] ___might_sleep+0x180/0x188 [32806.137980] __might_sleep+0x50/0x84 [32806.141653] __kmalloc_track_caller+0x80/0x3bc [32806.146215] __kmalloc_reserve+0x3c/0x88 [32806.150241] pskb_expand_head+0x74/0x288 [32806.154269] rmnet_egress_handler+0xb0/0x1d8 [32806.162239] rmnet_vnd_start_xmit+0xc8/0x13c [32806.166627] dev_hard_start_xmit+0x148/0x280 [32806.181181] sch_direct_xmit+0xa4/0x198 [32806.185125] __qdisc_run+0x1f8/0x310 [32806.188803] net_tx_action+0x23c/0x26c [32806.192655] __do_softirq+0x220/0x408 [32806.196420] do_softirq+0x4c/0x70 Fixes: ceed73a2cf4a ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation") Signed-off-by: Subash Abhinov Kasiviswanathan Signed-off-by: David S. Miller commit a07f388e2cde2be74b263f85df6f672fea0305a1 Author: Sean Tranchetti Date: Tue Oct 2 18:52:01 2018 -0600 net: qualcomm: rmnet: Skip processing loopback packets RMNET RX handler was processing invalid packets that were originally sent on the real device and were looped back via dev_loopback_xmit(). This was detected using syzkaller. Fixes: ceed73a2cf4a ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation") Signed-off-by: Sean Tranchetti Signed-off-by: Subash Abhinov Kasiviswanathan Signed-off-by: David S. Miller commit 45ec318578c0c22a11f5b9927d064418e1ab1905 Author: Florian Fainelli Date: Tue Oct 2 16:52:03 2018 -0700 net: systemport: Fix wake-up interrupt race during resume The AON_PM_L2 is normally used to trigger and identify the source of a wake-up event. Since the RX_SYS clock is no longer turned off, we also have an interrupt being sent to the SYSTEMPORT INTRL_2_0 controller, and that interrupt remains active up until the magic packet detector is disabled which happens much later during the driver resumption. The race happens if we have a CPU that is entering the SYSTEMPORT INTRL2_0 handler during resume, and another CPU has managed to clear the wake-up interrupt during bcm_sysport_resume_from_wol(). In that case, we have the first CPU stuck in the interrupt handler with an interrupt cause that has been cleared under its feet, and so we keep returning IRQ_NONE and we never make any progress. This was not a problem before because we would always turn off the RX_SYS clock during WoL, so the SYSTEMPORT INTRL2_0 would also be turned off as well, thus not latching the interrupt. The fix is to make sure we do not enable either the MPD or BRCM_TAG_MATCH interrupts since those are redundant with what the AON_PM_L2 interrupt controller already processes and they would cause such a race to occur. Fixes: bb9051a2b230 ("net: systemport: Add support for WAKE_FILTER") Fixes: 83e82f4c706b ("net: systemport: add Wake-on-LAN support") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit 7af929d6d05ba5564139718e30d5bc96bdbc716a Author: Steve French Date: Tue Oct 2 18:54:09 2018 -0500 smb3: fix lease break problem introduced by compounding Fixes problem (discovered by Aurelien) introduced by recent commit: commit b24df3e30cbf48255db866720fb71f14bf9d2f39 ("cifs: update receive_encrypted_standard to handle compounded responses") which broke the ability to respond to some lease breaks (lease breaks being ignored is a problem since can block server response for duration of the lease break timeout). Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg Reviewed-by: Pavel Shilovsky commit 4e34feb5e96328df6a362c88098502b07c1b1e69 Author: Ronnie Sahlberg Date: Thu Aug 30 10:13:00 2018 +1000 cifs: only wake the thread for the very last PDU in a compound For compounded PDUs we whould only wake the waiting thread for the very last PDU of the compound. We do this so that we are guaranteed that the demultiplex_thread will not process or access any of those MIDs any more once the send/recv thread starts processing. Else there is a race where at the end of the send/recv processing we will try to delete all the mids of the compound. If the multiplex thread still has other mids to process at this point for this compound this can lead to an oops. Needed to fix recent commit: commit 730928c8f4be88e9d6a027a16b1e8fa9c59fc077 ("cifs: update smb2_queryfs() to use compounding") Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky commit 11bde899817b575f6e9f22f35ec7e3296cd466b4 Merge: 0e1d6eca5113 3baafeffa48a Author: David S. Miller Date: Tue Oct 2 16:16:59 2018 -0700 Merge tag 'wireless-drivers-for-davem-2018-10-01' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== wireless-drivers fixes for 4.19 First, and also hopefully the last, set of fixes for 4.19. All small but still important fixes mt76x0 * fix a bug when a virtual interface is removed multiple times b43 * fix DMA error related regression with proprietary firmware iwlwifi * fix an oops which was a regression in v4.19-rc1 ==================== Signed-off-by: David S. Miller commit ddf83afb9f60ee58cdec30bb615eff65d00ba05e Author: Ronnie Sahlberg Date: Thu Aug 30 10:12:59 2018 +1000 cifs: add a warning if we try to to dequeue a deleted mid cifs_delete_mid() is called once we are finished handling a mid and we expect no more work done on this mid. Needed to fix recent commit: commit 730928c8f4be88e9d6a027a16b1e8fa9c59fc077 ("cifs: update smb2_queryfs() to use compounding") Add a warning if someone tries to dequeue a mid that has already been flagged to be deleted. Also change list_del() to list_del_init() so that if we have similar bugs resurface in the future we will not oops. Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky commit 0595751f267994c3c7027377058e4185b3a28e75 Author: Aurelien Aptel Date: Thu May 17 16:35:07 2018 +0200 smb2: fix missing files in root share directory listing When mounting a Windows share that is the root of a drive (eg. C$) the server does not return . and .. directory entries. This results in the smb2 code path erroneously skipping the 2 first entries. Pseudo-code of the readdir() code path: cifs_readdir(struct file, struct dir_context) initiate_cifs_search <-- if no reponse cached yet server->ops->query_dir_first dir_emit_dots dir_emit <-- adds "." and ".." if we're at pos=0 find_cifs_entry initiate_cifs_search <-- if pos < start of current response (restart search) server->ops->query_dir_next <-- if pos > end of current response (fetch next search res) for(...) <-- loops over cur response entries starting at pos cifs_filldir <-- skip . and .., emit entry cifs_fill_dirent dir_emit pos++ A) dir_emit_dots() always adds . & .. and sets the current dir pos to 2 (0 and 1 are done). Therefore we always want the index_to_find to be 2 regardless of if the response has . and .. B) smb1 code initializes index_of_last_entry with a +2 offset in cifssmb.c CIFSFindFirst(): psrch_inf->index_of_last_entry = 2 /* skip . and .. */ + psrch_inf->entries_in_buffer; Later in find_cifs_entry() we want to find the next dir entry at pos=2 as a result of (A) first_entry_in_buffer = cfile->srch_inf.index_of_last_entry - cfile->srch_inf.entries_in_buffer; This var is the dir pos that the first entry in the buffer will have therefore it must be 2 in the first call. If we don't offset index_of_last_entry by 2 (like in (B)), first_entry_in_buffer=0 but we were instructed to get pos=2 so this code in find_cifs_entry() skips the 2 first which is ok for non-root shares, as it skips . and .. from the response but is not ok for root shares where the 2 first are actual files pos_in_buf = index_to_find - first_entry_in_buffer; // pos_in_buf=2 // we skip 2 first response entries :( for (i = 0; (i < (pos_in_buf)) && (cur_ent != NULL); i++) { /* go entry by entry figuring out which is first */ cur_ent = nxt_dir_entry(cur_ent, end_of_smb, cfile->srch_inf.info_level); } C) cifs_filldir() skips . and .. so we can safely ignore them for now. Sample program: int main(int argc, char **argv) { const char *path = argc >= 2 ? argv[1] : "."; DIR *dh; struct dirent *de; printf("listing path <%s>\n", path); dh = opendir(path); if (!dh) { printf("opendir error %d\n", errno); return 1; } while (1) { de = readdir(dh); if (!de) { if (errno) { printf("readdir error %d\n", errno); return 1; } printf("end of listing\n"); break; } printf("off=%lu <%s>\n", de->d_off, de->d_name); } return 0; } Before the fix with SMB1 on root shares: <.> off=1 <..> off=2 <$Recycle.Bin> off=3 off=4 and on non-root shares: <.> off=1 <..> off=4 <-- after adding .., the offsets jumps to +2 because <2536> off=5 we skipped . and .. from response buffer (C) <411> off=6 but still incremented pos off=7 off=8 Therefore the fix for smb2 is to mimic smb1 behaviour and offset the index_of_last_entry by 2. Test results comparing smb1 and smb2 before/after the fix on root share, non-root shares and on large directories (ie. multi-response dir listing): PRE FIX ======= pre-1-root VS pre-2-root: ERR pre-2-root is missing [bootmgr, $Recycle.Bin] pre-1-nonroot VS pre-2-nonroot: OK~ same files, same order, different offsets pre-1-nonroot-large VS pre-2-nonroot-large: OK~ same files, same order, different offsets POST FIX ======== post-1-root VS post-2-root: OK same files, same order, same offsets post-1-nonroot VS post-2-nonroot: OK same files, same order, same offsets post-1-nonroot-large VS post-2-nonroot-large: OK same files, same order, same offsets REGRESSION? =========== pre-1-root VS post-1-root: OK same files, same order, same offsets pre-1-nonroot VS post-1-nonroot: OK same files, same order, same offsets BugLink: https://bugzilla.samba.org/show_bug.cgi?id=13107 Signed-off-by: Aurelien Aptel Signed-off-by: Paulo Alcantara Reviewed-by: Ronnie Sahlberg Signed-off-by: Steve French CC: Stable commit 0e1d6eca5113858ed2caea61a5adc03c595f6096 Author: Eric Dumazet Date: Tue Oct 2 15:47:35 2018 -0700 rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 We have an impressive number of syzkaller bugs that are linked to the fact that syzbot was able to create a networking device with millions of TX (or RX) queues. Let's limit the number of RX/TX queues to 4096, this really should cover all known cases. A separate patch will add various cond_resched() in the loops handling sysfs entries at device creation and dismantle. Tested: lpaa6:~# ip link add gre-4097 numtxqueues 4097 numrxqueues 4097 type ip6gretap RTNETLINK answers: Invalid argument lpaa6:~# time ip link add gre-4096 numtxqueues 4096 numrxqueues 4096 type ip6gretap real 0m0.180s user 0m0.000s sys 0m0.107s Fixes: 76ff5cc91935 ("rtnl: allow to specify number of rx and tx queues on device creation") Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: David S. Miller commit 0f3b914c9cfcd7bbedd445dc4ac5dd999fa213c2 Author: Mahesh Bandewar Date: Tue Oct 2 12:14:34 2018 -0700 bonding: fix warning message RX queue config for bonding master could be different from its slave device(s). With the commit 6a9e461f6fe4 ("bonding: pass link-local packets to bonding master also."), the packet is reinjected into stack with skb->dev as bonding master. This potentially triggers the message: "bondX received packet on queue Y, but number of RX queues is Z" whenever the queue that packet is received on is higher than the numrxqueues on bonding master (Y > Z). Fixes: 6a9e461f6fe4 ("bonding: pass link-local packets to bonding master also.") Reported-by: John Sperbeck Signed-off-by: Eric Dumazet Signed-off-by: Mahesh Bandewar Signed-off-by: David S. Miller commit 2ab2ddd301a22ca3c5f0b743593e4ad2953dfa53 Author: Eric Dumazet Date: Tue Oct 2 12:35:05 2018 -0700 inet: make sure to grab rcu_read_lock before using ireq->ireq_opt Timer handlers do not imply rcu_read_lock(), so my recent fix triggered a LOCKDEP warning when SYNACK is retransmit. Lets add rcu_read_lock()/rcu_read_unlock() pairs around ireq->ireq_opt usages instead of guessing what is done by callers, since it is not worth the pain. Get rid of ireq_opt_deref() helper since it hides the logic without real benefit, since it is now a standard rcu_dereference(). Fixes: 1ad98e9d1bdf ("tcp/dccp: fix lockdep issue when SYN is backlogged") Signed-off-by: Eric Dumazet Reported-by: Willem de Bruijn Signed-off-by: David S. Miller commit 5b162cc4ac27ba76e576abc9090c54cf90a17980 Author: Geert Uytterhoeven Date: Thu Aug 30 14:54:04 2018 +0200 Revert "serial: sh-sci: Allow for compressed SCIF address" This reverts commit 2d4dd0da45401c7ae7332b4d1eb7bbb1348edde9. This broke earlycon on all Renesas ARM platforms using a SCIF port for the serial console (R-Car, RZ/A1, RZ/G1, RZ/G2 SoCs), due to an incorrect value of port->regshift. Signed-off-by: Geert Uytterhoeven Acked-by: Chris Brandt Signed-off-by: Greg Kroah-Hartman commit 10653022456dc77b398777fd8e95126c77954b49 Author: Geert Uytterhoeven Date: Thu Aug 30 14:54:03 2018 +0200 Revert "serial: sh-sci: Remove SCIx_RZ_SCIFA_REGTYPE" This reverts commit 7acece71a517cad83a0842a94d94c13f271b680c. Signed-off-by: Geert Uytterhoeven Acked-by: Chris Brandt Signed-off-by: Greg Kroah-Hartman commit beeeac43b6fae5f5eaf707b6fcc2bf1e09deb785 Author: Guenter Roeck Date: Mon Oct 1 21:42:37 2018 -0700 Revert "serial: 8250_dw: Fix runtime PM handling" This reverts commit d76c74387e1c978b6c5524a146ab0f3f72206f98. While commit d76c74387e1c ("serial: 8250_dw: Fix runtime PM handling") fixes runtime PM handling when using kgdb, it introduces a traceback for everyone else. BUG: sleeping function called from invalid context at /mnt/host/source/src/third_party/kernel/next/drivers/base/power/runtime.c:1034 in_atomic(): 1, irqs_disabled(): 1, pid: 1, name: swapper/0 7 locks held by swapper/0/1: #0: 000000005ec5bc72 (&dev->mutex){....}, at: __driver_attach+0xb5/0x12b #1: 000000005d5fa9e5 (&dev->mutex){....}, at: __device_attach+0x3e/0x15b #2: 0000000047e93286 (serial_mutex){+.+.}, at: serial8250_register_8250_port+0x51/0x8bb #3: 000000003b328f07 (port_mutex){+.+.}, at: uart_add_one_port+0xab/0x8b0 #4: 00000000fa313d4d (&port->mutex){+.+.}, at: uart_add_one_port+0xcc/0x8b0 #5: 00000000090983ca (console_lock){+.+.}, at: vprintk_emit+0xdb/0x217 #6: 00000000c743e583 (console_owner){-...}, at: console_unlock+0x211/0x60f irq event stamp: 735222 __down_trylock_console_sem+0x4a/0x84 console_unlock+0x338/0x60f __do_softirq+0x4a4/0x50d irq_exit+0x64/0xe2 CPU: 2 PID: 1 Comm: swapper/0 Not tainted 4.19.0-rc5 #6 Hardware name: Google Caroline/Caroline, BIOS Google_Caroline.7820.286.0 03/15/2017 Call Trace: dump_stack+0x7d/0xbd ___might_sleep+0x238/0x259 __pm_runtime_resume+0x4e/0xa4 ? serial8250_rpm_get+0x2e/0x44 serial8250_console_write+0x44/0x301 ? lock_acquire+0x1b8/0x1fa console_unlock+0x577/0x60f vprintk_emit+0x1f0/0x217 printk+0x52/0x6e register_console+0x43b/0x524 uart_add_one_port+0x672/0x8b0 ? set_io_from_upio+0x150/0x162 serial8250_register_8250_port+0x825/0x8bb dw8250_probe+0x80c/0x8b0 ? dw8250_serial_inq+0x8e/0x8e ? dw8250_check_lcr+0x108/0x108 ? dw8250_runtime_resume+0x5b/0x5b ? dw8250_serial_outq+0xa1/0xa1 ? dw8250_remove+0x115/0x115 platform_drv_probe+0x76/0xc5 really_probe+0x1f1/0x3ee ? driver_allows_async_probing+0x5d/0x5d driver_probe_device+0xd6/0x112 ? driver_allows_async_probing+0x5d/0x5d bus_for_each_drv+0xbe/0xe5 __device_attach+0xdd/0x15b bus_probe_device+0x5a/0x10b device_add+0x501/0x894 ? _raw_write_unlock+0x27/0x3a platform_device_add+0x224/0x2b7 mfd_add_device+0x718/0x75b ? __kmalloc+0x144/0x16a ? mfd_add_devices+0x38/0xdb mfd_add_devices+0x9b/0xdb intel_lpss_probe+0x7d4/0x8ee intel_lpss_pci_probe+0xac/0xd4 pci_device_probe+0x101/0x18e ... Revert the offending patch until a more comprehensive solution is available. Cc: Tony Lindgren Cc: Andy Shevchenko Cc: Phil Edworthy Fixes: d76c74387e1c ("serial: 8250_dw: Fix runtime PM handling") Signed-off-by: Guenter Roeck Signed-off-by: Greg Kroah-Hartman commit ef1f2258748b675422ca0107e5bfb9ceeac675de Author: Atish Patra Date: Tue Sep 11 11:30:18 2018 -0700 RISCV: Fix end PFN for low memory Use memblock_end_of_DRAM which provides correct last low memory PFN. Without that, DMA32 region becomes empty resulting in zero pages being allocated for DMA32. This patch is based on earlier patch from palmer which never merged into 4.19. I just edited the commit text to make more sense. Signed-off-by: Atish Patra Signed-off-by: Palmer Dabbelt commit 2647c43c7f3ba4b752bfce261d53b16e2f5bc9e3 Author: Mike Travis Date: Tue Oct 2 13:01:46 2018 -0500 x86/tsc: Fix UV TSC initialization The recent rework of the TSC calibration code introduced a regression on UV systems as it added a call to tsc_early_init() which initializes the TSC ADJUST values before acpi_boot_table_init(). In the case of UV systems, that is a necessary step that calls uv_system_init(). This informs tsc_sanitize_first_cpu() that the kernel runs on a platform with async TSC resets as documented in commit 341102c3ef29 ("x86/tsc: Add option that TSC on Socket 0 being non-zero is valid") Fix it by skipping the early tsc initialization on UV systems and let TSC init tests take place later in tsc_init(). Fixes: cf7a63ef4e02 ("x86/tsc: Calibrate tsc only once") Suggested-by: Hedi Berriche Signed-off-by: Mike Travis Signed-off-by: Thomas Gleixner Reviewed-by: Russ Anderson Reviewed-by: Dimitri Sivanich Cc: "H. Peter Anvin" Cc: Russ Anderson Cc: Dimitri Sivanich Cc: Borislav Petkov Cc: Kate Stewart Cc: Greg Kroah-Hartman Cc: Philippe Ombredanne Cc: Pavel Tatashin Cc: Peter Zijlstra Cc: Len Brown Cc: Dou Liyang Cc: Xiaoming Gao Cc: Rajvi Jingar Link: https://lkml.kernel.org/r/20181002180144.923579706@stormcage.americas.sgi.com commit 20a8378aa9dd108a01cb0e695599f5257a885c4b Author: Mike Travis Date: Tue Oct 2 13:01:45 2018 -0500 x86/platform/uv: Provide is_early_uv_system() Introduce is_early_uv_system() which uses efi.uv_systab to decide early in the boot process whether the kernel runs on a UV system. This is needed to skip other early setup/init code that might break the UV platform if done too early such as before necessary ACPI tables parsing takes place. Suggested-by: Hedi Berriche Signed-off-by: Mike Travis Signed-off-by: Thomas Gleixner Reviewed-by: Russ Anderson Reviewed-by: Dimitri Sivanich Cc: "H. Peter Anvin" Cc: Russ Anderson Cc: Dimitri Sivanich Cc: Borislav Petkov Cc: Kate Stewart Cc: Greg Kroah-Hartman Cc: Philippe Ombredanne Cc: Pavel Tatashin Cc: Peter Zijlstra Cc: Len Brown Cc: Dou Liyang Cc: Xiaoming Gao Cc: Rajvi Jingar Link: https://lkml.kernel.org/r/20181002180144.801700401@stormcage.americas.sgi.com commit ff58e2df62ce29d0552278c290ae494b30fe0c6f Author: Jakub Kicinski Date: Tue Oct 2 10:10:14 2018 -0700 nfp: avoid soft lockups under control message storm When FW floods the driver with control messages try to exit the cmsg processing loop every now and then to avoid soft lockups. Cmsg processing is generally very lightweight so 512 seems like a reasonable budget, which should not be exceeded under normal conditions. Fixes: 77ece8d5f196 ("nfp: add control vNIC datapath") Signed-off-by: Jakub Kicinski Reviewed-by: Simon Horman Tested-by: Pieter Jansen van Vuuren Signed-off-by: David S. Miller commit fe3a83af6a50199bf250fa331e94216912f79395 Author: Maciej W. Rozycki Date: Tue Oct 2 14:23:45 2018 +0100 declance: Fix continuation with the adapter identification message Fix a commit 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") regression with the `declance' driver, which caused the adapter identification message to be split between two lines, e.g.: declance.c: v0.011 by Linux MIPS DECstation task force tc6: PMAD-AA , addr = 08:00:2b:1b:2a:6a, irq = 14 tc6: registered as eth0. Address that properly, by printing identification with a single call, making the messages now look like: declance.c: v0.011 by Linux MIPS DECstation task force tc6: PMAD-AA, addr = 08:00:2b:1b:2a:6a, irq = 14 tc6: registered as eth0. Signed-off-by: Maciej W. Rozycki Fixes: 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") Signed-off-by: David S. Miller commit 657ade07df72847f591ccdb36bd9b91ed0edbac3 Author: Rickard x Andersson Date: Tue Oct 2 14:49:32 2018 +0200 net: fec: fix rare tx timeout During certain heavy network loads TX could time out with TX ring dump. TX is sometimes never restarted after reaching "tx_stop_threshold" because function "fec_enet_tx_queue" only tests the first queue. In addition the TX timeout callback function failed to recover because it also operated only on the first queue. Signed-off-by: Rickard x Andersson Signed-off-by: David S. Miller commit eafa717bc145963c944bb0a64d16add683861b35 Author: Mika Westerberg Date: Mon Sep 24 13:20:45 2018 +0300 thunderbolt: Initialize after IOMMUs If IOMMU is enabled and Thunderbolt driver is built into the kernel image, it will be probed before IOMMUs are attached to the PCI bus. Because of this DMA mappings the driver does will not go through IOMMU and start failing right after IOMMUs are enabled. For this reason move the Thunderbolt driver initialization happen at rootfs level. Signed-off-by: Mika Westerberg Signed-off-by: Greg Kroah-Hartman commit 86da809dda64a63fc27e05a215475325c3aaae92 Author: Mika Westerberg Date: Mon Sep 24 13:20:44 2018 +0300 thunderbolt: Do not handle ICM events after domain is stopped If there is a long chain of devices connected when the driver is loaded ICM sends device connected event for each and those are put to tb->wq for later processing. Now if the driver gets unloaded in the middle, so that the work queue is not yet empty it gets flushed by tb_domain_stop(). However, by that time the root switch is already removed so the driver crashes when it tries to dereference it in ICM event handling callbacks. Fix this by checking whether the root switch is already removed. If it is we know that the domain is stopped and we should merely skip handling the event. Signed-off-by: Mika Westerberg Signed-off-by: Greg Kroah-Hartman commit b45ba4a51cde29b2939365ef0c07ad34c8321789 Author: Christophe Leroy Date: Mon Oct 1 12:21:10 2018 +0000 powerpc/lib: fix book3s/32 boot failure due to code patching Commit 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") accesses 'init_mem_is_free' flag too early, before the kernel is relocated. This provokes early boot failure (before the console is active). As it is not necessary to do this verification that early, this patch moves the test into patch_instruction() instead of __patch_instruction(). This modification also has the advantage of avoiding unnecessary remappings. Fixes: 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") Cc: stable@vger.kernel.org # 4.13+ Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman commit b0584ea66d73919cbf5878a3420a837f06ab8396 Author: Roman Gushchin Date: Tue Oct 2 02:41:53 2018 +0000 bpf: don't accept cgroup local storage with zero value size Explicitly forbid creating cgroup local storage maps with zero value size, as it makes no sense and might even cause a panic. Reported-by: syzbot+18628320d3b14a5c459c@syzkaller.appspotmail.com Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Signed-off-by: Daniel Borkmann commit 1d2ba7fee28b3a47cca8e8f4f94a22d30b2b3a6f Merge: 5e0b19ac332b 7c968791f775 Author: Greg Kroah-Hartman Date: Tue Oct 2 05:19:43 2018 -0700 Merge tag 'fbdev-v4.19-rc7' of https://github.com/bzolnier/linux Bartlomiej writes: "fbdev fixes for v4.19-rc7: - fix OMAPFB_MEMORY_READ ioctl to not leak kernel memory in omapfb driver (Tomi Valkeinen) - add missing prepare/unprepare clock operations in pxa168fb driver (Lubomir Rintel) - add nobgrt option in efifb driver to disable ACPI BGRT logo restore (Hans de Goede) - fix spelling mistake in fall-through annotation in stifb driver (Gustavo A. R. Silva) - fix URL for uvesafb repository in the documentation (Adam Jackson)" * tag 'fbdev-v4.19-rc7' of https://github.com/bzolnier/linux: video/fbdev/stifb: Fix spelling mistake in fall-through annotation uvesafb: Fix URLs in the documentation efifb: BGRT: Add nobgrt option fbdev/omapfb: fix omapfb_memory_read infoleak pxa168fb: prepare the clock commit 5e0b19ac332b92356ef7145a4ddfb571cf66ab99 Merge: 385afbf8c3e8 1b09d9c232cd Author: Greg Kroah-Hartman Date: Tue Oct 2 05:19:04 2018 -0700 Merge tag 'mmc-v4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Ulf writes: "MMC core: - Fixup conversion of debounce time to/from ms/us MMC host: - sdhi: Fixup whitelisting for Gen3 types" * tag 'mmc-v4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: slot-gpio: Fix debounce time to use miliseconds again mmc: core: Fix debounce time to use microseconds mmc: sdhi: sys_dmac: check for all Gen3 types when whitelisting commit 4d4c2d89913e2d891bd6a34b12050a2576e60525 Author: Noralf Trønnes Date: Mon Oct 1 21:45:36 2018 +0200 drm/cma-helper: Fix crash in fbdev error path Sergey Suloev reported a crash happening in drm_client_dev_hotplug() when fbdev had failed to register. [ 9.124598] vc4_hdmi 3f902000.hdmi: ASoC: Failed to create component debugfs directory [ 9.147667] vc4_hdmi 3f902000.hdmi: vc4-hdmi-hifi <-> 3f902000.hdmi mapping ok [ 9.155184] vc4_hdmi 3f902000.hdmi: ASoC: no DMI vendor name! [ 9.166544] vc4-drm soc:gpu: bound 3f902000.hdmi (ops vc4_hdmi_ops [vc4]) [ 9.173840] vc4-drm soc:gpu: bound 3f806000.vec (ops vc4_vec_ops [vc4]) [ 9.181029] vc4-drm soc:gpu: bound 3f004000.txp (ops vc4_txp_ops [vc4]) [ 9.188519] vc4-drm soc:gpu: bound 3f400000.hvs (ops vc4_hvs_ops [vc4]) [ 9.195690] vc4-drm soc:gpu: bound 3f206000.pixelvalve (ops vc4_crtc_ops [vc4]) [ 9.203523] vc4-drm soc:gpu: bound 3f207000.pixelvalve (ops vc4_crtc_ops [vc4]) [ 9.215032] vc4-drm soc:gpu: bound 3f807000.pixelvalve (ops vc4_crtc_ops [vc4]) [ 9.274785] vc4-drm soc:gpu: bound 3fc00000.v3d (ops vc4_v3d_ops [vc4]) [ 9.290246] [drm] Initialized vc4 0.0.0 20140616 for soc:gpu on minor 0 [ 9.297464] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). [ 9.304600] [drm] Driver supports precise vblank timestamp query. [ 9.382856] vc4-drm soc:gpu: [drm:drm_fb_helper_fbdev_setup [drm_kms_helper]] *ERROR* Failed to set fbdev configuration [ 10.404937] Unable to handle kernel paging request at virtual address 00330a656369768a [ 10.441620] [00330a656369768a] address between user and kernel address ranges [ 10.449087] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 10.454762] Modules linked in: brcmfmac vc4 drm_kms_helper cfg80211 drm rfkill smsc95xx brcmutil usbnet drm_panel_orientation_quirks raspberrypi_hwmon bcm2835_dma crc32_ce pwm_bcm2835 bcm2835_rng virt_dma rng_core i2c_bcm2835 ip_tables x_tables ipv6 [ 10.477296] CPU: 2 PID: 45 Comm: kworker/2:1 Not tainted 4.19.0-rc5 #3 [ 10.483934] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) [ 10.489966] Workqueue: events output_poll_execute [drm_kms_helper] [ 10.596515] Process kworker/2:1 (pid: 45, stack limit = 0x000000007e8924dc) [ 10.603590] Call trace: [ 10.606259] drm_client_dev_hotplug+0x5c/0xb0 [drm] [ 10.611303] drm_kms_helper_hotplug_event+0x30/0x40 [drm_kms_helper] [ 10.617849] output_poll_execute+0xc4/0x1e0 [drm_kms_helper] [ 10.623616] process_one_work+0x1c8/0x318 [ 10.627695] worker_thread+0x48/0x428 [ 10.631420] kthread+0xf8/0x128 [ 10.634615] ret_from_fork+0x10/0x18 [ 10.638255] Code: 54000220 f9401261 aa1303e0 b4000141 (f9400c21) [ 10.644456] ---[ end trace c75b4a4b0e141908 ]--- The reason for this is that drm_fbdev_cma_init() removes the drm_client when fbdev registration fails, but it doesn't remove the client from the drm_device client list. So the client list now has a pointer that points into the unknown and we have a 'use after free' situation. Split drm_client_new() into drm_client_init() and drm_client_add() to fix removal in the error path. Fixes: 894a677f4b3e ("drm/cma-helper: Use the generic fbdev emulation") Reported-by: Sergey Suloev Cc: Stefan Wahren Cc: Eric Anholt Cc: Daniel Vetter Signed-off-by: Noralf Trønnes Reviewed-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20181001194536.57756-1-noralf@tronnes.org commit 37355bdc5a129899f6b245900a8eb944a092f7fd Author: Mel Gorman Date: Mon Oct 1 11:05:25 2018 +0100 sched/numa: Migrate pages to local nodes quicker early in the lifetime of a task Automatic NUMA Balancing uses a multi-stage pass to decide whether a page should migrate to a local node. This filter avoids excessive ping-ponging if a page is shared or used by threads that migrate cross-node frequently. Threads inherit both page tables and the preferred node ID from the parent. This means that threads can trigger hinting faults earlier than a new task which delays scanning for a number of seconds. As it can be load balanced very early in its lifetime there can be an unnecessary delay before it starts migrating thread-local data. This patch migrates private pages faster early in the lifetime of a thread using the sequence counter as an identifier of new tasks. With this patch applied, STREAM performance is the same as 4.17 even though processes are not spread cross-node prematurely. Other workloads showed a mix of minor gains and losses. This is somewhat expected most workloads are not very sensitive to the starting conditions of a process. 4.19.0-rc5 4.19.0-rc5 4.17.0 numab-v1r1 fastmigrate-v1r1 vanilla MB/sec copy 43298.52 ( 0.00%) 47335.46 ( 9.32%) 47219.24 ( 9.06%) MB/sec scale 30115.06 ( 0.00%) 32568.12 ( 8.15%) 32527.56 ( 8.01%) MB/sec add 32825.12 ( 0.00%) 36078.94 ( 9.91%) 35928.02 ( 9.45%) MB/sec triad 32549.52 ( 0.00%) 35935.94 ( 10.40%) 35969.88 ( 10.51%) Signed-off-by: Mel Gorman Reviewed-by: Rik van Riel Acked-by: Peter Zijlstra Cc: Jirka Hladky Cc: Linus Torvalds Cc: Linux-MM Cc: Srikar Dronamraju Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20181001100525.29789-3-mgorman@techsingularity.net Signed-off-by: Ingo Molnar commit efaffc5e40aeced0bcb497ed7a0a5b8c14abfcdf Author: Mel Gorman Date: Mon Oct 1 11:05:24 2018 +0100 mm, sched/numa: Remove rate-limiting of automatic NUMA balancing migration Rate limiting of page migrations due to automatic NUMA balancing was introduced to mitigate the worst-case scenario of migrating at high frequency due to false sharing or slowly ping-ponging between nodes. Since then, a lot of effort was spent on correctly identifying these pages and avoiding unnecessary migrations and the safety net may no longer be required. Jirka Hladky reported a regression in 4.17 due to a scheduler patch that avoids spreading STREAM tasks wide prematurely. However, once the task was properly placed, it delayed migrating the memory due to rate limiting. Increasing the limit fixed the problem for him. Currently, the limit is hard-coded and does not account for the real capabilities of the hardware. Even if an estimate was attempted, it would not properly account for the number of memory controllers and it could not account for the amount of bandwidth used for normal accesses. Rather than fudging, this patch simply eliminates the rate limiting. However, Jirka reports that a STREAM configuration using multiple processes achieved similar performance to 4.16. In local tests, this patch improved performance of STREAM relative to the baseline but it is somewhat machine-dependent. Most workloads show little or not performance difference implying that there is not a heavily reliance on the throttling mechanism and it is safe to remove. STREAM on 2-socket machine 4.19.0-rc5 4.19.0-rc5 numab-v1r1 noratelimit-v1r1 MB/sec copy 43298.52 ( 0.00%) 44673.38 ( 3.18%) MB/sec scale 30115.06 ( 0.00%) 31293.06 ( 3.91%) MB/sec add 32825.12 ( 0.00%) 34883.62 ( 6.27%) MB/sec triad 32549.52 ( 0.00%) 34906.60 ( 7.24% Signed-off-by: Mel Gorman Reviewed-by: Rik van Riel Acked-by: Peter Zijlstra Cc: Jirka Hladky Cc: Linus Torvalds Cc: Linux-MM Cc: Srikar Dronamraju Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20181001100525.29789-2-mgorman@techsingularity.net Signed-off-by: Ingo Molnar commit 6d348925b306ab0cc9757a09a8cea6bf288018e4 Author: Will Deacon Date: Mon Oct 1 15:28:56 2018 +0100 MAINTAINERS: Remove dead path from LOCKING PRIMITIVES entry Since 890658b7ab48 ("locking/mutex: Kill arch specific code"), there are no mutex header files under arch/, so we can remove the redundant entry from MAINTAINERS. Reported-by: Joe Perches Signed-off-by: Will Deacon Cc: Jason Low Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20181001142856.GC9716@arm.com Signed-off-by: Ingo Molnar commit 12d43deb1ee639d01a2a8d2a7a4cc8ad31224475 Author: Jann Horn Date: Mon Oct 1 17:31:17 2018 +0200 drm: fix use-after-free read in drm_mode_create_lease_ioctl() fd_install() moves the reference given to it into the file descriptor table of the current process. If the current process is multithreaded, then immediately after fd_install(), another thread can close() the file descriptor and cause the file's resources to be cleaned up. Since the reference to "lessee" is held by the file, we must not access "lessee" after the fd_install() call. As far as I can tell, to reach this codepath, the caller must have an open file descriptor to a DRI device in master mode. I'm not sure what the requirements for that are. Signed-off-by: Jann Horn Fixes: 62884cd386b8 ("drm: Add four ioctls for managing drm mode object leases [v7]") Cc: stable@vger.kernel.org Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20181001153117.216923-1-jannh@google.com commit 24abf2901b18bf941b9f21ea2ce5791f61097ae4 Author: Eric Farman Date: Tue Oct 2 03:02:35 2018 +0200 s390/cio: Fix how vfio-ccw checks pinned pages We have two nested loops to check the entries within the pfn_array_table arrays. But we mistakenly use the outer array as an index in our check, and completely ignore the indexing performed by the inner loop. Cc: stable@vger.kernel.org Signed-off-by: Eric Farman Message-Id: <20181002010235.42483-1-farman@linux.ibm.com> Signed-off-by: Cornelia Huck commit 6fd98e775f24fd41520928d345f5db3ff52bb35d Author: Srikar Dronamraju Date: Fri Sep 21 23:19:01 2018 +0530 sched/numa: Avoid task migration for small NUMA improvement If NUMA improvement from the task migration is going to be very minimal, then avoid task migration. Specjbb2005 results (8 warehouses) Higher bops are better 2 Socket - 2 Node Haswell - X86 JVMS Prev Current %Change 4 198512 205910 3.72673 1 313559 318491 1.57291 2 Socket - 4 Node Power8 - PowerNV JVMS Prev Current %Change 8 74761.9 74935.9 0.232739 1 214874 226796 5.54837 2 Socket - 2 Node Power9 - PowerNV JVMS Prev Current %Change 4 180536 189780 5.12031 1 210281 205695 -2.18089 4 Socket - 4 Node Power7 - PowerVM JVMS Prev Current %Change 8 56511.4 60370 6.828 1 104899 108100 3.05151 1/7 cases is regressing, if we look at events migrate_pages seem to vary the most especially in the regressing case. Also some amount of variance is expected between different runs of Specjbb2005. Some events stats before and after applying the patch. perf stats 8th warehouse Multi JVM 2 Socket - 2 Node Haswell - X86 Event Before After cs 13,818,546 13,801,554 migrations 1,149,960 1,151,541 faults 385,583 433,246 cache-misses 55,259,546,768 55,168,691,835 sched:sched_move_numa 2,257 2,551 sched:sched_stick_numa 9 24 sched:sched_swap_numa 512 904 migrate:mm_migrate_pages 2,225 1,571 vmstat 8th warehouse Multi JVM 2 Socket - 2 Node Haswell - X86 Event Before After numa_hint_faults 72692 113682 numa_hint_faults_local 62270 102163 numa_hit 238762 240181 numa_huge_pte_updates 48 36 numa_interleave 75 64 numa_local 238676 240103 numa_other 86 78 numa_pages_migrated 2225 1564 numa_pte_updates 98557 134080 perf stats 8th warehouse Single JVM 2 Socket - 2 Node Haswell - X86 Event Before After cs 3,173,490 3,079,150 migrations 36,966 31,455 faults 108,776 99,081 cache-misses 12,200,075,320 11,588,126,740 sched:sched_move_numa 1,264 1 sched:sched_stick_numa 0 0 sched:sched_swap_numa 0 0 migrate:mm_migrate_pages 899 36 vmstat 8th warehouse Single JVM 2 Socket - 2 Node Haswell - X86 Event Before After numa_hint_faults 21109 430 numa_hint_faults_local 17120 77 numa_hit 72934 71277 numa_huge_pte_updates 42 0 numa_interleave 33 22 numa_local 72866 71218 numa_other 68 59 numa_pages_migrated 915 23 numa_pte_updates 42326 0 perf stats 8th warehouse Multi JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After cs 8,312,022 8,707,565 migrations 231,705 171,342 faults 310,242 310,820 cache-misses 402,324,573 136,115,400 sched:sched_move_numa 193 215 sched:sched_stick_numa 0 6 sched:sched_swap_numa 3 24 migrate:mm_migrate_pages 93 162 vmstat 8th warehouse Multi JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After numa_hint_faults 11838 8985 numa_hint_faults_local 11216 8154 numa_hit 90689 93819 numa_huge_pte_updates 0 0 numa_interleave 1579 882 numa_local 89634 93496 numa_other 1055 323 numa_pages_migrated 92 169 numa_pte_updates 12109 9217 perf stats 8th warehouse Single JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After cs 2,170,481 2,152,072 migrations 10,126 10,704 faults 160,962 164,376 cache-misses 10,834,845 3,818,437 sched:sched_move_numa 10 16 sched:sched_stick_numa 0 0 sched:sched_swap_numa 0 7 migrate:mm_migrate_pages 2 199 vmstat 8th warehouse Single JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After numa_hint_faults 403 2248 numa_hint_faults_local 358 1666 numa_hit 25898 25704 numa_huge_pte_updates 0 0 numa_interleave 207 200 numa_local 25860 25679 numa_other 38 25 numa_pages_migrated 2 197 numa_pte_updates 400 2234 perf stats 8th warehouse Multi JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After cs 110,339,633 93,330,595 migrations 4,139,812 4,122,061 faults 863,622 865,979 cache-misses 231,838,045,660 225,395,083,479 sched:sched_move_numa 2,196 2,372 sched:sched_stick_numa 33 24 sched:sched_swap_numa 544 769 migrate:mm_migrate_pages 2,469 1,677 vmstat 8th warehouse Multi JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After numa_hint_faults 85748 91638 numa_hint_faults_local 66831 78096 numa_hit 242213 242225 numa_huge_pte_updates 0 0 numa_interleave 0 2 numa_local 242211 242219 numa_other 2 6 numa_pages_migrated 2376 1515 numa_pte_updates 86233 92274 perf stats 8th warehouse Single JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After cs 59,331,057 51,487,271 migrations 552,019 537,170 faults 266,586 256,921 cache-misses 73,796,312,990 70,073,831,187 sched:sched_move_numa 981 576 sched:sched_stick_numa 54 24 sched:sched_swap_numa 286 327 migrate:mm_migrate_pages 713 726 vmstat 8th warehouse Single JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After numa_hint_faults 14807 12000 numa_hint_faults_local 5738 5024 numa_hit 36230 36470 numa_huge_pte_updates 0 0 numa_interleave 0 0 numa_local 36228 36465 numa_other 2 5 numa_pages_migrated 703 726 numa_pte_updates 14742 11930 Signed-off-by: Srikar Dronamraju Signed-off-by: Peter Zijlstra (Intel) Cc: Jirka Hladky Cc: Linus Torvalds Cc: Mel Gorman Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Rik van Riel Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1537552141-27815-7-git-send-email-srikar@linux.vnet.ibm.com Signed-off-by: Ingo Molnar commit 7534612123e0f5d020aba1076a6bb505db0e6bfe Author: Srikar Dronamraju Date: Fri Sep 21 23:19:00 2018 +0530 mm/migrate: Use spin_trylock() while resetting rate limit Since this spinlock will only serialize the migrate rate limiting, convert the spin_lock() to a spin_trylock(). If another thread is updating, this task can move on. Specjbb2005 results (8 warehouses) Higher bops are better 2 Socket - 2 Node Haswell - X86 JVMS Prev Current %Change 4 205332 198512 -3.32145 1 319785 313559 -1.94693 2 Socket - 4 Node Power8 - PowerNV JVMS Prev Current %Change 8 74912 74761.9 -0.200368 1 206585 214874 4.01239 2 Socket - 2 Node Power9 - PowerNV JVMS Prev Current %Change 4 189162 180536 -4.56011 1 213760 210281 -1.62753 4 Socket - 4 Node Power7 - PowerVM JVMS Prev Current %Change 8 58736.8 56511.4 -3.78877 1 105419 104899 -0.49327 Avoiding stretching of window intervals may be the reason for the regression. Also code now uses READ_ONCE/WRITE_ONCE. That may also be hurting performance to some extent. Some events stats before and after applying the patch. perf stats 8th warehouse Multi JVM 2 Socket - 2 Node Haswell - X86 Event Before After cs 14,285,708 13,818,546 migrations 1,180,621 1,149,960 faults 339,114 385,583 cache-misses 55,205,631,894 55,259,546,768 sched:sched_move_numa 843 2,257 sched:sched_stick_numa 6 9 sched:sched_swap_numa 219 512 migrate:mm_migrate_pages 365 2,225 vmstat 8th warehouse Multi JVM 2 Socket - 2 Node Haswell - X86 Event Before After numa_hint_faults 26907 72692 numa_hint_faults_local 24279 62270 numa_hit 239771 238762 numa_huge_pte_updates 0 48 numa_interleave 68 75 numa_local 239688 238676 numa_other 83 86 numa_pages_migrated 363 2225 numa_pte_updates 27415 98557 perf stats 8th warehouse Single JVM 2 Socket - 2 Node Haswell - X86 Event Before After cs 3,202,779 3,173,490 migrations 37,186 36,966 faults 106,076 108,776 cache-misses 12,024,873,744 12,200,075,320 sched:sched_move_numa 931 1,264 sched:sched_stick_numa 0 0 sched:sched_swap_numa 1 0 migrate:mm_migrate_pages 637 899 vmstat 8th warehouse Single JVM 2 Socket - 2 Node Haswell - X86 Event Before After numa_hint_faults 17409 21109 numa_hint_faults_local 14367 17120 numa_hit 73953 72934 numa_huge_pte_updates 20 42 numa_interleave 25 33 numa_local 73892 72866 numa_other 61 68 numa_pages_migrated 668 915 numa_pte_updates 27276 42326 perf stats 8th warehouse Multi JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After cs 8,474,013 8,312,022 migrations 254,934 231,705 faults 320,506 310,242 cache-misses 110,580,458 402,324,573 sched:sched_move_numa 725 193 sched:sched_stick_numa 0 0 sched:sched_swap_numa 7 3 migrate:mm_migrate_pages 145 93 vmstat 8th warehouse Multi JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After numa_hint_faults 22797 11838 numa_hint_faults_local 21539 11216 numa_hit 89308 90689 numa_huge_pte_updates 0 0 numa_interleave 865 1579 numa_local 88955 89634 numa_other 353 1055 numa_pages_migrated 149 92 numa_pte_updates 22930 12109 perf stats 8th warehouse Single JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After cs 2,195,628 2,170,481 migrations 11,179 10,126 faults 149,656 160,962 cache-misses 8,117,515 10,834,845 sched:sched_move_numa 49 10 sched:sched_stick_numa 0 0 sched:sched_swap_numa 0 0 migrate:mm_migrate_pages 5 2 vmstat 8th warehouse Single JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After numa_hint_faults 3577 403 numa_hint_faults_local 3476 358 numa_hit 26142 25898 numa_huge_pte_updates 0 0 numa_interleave 358 207 numa_local 26042 25860 numa_other 100 38 numa_pages_migrated 5 2 numa_pte_updates 3587 400 perf stats 8th warehouse Multi JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After cs 100,602,296 110,339,633 migrations 4,135,630 4,139,812 faults 789,256 863,622 cache-misses 226,160,621,058 231,838,045,660 sched:sched_move_numa 1,366 2,196 sched:sched_stick_numa 16 33 sched:sched_swap_numa 374 544 migrate:mm_migrate_pages 1,350 2,469 vmstat 8th warehouse Multi JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After numa_hint_faults 47857 85748 numa_hint_faults_local 39768 66831 numa_hit 240165 242213 numa_huge_pte_updates 0 0 numa_interleave 0 0 numa_local 240165 242211 numa_other 0 2 numa_pages_migrated 1224 2376 numa_pte_updates 48354 86233 perf stats 8th warehouse Single JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After cs 58,515,496 59,331,057 migrations 564,845 552,019 faults 245,807 266,586 cache-misses 73,603,757,976 73,796,312,990 sched:sched_move_numa 996 981 sched:sched_stick_numa 10 54 sched:sched_swap_numa 193 286 migrate:mm_migrate_pages 646 713 vmstat 8th warehouse Single JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After numa_hint_faults 13422 14807 numa_hint_faults_local 5619 5738 numa_hit 36118 36230 numa_huge_pte_updates 0 0 numa_interleave 0 0 numa_local 36116 36228 numa_other 2 2 numa_pages_migrated 616 703 numa_pte_updates 13374 14742 Suggested-by: Peter Zijlstra Signed-off-by: Srikar Dronamraju Signed-off-by: Peter Zijlstra (Intel) Cc: Jirka Hladky Cc: Linus Torvalds Cc: Mel Gorman Cc: Mike Galbraith Cc: Rik van Riel Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1537552141-27815-6-git-send-email-srikar@linux.vnet.ibm.com Signed-off-by: Ingo Molnar commit 05cbdf4f5c191ff378c47bbf66d7230beb725bdb Author: Mel Gorman Date: Fri Sep 21 23:18:59 2018 +0530 sched/numa: Limit the conditions where scan period is reset migrate_task_rq_fair() resets the scan rate for NUMA balancing on every cross-node migration. In the event of excessive load balancing due to saturation, this may result in the scan rate being pegged at maximum and further overloading the machine. This patch only resets the scan if NUMA balancing is active, a preferred node has been selected and the task is being migrated from the preferred node as these are the most harmful. For example, a migration to the preferred node does not justify a faster scan rate. Similarly, a migration between two nodes that are not preferred is probably bouncing due to over-saturation of the machine. In that case, scanning faster and trapping more NUMA faults will further overload the machine. Specjbb2005 results (8 warehouses) Higher bops are better 2 Socket - 2 Node Haswell - X86 JVMS Prev Current %Change 4 203370 205332 0.964744 1 328431 319785 -2.63252 2 Socket - 4 Node Power8 - PowerNV JVMS Prev Current %Change 1 206070 206585 0.249915 2 Socket - 2 Node Power9 - PowerNV JVMS Prev Current %Change 4 188386 189162 0.41192 1 201566 213760 6.04963 4 Socket - 4 Node Power7 - PowerVM JVMS Prev Current %Change 8 59157.4 58736.8 -0.710985 1 105495 105419 -0.0720413 Some events stats before and after applying the patch. perf stats 8th warehouse Multi JVM 2 Socket - 2 Node Haswell - X86 Event Before After cs 13,825,492 14,285,708 migrations 1,152,509 1,180,621 faults 371,948 339,114 cache-misses 55,654,206,041 55,205,631,894 sched:sched_move_numa 1,856 843 sched:sched_stick_numa 4 6 sched:sched_swap_numa 428 219 migrate:mm_migrate_pages 898 365 vmstat 8th warehouse Multi JVM 2 Socket - 2 Node Haswell - X86 Event Before After numa_hint_faults 57146 26907 numa_hint_faults_local 51612 24279 numa_hit 238164 239771 numa_huge_pte_updates 16 0 numa_interleave 63 68 numa_local 238085 239688 numa_other 79 83 numa_pages_migrated 883 363 numa_pte_updates 67540 27415 perf stats 8th warehouse Single JVM 2 Socket - 2 Node Haswell - X86 Event Before After cs 3,288,525 3,202,779 migrations 38,652 37,186 faults 111,678 106,076 cache-misses 12,111,197,376 12,024,873,744 sched:sched_move_numa 900 931 sched:sched_stick_numa 0 0 sched:sched_swap_numa 5 1 migrate:mm_migrate_pages 714 637 vmstat 8th warehouse Single JVM 2 Socket - 2 Node Haswell - X86 Event Before After numa_hint_faults 18572 17409 numa_hint_faults_local 14850 14367 numa_hit 73197 73953 numa_huge_pte_updates 11 20 numa_interleave 25 25 numa_local 73138 73892 numa_other 59 61 numa_pages_migrated 712 668 numa_pte_updates 24021 27276 perf stats 8th warehouse Multi JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After cs 8,451,543 8,474,013 migrations 202,804 254,934 faults 310,024 320,506 cache-misses 253,522,507 110,580,458 sched:sched_move_numa 213 725 sched:sched_stick_numa 0 0 sched:sched_swap_numa 2 7 migrate:mm_migrate_pages 88 145 vmstat 8th warehouse Multi JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After numa_hint_faults 11830 22797 numa_hint_faults_local 11301 21539 numa_hit 90038 89308 numa_huge_pte_updates 0 0 numa_interleave 855 865 numa_local 89796 88955 numa_other 242 353 numa_pages_migrated 88 149 numa_pte_updates 12039 22930 perf stats 8th warehouse Single JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After cs 2,049,153 2,195,628 migrations 11,405 11,179 faults 162,309 149,656 cache-misses 7,203,343 8,117,515 sched:sched_move_numa 22 49 sched:sched_stick_numa 0 0 sched:sched_swap_numa 0 0 migrate:mm_migrate_pages 1 5 vmstat 8th warehouse Single JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After numa_hint_faults 1693 3577 numa_hint_faults_local 1669 3476 numa_hit 25177 26142 numa_huge_pte_updates 0 0 numa_interleave 194 358 numa_local 24993 26042 numa_other 184 100 numa_pages_migrated 1 5 numa_pte_updates 1577 3587 perf stats 8th warehouse Multi JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After cs 94,515,937 100,602,296 migrations 4,203,554 4,135,630 faults 832,697 789,256 cache-misses 226,248,698,331 226,160,621,058 sched:sched_move_numa 1,730 1,366 sched:sched_stick_numa 14 16 sched:sched_swap_numa 432 374 migrate:mm_migrate_pages 1,398 1,350 vmstat 8th warehouse Multi JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After numa_hint_faults 80079 47857 numa_hint_faults_local 68620 39768 numa_hit 241187 240165 numa_huge_pte_updates 0 0 numa_interleave 0 0 numa_local 241186 240165 numa_other 1 0 numa_pages_migrated 1347 1224 numa_pte_updates 80729 48354 perf stats 8th warehouse Single JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After cs 63,704,961 58,515,496 migrations 573,404 564,845 faults 230,878 245,807 cache-misses 76,568,222,781 73,603,757,976 sched:sched_move_numa 509 996 sched:sched_stick_numa 31 10 sched:sched_swap_numa 182 193 migrate:mm_migrate_pages 541 646 vmstat 8th warehouse Single JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After numa_hint_faults 8501 13422 numa_hint_faults_local 2960 5619 numa_hit 35526 36118 numa_huge_pte_updates 0 0 numa_interleave 0 0 numa_local 35526 36116 numa_other 0 2 numa_pages_migrated 539 616 numa_pte_updates 8433 13374 Signed-off-by: Mel Gorman Signed-off-by: Srikar Dronamraju Signed-off-by: Peter Zijlstra (Intel) Cc: Jirka Hladky Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Rik van Riel Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1537552141-27815-5-git-send-email-srikar@linux.vnet.ibm.com Signed-off-by: Ingo Molnar commit 3f9672baaa70fc62765857f13f007feb01f9ad33 Author: Srikar Dronamraju Date: Fri Sep 21 23:18:58 2018 +0530 sched/numa: Reset scan rate whenever task moves across nodes Currently task scan rate is reset when NUMA balancer migrates the task to a different node. If NUMA balancer initiates a swap, reset is only applicable to the task that initiates the swap. Similarly no scan rate reset is done if the task is migrated across nodes by traditional load balancer. Instead move the scan reset to the migrate_task_rq. This ensures the task moved out of its preferred node, either gets back to its preferred node quickly or finds a new preferred node. Doing so, would be fair to all tasks migrating across nodes. Specjbb2005 results (8 warehouses) Higher bops are better 2 Socket - 2 Node Haswell - X86 JVMS Prev Current %Change 4 200668 203370 1.3465 1 321791 328431 2.06345 2 Socket - 4 Node Power8 - PowerNV JVMS Prev Current %Change 1 204848 206070 0.59654 2 Socket - 2 Node Power9 - PowerNV JVMS Prev Current %Change 4 188098 188386 0.153112 1 200351 201566 0.606436 4 Socket - 4 Node Power7 - PowerVM JVMS Prev Current %Change 8 58145.9 59157.4 1.73959 1 103798 105495 1.63491 Some events stats before and after applying the patch. perf stats 8th warehouse Multi JVM 2 Socket - 2 Node Haswell - X86 Event Before After cs 13,912,183 13,825,492 migrations 1,155,931 1,152,509 faults 367,139 371,948 cache-misses 54,240,196,814 55,654,206,041 sched:sched_move_numa 1,571 1,856 sched:sched_stick_numa 9 4 sched:sched_swap_numa 463 428 migrate:mm_migrate_pages 703 898 vmstat 8th warehouse Multi JVM 2 Socket - 2 Node Haswell - X86 Event Before After numa_hint_faults 50155 57146 numa_hint_faults_local 45264 51612 numa_hit 239652 238164 numa_huge_pte_updates 36 16 numa_interleave 68 63 numa_local 239576 238085 numa_other 76 79 numa_pages_migrated 680 883 numa_pte_updates 71146 67540 perf stats 8th warehouse Single JVM 2 Socket - 2 Node Haswell - X86 Event Before After cs 3,156,720 3,288,525 migrations 30,354 38,652 faults 97,261 111,678 cache-misses 12,400,026,826 12,111,197,376 sched:sched_move_numa 4 900 sched:sched_stick_numa 0 0 sched:sched_swap_numa 1 5 migrate:mm_migrate_pages 20 714 vmstat 8th warehouse Single JVM 2 Socket - 2 Node Haswell - X86 Event Before After numa_hint_faults 272 18572 numa_hint_faults_local 186 14850 numa_hit 71362 73197 numa_huge_pte_updates 0 11 numa_interleave 23 25 numa_local 71299 73138 numa_other 63 59 numa_pages_migrated 2 712 numa_pte_updates 0 24021 perf stats 8th warehouse Multi JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After cs 8,606,824 8,451,543 migrations 155,352 202,804 faults 301,409 310,024 cache-misses 157,759,224 253,522,507 sched:sched_move_numa 168 213 sched:sched_stick_numa 0 0 sched:sched_swap_numa 3 2 migrate:mm_migrate_pages 125 88 vmstat 8th warehouse Multi JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After numa_hint_faults 4650 11830 numa_hint_faults_local 3946 11301 numa_hit 90489 90038 numa_huge_pte_updates 0 0 numa_interleave 892 855 numa_local 90034 89796 numa_other 455 242 numa_pages_migrated 124 88 numa_pte_updates 4818 12039 perf stats 8th warehouse Single JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After cs 2,113,167 2,049,153 migrations 10,533 11,405 faults 142,727 162,309 cache-misses 5,594,192 7,203,343 sched:sched_move_numa 10 22 sched:sched_stick_numa 0 0 sched:sched_swap_numa 0 0 migrate:mm_migrate_pages 6 1 vmstat 8th warehouse Single JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After numa_hint_faults 744 1693 numa_hint_faults_local 584 1669 numa_hit 25551 25177 numa_huge_pte_updates 0 0 numa_interleave 263 194 numa_local 25302 24993 numa_other 249 184 numa_pages_migrated 6 1 numa_pte_updates 744 1577 perf stats 8th warehouse Multi JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After cs 101,227,352 94,515,937 migrations 4,151,829 4,203,554 faults 745,233 832,697 cache-misses 224,669,561,766 226,248,698,331 sched:sched_move_numa 617 1,730 sched:sched_stick_numa 2 14 sched:sched_swap_numa 187 432 migrate:mm_migrate_pages 316 1,398 vmstat 8th warehouse Multi JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After numa_hint_faults 24195 80079 numa_hint_faults_local 21639 68620 numa_hit 238331 241187 numa_huge_pte_updates 0 0 numa_interleave 0 0 numa_local 238331 241186 numa_other 0 1 numa_pages_migrated 204 1347 numa_pte_updates 24561 80729 perf stats 8th warehouse Single JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After cs 62,738,978 63,704,961 migrations 562,702 573,404 faults 228,465 230,878 cache-misses 75,778,067,952 76,568,222,781 sched:sched_move_numa 648 509 sched:sched_stick_numa 13 31 sched:sched_swap_numa 137 182 migrate:mm_migrate_pages 733 541 vmstat 8th warehouse Single JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After numa_hint_faults 10281 8501 numa_hint_faults_local 3242 2960 numa_hit 36338 35526 numa_huge_pte_updates 0 0 numa_interleave 0 0 numa_local 36338 35526 numa_other 0 0 numa_pages_migrated 706 539 numa_pte_updates 10176 8433 Signed-off-by: Srikar Dronamraju Signed-off-by: Peter Zijlstra (Intel) Cc: Jirka Hladky Cc: Linus Torvalds Cc: Mel Gorman Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Rik van Riel Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1537552141-27815-4-git-send-email-srikar@linux.vnet.ibm.com Signed-off-by: Ingo Molnar commit 1327237a5978b00bcc665c33046c9bae75da1154 Author: Srikar Dronamraju Date: Fri Sep 21 23:18:57 2018 +0530 sched/numa: Pass destination CPU as a parameter to migrate_task_rq This additional parameter (new_cpu) is used later for identifying if task migration is across nodes. No functional change. Specjbb2005 results (8 warehouses) Higher bops are better 2 Socket - 2 Node Haswell - X86 JVMS Prev Current %Change 4 203353 200668 -1.32036 1 328205 321791 -1.95427 2 Socket - 4 Node Power8 - PowerNV JVMS Prev Current %Change 1 214384 204848 -4.44809 2 Socket - 2 Node Power9 - PowerNV JVMS Prev Current %Change 4 188553 188098 -0.241311 1 196273 200351 2.07772 4 Socket - 4 Node Power7 - PowerVM JVMS Prev Current %Change 8 57581.2 58145.9 0.980702 1 103468 103798 0.318939 Brings out the variance between different specjbb2005 runs. Some events stats before and after applying the patch. perf stats 8th warehouse Multi JVM 2 Socket - 2 Node Haswell - X86 Event Before After cs 13,941,377 13,912,183 migrations 1,157,323 1,155,931 faults 382,175 367,139 cache-misses 54,993,823,500 54,240,196,814 sched:sched_move_numa 2,005 1,571 sched:sched_stick_numa 14 9 sched:sched_swap_numa 529 463 migrate:mm_migrate_pages 1,573 703 vmstat 8th warehouse Multi JVM 2 Socket - 2 Node Haswell - X86 Event Before After numa_hint_faults 67099 50155 numa_hint_faults_local 58456 45264 numa_hit 240416 239652 numa_huge_pte_updates 18 36 numa_interleave 65 68 numa_local 240339 239576 numa_other 77 76 numa_pages_migrated 1574 680 numa_pte_updates 77182 71146 perf stats 8th warehouse Single JVM 2 Socket - 2 Node Haswell - X86 Event Before After cs 3,176,453 3,156,720 migrations 30,238 30,354 faults 87,869 97,261 cache-misses 12,544,479,391 12,400,026,826 sched:sched_move_numa 23 4 sched:sched_stick_numa 0 0 sched:sched_swap_numa 6 1 migrate:mm_migrate_pages 10 20 vmstat 8th warehouse Single JVM 2 Socket - 2 Node Haswell - X86 Event Before After numa_hint_faults 236 272 numa_hint_faults_local 201 186 numa_hit 72293 71362 numa_huge_pte_updates 0 0 numa_interleave 26 23 numa_local 72233 71299 numa_other 60 63 numa_pages_migrated 8 2 numa_pte_updates 0 0 perf stats 8th warehouse Multi JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After cs 8,478,820 8,606,824 migrations 171,323 155,352 faults 307,499 301,409 cache-misses 240,353,599 157,759,224 sched:sched_move_numa 214 168 sched:sched_stick_numa 0 0 sched:sched_swap_numa 4 3 migrate:mm_migrate_pages 89 125 vmstat 8th warehouse Multi JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After numa_hint_faults 5301 4650 numa_hint_faults_local 4745 3946 numa_hit 92943 90489 numa_huge_pte_updates 0 0 numa_interleave 899 892 numa_local 92345 90034 numa_other 598 455 numa_pages_migrated 88 124 numa_pte_updates 5505 4818 perf stats 8th warehouse Single JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After cs 2,066,172 2,113,167 migrations 11,076 10,533 faults 149,544 142,727 cache-misses 10,398,067 5,594,192 sched:sched_move_numa 43 10 sched:sched_stick_numa 0 0 sched:sched_swap_numa 0 0 migrate:mm_migrate_pages 6 6 vmstat 8th warehouse Single JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After numa_hint_faults 3552 744 numa_hint_faults_local 3347 584 numa_hit 25611 25551 numa_huge_pte_updates 0 0 numa_interleave 213 263 numa_local 25583 25302 numa_other 28 249 numa_pages_migrated 6 6 numa_pte_updates 3535 744 perf stats 8th warehouse Multi JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After cs 99,358,136 101,227,352 migrations 4,041,607 4,151,829 faults 749,653 745,233 cache-misses 225,562,543,251 224,669,561,766 sched:sched_move_numa 771 617 sched:sched_stick_numa 14 2 sched:sched_swap_numa 204 187 migrate:mm_migrate_pages 1,180 316 vmstat 8th warehouse Multi JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After numa_hint_faults 27409 24195 numa_hint_faults_local 20677 21639 numa_hit 239988 238331 numa_huge_pte_updates 0 0 numa_interleave 0 0 numa_local 239983 238331 numa_other 5 0 numa_pages_migrated 1016 204 numa_pte_updates 27916 24561 perf stats 8th warehouse Single JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After cs 60,899,307 62,738,978 migrations 544,668 562,702 faults 270,834 228,465 cache-misses 74,543,455,635 75,778,067,952 sched:sched_move_numa 735 648 sched:sched_stick_numa 25 13 sched:sched_swap_numa 174 137 migrate:mm_migrate_pages 816 733 vmstat 8th warehouse Single JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After numa_hint_faults 11059 10281 numa_hint_faults_local 4733 3242 numa_hit 41384 36338 numa_huge_pte_updates 0 0 numa_interleave 0 0 numa_local 41383 36338 numa_other 1 0 numa_pages_migrated 815 706 numa_pte_updates 11323 10176 Signed-off-by: Srikar Dronamraju Signed-off-by: Peter Zijlstra (Intel) Cc: Jirka Hladky Cc: Linus Torvalds Cc: Mel Gorman Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Rik van Riel Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1537552141-27815-3-git-send-email-srikar@linux.vnet.ibm.com Signed-off-by: Ingo Molnar commit a4739eca4456e3d140cc656c5331d42b7465f91d Author: Srikar Dronamraju Date: Fri Sep 21 23:18:56 2018 +0530 sched/numa: Stop multiple tasks from moving to the CPU at the same time Task migration under NUMA balancing can happen in parallel. More than one task might choose to migrate to the same CPU at the same time. This can result in: - During task swap, choosing a task that was not part of the evaluation. - During task swap, task which just got moved into its preferred node, moving to a completely different node. - During task swap, task failing to move to the preferred node, will have to wait an extra interval for the next migrate opportunity. - During task movement, multiple task movements can cause load imbalance. This problem is more likely if there are more cores per node or more nodes in the system. Use a per run-queue variable to check if NUMA-balance is active on the run-queue. Specjbb2005 results (8 warehouses) Higher bops are better 2 Socket - 2 Node Haswell - X86 JVMS Prev Current %Change 4 200194 203353 1.57797 1 311331 328205 5.41995 2 Socket - 4 Node Power8 - PowerNV JVMS Prev Current %Change 1 197654 214384 8.46429 2 Socket - 2 Node Power9 - PowerNV JVMS Prev Current %Change 4 192605 188553 -2.10379 1 213402 196273 -8.02664 4 Socket - 4 Node Power7 - PowerVM JVMS Prev Current %Change 8 52227.1 57581.2 10.2516 1 102529 103468 0.915838 There is a regression on power 9 box. If we look at the details, that box has a sudden jump in cache-misses with this patch. All other parameters seem to be pointing towards NUMA consolidation. perf stats 8th warehouse Multi JVM 2 Socket - 2 Node Haswell - X86 Event Before After cs 13,345,784 13,941,377 migrations 1,127,820 1,157,323 faults 374,736 382,175 cache-misses 55,132,054,603 54,993,823,500 sched:sched_move_numa 1,923 2,005 sched:sched_stick_numa 52 14 sched:sched_swap_numa 595 529 migrate:mm_migrate_pages 1,932 1,573 vmstat 8th warehouse Multi JVM 2 Socket - 2 Node Haswell - X86 Event Before After numa_hint_faults 60605 67099 numa_hint_faults_local 51804 58456 numa_hit 239945 240416 numa_huge_pte_updates 14 18 numa_interleave 60 65 numa_local 239865 240339 numa_other 80 77 numa_pages_migrated 1931 1574 numa_pte_updates 67823 77182 perf stats 8th warehouse Single JVM 2 Socket - 2 Node Haswell - X86 Event Before After cs 3,016,467 3,176,453 migrations 37,326 30,238 faults 115,342 87,869 cache-misses 11,692,155,554 12,544,479,391 sched:sched_move_numa 965 23 sched:sched_stick_numa 8 0 sched:sched_swap_numa 35 6 migrate:mm_migrate_pages 1,168 10 vmstat 8th warehouse Single JVM 2 Socket - 2 Node Haswell - X86 Event Before After numa_hint_faults 16286 236 numa_hint_faults_local 11863 201 numa_hit 112482 72293 numa_huge_pte_updates 33 0 numa_interleave 20 26 numa_local 112419 72233 numa_other 63 60 numa_pages_migrated 1144 8 numa_pte_updates 32859 0 perf stats 8th warehouse Multi JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After cs 8,629,724 8,478,820 migrations 221,052 171,323 faults 308,661 307,499 cache-misses 135,574,913 240,353,599 sched:sched_move_numa 147 214 sched:sched_stick_numa 0 0 sched:sched_swap_numa 2 4 migrate:mm_migrate_pages 64 89 vmstat 8th warehouse Multi JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After numa_hint_faults 11481 5301 numa_hint_faults_local 10968 4745 numa_hit 89773 92943 numa_huge_pte_updates 0 0 numa_interleave 1116 899 numa_local 89220 92345 numa_other 553 598 numa_pages_migrated 62 88 numa_pte_updates 11694 5505 perf stats 8th warehouse Single JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After cs 2,272,887 2,066,172 migrations 12,206 11,076 faults 163,704 149,544 cache-misses 4,801,186 10,398,067 sched:sched_move_numa 44 43 sched:sched_stick_numa 0 0 sched:sched_swap_numa 0 0 migrate:mm_migrate_pages 17 6 vmstat 8th warehouse Single JVM 2 Socket - 2 Node Power9 - PowerNV Event Before After numa_hint_faults 2261 3552 numa_hint_faults_local 1993 3347 numa_hit 25726 25611 numa_huge_pte_updates 0 0 numa_interleave 239 213 numa_local 25498 25583 numa_other 228 28 numa_pages_migrated 17 6 numa_pte_updates 2266 3535 perf stats 8th warehouse Multi JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After cs 117,980,962 99,358,136 migrations 3,950,220 4,041,607 faults 736,979 749,653 cache-misses 224,976,072,879 225,562,543,251 sched:sched_move_numa 504 771 sched:sched_stick_numa 50 14 sched:sched_swap_numa 239 204 migrate:mm_migrate_pages 1,260 1,180 vmstat 8th warehouse Multi JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After numa_hint_faults 18293 27409 numa_hint_faults_local 11969 20677 numa_hit 240854 239988 numa_huge_pte_updates 0 0 numa_interleave 0 0 numa_local 240851 239983 numa_other 3 5 numa_pages_migrated 1190 1016 numa_pte_updates 18106 27916 perf stats 8th warehouse Single JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After cs 61,053,158 60,899,307 migrations 551,586 544,668 faults 244,174 270,834 cache-misses 74,326,766,973 74,543,455,635 sched:sched_move_numa 344 735 sched:sched_stick_numa 24 25 sched:sched_swap_numa 140 174 migrate:mm_migrate_pages 568 816 vmstat 8th warehouse Single JVM 4 Socket - 4 Node Power7 - PowerVM Event Before After numa_hint_faults 6461 11059 numa_hint_faults_local 2283 4733 numa_hit 35661 41384 numa_huge_pte_updates 0 0 numa_interleave 0 0 numa_local 35661 41383 numa_other 0 1 numa_pages_migrated 568 815 numa_pte_updates 6518 11323 Signed-off-by: Srikar Dronamraju Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Rik van Riel Acked-by: Mel Gorman Cc: Jirka Hladky Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1537552141-27815-2-git-send-email-srikar@linux.vnet.ibm.com Signed-off-by: Ingo Molnar commit d7cbbe49a9304520181fb8c9272d1327deec8453 Author: Natarajan, Janakarajan Date: Thu Sep 27 15:51:55 2018 +0000 perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events In Family 17h, some L3 Cache Performance events require the ThreadMask and SliceMask to be set. For other events, these fields do not affect the count either way. Set ThreadMask and SliceMask to 0xFF and 0xF respectively. Signed-off-by: Janakarajan Natarajan Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Borislav Petkov Cc: H . Peter Anvin Cc: Jiri Olsa Cc: Linus Torvalds Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Suravee Cc: Thomas Gleixner Cc: Vince Weaver Link: http://lkml.kernel.org/r/Message-ID: Signed-off-by: Ingo Molnar commit 9d92cfeaf5215158d26d2991be7f7ff865cb98f3 Author: Kan Liang Date: Fri Sep 21 07:07:06 2018 -0700 perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX The counters on M3UPI Link 0 and Link 3 don't count properly, and writing 0 to these counters may causes system crash on some machines. The PCI BDF addresses of the M3UPI in the current code are incorrect. The correct addresses should be: D18:F1 0x204D D18:F2 0x204E D18:F5 0x204D Signed-off-by: Kan Liang Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Fixes: cd34cd97b7b4 ("perf/x86/intel/uncore: Add Skylake server uncore support") Link: http://lkml.kernel.org/r/1537538826-55489-1-git-send-email-kan.liang@linux.intel.com Signed-off-by: Ingo Molnar commit cd6fb677ce7e460c25bdd66f689734102ec7d642 Author: Jiri Olsa Date: Sun Sep 23 18:13:43 2018 +0200 perf/ring_buffer: Prevent concurent ring buffer access Some of the scheduling tracepoints allow the perf_tp_event code to write to ring buffer under different cpu than the code is running on. This results in corrupted ring buffer data demonstrated in following perf commands: # perf record -e 'sched:sched_switch,sched:sched_wakeup' perf bench sched messaging # Running 'sched/messaging' benchmark: # 20 sender and receiver processes per group # 10 groups == 400 processes run Total time: 0.383 [sec] [ perf record: Woken up 8 times to write data ] 0x42b890 [0]: failed to process type: -1765585640 [ perf record: Captured and wrote 4.825 MB perf.data (29669 samples) ] # perf report --stdio 0x42b890 [0]: failed to process type: -1765585640 The reason for the corruption are some of the scheduling tracepoints, that have __perf_task dfined and thus allow to store data to another cpu ring buffer: sched_waking sched_wakeup sched_wakeup_new sched_stat_wait sched_stat_sleep sched_stat_iowait sched_stat_blocked The perf_tp_event function first store samples for current cpu related events defined for tracepoint: hlist_for_each_entry_rcu(event, head, hlist_entry) perf_swevent_event(event, count, &data, regs); And then iterates events of the 'task' and store the sample for any task's event that passes tracepoint checks: ctx = rcu_dereference(task->perf_event_ctxp[perf_sw_context]); list_for_each_entry_rcu(event, &ctx->event_list, event_entry) { if (event->attr.type != PERF_TYPE_TRACEPOINT) continue; if (event->attr.config != entry->type) continue; perf_swevent_event(event, count, &data, regs); } Above code can race with same code running on another cpu, ending up with 2 cpus trying to store under the same ring buffer, which is specifically not allowed. This patch prevents the problem, by allowing only events with the same current cpu to receive the event. NOTE: this requires the use of (per-task-)per-cpu buffers for this feature to work; perf-record does this. Signed-off-by: Jiri Olsa [peterz: small edits to Changelog] Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Andrew Vagin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Fixes: e6dab5ffab59 ("perf/trace: Add ability to set a target task for events") Link: http://lkml.kernel.org/r/20180923161343.GB15054@krava Signed-off-by: Ingo Molnar commit 6265adb9726098b7f4f7ca70bc51992b25fdd9d6 Author: Masayoshi Mizuma Date: Mon Sep 10 10:47:50 2018 -0400 perf/x86/intel/uncore: Use boot_cpu_data.phys_proc_id instead of hardcorded physical package ID 0 Physical package id 0 doesn't always exist, we should use boot_cpu_data.phys_proc_id here. Signed-off-by: Masayoshi Mizuma Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: H. Peter Anvin Cc: Jiri Olsa Cc: Linus Torvalds Cc: Masayoshi Mizuma Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Link: http://lkml.kernel.org/r/20180910144750.6782-1-msys.mizuma@gmail.com Signed-off-by: Ingo Molnar commit a9f9772114c8b07ae75bcb3654bd017461248095 Author: Peter Zijlstra Date: Tue Sep 25 17:58:35 2018 +0200 perf/core: Fix perf_pmu_unregister() locking When we unregister a PMU, we fail to serialize the @pmu_idr properly. Fix that by doing the entire thing under pmu_lock. Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Fixes: 2e80a82a49c4 ("perf: Dynamic pmu types") Signed-off-by: Ingo Molnar commit 7c03e7035ac1cf2a6165754e4f3a49c2f1977838 Author: Andy Lutomirski Date: Mon Oct 1 12:52:16 2018 -0700 selftests/x86: Add clock_gettime() tests to test_vdso Now that the vDSO implementation of clock_gettime() is getting reworked, add a selftest for it. This tests that its output is consistent with the syscall version. This is marked for stable to serve as a test for commit 715bd9d12f84 ("x86/vdso: Fix asm constraints on vDSO syscall fallbacks") Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/082399674de2619b2befd8c0dde49b260605b126.1538422295.git.luto@kernel.org commit ad5f97faff4231e72b96bd96adbe1b6e977a9b86 Author: Heiner Kallweit Date: Fri Sep 28 23:51:54 2018 +0200 r8169: fix network stalls due to missing bit TXCFG_AUTO_FIFO Some of the chip-specific hw_start functions set bit TXCFG_AUTO_FIFO in register TxConfig. The original patch changed the order of some calls resulting in these changes being overwritten by rtl_set_tx_config_registers() in rtl_hw_start(). This eventually resulted in network stalls especially under high load. Analyzing the chip-specific hw_start functions all chip version from 34, with the exception of version 39, need this bit set. This patch moves setting this bit to rtl_set_tx_config_registers(). Fixes: 4fd48c4ac0a0 ("r8169: move common initializations to tp->hw_start") Reported-by: Ortwin Glück Reported-by: David Arendt Root-caused-by: Maciej S. Szmigiero Tested-by: Tony Atkinson Tested-by: David Arendt Tested-by: Ortwin Glück Signed-off-by: Heiner Kallweit Signed-off-by: David S. Miller commit 715bd9d12f84d8f5cc8ad21d888f9bc304a8eb0b Author: Andy Lutomirski Date: Mon Oct 1 12:52:15 2018 -0700 x86/vdso: Fix asm constraints on vDSO syscall fallbacks The syscall fallbacks in the vDSO have incorrect asm constraints. They are not marked as writing to their outputs -- instead, they are marked as clobbering "memory", which is useless. In particular, gcc is smart enough to know that the timespec parameter hasn't escaped, so a memory clobber doesn't clobber it. And passing a pointer as an asm *input* does not tell gcc that the pointed-to value is changed. Add in the fact that the asm instructions weren't volatile, and gcc was free to omit them entirely unless their sole output (the return value) is used. Which it is (phew!), but that stops happening with some upcoming patches. As a trivial example, the following code: void test_fallback(struct timespec *ts) { vdso_fallback_gettime(CLOCK_MONOTONIC, ts); } compiles to: 00000000000000c0 : c0: c3 retq To add insult to injury, the RCX and R11 clobbers on 64-bit builds were missing. The "memory" clobber is also unnecessary -- no ordering with respect to other memory operations is needed, but that's going to be fixed in a separate not-for-stable patch. Fixes: 2aae950b21e4 ("x86_64: Add vDSO for x86-64 with gettimeofday/clock_gettime/getcpu") Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/2c0231690551989d2fafa60ed0e7b5cc8b403908.1538422295.git.luto@kernel.org commit 2547496eb18c60f2be9663f71913dfbf703dcbe1 Merge: 6fe9487892b3 af3fb24eecb2 Author: David S. Miller Date: Mon Oct 1 23:27:28 2018 -0700 Merge branch 'tun-races' Eric Dumazet says: ==================== tun: address two syzbot reports Small changes addressing races discovered by syzbot. First patch is a cleanup. Second patch moves a mutex init sooner. Third patch makes sure each tfile gets its own napi enable flags. ==================== Signed-off-by: David S. Miller commit af3fb24eecb2c59246e03c99386037fd5ad84ffd Author: Eric Dumazet Date: Fri Sep 28 14:51:49 2018 -0700 tun: napi flags belong to tfile Since tun->flags might be shared by multiple tfile structures, it is better to make sure tun_get_user() is using the flags for the current tfile. Presence of the READ_ONCE() in tun_napi_frags_enabled() gave a hint of what could happen, but we need something stronger to please syzbot. kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 13647 Comm: syz-executor5 Not tainted 4.19.0-rc5+ #59 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:dev_gro_receive+0x132/0x2720 net/core/dev.c:5427 Code: 48 c1 ea 03 80 3c 02 00 0f 85 6e 20 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 6e 10 49 8d bd d0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 59 20 00 00 4d 8b a5 d0 00 00 00 31 ff 41 81 e4 RSP: 0018:ffff8801c400f410 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8618d325 RDX: 000000000000001a RSI: ffffffff86189f97 RDI: 00000000000000d0 RBP: ffff8801c400f608 R08: ffff8801c8fb4300 R09: 0000000000000000 R10: ffffed0038801ed7 R11: 0000000000000003 R12: ffff8801d327d358 R13: 0000000000000000 R14: ffff8801c16dd8c0 R15: 0000000000000004 FS: 00007fe003615700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe1f3c43db8 CR3: 00000001bebb2000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: napi_gro_frags+0x3f4/0xc90 net/core/dev.c:5715 tun_get_user+0x31d5/0x42a0 drivers/net/tun.c:1922 tun_chr_write_iter+0xb9/0x154 drivers/net/tun.c:1967 call_write_iter include/linux/fs.h:1808 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x6b8/0x9f0 fs/read_write.c:487 vfs_write+0x1fc/0x560 fs/read_write.c:549 ksys_write+0x101/0x260 fs/read_write.c:598 __do_sys_write fs/read_write.c:610 [inline] __se_sys_write fs/read_write.c:607 [inline] __x64_sys_write+0x73/0xb0 fs/read_write.c:607 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457579 Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fe003614c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 RDX: 0000000000000012 RSI: 0000000020000000 RDI: 000000000000000a RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe0036156d4 R13: 00000000004c5574 R14: 00000000004d8e98 R15: 00000000ffffffff Modules linked in: RIP: 0010:dev_gro_receive+0x132/0x2720 net/core/dev.c:5427 Code: 48 c1 ea 03 80 3c 02 00 0f 85 6e 20 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 6e 10 49 8d bd d0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 59 20 00 00 4d 8b a5 d0 00 00 00 31 ff 41 81 e4 RSP: 0018:ffff8801c400f410 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8618d325 RDX: 000000000000001a RSI: ffffffff86189f97 RDI: 00000000000000d0 RBP: ffff8801c400f608 R08: ffff8801c8fb4300 R09: 0000000000000000 R10: ffffed0038801ed7 R11: 0000000000000003 R12: ffff8801d327d358 R13: 0000000000000000 R14: ffff8801c16dd8c0 R15: 0000000000000004 FS: 00007fe003615700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe1f3c43db8 CR3: 00000001bebb2000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Fixes: 90e33d459407 ("tun: enable napi_gro_frags() for TUN/TAP driver") Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: David S. Miller commit c7256f579f8302ce2c038181c30060d0b40017b2 Author: Eric Dumazet Date: Fri Sep 28 14:51:48 2018 -0700 tun: initialize napi_mutex unconditionally This is the first part to fix following syzbot report : console output: https://syzkaller.appspot.com/x/log.txt?x=145378e6400000 kernel config: https://syzkaller.appspot.com/x/.config?x=443816db871edd66 dashboard link: https://syzkaller.appspot.com/bug?extid=e662df0ac1d753b57e80 Following patch is fixing the race condition, but it seems safer to initialize this mutex at tfile creation anyway. Fixes: 90e33d459407 ("tun: enable napi_gro_frags() for TUN/TAP driver") Signed-off-by: Eric Dumazet Reported-by: syzbot+e662df0ac1d753b57e80@syzkaller.appspotmail.com Signed-off-by: David S. Miller commit 06e55addd3f40b5294e448c2cb7605ca4f28c2e3 Author: Eric Dumazet Date: Fri Sep 28 14:51:47 2018 -0700 tun: remove unused parameters tun_napi_disable() and tun_napi_del() do not need a pointer to the tun_struct Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller commit 6fe9487892b32cb1c8b8b0d552ed7222a527fe30 Author: Dave Jones Date: Fri Sep 28 16:26:08 2018 -0400 bond: take rcu lock in netpoll_send_skb_on_dev The bonding driver lacks the rcu lock when it calls down into netdev_lower_get_next_private_rcu from bond_poll_controller, which results in a trace like: WARNING: CPU: 2 PID: 179 at net/core/dev.c:6567 netdev_lower_get_next_private_rcu+0x34/0x40 CPU: 2 PID: 179 Comm: kworker/u16:15 Not tainted 4.19.0-rc5-backup+ #1 Workqueue: bond0 bond_mii_monitor RIP: 0010:netdev_lower_get_next_private_rcu+0x34/0x40 Code: 48 89 fb e8 fe 29 63 ff 85 c0 74 1e 48 8b 45 00 48 81 c3 c0 00 00 00 48 8b 00 48 39 d8 74 0f 48 89 45 00 48 8b 40 f8 5b 5d c3 <0f> 0b eb de 31 c0 eb f5 0f 1f 40 00 0f 1f 44 00 00 48 8> RSP: 0018:ffffc9000087fa68 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff880429614560 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 00000000ffffffff RDI: ffffffffa184ada0 RBP: ffffc9000087fa80 R08: 0000000000000001 R09: 0000000000000000 R10: ffffc9000087f9f0 R11: ffff880429798040 R12: ffff8804289d5980 R13: ffffffffa1511f60 R14: 00000000000000c8 R15: 00000000ffffffff FS: 0000000000000000(0000) GS:ffff88042f880000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4b78fce180 CR3: 000000018180f006 CR4: 00000000001606e0 Call Trace: bond_poll_controller+0x52/0x170 netpoll_poll_dev+0x79/0x290 netpoll_send_skb_on_dev+0x158/0x2c0 netpoll_send_udp+0x2d5/0x430 write_ext_msg+0x1e0/0x210 console_unlock+0x3c4/0x630 vprintk_emit+0xfa/0x2f0 printk+0x52/0x6e ? __netdev_printk+0x12b/0x220 netdev_info+0x64/0x80 ? bond_3ad_set_carrier+0xe9/0x180 bond_select_active_slave+0x1fc/0x310 bond_mii_monitor+0x709/0x9b0 process_one_work+0x221/0x5e0 worker_thread+0x4f/0x3b0 kthread+0x100/0x140 ? process_one_work+0x5e0/0x5e0 ? kthread_delayed_work_timer_fn+0x90/0x90 ret_from_fork+0x24/0x30 We're also doing rcu dereferences a layer up in netpoll_send_skb_on_dev before we call down into netpoll_poll_dev, so just take the lock there. Suggested-by: Cong Wang Signed-off-by: Dave Jones Signed-off-by: David S. Miller commit 893626d6a353d1356528f94e081246ecf233d77a Author: David Ahern Date: Fri Sep 28 12:28:41 2018 -0700 rtnetlink: Fail dump if target netnsid is invalid Link dumps can return results from a target namespace. If the namespace id is invalid, then the dump request should fail if get_target_net fails rather than continuing with a dump of the current namespace. Fixes: 79e1ad148c844 ("rtnetlink: use netnsid to query interface") Signed-off-by: David Ahern Signed-off-by: David S. Miller commit 7f6d6558ae44bc193eb28df3617c364d3bb6df39 Author: Flavio Leitner Date: Fri Sep 28 14:55:34 2018 -0300 Revert "openvswitch: Fix template leak in error cases." This reverts commit 90c7afc96cbbd77f44094b5b651261968e97de67. When the commit was merged, the code used nf_ct_put() to free the entry, but later on commit 76644232e612 ("openvswitch: Free tmpl with tmpl_free.") replaced that with nf_ct_tmpl_free which is a more appropriate. Now the original problem is removed. Then 44d6e2f27328 ("net: Replace NF_CT_ASSERT() with WARN_ON().") replaced a debug assert with a WARN_ON() which is trigged now. Signed-off-by: Flavio Leitner Acked-by: Joe Stringer Signed-off-by: David S. Miller commit 4da402597c2b75c4b636ab2416baf921b363b325 Author: Li RongQing Date: Sun Sep 30 15:06:06 2018 +0800 xfrm: fix gro_cells leak when remove virtual xfrm interfaces The device gro_cells has been initialized, it should be freed, otherwise it will be leaked Fixes: f203b76d78092faf2 ("xfrm: Add virtual xfrm interfaces") Signed-off-by: Zhang Yu Signed-off-by: Li RongQing Signed-off-by: Steffen Klassert commit 92d7c74b6f72a8a7d04970d5dcfb99673daaf91d Merge: d949cfedbcba cb28c306b93b Author: David S. Miller Date: Mon Oct 1 22:40:39 2018 -0700 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth Johan Hedberg says: ==================== pull request: bluetooth 2018-09-27 Here's one more Bluetooth fix for 4.19, fixing the handling of an attempt to unpair a device while pairing is in progress. Let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller commit d949cfedbcbab4e91590576cbace2671924ad69c Author: LUU Duc Canh Date: Wed Sep 26 22:28:52 2018 +0200 tipc: ignore STATE_MSG on wrong link session The initial session number when a link is created is based on a random value, taken from struct tipc_net->random. It is then incremented for each link reset to avoid mixing protocol messages from different link sessions. However, when a bearer is reset all its links are deleted, and will later be re-created using the same random value as the first time. This means that if the link never went down between creation and deletion we will still sometimes have two subsequent sessions with the same session number. In virtual environments with potentially long transmission times this has turned out to be a real problem. We now fix this by randomizing the session number each time a link is created. With a session number size of 16 bits this gives a risk of session collision of 1/64k. To reduce this further, we also introduce a sanity check on the very first STATE message arriving at a link. If this has an acknowledge value differing from 0, which is logically impossible, we ignore the message. The final risk for session collision is hence reduced to 1/4G, which should be sufficient. Signed-off-by: LUU Duc Canh Signed-off-by: Jon Maloy Signed-off-by: David S. Miller commit aeadd93f2b0a609f603ac33e574b97a9832d1b90 Author: Dan Carpenter Date: Sat Sep 22 16:46:48 2018 +0300 net: sched: act_ipt: check for underflow in __tcf_ipt_init() If "td->u.target_size" is larger than sizeof(struct xt_entry_target) we return -EINVAL. But we don't check whether it's smaller than sizeof(struct xt_entry_target) and that could lead to an out of bounds read. Fixes: 7ba699c604ab ("[NET_SCHED]: Convert actions from rtnetlink to new netlink API") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller commit ee0b6f4834b59bb0002e2dc8f42a73a399a9246e Merge: 1ad98e9d1bdf 32bf94fb5c2e Author: David S. Miller Date: Mon Oct 1 22:29:25 2018 -0700 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec Steffen Klassert says: ==================== pull request (net): ipsec 2018-10-01 1) Validate address prefix lengths in the xfrm selector, otherwise we may hit undefined behaviour in the address matching functions if the prefix is too big for the given address family. 2) Fix skb leak on local message size errors. From Thadeu Lima de Souza Cascardo. 3) We currently reset the transport header back to the network header after a transport mode transformation is applied. This leads to an incorrect transport header when multiple transport mode transformations are applied. Reset the transport header only after all transformations are already applied to fix this. From Sowmini Varadhan. 4) We only support one offloaded xfrm, so reset crypto_done after the first transformation in xfrm_input(). Otherwise we may call the wrong input method for subsequent transformations. From Sowmini Varadhan. 5) Fix NULL pointer dereference when skb_dst_force clears the dst_entry. skb_dst_force does not really force a dst refcount anymore, it might clear it instead. xfrm code did not expect this, add a check to not dereference skb_dst() if it was cleared by skb_dst_force. 6) Validate xfrm template mode, otherwise we can get a stack-out-of-bounds read in xfrm_state_find. From Sean Tranchetti. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller commit 555df5820e733cded7eb8d0bf78b2a791be51d75 Author: Chunfeng Yun Date: Mon Oct 1 18:36:08 2018 +0300 usb: xhci-mtk: resume USB3 roothub first Give USB3 devices a better chance to enumerate at USB3 speeds if they are connected to a suspended host. Porting from "671ffdff5b13 xhci: resume USB 3 roothub first" Cc: Signed-off-by: Chunfeng Yun Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman commit ffe84e01bb1b38c7eb9c6b6da127a6c136d251df Author: Mathias Nyman Date: Mon Oct 1 18:36:07 2018 +0300 xhci: Add missing CAS workaround for Intel Sunrise Point xHCI The workaround for missing CAS bit is also needed for xHC on Intel sunrisepoint PCH. For more details see: Intel 100/c230 series PCH specification update Doc #332692-006 Errata #8 Cc: Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman commit f2924d4b16ae138c2de6a0e73f526fb638330858 Author: Romain Izard Date: Thu Sep 20 16:49:04 2018 +0200 usb: cdc_acm: Do not leak URB buffers When the ACM TTY port is disconnected, the URBs it uses must be killed, and then the buffers must be freed. Unfortunately a previous refactor removed the code freeing the buffers because it looked extremely similar to the code killing the URBs. As a result, there were many new leaks for each plug/unplug cycle of a CDC-ACM device, that were detected by kmemleak. Restore the missing code, and the memory leak is removed. Fixes: ba8c931ded8d ("cdc-acm: refactor killing urbs") Signed-off-by: Romain Izard Acked-by: Oliver Neukum Cc: stable Signed-off-by: Greg Kroah-Hartman commit dcb44ac0601e7fcda6d9d9930fd80c7124240146 Merge: 17b57b1883c1 f5fad711c06e Author: Greg Kroah-Hartman Date: Mon Oct 1 17:53:29 2018 -0700 Merge tag 'usb-serial-4.19-rc7' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus Johan writes: USB-serial fixes for v4.19-rc7 Here are some device-id patches for 4.19-rc7. Some Quectel modems have a vendor command which can be used to disable certain interfaces in their configurations, but unlike some other modems this also causes the interface numbers to change. These patches allow us to support all such interface permutations at least for the Quectel EP06. All have been in linux-next with no reported issues. Signed-off-by: Johan Hovold * tag 'usb-serial-4.19-rc7' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial: USB: serial: simple: add Motorola Tetra MTP6550 id USB: serial: option: add two-endpoints device-id flag USB: serial: option: improve Quectel EP06 detection commit 385afbf8c3e8bdf13fc729e8b2c172d1208d97f9 Merge: b62e4255930b 2a3f93459d68 Author: Greg Kroah-Hartman Date: Mon Oct 1 17:24:20 2018 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Will writes: "Late arm64 fixes - Fix handling of young contiguous ptes for hugetlb mappings - Fix livelock when taking access faults on contiguous hugetlb mappings - Tighten up register accesses via KVM SET_ONE_REG ioctl()s" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: KVM: Sanitize PSTATE.M when being set from userspace arm64: KVM: Tighten guest core register access from userspace arm64: hugetlb: Avoid unnecessary clearing in huge_ptep_set_access_flags arm64: hugetlb: Fix handling of young ptes commit b62e4255930bb25505bc400556c799b1b5d53ac1 Merge: ef0f2584c24f 082dc55e3c5e Author: Greg Kroah-Hartman Date: Mon Oct 1 17:23:27 2018 -0700 Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Olof writes: "ARM: SoC fixes A handful of fixes that have been coming in the last couple of weeks: - Freescale fixes for on-chip accellerators - A DT fix for stm32 to avoid fallback to non-DMA SPI mode - Fixes for badly specified interrupts on BCM63xx SoCs - Allwinner A64 HDMI was incorrectly specified as fully compatble with R40 - Drive strength fix for SAMA5D2 NAND pins on one board" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: ARM: dts: stm32: update SPI6 dmas property on stm32mp157c soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift() soc: fsl: qbman: qman: avoid allocating from non existing gen_pool ARM: dts: BCM63xx: Fix incorrect interrupt specifiers MAINTAINERS: update the Annapurna Labs maintainer email ARM: dts: sun8i: drop A64 HDMI PHY fallback compatible from R40 DT ARM: dts: at91: sama5d2_ptc_ek: fix nand pinctrl commit ef0f2584c24f81f7c8e02a023833c313284e7d39 Merge: 17b57b1883c1 bac6f6cda206 Author: Greg Kroah-Hartman Date: Mon Oct 1 17:22:36 2018 -0700 Merge tag 'pstore-v4.19-rc7' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Kees writes: "Pstore fixes for v4.19-rc7 - Fix failure-path memory leak in ramoops_init (nixiaoming)" * tag 'pstore-v4.19-rc7' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: pstore/ram: Fix failure-path memory leak in ramoops_init commit 684bec1092b6991ff2a7751e8a763898576eb5c2 Author: Daniel Drake Date: Mon Oct 1 15:55:22 2018 -0700 Input: i8042 - enable keyboard wakeups by default when s2idle is used Previously, on typical consumer laptops, pressing a key on the keyboard when the system is in suspend would cause it to wake up (default or unconditional behaviour). This happens because the EC generates a SCI interrupt in this scenario. That is no longer true on modern laptops based on Intel WhiskeyLake, including Acer Swift SF314-55G, Asus UX333FA, Asus UX433FN and Asus UX533FD. We confirmed with Asus EC engineers that the "Modern Standby" design has been modified so that the EC no longer generates a SCI in this case; the keyboard controller itself should be used for wakeup. In order to retain the standard behaviour of being able to use the keyboard to wake up the system, enable serio wakeups by default on platforms that are using s2idle. Link: https://lkml.kernel.org/r/CAB4CAwfQ0mPMqCLp95TVjw4J0r5zKPWkSvvkK4cpZUGE--w8bQ@mail.gmail.com Reviewed-by: Rafael J. Wysocki Signed-off-by: Daniel Drake Signed-off-by: Dmitry Torokhov commit 9735082a7cbae572c2eabdc45acecc8c9fa0759b Author: Ramses Ramírez Date: Fri Sep 28 16:59:26 2018 -0700 Input: xpad - add support for Xbox1 PDP Camo series gamepad The "Xbox One PDP Wired Controller - Camo series" has a different product-id than the regular PDP controller and the PDP stealth series, but it uses the same initialization sequence. This patch adds the product-id of the camo series to the structures that handle the other PDP Xbox One controllers. Signed-off-by: Ramses Ramírez Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov commit 5a1eb8b9542884592a018829bb1ff20c9695d925 Author: Laurentiu Tudor Date: Wed Sep 26 16:22:31 2018 +0300 soc: fsl: qman_portals: defer probe after qman's probe Defer probe of qman portals after qman probing. This fixes the crash below, seen on NXP LS1043A SoCs: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 Mem abort info: ESR = 0x96000004 Exception class = DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 [0000000000000004] user address but active_mm is swapper Internal error: Oops: 96000004 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.18.0-rc1-next-20180622-00200-g986f5c179185 #9 Hardware name: LS1043A RDB Board (DT) pstate: 80000005 (Nzcv daif -PAN -UAO) pc : qman_set_sdest+0x74/0xa0 lr : qman_portal_probe+0x22c/0x470 sp : ffff00000803bbc0 x29: ffff00000803bbc0 x28: 0000000000000000 x27: ffff0000090c1b88 x26: ffff00000927cb68 x25: ffff00000927c000 x24: ffff00000927cb60 x23: 0000000000000000 x22: 0000000000000000 x21: ffff0000090e9000 x20: ffff800073b5c810 x19: ffff800027401298 x18: ffffffffffffffff x17: 0000000000000001 x16: 0000000000000000 x15: ffff0000090e96c8 x14: ffff80002740138a x13: ffff0000090f2000 x12: 0000000000000030 x11: ffff000008f25000 x10: 0000000000000000 x9 : ffff80007bdfd2c0 x8 : 0000000000004000 x7 : ffff80007393cc18 x6 : 0040000000000001 x5 : 0000000000000000 x4 : ffffffffffffffff x3 : 0000000000000004 x2 : ffff00000927c900 x1 : 0000000000000000 x0 : 0000000000000004 Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____)) Call trace: qman_set_sdest+0x74/0xa0 platform_drv_probe+0x50/0xa8 driver_probe_device+0x214/0x2f8 __driver_attach+0xd8/0xe0 bus_for_each_dev+0x68/0xc8 driver_attach+0x20/0x28 bus_add_driver+0x108/0x228 driver_register+0x60/0x110 __platform_driver_register+0x40/0x48 qman_portal_driver_init+0x20/0x84 do_one_initcall+0x58/0x168 kernel_init_freeable+0x184/0x22c kernel_init+0x10/0x108 ret_from_fork+0x10/0x18 Code: f9400443 11001000 927e4800 8b000063 (b9400063) ---[ end trace 4f6d50489ecfb930 ]--- Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b Signed-off-by: Laurentiu Tudor Signed-off-by: Li Yang commit 242cdad873a75652f97c35aad61270581e0f3a2e Author: Joel Stanley Date: Fri Sep 21 12:24:31 2018 +0930 lib/xz: Put CRC32_POLY_LE in xz_private.h This fixes a regression introduced by faa16bc404d72a5 ("lib: Use existing define with polynomial"). The cleanup added a dependency on include/linux, which broke the PowerPC boot wrapper/decompresser when KERNEL_XZ is enabled: BOOTCC arch/powerpc/boot/decompress.o In file included from arch/powerpc/boot/../../../lib/decompress_unxz.c:233, from arch/powerpc/boot/decompress.c:42: arch/powerpc/boot/../../../lib/xz/xz_crc32.c:18:10: fatal error: linux/crc32poly.h: No such file or directory #include ^~~~~~~~~~~~~~~~~~~ The powerpc decompresser is a hairy corner of the kernel. Even while building a 64-bit kernel it needs to build a 32-bit binary and therefore avoid including files from include/linux. This allows users of the xz library to avoid including headers from 'include/linux/' while still achieving the cleanup of the magic number. Fixes: faa16bc404d72a5 ("lib: Use existing define with polynomial") Reported-by: Meelis Roos Reported-by: kbuild test robot Suggested-by: Christophe LEROY Signed-off-by: Joel Stanley Tested-by: Meelis Roos Signed-off-by: Michael Ellerman commit 1ad98e9d1bdf4724c0a8532fabd84bf3c457c2bc Author: Eric Dumazet Date: Mon Oct 1 15:02:26 2018 -0700 tcp/dccp: fix lockdep issue when SYN is backlogged In normal SYN processing, packets are handled without listener lock and in RCU protected ingress path. But syzkaller is known to be able to trick us and SYN packets might be processed in process context, after being queued into socket backlog. In commit 06f877d613be ("tcp/dccp: fix other lockdep splats accessing ireq_opt") I made a very stupid fix, that happened to work mostly because of the regular path being RCU protected. Really the thing protecting ireq->ireq_opt is RCU read lock, and the pseudo request refcnt is not relevant. This patch extends what I did in commit 449809a66c1d ("tcp/dccp: block BH for SYN processing") by adding an extra rcu_read_{lock|unlock} pair in the paths that might be taken when processing SYN from socket backlog (thus possibly in process context) Fixes: 06f877d613be ("tcp/dccp: fix other lockdep splats accessing ireq_opt") Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: David S. Miller commit c8424ddd9715bf1200392a677a8a0e819c99a726 Merge: 43955a45dc0b 40e4f26e6a14 Author: David S. Miller Date: Mon Oct 1 15:41:01 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for your net tree: 1) Skip ip_sabotage_in() for packet making into the VRF driver, otherwise packets are dropped, from David Ahern. 2) Clang compilation warning uncovering typo in the nft_validate_register_store() call from nft_osf, from Stefan Agner. 3) Double sizeof netlink message length calculations in ctnetlink, from zhong jiang. 4) Missing rb_erase() on batch full in rbtree garbage collector, from Taehee Yoo. 5) Calm down compilation warning in nf_hook(), from Florian Westphal. 6) Missing check for non-null sk in xt_socket before validating netns procedence, from Flavio Leitner. ==================== Signed-off-by: David S. Miller commit 02621216e1d8a13abf1d040ff3b7ccf41b2df578 Merge: bded6c03e398 80a6ec7d5e16 Author: Stephen Boyd Date: Mon Oct 1 15:22:25 2018 -0700 Merge tag 'sunxi-clk-fixes-for-4.19' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux into clk-fixes Pull Allwinner clk fixes for 4.19 from Maxime Ripard: One fix for the Audio PLL that were not properly set and generating noise on the A10 SoCs. * tag 'sunxi-clk-fixes-for-4.19' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux: clk: sunxi-ng: sun4i: Set VCO and PLL bias current to lowest setting commit 95375f2ab2960c135484d83ea9f8f357cb1be26a Author: Thomas Petazzoni Date: Mon Oct 1 14:49:34 2018 +0200 PCI: mvebu: Fix PCI I/O mapping creation sequence Commit ee1604381a371 ("PCI: mvebu: Only remap I/O space if configured") had the side effect that the PCI I/O mapping was created much earlier than before, at a point where the probe() of the driver could still fail. This is for example a problem if one gets an -EPROBE_DEFER at some point during probe(), after pci_ioremap_io() has been called. Indeed, there is currently no function to undo what pci_ioremap_io() did, and switching to pci_remap_iospace() is not an option in pci-mvebu due to the need for special memory attributes on Armada 38x. Reverting ee1604381a371 ("PCI: mvebu: Only remap I/O space if configured") would be a possibility, but it would require also reverting 42342073e38b5 ("PCI: mvebu: Convert to use pci_host_bridge directly"). So instead, we use an open-coded version of pci_host_probe() that creates the PCI I/O mapping at a point where we are guaranteed not to fail anymore. Fixes: ee1604381a371 ("PCI: mvebu: Only remap I/O space if configured") Reported-by: Jan Kundrát Tested-by: Jan Kundrát Signed-off-by: Thomas Petazzoni Signed-off-by: Bjorn Helgaas Acked-by: Lorenzo Pieralisi commit cee26487620bc9bc3c7db21b6984d91f7bae12ae Author: Jianbo Liu Date: Sat Aug 25 03:29:58 2018 +0000 net/mlx5e: Set vlan masks for all offloaded TC rules In flow steering, if asked to, the hardware matches on the first ethertype which is not vlan. It's possible to set a rule as follows, which is meant to match on untagged packet, but will match on a vlan packet: tc filter add dev eth0 parent ffff: protocol ip flower ... To avoid this for packets with single tag, we set vlan masks to tell hardware to check the tags for every matched packet. Fixes: 095b6cfd69ce ('net/mlx5e: Add TC vlan match parsing') Signed-off-by: Jianbo Liu Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed commit 11aa5800ed66ed0415b7509f02881c76417d212a Author: Eran Ben Elisha Date: Sun Sep 16 14:45:27 2018 +0300 net/mlx5: E-Switch, Fix out of bound access when setting vport rate The code that deals with eswitch vport bw guarantee was going beyond the eswitch vport array limit, fix that. This was pointed out by the kernel address sanitizer (KASAN). The error from KASAN log: [2018-09-15 15:04:45] BUG: KASAN: slab-out-of-bounds in mlx5_eswitch_set_vport_rate+0x8c1/0xae0 [mlx5_core] Fixes: c9497c98901c ("net/mlx5: Add support for setting VF min rate") Signed-off-by: Eran Ben Elisha Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed commit 4d8fcf216c90bc25e34ae2200aa8985ee3158898 Author: Alaa Hleihel Date: Wed Sep 5 11:43:23 2018 +0300 net/mlx5e: Avoid unbounded peer devices when unpairing TC hairpin rules If the peer device was already unbound, then do not attempt to modify it's resources, otherwise we will crash on dereferencing non-existing device. Fixes: 5c65c564c962 ("net/mlx5e: Support offloading TC NIC hairpin flows") Signed-off-by: Alaa Hleihel Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed commit 4ca8ca9fe7dc792000c3762de5081a4d6dc33667 Author: Chris Wilson Date: Wed Sep 26 11:47:18 2018 +0100 drm/i915: Avoid compiler warning for maybe unused gu_misc_iir /kisskb/src/drivers/gpu/drm/i915/i915_irq.c: warning: 'gu_misc_iir' may be used uninitialized in this function [-Wuninitialized]: => 3120:10 Silence the compiler warning by ensuring that the local variable is initialised and removing the guard that is confusing the older gcc. Reported-by: Geert Uytterhoeven Fixes: df0d28c185ad ("drm/i915/icl: GSE interrupt moves from DE_MISC to GU_MISC") Signed-off-by: Chris Wilson Cc: Mika Kuoppala Cc: Paulo Zanoni Reviewed-by: Mika Kuoppala Link: https://patchwork.freedesktop.org/patch/msgid/20180926104718.17462-1-chris@chris-wilson.co.uk (cherry picked from commit 7a90938332d80faf973fbcffdf6e674e7b8f0914) Signed-off-by: Rodrigo Vivi commit bda6b1c95751bbf1779562b8eca3c20b270c0f53 Author: Anusha Srivatsa Date: Fri Aug 17 10:33:30 2018 -0700 drm/i915: Do not redefine the has_csr parameter. Let us reuse the already defined has_csr check and not redefine it. The main difference is that in effect this will flip .has_csr to 1 (via GEN9_FEATURES which GEN11_FEATURES pulls in). Suggested-by: Imre Deak Cc: Imre Deak Cc: Rodrigo Vivi Signed-off-by: Anusha Srivatsa Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=107382 Reviewed-by: Imre Deak Signed-off-by: Rodrigo Vivi Link: https://patchwork.freedesktop.org/patch/msgid/1534527210-16841-1-git-send-email-anusha.srivatsa@intel.com (cherry picked from commit da4468a1aa75457e6134127b19761b7ba62ce945) Signed-off-by: Rodrigo Vivi commit e7e86f42fa68c70cab4e964017273da32a77af07 Author: Joe Perches Date: Sun Sep 30 09:21:34 2018 -0700 MAINTAINERS: MIPS/LOONGSON2 ARCHITECTURE - Use the normal wildcard style Neither git nor get_maintainer understands the curly brace style. Signed-off-by: Joe Perches Signed-off-by: Paul Burton Patchwork: https://patchwork.linux-mips.org/patch/20821/ Cc: Huacai Chen Cc: linux-mips Cc: LKML commit c458dda3d07c110ce1d007998f67273325ad8662 Merge: 55a5542a5462 bf42daed6bd1 Author: Martin Schwidefsky Date: Mon Oct 1 16:07:42 2018 +0200 Merge tag 'vfio-ccw-20181001' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/vfio-ccw into fixes Pull vfio-ccw from Cornelia Huck with the following changes: - Change allocation of ccw_io_region so that the usercopy hardening code can figure out that everything is fine. commit daa07cbc9ae3da2d61b7ce900c0b9107d134f2c1 Author: Sean Christopherson Date: Tue Sep 25 13:20:00 2018 -0700 KVM: x86: fix L1TF's MMIO GFN calculation One defense against L1TF in KVM is to always set the upper five bits of the *legal* physical address in the SPTEs for non-present and reserved SPTEs, e.g. MMIO SPTEs. In the MMIO case, the GFN of the MMIO SPTE may overlap with the upper five bits that are being usurped to defend against L1TF. To preserve the GFN, the bits of the GFN that overlap with the repurposed bits are shifted left into the reserved bits, i.e. the GFN in the SPTE will be split into high and low parts. When retrieving the GFN from the MMIO SPTE, e.g. to check for an MMIO access, get_mmio_spte_gfn() unshifts the affected bits and restores the original GFN for comparison. Unfortunately, get_mmio_spte_gfn() neglects to mask off the reserved bits in the SPTE that were used to store the upper chunk of the GFN. As a result, KVM fails to detect MMIO accesses whose GPA overlaps the repurprosed bits, which in turn causes guest panics and hangs. Fix the bug by generating a mask that covers the lower chunk of the GFN, i.e. the bits that aren't shifted by the L1TF mitigation. The alternative approach would be to explicitly zero the five reserved bits that are used to store the upper chunk of the GFN, but that requires additional run-time computation and makes an already-ugly bit of code even more inscrutable. I considered adding a WARN_ON_ONCE(low_phys_bits-1 <= PAGE_SHIFT) to warn if GENMASK_ULL() generated a nonsensical value, but that seemed silly since that would mean a system that supports VMX has less than 18 bits of physical address space... Reported-by: Sakari Ailus Fixes: d9b47449c1a1 ("kvm: x86: Set highest physical address bits in non-present/reserved SPTEs") Cc: Junaid Shahid Cc: Jim Mattson Cc: stable@vger.kernel.org Reviewed-by: Junaid Shahid Tested-by: Sakari Ailus Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit fe804cd6774938814242aa67bb7e7cbc934b1203 Author: Stefan Raspl Date: Tue Sep 25 09:19:36 2018 +0200 tools/kvm_stat: cut down decimal places in update interval dialog We currently display the default number of decimal places for floats in _show_set_update_interval(), which is quite pointless. Cutting down to a single decimal place. Signed-off-by: Stefan Raspl Signed-off-by: Paolo Bonzini commit 62cf9bd8118c4009f02c477ef78c723f49e53e16 Author: Liran Alon Date: Fri Sep 14 03:25:54 2018 +0300 KVM: nVMX: Fix emulation of VM_ENTRY_LOAD_BNDCFGS L2 IA32_BNDCFGS should be updated with vmcs12->guest_bndcfgs only when VM_ENTRY_LOAD_BNDCFGS is specified in vmcs12->vm_entry_controls. Otherwise, L2 IA32_BNDCFGS should be set to vmcs01->guest_bndcfgs which is L1 IA32_BNDCFGS. Reviewed-by: Nikita Leshchenko Reviewed-by: Darren Kenny Signed-off-by: Liran Alon Signed-off-by: Paolo Bonzini commit 503234b3fdcaa578395c07e393ea3e5d13958824 Author: Liran Alon Date: Fri Sep 14 03:25:53 2018 +0300 KVM: x86: Do not use kvm_x86_ops->mpx_supported() directly Commit a87036add092 ("KVM: x86: disable MPX if host did not enable MPX XSAVE features") introduced kvm_mpx_supported() to return true iff MPX is enabled in the host. However, that commit seems to have missed replacing some calls to kvm_x86_ops->mpx_supported() to kvm_mpx_supported(). Complete original commit by replacing remaining calls to kvm_mpx_supported(). Fixes: a87036add092 ("KVM: x86: disable MPX if host did not enable MPX XSAVE features") Suggested-by: Sean Christopherson Signed-off-by: Liran Alon Signed-off-by: Paolo Bonzini commit 5f76f6f5ff96587af5acd5930f7d9fea81e0d1a8 Author: Liran Alon Date: Fri Sep 14 03:25:52 2018 +0300 KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled Before this commit, KVM exposes MPX VMX controls to L1 guest only based on if KVM and host processor supports MPX virtualization. However, these controls should be exposed to guest only in case guest vCPU supports MPX. Without this change, a L1 guest running with kernel which don't have commit 691bd4340bef ("kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS") asserts in QEMU on the following: qemu-kvm: error: failed to set MSR 0xd90 to 0x0 qemu-kvm: .../qemu-2.10.0/target/i386/kvm.c:1801 kvm_put_msrs: Assertion 'ret == cpu->kvm_msr_buf->nmsrs failed' This is because L1 KVM kvm_init_msr_list() will see that vmx_mpx_supported() (As it only checks MPX VMX controls support) and therefore KVM_GET_MSR_INDEX_LIST IOCTL will include MSR_IA32_BNDCFGS. However, later when L1 will attempt to set this MSR via KVM_SET_MSRS IOCTL, it will fail because !guest_cpuid_has_mpx(vcpu). Therefore, fix the issue by exposing MPX VMX controls to L1 guest only when vCPU supports MPX. Fixes: 36be0b9deb23 ("KVM: x86: Add nested virtualization support for MPX") Reported-by: Eyal Moscovici Reviewed-by: Nikita Leshchenko Reviewed-by: Darren Kenny Signed-off-by: Liran Alon Signed-off-by: Paolo Bonzini commit 2a3f93459d689d990b3ecfbe782fec89b97d3279 Author: Marc Zyngier Date: Thu Sep 27 16:53:22 2018 +0100 arm64: KVM: Sanitize PSTATE.M when being set from userspace Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall Reviewed-by: Mark Rutland Reviewed-by: Dave Martin Signed-off-by: Marc Zyngier Signed-off-by: Will Deacon commit d26c25a9d19b5976b319af528886f89cf455692d Author: Dave Martin Date: Thu Sep 27 16:53:21 2018 +0100 arm64: KVM: Tighten guest core register access from userspace We currently allow userspace to access the core register file in about any possible way, including straddling multiple registers and doing unaligned accesses. This is not the expected use of the ABI, and nobody is actually using it that way. Let's tighten it by explicitly checking the size and alignment for each field of the register file. Cc: Fixes: 2f4a07c5f9fe ("arm64: KVM: guest one-reg interface") Reviewed-by: Christoffer Dall Reviewed-by: Mark Rutland Signed-off-by: Dave Martin [maz: rewrote Dave's initial patch to be more easily backported] Signed-off-by: Marc Zyngier Signed-off-by: Will Deacon commit 1db58529454742f67ebd96e3588315e880b72837 Author: Yu Zhao Date: Thu Sep 27 17:05:04 2018 -0600 cfg80211: fix use-after-free in reg_process_hint() reg_process_hint_country_ie() can free regulatory_request and return REG_REQ_ALREADY_SET. We shouldn't use regulatory_request after it's called. KASAN error was observed when this happens. BUG: KASAN: use-after-free in reg_process_hint+0x839/0x8aa [cfg80211] Read of size 4 at addr ffff8800c430d434 by task kworker/1:3/89 Workqueue: events reg_todo [cfg80211] Call Trace: dump_stack+0xc1/0x10c ? _atomic_dec_and_lock+0x1ad/0x1ad ? _raw_spin_lock_irqsave+0xa0/0xd2 print_address_description+0x86/0x26f ? reg_process_hint+0x839/0x8aa [cfg80211] kasan_report+0x241/0x29b reg_process_hint+0x839/0x8aa [cfg80211] reg_todo+0x204/0x5b9 [cfg80211] process_one_work+0x55f/0x8d0 ? worker_detach_from_pool+0x1b5/0x1b5 ? _raw_spin_unlock_irq+0x65/0xdd ? _raw_spin_unlock_irqrestore+0xf3/0xf3 worker_thread+0x5dd/0x841 ? kthread_parkme+0x1d/0x1d kthread+0x270/0x285 ? pr_cont_work+0xe3/0xe3 ? rcu_read_unlock_sched_notrace+0xca/0xca ret_from_fork+0x22/0x40 Allocated by task 2718: set_track+0x63/0xfa __kmalloc+0x119/0x1ac regulatory_hint_country_ie+0x38/0x329 [cfg80211] __cfg80211_connect_result+0x854/0xadd [cfg80211] cfg80211_rx_assoc_resp+0x3bc/0x4f0 [cfg80211] smsc95xx v1.0.6 ieee80211_sta_rx_queued_mgmt+0x1803/0x7ed5 [mac80211] ieee80211_iface_work+0x411/0x696 [mac80211] process_one_work+0x55f/0x8d0 worker_thread+0x5dd/0x841 kthread+0x270/0x285 ret_from_fork+0x22/0x40 Freed by task 89: set_track+0x63/0xfa kasan_slab_free+0x6a/0x87 kfree+0xdc/0x470 reg_process_hint+0x31e/0x8aa [cfg80211] reg_todo+0x204/0x5b9 [cfg80211] process_one_work+0x55f/0x8d0 worker_thread+0x5dd/0x841 kthread+0x270/0x285 ret_from_fork+0x22/0x40 Signed-off-by: Yu Zhao Signed-off-by: Johannes Berg commit 211710ca74adf790b46ab3867fcce8047b573cd1 Author: Felix Fietkau Date: Sat Sep 29 16:01:58 2018 +0200 mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys key->sta is only valid after ieee80211_key_link, which is called later in this function. Because of that, the IEEE80211_KEY_FLAG_RX_MGMT is never set when management frame protection is enabled. Fixes: e548c49e6dc6b ("mac80211: add key flag for management keys") Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau Signed-off-by: Johannes Berg commit 848e616e66d4592fe9afc40743d3504deb7632b4 Author: Stefan Seyfried Date: Sun Sep 30 12:53:00 2018 +0200 cfg80211: fix wext-compat memory leak cfg80211_wext_giwrate and sinfo.pertid might allocate sinfo.pertid via rdev_get_station(), but never release it. Fix that. Fixes: 8689c051a201 ("cfg80211: dynamically allocate per-tid stats for station info") Signed-off-by: Stefan Seyfried [johannes: fix error path, use cfg80211_sinfo_release_content(), add Fixes] Signed-off-by: Johannes Berg commit 1feda5eb77fc279a4c4eb93b9a0ac3bf7254b57a Author: Marek Szyprowski Date: Fri Sep 28 18:09:23 2018 +0200 drm/exynos: Use selected dma_dev default iommu domain instead of a fake one Instead of allocating a fake IOMMU domain for all Exynos DRM components, simply reuse the default IOMMU domain of the already selected DMA device. This allows some design changes in IOMMU framework without breaking IOMMU support in Exynos DRM. Signed-off-by: Marek Szyprowski Reviewed-by: Robin Murphy Signed-off-by: Inki Dae commit 08d9db00fe0e300d6df976e6c294f974988226dd Author: Edgar Cherkasov Date: Thu Sep 27 11:56:03 2018 +0300 i2c: i2c-scmi: fix for i2c_smbus_write_block_data The i2c-scmi driver crashes when the SMBus Write Block transaction is executed: WARNING: CPU: 9 PID: 2194 at mm/page_alloc.c:3931 __alloc_pages_slowpath+0x9db/0xec0 Call Trace: ? get_page_from_freelist+0x49d/0x11f0 ? alloc_pages_current+0x6a/0xe0 ? new_slab+0x499/0x690 __alloc_pages_nodemask+0x265/0x280 alloc_pages_current+0x6a/0xe0 kmalloc_order+0x18/0x40 kmalloc_order_trace+0x24/0xb0 ? acpi_ut_allocate_object_desc_dbg+0x62/0x10c __kmalloc+0x203/0x220 acpi_os_allocate_zeroed+0x34/0x36 acpi_ut_copy_eobject_to_iobject+0x266/0x31e acpi_evaluate_object+0x166/0x3b2 acpi_smbus_cmi_access+0x144/0x530 [i2c_scmi] i2c_smbus_xfer+0xda/0x370 i2cdev_ioctl_smbus+0x1bd/0x270 i2cdev_ioctl+0xaa/0x250 do_vfs_ioctl+0xa4/0x600 SyS_ioctl+0x79/0x90 do_syscall_64+0x73/0x130 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 ACPI Error: Evaluating _SBW: 4 (20170831/smbus_cmi-185) This problem occurs because the length of ACPI Buffer object is not defined/initialized in the code before a corresponding ACPI method is called. The obvious patch below fixes this issue. Signed-off-by: Edgar Cherkasov Acked-by: Viktor Krasnov Acked-by: Michael Brunner Signed-off-by: Wolfram Sang commit e55ec4ddbef9897199c307dfb23167e3801fdaf5 Author: Dave Chinner Date: Mon Oct 1 08:11:07 2018 +1000 xfs: fix error handling in xfs_bmap_extents_to_btree Commit 01239d77b9dd ("xfs: fix a null pointer dereference in xfs_bmap_extents_to_btree") attempted to fix a null pointer dreference when a fuzzing corruption of some kind was found. This fix was flawed, resulting in assert failures like: XFS: Assertion failed: ifp->if_broot == NULL, file: fs/xfs/libxfs/xfs_bmap.c, line: 715 ..... Call Trace: xfs_bmap_extents_to_btree+0x6b9/0x7b0 __xfs_bunmapi+0xae7/0xf00 ? xfs_log_reserve+0x1c8/0x290 xfs_reflink_remap_extent+0x20b/0x620 xfs_reflink_remap_blocks+0x7e/0x290 xfs_reflink_remap_range+0x311/0x530 vfs_dedupe_file_range_one+0xd7/0xe0 vfs_dedupe_file_range+0x15b/0x1a0 do_vfs_ioctl+0x267/0x6c0 The problem is that the error handling code now asserts that the inode fork is not in btree format before the error handling code undoes the modifications that put the fork back in extent format. Fix this by moving the assert back to after the xfs_iroot_realloc() call that returns the fork to extent format, and clean up the jump labels to be meaningful. Also, returning ENOSPC when xfs_btree_get_bufl() fails to instantiate the buffer that was allocated (the actual fix in the commit mentioned above) is incorrect. This is a fatal error - only an invalid block address or a filesystem shutdown can result in failing to get a buffer here. Hence change this to EFSCORRUPTED so that the higher layer knows this was a corruption related failure and should not treat it as an ENOSPC error. This should result in a shutdown (via cancelling a dirty transaction) which is necessary as we do not attempt to clean up the (invalid) block that we have already allocated. Signed-off-by: Dave Chinner Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner commit bac6f6cda206ad7cbe0c73c35e494377ce9c4749 Author: Kees Cook Date: Fri Sep 28 15:17:50 2018 -0700 pstore/ram: Fix failure-path memory leak in ramoops_init As reported by nixiaoming, with some minor clarifications: 1) memory leak in ramoops_register_dummy(): dummy_data = kzalloc(sizeof(*dummy_data), GFP_KERNEL); but no kfree() if platform_device_register_data() fails. 2) memory leak in ramoops_init(): Missing platform_device_unregister(dummy) and kfree(dummy_data) if platform_driver_register(&ramoops_driver) fails. I've clarified the purpose of ramoops_register_dummy(), and added a common cleanup routine for all three failure paths to call. Reported-by: nixiaoming Cc: stable@vger.kernel.org Cc: Anton Vorontsov Cc: Colin Cross Cc: Tony Luck Cc: Joel Fernandes Cc: Geliang Tang Signed-off-by: Kees Cook commit 7012040576c6ae25a47035659ee48673612c2c27 Author: Bjorn Andersson Date: Wed Sep 19 18:09:38 2018 -0700 firmware: Always initialize the fw_priv list object When freeing the fw_priv the item is taken off the list. This causes an oops in the FW_OPT_NOCACHE case as the list object is not initialized. Make sure to initialize the list object regardless of this flag. Fixes: 422b3db2a503 ("firmware: Fix security issue with request_firmware_into_buf()") Cc: stable@vger.kernel.org Cc: Rishabh Bhatnagar Signed-off-by: Bjorn Andersson Reviewed-by: Rafael J. Wysocki Signed-off-by: Greg Kroah-Hartman commit 492ecf6d6598e7c3b0b1372653ed21da50ddfb09 Author: Alan Tull Date: Wed Sep 12 09:43:25 2018 -0500 docs: fpga: document fpga manager flags Add flags #defines to kerneldoc documentation in a useful place. Signed-off-by: Alan Tull Acked-by: Moritz Fischer Signed-off-by: Greg Kroah-Hartman commit b4d9a0e5ca139640a45bcda87bc718f85d8008af Author: Alan Tull Date: Wed Sep 12 09:43:24 2018 -0500 fpga: bridge: fix obvious function documentation error fpga_bridge_dev_match() returns a FPGA bridge struct, not a FPGA manager struct so s/manager/bridge/. Signed-off-by: Alan Tull Acked-by: Moritz Fischer Signed-off-by: Greg Kroah-Hartman commit c2d68afba86d1ff01e7300c68bc16a9234dcd8e9 Author: Vitaly Kuznetsov Date: Mon Sep 17 04:14:55 2018 +0000 tools: hv: fcopy: set 'error' in case an unknown operation was requested 'error' variable is left uninitialized in case we see an unknown operation. As we don't immediately return and proceed to pwrite() we need to set it to something, HV_E_FAIL sounds good enough. Signed-off-by: Vitaly Kuznetsov Signed-off-by: K. Y. Srinivasan Cc: stable Signed-off-by: Greg Kroah-Hartman commit 34bd283396af1f05c43fa64d51378d38affb1cf1 Author: Alan Tull Date: Wed Sep 12 09:43:23 2018 -0500 fpga: do not access region struct after fpga_region_unregister A couple drivers were accessing the region struct after it had been freed. Save off the pointer to the mgr before the region struct gets freed. Signed-off-by: Alan Tull Acked-by: Moritz Fischer Signed-off-by: Greg Kroah-Hartman commit 41e270f6898e7502be9fd6920ee0a108ca259d36 Author: Dexuan Cui Date: Mon Sep 17 04:14:54 2018 +0000 Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() With CONFIG_DEBUG_PREEMPT=y, I always see this warning: BUG: using smp_processor_id() in preemptible [00000000] Fix the false warning by using get/put_cpu(). Here vmbus_connect() sends a message to the host and waits for the host's response. The host will deliver the response message and an interrupt on CPU msg->target_vcpu, and later the interrupt handler will wake up vmbus_connect(). vmbus_connect() doesn't really have to run on the same cpu as CPU msg->target_vcpu, so it's safe to call put_cpu() just here. Signed-off-by: Dexuan Cui Cc: stable@vger.kernel.org Cc: K. Y. Srinivasan Cc: Haiyang Zhang Cc: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman commit 17b57b1883c1285f3d0dc2266e8f79286a7bef38 Author: Greg Kroah-Hartman Date: Sun Sep 30 07:15:35 2018 -0700 Linux 4.19-rc6 commit 9a10b063758c756a4d60d63acb890c27d03c9bef Merge: 9ba6873e1603 03d179a840ce Author: Greg Kroah-Hartman Date: Sun Sep 30 06:20:33 2018 -0700 Merge tag 'auxdisplay-for-greg-v4.19-rc6' of https://github.com/ojeda/linux Miguel writes: "A trivial fix for auxdisplay - MAINTAINERS reference fix for moved file Reported by Joe Perches" * tag 'auxdisplay-for-greg-v4.19-rc6' of https://github.com/ojeda/linux: MAINTAINERS: fix reference to moved drivers/{misc => auxdisplay}/panel.c commit 9ba6873e1603988adf97dd5abe18936a2aeff1fd Merge: 291d0e5d81e1 f52afc93cd01 Author: Greg Kroah-Hartman Date: Sun Sep 30 06:19:38 2018 -0700 Merge tag 'libnvdimm-fixes2-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Dan writes: "filesystem-dax for 4.19-rc6 Fix a deadlock in the new for 4.19 dax_lock_mapping_entry() routine." * tag 'libnvdimm-fixes2-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: dax: Fix deadlock in dax_lock_mapping_entry() commit 03d179a840ce9e694db9d69bb643fdee04cfd28f Author: Miguel Ojeda Date: Sun Sep 30 13:50:05 2018 +0200 MAINTAINERS: fix reference to moved drivers/{misc => auxdisplay}/panel.c Commit 51c1e9b554c9 ("auxdisplay: Move panel.c to drivers/auxdisplay folder") moved the file, but the MAINTAINERS reference was not updated. Link: https://lore.kernel.org/lkml/20180928220131.31075-1-joe@perches.com/ Reported-by: Joe Perches Signed-off-by: Miguel Ojeda commit 291d0e5d81e101392379217b06251fe8c27f1f80 Merge: e75417739b1d 133424a20777 Author: Greg Kroah-Hartman Date: Sat Sep 29 14:52:14 2018 -0700 Merge tag 'for-linus-20180929' of git://git.kernel.dk/linux-block Jens writes: "Block fixes for 4.19-rc6 A set of fixes that should go into this release. This pull request contains: - A fix (hopefully) for the persistent grants for xen-blkfront. A previous fix from this series wasn't complete, hence reverted, and this one should hopefully be it. (Boris Ostrovsky) - Fix for an elevator drain warning with SMR devices, which is triggered when you switch schedulers (Damien) - bcache deadlock fix (Guoju Fang) - Fix for the block unplug tracepoint, which has had the timer/explicit flag reverted since 4.11 (Ilya) - Fix a regression in this series where the blk-mq timeout hook is invoked with the RCU read lock held, hence preventing it from blocking (Keith) - NVMe pull from Christoph, with a single multipath fix (Susobhan Dey)" * tag 'for-linus-20180929' of git://git.kernel.dk/linux-block: xen/blkfront: correct purging of persistent grants Revert "xen/blkfront: When purging persistent grants, keep them in the buffer" blk-mq: I/O and timer unplugs are inverted in blktrace bcache: add separate workqueue for journal_write to avoid deadlock xen/blkfront: When purging persistent grants, keep them in the buffer block: fix deadline elevator drain for zoned block devices blk-mq: Allow blocking queue tag iter callbacks nvme: properly propagate errors in nvme_mpath_init commit e75417739b1de4f6eb99f3f080c67bfd6812d562 Merge: e1ce697db674 bdec8d7fa55e Author: Greg Kroah-Hartman Date: Sat Sep 29 14:34:06 2018 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Thomas writes: "A single fix for the AMD memory encryption boot code so it does not read random garbage instead of the cached encryption bit when a kexec kernel is allocated above the 32bit address limit." * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/boot: Fix kexec booting failure in the SEV bit detection code commit e1ce697db67421cc7e9a1cc1312149f3a4e08c93 Merge: af17b3aa1fea 090bcfd5d1b6 Author: Greg Kroah-Hartman Date: Sat Sep 29 14:32:49 2018 -0700 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Thomas writes: "Three small fixes for clocksource drivers: - Proper error handling in the Atmel PIT driver - Add CLOCK_SOURCE_SUSPEND_NONSTOP for TI SoCs so suspend works again - Fix the next event function for Facebook Backpack-CMM BMC chips so usleep(100) doesnt sleep several milliseconds" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: clocksource/drivers/timer-atmel-pit: Properly handle error cases clocksource/drivers/fttmr010: Fix set_next_event handler clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs commit 43955a45dc0b4f3be7f0c3afc0e080ed59bb5280 Author: Johannes Berg Date: Wed Sep 26 22:19:42 2018 +0200 netlink: fix typo in nla_parse_nested() comment Fix a simple typo: attribuets -> attributes Signed-off-by: Johannes Berg Signed-off-by: David S. Miller commit ac8bd9e13be22a3d24bfc80972d4688e3e50e457 Author: Hans de Goede Date: Wed Sep 26 22:12:39 2018 +0200 r8169: Disable clk during suspend / resume Disable the clk during suspend to save power. Note that tp->clk may be NULL, the clk core functions handle this without problems. Reviewed-by: Andy Shevchenko Tested-by: Carlo Caione Signed-off-by: Hans de Goede Signed-off-by: David S. Miller commit c333fa0c4f220f8f7ea5acd6b0ebf3bf13fd684d Author: Shahed Shaikh Date: Wed Sep 26 12:41:10 2018 -0700 qlcnic: fix Tx descriptor corruption on 82xx devices In regular NIC transmission flow, driver always configures MAC using Tx queue zero descriptor as a part of MAC learning flow. But with multi Tx queue supported NIC, regular transmission can occur on any non-zero Tx queue and from that context it uses Tx queue zero descriptor to configure MAC, at the same time TX queue zero could be used by another CPU for regular transmission which could lead to Tx queue zero descriptor corruption and cause FW abort. This patch fixes this in such a way that driver always configures learned MAC address from the same Tx queue which is used for regular transmission. Fixes: 7e2cf4feba05 ("qlcnic: change driver hardware interface mechanism") Signed-off-by: Shahed Shaikh Signed-off-by: David S. Miller commit c140eb166d681f66bd7e99fb121357db1a503e7f Author: LUU Duc Canh Date: Wed Sep 26 21:00:54 2018 +0200 tipc: fix failover problem We see the following scenario: 1) Link endpoint B on node 1 discovers that its peer endpoint is gone. Since there is a second working link, failover procedure is started. 2) Link endpoint A on node 1 sends a FAILOVER message to peer endpoint A on node 2. The node item 1->2 goes to state FAILINGOVER. 3) Linke endpoint A/2 receives the failover, and is supposed to take down its parallell link endpoint B/2, while producing a FAILOVER message to send back to A/1. 4) However, B/2 has already been deleted, so no FAILOVER message can created. 5) Node 1->2 remains in state FAILINGOVER forever, refusing to receive any messages that can bring B/1 up again. We are left with a non- redundant link between node 1 and 2. We fix this with letting endpoint A/2 build a dummy FAILOVER message to send to back to A/1, so that the situation can be resolved. Signed-off-by: LUU Duc Canh Signed-off-by: Jon Maloy Signed-off-by: David S. Miller commit af17b3aa1fea3a87d81b499b3039a4b76a668d87 Merge: 82ec752cce8b befb1b3c2703 Author: Greg Kroah-Hartman Date: Sat Sep 29 11:32:03 2018 -0700 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Thomas writes: "A single fix for a missing sanity check when a pinned event is tried to be read on the wrong CPU due to a legit event scheduling failure." * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/core: Add sanity check to deal with pinned event failure commit 418b9a353a821f5d1787fd310d2af31232e9ff32 Merge: 982d608f0f6a c530c471ba37 Author: David S. Miller Date: Sat Sep 29 11:31:30 2018 -0700 Merge branch 'net-usb-Check-for-Wake-on-LAN-modes' Florian Fainelli says: ==================== net: usb: Check for Wake-on-LAN modes Most of our USB Ethernet drivers don't seem to be checking properly whether the user is supplying a correct Wake-on-LAN mode to enter, so the experience as an user could be confusing, since it would generally lead to either no wake-up, or the device not being marked for wake-up. Please review! Changes in v2: - fixed lan78xx handling, thanks Woojung! ==================== Signed-off-by: David S. Miller commit c530c471ba37bdd9fe1c7185b01455c00ae606fb Author: Florian Fainelli Date: Fri Sep 28 16:18:56 2018 -0700 smsc95xx: Check for Wake-on-LAN modes The driver does not check for Wake-on-LAN modes specified by an user, but will conditionally set the device as wake-up enabled or not based on that, which could be a very confusing user experience. Fixes: e0e474a83c18 ("smsc95xx: add wol magic packet support") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit 9c734b2769a73eea2e9e9767c0e0bf839ff23679 Author: Florian Fainelli Date: Fri Sep 28 16:18:55 2018 -0700 smsc75xx: Check for Wake-on-LAN modes The driver does not check for Wake-on-LAN modes specified by an user, but will conditionally set the device as wake-up enabled or not based on that, which could be a very confusing user experience. Fixes: 6c636503260d ("smsc75xx: add wol magic packet support") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit f2750df1548bd8a2b060eb609fc43ca82811af4c Author: Florian Fainelli Date: Fri Sep 28 16:18:54 2018 -0700 r8152: Check for supported Wake-on-LAN Modes The driver does not check for Wake-on-LAN modes specified by an user, but will conditionally set the device as wake-up enabled or not based on that, which could be a very confusing user experience. Fixes: 21ff2e8976b1 ("r8152: support WOL") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit c5cb93e994ffb43b7b3b1ff10b9f928f54574a36 Author: Florian Fainelli Date: Fri Sep 28 16:18:53 2018 -0700 sr9800: Check for supported Wake-on-LAN modes The driver currently silently accepts unsupported Wake-on-LAN modes (other than WAKE_PHY or WAKE_MAGIC) without reporting that to the user, which is confusing. Fixes: 19a38d8e0aa3 ("USB2NET : SR9800 : One chip USB2.0 USB2NET SR9800 Device Driver Support") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit eb9ad088f96653a26b340f7c447c44cf023d5cdc Author: Florian Fainelli Date: Fri Sep 28 16:18:52 2018 -0700 lan78xx: Check for supported Wake-on-LAN modes The driver supports a fair amount of Wake-on-LAN modes, but is not checking that the user specified one that is supported. Fixes: 55d7de9de6c3 ("Microchip's LAN7800 family USB 2/3 to 10/100/1000 Ethernet device driver") Signed-off-by: Florian Fainelli Reviewed-by: Woojung Huh Signed-off-by: David S. Miller commit 5ba6b4aa9a410c5e2c6417df52b5e2118ea9b467 Author: Florian Fainelli Date: Fri Sep 28 16:18:51 2018 -0700 ax88179_178a: Check for supported Wake-on-LAN modes The driver currently silently accepts unsupported Wake-on-LAN modes (other than WAKE_PHY or WAKE_MAGIC) without reporting that to the user, which is confusing. Fixes: e2ca90c276e1 ("ax88179_178a: ASIX AX88179_178A USB 3.0/2.0 to gigabit ethernet adapter driver") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit c4ce446e33d7a0e978256ac6fea4c80e59d9de5f Author: Florian Fainelli Date: Fri Sep 28 16:18:50 2018 -0700 asix: Check for supported Wake-on-LAN modes The driver currently silently accepts unsupported Wake-on-LAN modes (other than WAKE_PHY or WAKE_MAGIC) without reporting that to the user, which is confusing. Fixes: 2e55cc7210fe ("[PATCH] USB: usbnet (3/9) module for ASIX Ethernet adapters") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit 982d608f0f6a9f2700f1a2b35538d686898f78ae Merge: f810dcece09f d6d1cd2578c4 Author: David S. Miller Date: Sat Sep 29 11:28:49 2018 -0700 Merge branch 'ieee802154-for-davem-2018-09-28' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan Stefan Schmidt says: ==================== pull-request: ieee802154 for net 2018-09-28 An update from ieee802154 for your *net* tree. Some cleanup patches throughout the drivers from the Huawei tag team Yue Haibing and Zhong Jiang. Xue is replacing some magic numbers with defines in his mcr20a driver. ==================== Signed-off-by: David S. Miller commit f810dcece09f7ae9720aeb01e25391883013047d Merge: f13d1b48b95b f334430316e7 Author: David S. Miller Date: Sat Sep 29 11:28:17 2018 -0700 Merge tag 'rxrpc-fixes-20180928' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs David Howells says: ==================== rxrpc: Fixes Here are some miscellaneous fixes for AF_RXRPC: (1) Remove a duplicate variable initialisation. (2) Fix one of the checks made when we decide to set up a new incoming service call in which a flag is being checked in the wrong field of the packet header. This check is abstracted out into helper functions. (3) Fix RTT gathering. The code has been trying to make use of socket timestamps, but wasn't actually enabling them. The code has also been recording a transmit time for the outgoing packet for which we're going to measure the RTT after sending the message - but we can get the incoming packet before we get to that and record a negative RTT. (4) Fix the emission of BUSY packets (we are emitting ABORTs instead). (5) Improve error checking on incoming packets. (6) Try to fix a bug in new service call handling whereby a BUG we should never be able to reach somehow got triggered. Do this by moving much of the checking as early as possible and not repeating it later (depends on (5) above). (7) Fix the sockopts set on a UDP6 socket to include the ones set on a UDP4 socket so that we receive UDP4 errors and packet-too-large notifications too. (8) Fix the distribution of errors so that we do it at the point of receiving an error in the UDP callback rather than deferring it thereby cutting short any transmissions that would otherwise occur in the window. ==================== Signed-off-by: David S. Miller commit 82ec752cce8b19b69efcfc96303b2ed33e01fd48 Merge: 7a6878bb4e7a d51aea13dd67 Author: Greg Kroah-Hartman Date: Sat Sep 29 06:50:36 2018 -0700 Merge tag 'pm-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Rafael writes: "Power management fix for 4.19-rc6 Fix incorrect __init and __exit annotations in the Qualcomm Kryo cpufreq driver (Nathan Chancellor)." * tag 'pm-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: qcom-kryo: Fix section annotations commit d51aea13dd6753186a2bea7619029c460bdf0c4c Author: Nathan Chancellor Date: Wed Sep 19 17:22:21 2018 -0700 cpufreq: qcom-kryo: Fix section annotations There is currently a warning when building the Kryo cpufreq driver into the kernel image: WARNING: vmlinux.o(.text+0x8aa424): Section mismatch in reference from the function qcom_cpufreq_kryo_probe() to the function .init.text:qcom_cpufreq_kryo_get_msm_id() The function qcom_cpufreq_kryo_probe() references the function __init qcom_cpufreq_kryo_get_msm_id(). This is often because qcom_cpufreq_kryo_probe lacks a __init annotation or the annotation of qcom_cpufreq_kryo_get_msm_id is wrong. Remove the '__init' annotation from qcom_cpufreq_kryo_get_msm_id so that there is no more mismatch warning. Additionally, Nick noticed that the remove function was marked as '__init' when it should really be marked as '__exit'. Fixes: 46e2856b8e18 (cpufreq: Add Kryo CPU scaling driver) Fixes: 5ad7346b4ae2 (cpufreq: kryo: Add module remove and exit) Reported-by: Nick Desaulniers Signed-off-by: Nathan Chancellor Acked-by: Viresh Kumar Cc: 4.18+ # 4.18+ Signed-off-by: Rafael J. Wysocki commit 7a6878bb4e7ac410b8748e115df8265cf32b1be3 Merge: e704966c45e4 974c24c5bed7 Author: Greg Kroah-Hartman Date: Sat Sep 29 02:52:24 2018 -0700 Merge tag 'dma-mapping-4.19-3' of git://git.infradead.org/users/hch/dma-mapping Christoph writes: "dma mapping fix for 4.19-rc6 fix a missing Kconfig symbol for commits introduced in 4.19-rc" * tag 'dma-mapping-4.19-3' of git://git.infradead.org/users/hch/dma-mapping: dma-mapping: add the missing ARCH_HAS_SYNC_DMA_FOR_CPU_ALL declaration commit 561295a32579e2db3b22f74d1f45d5c4c4fd9375 Author: Brian Foster Date: Sat Sep 29 13:51:01 2018 +1000 iomap: set page dirty after partial delalloc on mkwrite The iomap page fault mechanism currently dirties the associated page after the full block range of the page has been allocated. This leaves the page susceptible to delayed allocations without ever being set dirty on sub-page block sized filesystems. For example, consider a page fault on a page with one preexisting real (non-delalloc) block allocated in the middle of the page. The first iomap_apply() iteration performs delayed allocation on the range up to the preexisting block, the next iteration finds the preexisting block, and the last iteration attempts to perform delayed allocation on the range after the prexisting block to the end of the page. If the first allocation succeeds and the final allocation fails with -ENOSPC, iomap_apply() returns the error and iomap_page_mkwrite() fails to dirty the page having already performed partial delayed allocation. This eventually results in the page being invalidated without ever converting the delayed allocation to real blocks. This problem is reliably reproduced by generic/083 on XFS on ppc64 systems (64k page size, 4k block size). It results in leaked delalloc blocks on inode reclaim, which triggers an assert failure in xfs_fs_destroy_inode() and filesystem accounting inconsistency. Move the set_page_dirty() call from iomap_page_mkwrite() to the actor callback, similar to how the buffer head implementation works. The actor callback is called iff ->iomap_begin() returns success, so ensures the page is dirtied as soon as possible after an allocation. Signed-off-by: Brian Foster Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner commit ec2ed0b5e96fea2a4539bd7f7f43499ecd45be8b Author: Brian Foster Date: Sat Sep 29 13:50:41 2018 +1000 xfs: remove invalid log recovery first/last cycle check One of the first steps of log recovery is to check for the special case of a zeroed log. If the first cycle in the log is zero or the tail portion of the log is zeroed, the head is set to the first instance of cycle 0. xlog_find_zeroed() includes a sanity check that enforces that the first cycle in the log must be 1 if the last cycle is 0. While this is true in most cases, the check is not totally valid because it doesn't consider the case where the filesystem crashed after a partial/out of order log buffer completion that wraps around the end of the physical log. For example, consider a filesystem that has completed most of the first cycle of the log, reaches the end of the physical log and splits the next single log buffer write into two in order to wrap around the end of the log. If these I/Os are reordered, the second (wrapped) I/O completes and the first happens to fail, the log is left in a state where the last cycle of the log is 0 and the first cycle is 2. This causes the xlog_find_zeroed() sanity check to fail and prevents the filesystem from mounting. This situation has been reproduced on particular systems via repeated runs of generic/475. This is an expected state that log recovery already knows how to deal with, however. Since the log is still partially zeroed, the head is detected correctly and points to a valid tail. The subsequent stale block detection clears blocks beyond the head up to the tail (within a maximum range), with the express purpose of clearing such out of order writes. As expected, this removes the out of order cycle 2 blocks at the physical start of the log. In other words, the only thing that prevents a clean mount and recovery of the filesystem in this scenario is the specific (last == 0 && first != 1) sanity check in xlog_find_zeroed(). Since the log head/tail are now independently validated via cycle, log record and CRC checks, this highly specific first cycle check is of dubious value. Remove it and rely on the higher level validation to determine whether log content is sane and recoverable. Signed-off-by: Brian Foster Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner commit 339e1a3fcdd1990e5ec115325ccb4c6f4cc5ee16 Author: Eric Sandeen Date: Sat Sep 29 13:50:13 2018 +1000 xfs: validate inode di_forkoff Verify the inode di_forkoff, lifted from xfs_repair's process_check_inode_forkoff(). Signed-off-by: Eric Sandeen Reviewed-by: Brian Foster Signed-off-by: Dave Chinner commit f5f3f959b70b272dfe2d05758e43ae52f5ff7748 Author: Christoph Hellwig Date: Sat Sep 29 13:49:58 2018 +1000 xfs: skip delalloc COW blocks in xfs_reflink_end_cow The iomap direct I/O code issues a single ->end_io call for the whole I/O request, and if some of the extents cowered needed a COW operation it will call xfs_reflink_end_cow over the whole range. When we do AIO writes we drop the iolock after doing the initial setup, but before the I/O completion. Between dropping the lock and completing the I/O we can have a racing buffered write create new delalloc COW fork extents in the region covered by the outstanding direct I/O write, and thus see delalloc COW fork extents in xfs_reflink_end_cow. As concurrent writes are fundamentally racy and no guarantees are given we can simply skip those. This can be easily reproduced with xfstests generic/208 in always_cow mode. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner commit f369a13cead821e679c7415dc66a17ec48cc26bf Author: Eric Sandeen Date: Sat Sep 29 13:49:00 2018 +1000 xfs: don't treat unknown di_flags2 as corruption in scrub xchk_inode_flags2() currently treats any di_flags2 values that the running kernel doesn't recognize as corruption, and calls xchk_ino_set_corrupt() if they are set. However, it's entirely possible that these flags were set in some newer kernel and are quite valid, but ignored in this kernel. (Validators don't care one bit about unknown di_flags2.) Call xchk_ino_set_warning instead, because this may or may not actually indicate a problem. Signed-off-by: Eric Sandeen Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner commit 2863c2ebc4f45d2bc150016f36e2f31c155597e8 Author: YueHaibing Date: Sat Sep 29 13:48:21 2018 +1000 xfs: remove duplicated include from alloc.c Remove duplicated include xfs_alloc.h Signed-off-by: YueHaibing Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner commit 0065b54119973c9089f8222c1c8f9237ed9787a9 Author: Christoph Hellwig Date: Sat Sep 29 13:47:46 2018 +1000 xfs: don't bring in extents in xfs_bmap_punch_delalloc_range This function is only used to punch out delayed allocations on I/O failure, which means we need to have read the extents earlier. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner commit df307077916fde42734a49022fc8ed23cc58caa4 Author: Dave Chinner Date: Sat Sep 29 13:47:15 2018 +1000 xfs: fix transaction leak in xfs_reflink_allocate_cow() When xfs_reflink_allocate_cow() allocates a transaction, it drops the ILOCK to perform the operation. This Introduces a race condition where another thread modifying the file can perform the COW allocation operation underneath us. This result in the retry loop finding an allocated block and jumping straight to the conversion code. It does not, however, cancel the transaction it holds and so this gets leaked. This results in a lockdep warning: ================================================ WARNING: lock held when returning to user space! 4.18.5 #1 Not tainted ------------------------------------------------ worker/6123 is leaving the kernel with locks still held! 1 lock held by worker/6123: #0: 000000009eab4f1b (sb_internal#2){.+.+}, at: xfs_trans_alloc+0x17c/0x220 And eventually the filesystem deadlocks because it runs out of log space that is reserved by the leaked transaction and never gets released. The logic flow in xfs_reflink_allocate_cow() is a convoluted mess of gotos - it's no surprise that it has bug where the flow through several goto jumps then fails to clean up context from a non-obvious logic path. CLean up the logic flow and make sure every path does the right thing. Reported-by: Alexander Y. Fomichev Tested-by: Alexander Y. Fomichev Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200981 Signed-off-by: Dave Chinner [hch: slight refactor] Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner commit 8683edb7755b853f0dd92e07fe2e7a7e675a84d7 Author: Dave Chinner Date: Sat Sep 29 13:46:21 2018 +1000 xfs: avoid lockdep false positives in xfs_trans_alloc We've had a few reports of lockdep tripping over memory reclaim context vs filesystem freeze "deadlocks". They all have looked to be false positives on analysis, but it seems that they are being tripped because we take freeze references before we run a GFP_KERNEL allocation for the struct xfs_trans. We can avoid this false positive vector just by re-ordering the operations in xfs_trans_alloc(). That is. we need allocate the structure before we take the freeze reference and enter the GFP_NOFS allocation context that follows the xfs_trans around. This prevents lockdep from seeing the GFP_KERNEL allocation inside the transaction context, and that prevents it from triggering the freeze level vs alloc context vs reclaim warnings. Signed-off-by: Dave Chinner Reviewed-by: Brian Foster Reviewed-by: Christoph Hellwig commit 95808459b110f16b50f03a70ecfa72bb14bd8a96 Author: Brian Foster Date: Sat Sep 29 13:45:26 2018 +1000 xfs: refactor xfs_buf_log_item reference count handling The xfs_buf_log_item structure has a reference counter with slightly tricky semantics. In the common case, a buffer is logged and committed in a transaction, committed to the on-disk log (added to the AIL) and then finally written back and removed from the AIL. The bli refcount covers two potentially overlapping timeframes: 1. the bli is held in an active transaction 2. the bli is pinned by the log The caveat to this approach is that the reference counter does not purely dictate the lifetime of the bli. IOW, when a dirty buffer is physically logged and unpinned, the bli refcount may go to zero as the log item is inserted into the AIL. Only once the buffer is written back can the bli finally be freed. The above semantics means that it is not enough for the various refcount decrementing contexts to release the bli on decrement to zero. xfs_trans_brelse(), transaction commit (->iop_unlock()) and unpin (->iop_unpin()) must all drop the associated reference and make additional checks to determine if the current context is responsible for freeing the item. For example, if a transaction holds but does not dirty a particular bli, the commit may drop the refcount to zero. If the bli itself is clean, it is also not AIL resident and must be freed at this time. The same is true for xfs_trans_brelse(). If the transaction dirties a bli and then aborts or an unpin results in an abort due to a log I/O error, the last reference count holder is expected to explicitly remove the item from the AIL and release it (since an abort means filesystem shutdown and metadata writeback will never occur). This leads to fairly complex checks being replicated in a few different places. Since ->iop_unlock() and xfs_trans_brelse() are nearly identical, refactor the logic into a common helper that implements and documents the semantics in one place. This patch does not change behavior. Signed-off-by: Brian Foster Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner commit 23420d05e67d23728e116321c4afe084ebfa6427 Author: Brian Foster Date: Sat Sep 29 13:45:02 2018 +1000 xfs: clean up xfs_trans_brelse() xfs_trans_brelse() is a bit of a historical mess, similar to xfs_buf_item_unlock(). It is unnecessarily verbose, has snippets of commented out code, inconsistency with regard to stale items, etc. Clean up xfs_trans_brelse() to use similar logic and flow as xfs_buf_item_unlock() with regard to bli reference count handling. This patch makes no functional changes, but facilitates further refactoring of the common bli reference count handling code. Signed-off-by: Brian Foster Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner commit d9183105caa926522a4bc8a40e162de7019f1a21 Author: Brian Foster Date: Sat Sep 29 13:44:40 2018 +1000 xfs: don't unlock invalidated buf on aborted tx commit xfstests generic/388,475 occasionally reproduce assertion failures in xfs_buf_item_unpin() when the final bli reference is dropped on an invalidated buffer and the buffer is not locked as it is expected to be. Invalidated buffers should remain locked on transaction commit until the final unpin, at which point the buffer is removed from the AIL and the bli is freed since stale buffers are not written back. The assert failures are associated with filesystem shutdown, typically due to log I/O errors injected by the test. The problematic situation can occur if the shutdown happens to cause a race between an active transaction that has invalidated a particular buffer and an I/O error on a log buffer that contains the bli associated with the same (now stale) buffer. Both transaction and log contexts acquire a bli reference. If the transaction has already invalidated the buffer by the time the I/O error occurs and ends up aborting due to shutdown, the transaction and log hold the last two references to a stale bli. If the transaction cancel occurs first, it treats the buffer as non-stale due to the aborted state: the bli reference is dropped and the buffer is released/unlocked. The log buffer I/O error handling eventually calls into xfs_buf_item_unpin(), drops the final reference to the bli and treats it as stale. The buffer wasn't left locked by xfs_buf_item_unlock(), however, so the assert fails and the buffer is double unlocked. The latter problem is mitigated by the fact that the fs is shutdown and no further damage is possible. ->iop_unlock() of an invalidated buffer should behave consistently with respect to the bli refcount, regardless of aborted state. If the refcount remains elevated on commit, we know the bli is awaiting an unpin (since it can't be in another transaction) and will be handled appropriately on log buffer completion. If the final bli reference of an invalidated buffer is dropped in ->iop_unlock(), we can assume the transaction has aborted because invalidation implies a dirty transaction. In the non-abort case, the log would have acquired a bli reference in ->iop_pin() and prevented bli release at ->iop_unlock() time. In the abort case the item must be freed and buffer unlocked because it wasn't pinned by the log. Rework xfs_buf_item_unlock() to simplify the currently circuitous and duplicate logic and leave invalidated buffers locked based on bli refcount, regardless of aborted state. This ensures that a pinned, stale buffer is always found locked when eventually unpinned. Signed-off-by: Brian Foster Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner commit d5a2e2893da0d62c3888c91ae2da798adc17a9b9 Author: Brian Foster Date: Sat Sep 29 13:41:58 2018 +1000 xfs: remove last of unnecessary xfs_defer_cancel() callers Now that deferred operations are completely managed via transactions, it's no longer necessary to cancel the dfops in error paths that already cancel the associated transaction. There are a few such calls lingering throughout the codebase. Remove all remaining unnecessary calls to xfs_defer_cancel(). This leaves xfs_defer_cancel() calls in two places. The first is the call in the transaction cancel path itself, which facilitates this patch. The second is made via the xfs_defer_finish() error path to provide consistent error semantics with transaction commit. For example, xfs_trans_commit() expects an xfs_defer_finish() failure to clean up the dfops structure before it returns. Signed-off-by: Brian Foster Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner commit ae29478766f4c8e16edca6fe1e25d73c47991ebe Author: Darrick J. Wong Date: Sat Sep 29 13:40:40 2018 +1000 xfs: don't crash the vfs on a garbage inline symlink The VFS routine that calls ->get_link blindly copies whatever's returned into the user's buffer. If we return a NULL pointer, the vfs will crash on the null pointer. Therefore, return -EFSCORRUPTED instead of blowing up the kernel. [dgc: clean up with hch's suggestions] Reported-by: wen.xu@gatech.edu Signed-off-by: Darrick J. Wong Reviewed-by: Allison Henderson Signed-off-by: Dave Chinner commit e704966c45e48d0220d1ee5e463034ae493a95b2 Merge: 2f19e7a7e63a 4fef1250eafd Author: Greg Kroah-Hartman Date: Fri Sep 28 18:04:50 2018 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Dmitry writes: "Input updates for v4.19-rc5 Just a few driver fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: uinput - allow for max == min during input_absinfo validation Input: elantech - enable middle button of touchpad on ThinkPad P72 Input: atakbd - fix Atari CapsLock behaviour Input: atakbd - fix Atari keymap Input: egalax_ts - add system wakeup support Input: gpio-keys - fix a documentation index issue commit 2f19e7a7e63a04f4bbaf327d9d0e69ac800b2b8f Merge: 8f0566118e2d c949a8e8b43f Author: Greg Kroah-Hartman Date: Fri Sep 28 18:04:06 2018 -0700 Merge tag 'spi-fix-v4.19-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Mark writes: "spi: Fixes for v4.19 Quite a few fixes for the Renesas drivers in here, plus a fix for the Tegra driver and some documentation fixes for the recently added spi-mem code. The Tegra fix is relatively large but fairly straightforward and mechanical, it runs on probe so it's been reasonably well covered in -next testing." * tag 'spi-fix-v4.19-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: spi-mem: Move the DMA-able constraint doc to the kerneldoc header spi: spi-mem: Add missing description for data.nbytes field spi: rspi: Fix interrupted DMA transfers spi: rspi: Fix invalid SPI use during system suspend spi: sh-msiof: Fix handling of write value for SISTR register spi: sh-msiof: Fix invalid SPI use during system suspend spi: gpio: Fix copy-and-paste error spi: tegra20-slink: explicitly enable/disable clock commit 8f0566118e2def0bb8e05de8b19942e9e8111c9a Merge: f005de0183de fb6de923ca33 Author: Greg Kroah-Hartman Date: Fri Sep 28 18:02:25 2018 -0700 Merge tag 'regulator-v4.19-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Mark writes: "regulator: Fixes for 4.19 A collection of fairly minor bug fixes here, a couple of driver specific ones plus two core fixes. There's one fix for the new suspend state code which fixes some confusion with constant values that are supposed to indicate noop operation and another fixing a race condition with the creation of sysfs files on new regulators." * tag 'regulator-v4.19-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: regulator: fix crash caused by null driver data regulator: Fix 'do-nothing' value for regulators without suspend state regulator: da9063: fix DT probing with constraints regulator: bd71837: Disable voltage monitoring for LDO3/4 commit f005de0183de4c3df509f7a437a04774461f4c02 Merge: 900915f9036f 7e0cf1c983b5 Author: Greg Kroah-Hartman Date: Fri Sep 28 17:43:32 2018 -0700 Merge tag 'powerpc-4.19-3' of https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Michael writes: "powerpc fixes for 4.19 #3 A reasonably big batch of fixes due to me being away for a few weeks. A fix for the TM emulation support on Power9, which could result in corrupting the guest r11 when running under KVM. Two fixes to the TM code which could lead to userspace GPR corruption if we take an SLB miss at exactly the wrong time. Our dynamic patching code had a bug that meant we could patch freed __init text, which could lead to corrupting userspace memory. csum_ipv6_magic() didn't work on little endian platforms since we optimised it recently. A fix for an endian bug when reading a device tree property telling us how many storage keys the machine has available. Fix a crash seen on some configurations of PowerVM when migrating the partition from one machine to another. A fix for a regression in the setup of our CPU to NUMA node mapping in KVM guests. A fix to our selftest Makefiles to make them work since a recent change to the shared Makefile logic." * tag 'powerpc-4.19-3' of https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: selftests/powerpc: Fix Makefiles for headers_install change powerpc/numa: Use associativity if VPHN hcall is successful powerpc/tm: Avoid possible userspace r1 corruption on reclaim powerpc/tm: Fix userspace r13 corruption powerpc/pseries: Fix unitialized timer reset on migration powerpc/pkeys: Fix reading of ibm, processor-storage-keys property powerpc: fix csum_ipv6_magic() on little endian platforms powerpc/powernv/ioda2: Reduce upper limit for DMA window size (again) powerpc: Avoid code patching freed init sections KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds commit 900915f9036fbf029d899432af96d39fcaaa7b54 Merge: f151f57bfd97 72923e5488f0 Author: Greg Kroah-Hartman Date: Fri Sep 28 17:42:44 2018 -0700 Merge tag 'pinctrl-v4.19-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Linus writes: "Pin control fixes for v4.19: - Fixes to x86 hardware: - AMD interrupt debounce issues - Faulty Intel cannonlake register offset - Revert pin translation IRQ locking" * tag 'pinctrl-v4.19-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: Revert "pinctrl: intel: Do pin translation when lock IRQ" pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type commit 573bcd380921b5216b62dcd072ec426f5ecbeb9d Author: Bjorn Helgaas Date: Fri Sep 28 17:34:21 2018 -0500 MAINTAINERS: Remove obsolete drivers/pci pattern from ACPI section Prior to 256a45937093 ("PCI/AER: Squash aerdrv_acpi.c into aerdrv.c"), drivers/pci/pcie/aer/aerdrv_acpi.c contained code to parse the ACPI HEST table. That code now lives in drivers/pci/pcie/aer.c. Remove the "F: drivers/pci/*/*/*acpi*" pattern because it matches nothing. We could add a "F: drivers/pci/pcie/aer.c" pattern to the ACPI APEI section, but that file sees a lot of changes, almost none of which are of interest to the ACPI folks. Signed-off-by: Bjorn Helgaas Acked-by: Rafael J. Wysocki commit befb1b3c2703897c5b8ffb0044dc5d0e5f27c5d7 Author: Reinette Chatre Date: Wed Sep 19 10:29:06 2018 -0700 perf/core: Add sanity check to deal with pinned event failure It is possible that a failure can occur during the scheduling of a pinned event. The initial portion of perf_event_read_local() contains the various error checks an event should pass before it can be considered valid. Ensure that the potential scheduling failure of a pinned event is checked for and have a credible error. Suggested-by: Peter Zijlstra Signed-off-by: Reinette Chatre Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Cc: fenghua.yu@intel.com Cc: tony.luck@intel.com Cc: acme@kernel.org Cc: gavin.hindman@intel.com Cc: jithu.joseph@intel.com Cc: dave.hansen@intel.com Cc: hpa@zytor.com Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/6486385d1f30336e9973b24c8c65f5079543d3d3.1537377064.git.reinette.chatre@intel.com commit 951d223c6c16ed5d2a71a4d1f13c1e65d6882156 Author: Paul Burton Date: Thu Sep 27 22:59:18 2018 +0000 MIPS: Fix CONFIG_CMDLINE handling Commit 8ce355cf2e38 ("MIPS: Setup boot_command_line before plat_mem_setup") fixed a problem for systems which have CONFIG_CMDLINE_BOOL=y & use a DT with a chosen node that has either no bootargs property or an empty one. In this configuration early_init_dt_scan_chosen() copies CONFIG_CMDLINE into boot_command_line, but the MIPS code doesn't know this so it appends CONFIG_CMDLINE (via builtin_cmdline) to boot_command_line again. The result is that boot_command_line contains the arguments from CONFIG_CMDLINE twice. That commit took the approach of simply setting up boot_command_line from the MIPS code before early_init_dt_scan_chosen() runs, causing it not to copy CONFIG_CMDLINE to boot_command_line if a chosen node with no bootargs property is found. Unfortunately this is problematic for systems which do have a non-empty bootargs property & CONFIG_CMDLINE_BOOL=y. There early_init_dt_scan_chosen() will overwrite boot_command_line with the arguments from DT, which means we lose those from CONFIG_CMDLINE entirely. This breaks CONFIG_MIPS_CMDLINE_DTB_EXTEND. If we have CONFIG_MIPS_CMDLINE_FROM_BOOTLOADER or CONFIG_MIPS_CMDLINE_BUILTIN_EXTEND selected and the DT has a bootargs property which we should ignore, it will instead be honoured breaking those configurations too. Fix this by reverting commit 8ce355cf2e38 ("MIPS: Setup boot_command_line before plat_mem_setup") to restore the former behaviour, and fixing the CONFIG_CMDLINE duplication issue by initializing boot_command_line to a non-empty string that early_init_dt_scan_chosen() will not overwrite with CONFIG_CMDLINE. This is a little ugly, but cleanup in this area is on its way. In the meantime this is at least easy to backport & contains the ugliness within arch/mips/. Signed-off-by: Paul Burton Fixes: 8ce355cf2e38 ("MIPS: Setup boot_command_line before plat_mem_setup") References: https://patchwork.linux-mips.org/patch/18804/ Patchwork: https://patchwork.linux-mips.org/patch/20813/ Cc: Frank Rowand Cc: Jaedon Shin Cc: Mathieu Malaterre Cc: Rob Herring Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org # v4.16+ commit ea7e0480a4b695d0aa6b3fa99bd658a003122113 Author: Paul Burton Date: Tue Sep 25 15:51:26 2018 -0700 MIPS: VDSO: Always map near top of user memory When using the legacy mmap layout, for example triggered using ulimit -s unlimited, get_unmapped_area() fills memory from bottom to top starting from a fairly low address near TASK_UNMAPPED_BASE. This placement is suboptimal if the user application wishes to allocate large amounts of heap memory using the brk syscall. With the VDSO being located low in the user's virtual address space, the amount of space available for access using brk is limited much more than it was prior to the introduction of the VDSO. For example: # ulimit -s unlimited; cat /proc/self/maps 00400000-004ec000 r-xp 00000000 08:00 71436 /usr/bin/coreutils 004fc000-004fd000 rwxp 000ec000 08:00 71436 /usr/bin/coreutils 004fd000-0050f000 rwxp 00000000 00:00 0 00cc3000-00ce4000 rwxp 00000000 00:00 0 [heap] 2ab96000-2ab98000 r--p 00000000 00:00 0 [vvar] 2ab98000-2ab99000 r-xp 00000000 00:00 0 [vdso] 2ab99000-2ab9d000 rwxp 00000000 00:00 0 ... Resolve this by adjusting STACK_TOP to reserve space for the VDSO & providing an address hint to get_unmapped_area() causing it to use this space even when using the legacy mmap layout. We reserve enough space for the VDSO, plus 1MB or 256MB for 32 bit & 64 bit systems respectively within which we randomize the VDSO base address. Previously this randomization was taken care of by the mmap base address randomization performed by arch_mmap_rnd(). The 1MB & 256MB sizes are somewhat arbitrary but chosen such that we have some randomization without taking up too much of the user's virtual address space, which is often in short supply for 32 bit systems. With this the VDSO is always mapped at a high address, leaving lots of space for statically linked programs to make use of brk: # ulimit -s unlimited; cat /proc/self/maps 00400000-004ec000 r-xp 00000000 08:00 71436 /usr/bin/coreutils 004fc000-004fd000 rwxp 000ec000 08:00 71436 /usr/bin/coreutils 004fd000-0050f000 rwxp 00000000 00:00 0 00c28000-00c49000 rwxp 00000000 00:00 0 [heap] ... 7f67c000-7f69d000 rwxp 00000000 00:00 0 [stack] 7f7fc000-7f7fd000 rwxp 00000000 00:00 0 7fcf1000-7fcf3000 r--p 00000000 00:00 0 [vvar] 7fcf3000-7fcf4000 r-xp 00000000 00:00 0 [vdso] Signed-off-by: Paul Burton Reported-by: Huacai Chen Fixes: ebb5e78cc634 ("MIPS: Initial implementation of a VDSO") Cc: Huacai Chen Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org # v4.4+ commit f13d1b48b95bdafce6f9ad2cccbb9a6494f5a049 Merge: 05c5e9ff22e3 0c3b9d1b37df Author: David S. Miller Date: Fri Sep 28 11:12:29 2018 -0700 Merge branch 'netpoll-second-round-of-fixes' Eric Dumazet says: ==================== netpoll: second round of fixes. As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture, showing one ksoftirqd eating all cycles can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. It seems that all networking drivers that do use NAPI for their TX completions, should not provide a ndo_poll_controller() : Most NAPI drivers have netpoll support already handled in core networking stack, since netpoll_poll_dev() uses poll_napi(dev) to iterate through registered NAPI contexts for a device. First patch is a fix in poll_one_napi(). Then following patches take care of ten drivers. ==================== Signed-off-by: David S. Miller commit 0c3b9d1b37df16ae6046a5a01f769bf3d21b838c Author: Eric Dumazet Date: Thu Sep 27 09:32:01 2018 -0700 ibmvnic: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. ibmvnic uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. ibmvnic_netpoll_controller() was completely wrong anyway, as it was scheduling NAPI to service RX queues (instead of TX), so I doubt netpoll ever worked on this driver. Signed-off-by: Eric Dumazet Cc: Thomas Falcon Cc: John Allen Signed-off-by: David S. Miller commit a4f570be654de779eaf626a79c4e0aa5a790505f Author: Eric Dumazet Date: Thu Sep 27 09:32:00 2018 -0700 sfc-falcon: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. sfc-falcon uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Solarflare linux maintainers Cc: Edward Cree Cc: Bert Kenward Acked-By: Bert Kenward Signed-off-by: David S. Miller commit 9447a10ff607debe5e30cc438fb56925a559b9d9 Author: Eric Dumazet Date: Thu Sep 27 09:31:59 2018 -0700 sfc: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. sfc uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Edward Cree Cc: Bert Kenward Cc: Solarflare linux maintainers Acked-By: Bert Kenward Signed-off-by: David S. Miller commit 21627982e4fff76a053f4d08d7fb56e532e08d52 Author: Eric Dumazet Date: Thu Sep 27 09:31:58 2018 -0700 net: ena: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. ena uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Netanel Belgazal Cc: Saeed Bishara Cc: Zorik Machulsky Signed-off-by: David S. Miller commit 3548fcf7d877c682c9a5a413c51929739192156d Author: Eric Dumazet Date: Thu Sep 27 09:31:57 2018 -0700 qlogic: netxen: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. netxen uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Manish Chopra Cc: Rahul Verma Signed-off-by: David S. Miller commit 81b059b2187d77b957bf85318dbd4f36d60555e3 Author: Eric Dumazet Date: Thu Sep 27 09:31:56 2018 -0700 qlcnic: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. qlcnic uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Harish Patil Cc: Manish Chopra Signed-off-by: David S. Miller commit 260dd2c3e2aeefbe78065f0737dceae1ceb1196a Author: Eric Dumazet Date: Thu Sep 27 09:31:55 2018 -0700 virtio_net: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. virto_net uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: "Michael S. Tsirkin" Cc: Jason Wang Signed-off-by: David S. Miller commit 4bd2c03be707253f1157bd759fdd6971e4f70403 Author: Eric Dumazet Date: Thu Sep 27 09:31:54 2018 -0700 net: hns: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. hns uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Yisen Zhuang Cc: Salil Mehta Signed-off-by: David S. Miller commit 226a2dd62c5d789088fcf7804fbe5613887870a5 Author: Eric Dumazet Date: Thu Sep 27 09:31:53 2018 -0700 ehea: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. ehea uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Douglas Miller Signed-off-by: David S. Miller commit e71fb423e0dea3c9f98f0101e965426edfe849cd Author: Eric Dumazet Date: Thu Sep 27 09:31:52 2018 -0700 hinic: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. hinic uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Note that hinic_netpoll() was incorrectly scheduling NAPI on both RX and TX queues. Signed-off-by: Eric Dumazet Cc: Aviad Krawczyk Signed-off-by: David S. Miller commit c24498c6827b71f80fecc9fb1b70a792053d41a9 Author: Eric Dumazet Date: Thu Sep 27 09:31:51 2018 -0700 netpoll: do not test NAPI_STATE_SCHED in poll_one_napi() Since we do no longer require NAPI drivers to provide an ndo_poll_controller(), napi_schedule() has not been done before poll_one_napi() invocation. So testing NAPI_STATE_SCHED is likely to cause early returns. While we are at it, remove outdated comment. Note to future bisections : This change might surface prior bugs in drivers. See commit 73f21c653f93 ("bnxt_en: Fix TX timeout during netpoll.") for one occurrence. Fixes: ac3d9dd034e5 ("netpoll: make ndo_poll_controller() optional") Signed-off-by: Eric Dumazet Tested-by: Song Liu Cc: Michael Chan Signed-off-by: David S. Miller commit 05c5e9ff22e33cb9706b20fd3cf33b802f7edbf6 Merge: 5f672090e44f 1222a1601488 Author: David S. Miller Date: Fri Sep 28 10:41:59 2018 -0700 Merge tag 'mac80211-for-davem-2018-09-27' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== More patches than I'd like perhaps, but each seems reasonable: * two new spectre-v1 mitigations in nl80211 * TX status fix in general, and mesh in particular * powersave vs. offchannel fix * regulatory initialization fix * fix for a queue hang due to a bad return value * allocate TXQs for active monitor interfaces, fixing my earlier patch to avoid unnecessary allocations where I missed this case needed them * fix TDLS data frames priority assignment * fix scan results processing to take into account duplicate channel numbers (over different operating classes, but we don't necessarily know the operating class) * various hwsim fixes for radio destruction and new radio announcement messages * remove an extraneous kernel-doc line ==================== Signed-off-by: David S. Miller commit 5f672090e44f4951084c5e1d6b0668a5fc422af8 Author: Sudarsana Reddy Kalluru Date: Thu Sep 27 04:12:10 2018 -0700 qed: Fix shmem structure inconsistency between driver and the mfw. The structure shared between driver and the management FW (mfw) differ in sizes. This would lead to issues when driver try to access the structure members which are not-aligned with the mfw copy e.g., data_ptr usage in the case of mfw_tlv request. Align the driver structure with mfw copy, add reserved field(s) to driver structure for the members not used by the driver. Fixes: dd006921d67f ("qed: Add MFW interfaces for TLV request support.) Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Michal Kalderon commit cb973127a793c5ade8102aa4ab7bb5e4b1e64190 Author: Sudarsana Reddy Kalluru Date: Wed Sep 26 21:57:03 2018 -0700 Update maintainers for bnx2/bnx2x/qlge/qlcnic drivers. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Ameen Rahman Signed-off-by: David S. Miller commit ce7d17d6c607aa0d898f4712e75e27d319816b3b Author: Stephen Hemminger Date: Thu Sep 27 10:47:01 2018 +0200 MAINTAINERS: change bridge maintainers I haven't been doing reviews only but not active development on bridge code for several years. Roopa and Nikolay have been doing most of the new features and have agreed to take over as new co-maintainers. Signed-off-by: Stephen Hemminger Acked-by: Roopa Prabhu Acked-by: Nikolay Aleksandrov commit 26258cb3a1acc10f81ca439297e4b890815d9a71 Merge: d4ce58082f20 048a7f8b4ec0 Author: David S. Miller Date: Fri Sep 28 10:27:33 2018 -0700 Merge branch 's390-qeth-fixes' Julian Wiedmann says: ==================== s390/qeth: fixes 2019-09-26 please apply two qeth patches for -net. The first is a trivial cleanup required for patch #2 by Jean, which fixes a potential endless loop. ==================== Signed-off-by: David S. Miller commit 048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9 Author: Jean Delvare Date: Wed Sep 26 18:07:10 2018 +0200 s390: qeth: Fix potential array overrun in cmd/rc lookup Functions qeth_get_ipa_msg and qeth_get_ipa_cmd_name are modifying the last member of global arrays without any locking that I can see. If two instances of either function are running at the same time, it could cause a race ultimately leading to an array overrun (the contents of the last entry of the array is the only guarantee that the loop will ever stop). Performing the lookups without modifying the arrays is admittedly slower (two comparisons per iteration instead of one) but these are operations which are rare (should only be needed in error cases or when debugging, not during successful operation) and it seems still less costly than introducing a mutex to protect the arrays in question. As a side bonus, it allows us to declare both arrays as const data. Signed-off-by: Jean Delvare Cc: Julian Wiedmann Cc: Ursula Braun Cc: Martin Schwidefsky Cc: Heiko Carstens Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit 065a2cdcbdf8eb9aefb66e1a24b2d684b8b8852b Author: zhong jiang Date: Wed Sep 26 18:07:09 2018 +0200 s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function Use the common code ARRAY_SIZE macro instead of a private implementation. Reviewed-by: Jean Delvare Signed-off-by: zhong jiang Signed-off-by: Martin Schwidefsky Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit f151f57bfd97fb8c76bbef9e181ecba5dd750f2a Merge: ed1b3f4c4fc3 fcb1349a2af5 Author: Greg Kroah-Hartman Date: Fri Sep 28 18:55:17 2018 +0200 Merge tag 'drm-fixes-2018-09-28' of git://anongit.freedesktop.org/drm/drm Dave writes: "drm fixes for 4.19-rc6 Looks like a pretty normal week for graphics, core: syncobj fix, panel link regression revert amd: suspend/resume fixes, EDID emulation fix mali-dp: NV12 writeback and vblank reset fixes etnaviv: DMA setup fix" * tag 'drm-fixes-2018-09-28' of git://anongit.freedesktop.org/drm/drm: drm/amd/display: Fix Edid emulation for linux drm/amd/display: Fix Vega10 lightup on S3 resume drm/amdgpu: Fix vce work queue was not cancelled when suspend Revert "drm/panel: Add device_link from panel device to DRM device" drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set drm/malidp: Fix writeback in NV12 drm: mali-dp: Call drm_crtc_vblank_reset on device init drm/etnaviv: add DMA configuration for etnaviv platform device commit ed1b3f4c4fc35babaa44246c711ab728dbc9721b Merge: 278e59a00741 57a489786de9 Author: Greg Kroah-Hartman Date: Fri Sep 28 18:53:22 2018 +0200 Merge tag 'riscv-for-linus-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux Palmer writes: "A Single RISC-V Update for 4.19-rc6 The Debian guys have been pushing on our port and found some unversioned symbols leaking into modules. This PR contains a single fix for that issue." * tag 'riscv-for-linus-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux: RISC-V: include linux/ftrace.h in asm-prototypes.h commit 278e59a0074139e0437d5b5f641923fce64bcd4d Merge: ad0371482b1e f188b99f0b2d Author: Greg Kroah-Hartman Date: Fri Sep 28 18:20:41 2018 +0200 Merge tag 'pci-v4.19-fixes-2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Bjorn writes: "PCI fixes: - Fix ACPI hotplug issue that causes black screen crash at boot (Mika Westerberg) - Fix DesignWare "scheduling while atomic" issues (Jisheng Zhang) - Add PPC contacts to MAINTAINERS for PCI core error handling (Bjorn Helgaas) - Sort Mobiveil MAINTAINERS entry (Lorenzo Pieralisi)" * tag 'pci-v4.19-fixes-2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: ACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not bridge PCI: dwc: Fix scheduling while atomic issues MAINTAINERS: Move mobiveil PCI driver entry where it belongs MAINTAINERS: Update PPC contacts for PCI core error handling commit 1b09d9c232cdaea59fb50ac437d3921ed1f1eafb Author: Marek Szyprowski Date: Fri Sep 28 14:20:40 2018 +0200 mmc: slot-gpio: Fix debounce time to use miliseconds again The debounce value passed to mmc_gpiod_request_cd() function is in microseconds, but msecs_to_jiffies() requires the value to be in miliseconds to properly calculate the delay, so adjust the value stored in cd_debounce_delay_ms context entry. Fixes: 1d71926bbd59 ("mmc: core: Fix debounce time to use microseconds") Fixes: bfd694d5e21c ("mmc: core: Add tunable delay before detecting card after card is inserted") Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Marek Szyprowski Reviewed-by: Linus Walleij Signed-off-by: Ulf Hansson commit 133424a207774d3d32a38d560c6469ed31c0472f Merge: 6c7678674014 bb830add192e Author: Jens Axboe Date: Fri Sep 28 09:41:40 2018 -0600 Merge branch 'nvme-4.19' of git://git.infradead.org/nvme into for-linus Pull NVMe fix from Christoph. * 'nvme-4.19' of git://git.infradead.org/nvme: nvme: properly propagate errors in nvme_mpath_init commit 6c7678674014b4552caf0e5aa0ca34078a377482 Author: Juergen Gross Date: Fri Sep 28 09:28:27 2018 +0200 xen/blkfront: correct purging of persistent grants Commit a46b53672b2c2e3770b38a4abf90d16364d2584b ("xen/blkfront: cleanup stale persistent grants") introduced a regression as purged persistent grants were not pu into the list of free grants again. Correct that. Reviewed-by: Boris Ostrovsky Signed-off-by: Juergen Gross Signed-off-by: Jens Axboe commit 15c206887603a452f13fbfde2db0f8830d37028c Author: Jens Axboe Date: Fri Sep 28 09:40:17 2018 -0600 Revert "xen/blkfront: When purging persistent grants, keep them in the buffer" Fix didn't work for all cases, reverting to add a (hopefully) better fix. This reverts commit f151ba989d149bbdfc90e5405724bbea094f9b17. Signed-off-by: Jens Axboe commit 4288ea006c73e37c2a4f60dfaef20dd167b8df31 Author: Roman Gushchin Date: Fri Sep 28 14:33:21 2018 +0100 bpf: harden flags check in cgroup_storage_update_elem() cgroup_storage_update_elem() shouldn't accept any flags argument values except BPF_ANY and BPF_EXIST to guarantee the backward compatibility, had a new flag value been added. Fixes: de9cbbaadba5 ("bpf: introduce cgroup storage maps") Signed-off-by: Roman Gushchin Reported-by: Daniel Borkmann Cc: Alexei Starovoitov Signed-off-by: Daniel Borkmann commit 40e4f26e6a14fc1496eabb8b0004a547303114e6 Author: Flavio Leitner Date: Thu Sep 27 19:36:28 2018 -0300 netfilter: xt_socket: check sk before checking for netns. Only check for the network namespace if the socket is available. Fixes: f564650106a6 ("netfilter: check if the socket netns is correct.") Reported-by: Guenter Roeck Tested-by: Guenter Roeck Signed-off-by: Flavio Leitner Signed-off-by: Pablo Neira Ayuso commit 421c119f558761556afca6a62ad183bc2d8659e0 Author: Florian Westphal Date: Mon Sep 24 14:10:04 2018 +0200 netfilter: avoid erronous array bounds warning Unfortunately some versions of gcc emit following warning: $ make net/xfrm/xfrm_output.o linux/compiler.h:252:20: warning: array subscript is above array bounds [-Warray-bounds] hook_head = rcu_dereference(net->nf.hooks_arp[hook]); ^~~~~~~~~~~~~~~~~~~~~ xfrm_output_resume passes skb_dst(skb)->ops->family as its 'pf' arg so compiler can't know that we'll never access hooks_arp[]. (NFPROTO_IPV4 or NFPROTO_IPV6 are only possible cases). Avoid this by adding an explicit WARN_ON_ONCE() check. This patch has no effect if the family is a compile-time constant as gcc will remove the switch() construct entirely. Reported-by: David Ahern Signed-off-by: Florian Westphal Reviewed-by: David Ahern Signed-off-by: Pablo Neira Ayuso commit a13f814a67b12a2f29d1decf4b4f4e700658a517 Author: Taehee Yoo Date: Thu Aug 30 17:56:52 2018 +0900 netfilter: nft_set_rbtree: add missing rb_erase() in GC routine The nft_set_gc_batch_check() checks whether gc buffer is full. If gc buffer is full, gc buffer is released by the nft_set_gc_batch_complete() internally. In case of rbtree, the rb_erase() should be called before calling the nft_set_gc_batch_complete(). therefore the rb_erase() should be called before calling the nft_set_gc_batch_check() too. test commands: table ip filter { set set1 { type ipv4_addr; flags interval, timeout; gc-interval 10s; timeout 1s; elements = { 1-2, 3-4, 5-6, ... 10000-10001, } } } %nft -f test.nft splat looks like: [ 430.273885] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 430.282158] general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI [ 430.283116] CPU: 1 PID: 190 Comm: kworker/1:2 Tainted: G B 4.18.0+ #7 [ 430.283116] Workqueue: events_power_efficient nft_rbtree_gc [nf_tables_set] [ 430.313559] RIP: 0010:rb_next+0x81/0x130 [ 430.313559] Code: 08 49 bd 00 00 00 00 00 fc ff df 48 bb 00 00 00 00 00 fc ff df 48 85 c0 75 05 eb 58 48 89 d4 [ 430.313559] RSP: 0018:ffff88010cdb7680 EFLAGS: 00010207 [ 430.313559] RAX: 0000000000b84854 RBX: dffffc0000000000 RCX: ffffffff83f01973 [ 430.313559] RDX: 000000000017090c RSI: 0000000000000008 RDI: 0000000000b84864 [ 430.313559] RBP: ffff8801060d4588 R08: fffffbfff09bc349 R09: fffffbfff09bc349 [ 430.313559] R10: 0000000000000001 R11: fffffbfff09bc348 R12: ffff880100f081a8 [ 430.313559] R13: dffffc0000000000 R14: ffff880100ff8688 R15: dffffc0000000000 [ 430.313559] FS: 0000000000000000(0000) GS:ffff88011b400000(0000) knlGS:0000000000000000 [ 430.313559] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 430.313559] CR2: 0000000001551008 CR3: 000000005dc16000 CR4: 00000000001006e0 [ 430.313559] Call Trace: [ 430.313559] nft_rbtree_gc+0x112/0x5c0 [nf_tables_set] [ 430.313559] process_one_work+0xc13/0x1ec0 [ 430.313559] ? _raw_spin_unlock_irq+0x29/0x40 [ 430.313559] ? pwq_dec_nr_in_flight+0x3c0/0x3c0 [ 430.313559] ? set_load_weight+0x270/0x270 [ 430.313559] ? __switch_to_asm+0x34/0x70 [ 430.313559] ? __switch_to_asm+0x40/0x70 [ 430.313559] ? __switch_to_asm+0x34/0x70 [ 430.313559] ? __switch_to_asm+0x34/0x70 [ 430.313559] ? __switch_to_asm+0x40/0x70 [ 430.313559] ? __switch_to_asm+0x34/0x70 [ 430.313559] ? __switch_to_asm+0x40/0x70 [ 430.313559] ? __switch_to_asm+0x34/0x70 [ 430.313559] ? __switch_to_asm+0x34/0x70 [ 430.313559] ? __switch_to_asm+0x40/0x70 [ 430.313559] ? __switch_to_asm+0x34/0x70 [ 430.313559] ? __schedule+0x6d3/0x1f50 [ 430.313559] ? find_held_lock+0x39/0x1c0 [ 430.313559] ? __sched_text_start+0x8/0x8 [ 430.313559] ? cyc2ns_read_end+0x10/0x10 [ 430.313559] ? save_trace+0x300/0x300 [ 430.313559] ? sched_clock_local+0xd4/0x140 [ 430.313559] ? find_held_lock+0x39/0x1c0 [ 430.313559] ? worker_thread+0x353/0x1120 [ 430.313559] ? worker_thread+0x353/0x1120 [ 430.313559] ? lock_contended+0xe70/0xe70 [ 430.313559] ? __lock_acquire+0x4500/0x4500 [ 430.535635] ? do_raw_spin_unlock+0xa5/0x330 [ 430.535635] ? do_raw_spin_trylock+0x101/0x1a0 [ 430.535635] ? do_raw_spin_lock+0x1f0/0x1f0 [ 430.535635] ? _raw_spin_lock_irq+0x10/0x70 [ 430.535635] worker_thread+0x15d/0x1120 [ ... ] Fixes: 8d8540c4f5e0 ("netfilter: nft_set_rbtree: add timeout support") Signed-off-by: Taehee Yoo Signed-off-by: Pablo Neira Ayuso commit f334430316e7fd37c4821ebec627e27714bb5d76 Author: David Howells Date: Thu Sep 27 15:13:09 2018 +0100 rxrpc: Fix error distribution Fix error distribution by immediately delivering the errors to all the affected calls rather than deferring them to a worker thread. The problem with the latter is that retries and things can happen in the meantime when we want to stop that sooner. To this end: (1) Stop the error distributor from removing calls from the error_targets list so that peer->lock isn't needed to synchronise against other adds and removals. (2) Require the peer's error_targets list to be accessed with RCU, thereby avoiding the need to take peer->lock over distribution. (3) Don't attempt to affect a call's state if it is already marked complete. Signed-off-by: David Howells commit 37a675e768d7606fe8a53e0c459c9b53e121ac20 Author: David Howells Date: Thu Sep 27 15:13:09 2018 +0100 rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket It seems that enabling IPV6_RECVERR on an IPv6 socket doesn't also turn on IP_RECVERR, so neither local errors nor ICMP-transported remote errors from IPv4 peer addresses are returned to the AF_RXRPC protocol. Make the sockopt setting code in rxrpc_open_socket() fall through from the AF_INET6 case to the AF_INET case to turn on all the AF_INET options too in the AF_INET6 case. Fixes: f2aeed3a591f ("rxrpc: Fix error reception on AF_INET6 sockets") Signed-off-by: David Howells commit 0099dc589bfa7caf6f2608c4cbc1181cfee22b0c Author: David Howells Date: Thu Sep 27 15:13:09 2018 +0100 rxrpc: Make service call handling more robust Make the following changes to improve the robustness of the code that sets up a new service call: (1) Cache the rxrpc_sock struct obtained in rxrpc_data_ready() to do a service ID check and pass that along to rxrpc_new_incoming_call(). This means that I can remove the check from rxrpc_new_incoming_call() without the need to worry about the socket attached to the local endpoint getting replaced - which would invalidate the check. (2) Cache the rxrpc_peer struct, thereby allowing the peer search to be done once. The peer is passed to rxrpc_new_incoming_call(), thereby saving the need to repeat the search. This also reduces the possibility of rxrpc_publish_service_conn() BUG()'ing due to the detection of a duplicate connection, despite the initial search done by rxrpc_find_connection_rcu() having turned up nothing. This BUG() shouldn't ever get hit since rxrpc_data_ready() *should* be non-reentrant and the result of the initial search should still hold true, but it has proven possible to hit. I *think* this may be due to __rxrpc_lookup_peer_rcu() cutting short the iteration over the hash table if it finds a matching peer with a zero usage count, but I don't know for sure since it's only ever been hit once that I know of. Another possibility is that a bug in rxrpc_data_ready() that checked the wrong byte in the header for the RXRPC_CLIENT_INITIATED flag might've let through a packet that caused a spurious and invalid call to be set up. That is addressed in another patch. (3) Fix __rxrpc_lookup_peer_rcu() to skip peer records that have a zero usage count rather than stopping and returning not found, just in case there's another peer record behind it in the bucket. (4) Don't search the peer records in rxrpc_alloc_incoming_call(), but rather either use the peer cached in (2) or, if one wasn't found, preemptively install a new one. Fixes: 8496af50eb38 ("rxrpc: Use RCU to access a peer's service connection tree") Signed-off-by: David Howells commit 403fc2a138457f1071b186786a7589ef7382c8bc Author: David Howells Date: Thu Sep 27 15:13:08 2018 +0100 rxrpc: Improve up-front incoming packet checking Do more up-front checking on incoming packets to weed out invalid ones and also ones aimed at services that we don't support. Whilst we're at it, replace the clearing of call and skew if we don't find a connection with just initialising the variables to zero at the top of the function. Signed-off-by: David Howells commit ece64fec164f523bfbe874abdef2a0e6ff376251 Author: David Howells Date: Thu Sep 27 15:13:08 2018 +0100 rxrpc: Emit BUSY packets when supposed to rather than ABORTs In the input path, a received sk_buff can be marked for rejection by setting RXRPC_SKB_MARK_* in skb->mark and, if needed, some auxiliary data (such as an abort code) in skb->priority. The rejection is handled by queueing the sk_buff up for dealing with in process context. The output code reads the mark and priority and, theoretically, generates an appropriate response packet. However, if RXRPC_SKB_MARK_BUSY is set, this isn't noticed and an ABORT message with a random abort code is generated (since skb->priority wasn't set to anything). Fix this by outputting the appropriate sort of packet. Also, whilst we're at it, most of the marks are no longer used, so remove them and rename the remaining two to something more obvious. Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code") Signed-off-by: David Howells commit b604dd9883f783a94020d772e4fe03160f455372 Author: David Howells Date: Thu Sep 27 15:13:08 2018 +0100 rxrpc: Fix RTT gathering Fix RTT information gathering in AF_RXRPC by the following means: (1) Enable Rx timestamping on the transport socket with SO_TIMESTAMPNS. (2) If the sk_buff doesn't have a timestamp set when rxrpc_data_ready() collects it, set it at that point. (3) Allow ACKs to be requested on the last packet of a client call, but not a service call. We need to be careful lest we undo: bf7d620abf22c321208a4da4f435e7af52551a21 Author: David Howells Date: Thu Oct 6 08:11:51 2016 +0100 rxrpc: Don't request an ACK on the last DATA packet of a call's Tx phase but that only really applies to service calls that we're handling, since the client side gets to send the final ACK (or not). (4) When about to transmit an ACK or DATA packet, record the Tx timestamp before only; don't update the timestamp afterwards. (5) Switch the ordering between recording the serial and recording the timestamp to always set the serial number first. The serial number shouldn't be seen referenced by an ACK packet until we've transmitted the packet bearing it - so in the Rx path, we don't need the timestamp until we've checked the serial number. Fixes: cf1a6474f807 ("rxrpc: Add per-peer RTT tracker") Signed-off-by: David Howells commit dc71db34e4f3c06b8277c8f3c2ff014610607a8c Author: David Howells Date: Thu Sep 27 15:13:08 2018 +0100 rxrpc: Fix checks as to whether we should set up a new call There's a check in rxrpc_data_ready() that's checking the CLIENT_INITIATED flag in the packet type field rather than in the packet flags field. Fix this by creating a pair of helper functions to check whether the packet is going to the client or to the server and use them generally. Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code") Signed-off-by: David Howells commit 3cc5746e5ad7688e274e193fa71278d98aa52759 Author: Nilesh Javali Date: Thu Sep 27 05:15:35 2018 -0700 scsi: qedi: Initialize the stats mutex lock Fix kernel NULL pointer dereference, Call Trace: [] __mutex_lock_slowpath+0xa6/0x1d0 [] mutex_lock+0x1f/0x2f [] qedi_get_protocol_tlv_data+0x61/0x450 [qedi] [] ? map_vm_area+0x2e/0x40 [] ? __vmalloc_node_range+0x170/0x280 [] ? qed_mfw_process_tlv_req+0x27d/0xbd0 [qed] [] qed_mfw_fill_tlv_data+0x4b/0xb0 [qed] [] qed_mfw_process_tlv_req+0x299/0xbd0 [qed] [] ? __switch_to+0xce/0x580 [] qed_slowpath_task+0x5b/0x80 [qed] Signed-off-by: Nilesh Javali Signed-off-by: Martin K. Petersen commit 7e0cf1c983b5b24426d130fd949a055d520acc9a Author: Michael Ellerman Date: Fri Sep 28 14:53:18 2018 +1000 selftests/powerpc: Fix Makefiles for headers_install change Commit b2d35fa5fc80 ("selftests: add headers_install to lib.mk") introduced a requirement that Makefiles more than one level below the selftests directory need to define top_srcdir, but it didn't update any of the powerpc Makefiles. This broke building all the powerpc selftests with eg: make[1]: Entering directory '/src/linux/tools/testing/selftests/powerpc' BUILD_TARGET=/src/linux/tools/testing/selftests/powerpc/alignment; mkdir -p $BUILD_TARGET; make OUTPUT=$BUILD_TARGET -k -C alignment all make[2]: Entering directory '/src/linux/tools/testing/selftests/powerpc/alignment' ../../lib.mk:20: ../../../../scripts/subarch.include: No such file or directory make[2]: *** No rule to make target '../../../../scripts/subarch.include'. make[2]: Failed to remake makefile '../../../../scripts/subarch.include'. Makefile:38: recipe for target 'alignment' failed Fix it by setting top_srcdir in the affected Makefiles. Fixes: b2d35fa5fc80 ("selftests: add headers_install to lib.mk") Signed-off-by: Michael Ellerman commit ba439a6cbfa2936a6713f64cb499de7943673fe3 Author: Waiman Long Date: Sat Sep 22 20:41:55 2018 -0400 crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() The following KASAN warning was printed when booting a 64-bit kernel on some systems with Intel CPUs: [ 44.512826] ================================================================== [ 44.520165] BUG: KASAN: stack-out-of-bounds in find_first_bit+0xb0/0xc0 [ 44.526786] Read of size 8 at addr ffff88041e02fc50 by task kworker/0:2/124 [ 44.535253] CPU: 0 PID: 124 Comm: kworker/0:2 Tainted: G X --------- --- 4.18.0-12.el8.x86_64+debug #1 [ 44.545858] Hardware name: Intel Corporation PURLEY/PURLEY, BIOS BKVDTRL1.86B.0005.D08.1712070559 12/07/2017 [ 44.555682] Workqueue: events work_for_cpu_fn [ 44.560043] Call Trace: [ 44.562502] dump_stack+0x9a/0xe9 [ 44.565832] print_address_description+0x65/0x22e [ 44.570683] ? find_first_bit+0xb0/0xc0 [ 44.570689] kasan_report.cold.6+0x92/0x19f [ 44.578726] find_first_bit+0xb0/0xc0 [ 44.578737] adf_probe+0x9eb/0x19a0 [qat_c62x] [ 44.578751] ? adf_remove+0x110/0x110 [qat_c62x] [ 44.591490] ? mark_held_locks+0xc8/0x140 [ 44.591498] ? _raw_spin_unlock+0x30/0x30 [ 44.591505] ? trace_hardirqs_on_caller+0x381/0x570 [ 44.604418] ? adf_remove+0x110/0x110 [qat_c62x] [ 44.604427] local_pci_probe+0xd4/0x180 [ 44.604432] ? pci_device_shutdown+0x110/0x110 [ 44.617386] work_for_cpu_fn+0x51/0xa0 [ 44.621145] process_one_work+0x8fe/0x16e0 [ 44.625263] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 44.629799] ? lock_acquire+0x14c/0x400 [ 44.633645] ? move_linked_works+0x12e/0x2a0 [ 44.637928] worker_thread+0x536/0xb50 [ 44.641690] ? __kthread_parkme+0xb6/0x180 [ 44.645796] ? process_one_work+0x16e0/0x16e0 [ 44.650160] kthread+0x30c/0x3d0 [ 44.653400] ? kthread_create_worker_on_cpu+0xc0/0xc0 [ 44.658457] ret_from_fork+0x3a/0x50 [ 44.663557] The buggy address belongs to the page: [ 44.668350] page:ffffea0010780bc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 44.676356] flags: 0x17ffffc0000000() [ 44.680023] raw: 0017ffffc0000000 ffffea0010780bc8 ffffea0010780bc8 0000000000000000 [ 44.687769] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 44.695510] page dumped because: kasan: bad access detected [ 44.702578] Memory state around the buggy address: [ 44.707372] ffff88041e02fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.714593] ffff88041e02fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.721810] >ffff88041e02fc00: 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 f2 f2 [ 44.729028] ^ [ 44.734864] ffff88041e02fc80: f2 f2 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 [ 44.742082] ffff88041e02fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.749299] ================================================================== Looking into the code: int ret, bar_mask; : for_each_set_bit(bar_nr, (const unsigned long *)&bar_mask, It is casting a 32-bit integer pointer to a 64-bit unsigned long pointer. There are two problems here. First, the 32-bit pointer address may not be 64-bit aligned. Secondly, it is accessing an extra 4 bytes. This is fixed by changing the bar_mask type to unsigned long. Cc: Signed-off-by: Waiman Long Signed-off-by: Herbert Xu commit d80771c08363ad7fbf0f56f5301e7ca65065c582 Author: Leonard Crestez Date: Fri Sep 21 18:03:18 2018 +0300 crypto: mxs-dcp - Fix wait logic on chan threads When compiling with CONFIG_DEBUG_ATOMIC_SLEEP=y the mxs-dcp driver prints warnings such as: WARNING: CPU: 0 PID: 120 at kernel/sched/core.c:7736 __might_sleep+0x98/0x9c do not call blocking ops when !TASK_RUNNING; state=1 set at [<8081978c>] dcp_chan_thread_sha+0x3c/0x2ec The problem is that blocking ops will manipulate current->state themselves so it is not allowed to call them between set_current_state(TASK_INTERRUPTIBLE) and schedule(). Fix this by converting the per-chan mutex to a spinlock (it only protects tiny list ops anyway) and rearranging the wait logic so that callbacks are called current->state as TASK_RUNNING. Those callbacks will indeed call blocking ops themselves so this is required. Cc: Signed-off-by: Leonard Crestez Signed-off-by: Herbert Xu commit add92a817e60e308a419693413a38d9d1e663aff Author: Harsh Jain Date: Wed Sep 19 22:42:16 2018 +0530 crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Update PCI Id in "cpl_rx_phys_dsgl" header. In case pci_chan_id and tx_chan_id are not derived from same queue, H/W can send request completion indication before completing DMA Transfer. Herbert, It would be good if fix can be merge to stable tree. For 4.14 kernel, It requires some update to avoid mege conficts. Cc: Signed-off-by: Harsh Jain Signed-off-by: Herbert Xu commit fcb1349a2af5a3c4a1d789bb5d1a9b3e582652a3 Merge: adba0e5493ab fbbdadf2faf1 Author: Dave Airlie Date: Fri Sep 28 09:30:11 2018 +1000 Merge branch 'drm-fixes-4.19' of git://people.freedesktop.org/~agd5f/linux into drm-fixes Just a few fixes for 4.19: - Couple of suspend/resume fixes - Fix EDID emulation with DC Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20180927155418.2813-1-alexander.deucher@amd.com commit adba0e5493ab21fb5098bc1654aca6826036273c Merge: 576156bb01a6 d6a77ba0eb92 Author: Dave Airlie Date: Fri Sep 28 09:25:26 2018 +1000 Merge tag 'drm-misc-fixes-2018-09-27-1' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes - Revert adding device-link to panels - Don't leak fences in drm/syncobj Signed-off-by: Dave Airlie From: Sean Paul Link: https://patchwork.freedesktop.org/patch/msgid/20180927152712.GA53076@art_vandelay commit 083874549fdfefa629dfa752785e20427dde1511 Author: Daniel Drake Date: Thu Sep 27 15:47:33 2018 -0500 PCI: Reprogram bridge prefetch registers on resume On 38+ Intel-based ASUS products, the NVIDIA GPU becomes unusable after S3 suspend/resume. The affected products include multiple generations of NVIDIA GPUs and Intel SoCs. After resume, nouveau logs many errors such as: fifo: fault 00 [READ] at 0000005555555000 engine 00 [GR] client 04 [HUB/FE] reason 4a [] on channel -1 [007fa91000 unknown] DRM: failed to idle channel 0 [DRM] Similarly, the NVIDIA proprietary driver also fails after resume (black screen, 100% CPU usage in Xorg process). We shipped a sample to NVIDIA for diagnosis, and their response indicated that it's a problem with the parent PCI bridge (on the Intel SoC), not the GPU. Runtime suspend/resume works fine, only S3 suspend is affected. We found a workaround: on resume, rewrite the Intel PCI bridge 'Prefetchable Base Upper 32 Bits' register (PCI_PREF_BASE_UPPER32). In the cases that I checked, this register has value 0 and we just have to rewrite that value. Linux already saves and restores PCI config space during suspend/resume, but this register was being skipped because upon resume, it already has value 0 (the correct, pre-suspend value). Intel appear to have previously acknowledged this behaviour and the requirement to rewrite this register: https://bugzilla.kernel.org/show_bug.cgi?id=116851#c23 Based on that, rewrite the prefetch register values even when that appears unnecessary. We have confirmed this solution on all the affected models we have in-hands (X542UQ, UX533FD, X530UN, V272UN). Additionally, this solves an issue where r8169 MSI-X interrupts were broken after S3 suspend/resume on ASUS X441UAR. This issue was recently worked around in commit 7bb05b85bc2d ("r8169: don't use MSI-X on RTL8106e"). It also fixes the same issue on RTL6186evl/8111evl on an Aimfor-tech laptop that we had not yet patched. I suspect it will also fix the issue that was worked around in commit 7c53a722459c ("r8169: don't use MSI-X on RTL8168g"). Thomas Martitz reports that this change also solves an issue where the AMD Radeon Polaris 10 GPU on the HP Zbook 14u G5 is unresponsive after S3 suspend/resume. Link: https://bugzilla.kernel.org/show_bug.cgi?id=201069 Signed-off-by: Daniel Drake Signed-off-by: Bjorn Helgaas Reviewed-by: Rafael J. Wysocki Reviewed-By: Peter Wu CC: stable@vger.kernel.org commit 853dc104e6a43cba9a7a87542bc6d8e3b74f0bc9 Author: Laurentiu Tudor Date: Wed Sep 26 16:22:30 2018 +0300 soc: fsl: qbman: add APIs to retrieve the probing status Add a couple of new APIs to check the probing status of qman and bman: 'int bman_is_probed()' and 'int qman_is_probed()'. They return the following values. * 1 if qman/bman were probed correctly * 0 if qman/bman were not yet probed * -1 if probing of qman/bman failed Drivers that use qman/bman driver services are required to use these APIs before calling any functions exported by qman or bman drivers or otherwise they will crash the kernel. The APIs will be used in the following couple of qbman portal patches and later in the series in the dpaa1 ethernet driver. Signed-off-by: Laurentiu Tudor Signed-off-by: Li Yang commit ad0371482b1ed599a0e9f8cce50e8499c7c1497b Merge: c127e59bee3e 5c5702e259dc Author: Greg Kroah-Hartman Date: Thu Sep 27 21:53:55 2018 +0200 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Jason writes: "Second RDMA rc pull request - Fix a long standing race bug when destroying comp_event file descriptors - srp, hfi1, bnxt_re: Various driver crashes from missing validation and other cases - Fixes for regressions in patches merged this window in the gid cache, devx, ucma and uapi." * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: RDMA/core: Set right entry state before releasing reference IB/mlx5: Destroy the DEVX object upon error flow IB/uverbs: Free uapi on destroy RDMA/bnxt_re: Fix system crash during RDMA resource initialization IB/hfi1: Fix destroy_qp hang after a link down IB/hfi1: Fix context recovery when PBC has an UnsupportedVL IB/hfi1: Invalid user input can result in crash IB/hfi1: Fix SL array bounds check RDMA/uverbs: Fix validity check for modify QP IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop ucma: fix a use-after-free in ucma_resolve_ip() RDMA/uverbs: Atomically flush and mark closed the comp event queue cxgb4: fix abort_req_rss6 struct commit c127e59bee3e26d8059683dcb919006b6a76e90c Merge: c307aaf3eb47 9e796c9db93b Author: Greg Kroah-Hartman Date: Thu Sep 27 21:16:24 2018 +0200 Merge tag 'for_v4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Jan writes: "an ext2 patch fixing fsync(2) for DAX mounts." * tag 'for_v4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: ext2, dax: set ext2_dax_aops for dax files commit 587562d0c7cd6861f4f90a2eb811cccb1a376f5f Author: Ilya Dryomov Date: Wed Sep 26 14:35:50 2018 +0200 blk-mq: I/O and timer unplugs are inverted in blktrace trace_block_unplug() takes true for explicit unplugs and false for implicit unplugs. schedule() unplugs are implicit and should be reported as timer unplugs. While correct in the legacy code, this has been inverted in blk-mq since 4.11. Cc: stable@vger.kernel.org Fixes: bd166ef183c2 ("blk-mq-sched: add framework for MQ capable IO schedulers") Reviewed-by: Omar Sandoval Signed-off-by: Ilya Dryomov Signed-off-by: Jens Axboe commit ff4ce2885af8f9e8e99864d78dbeb4673f089c76 Author: Milian Wolff Date: Wed Sep 26 15:52:05 2018 +0200 perf report: Don't try to map ip to invalid map Fixes a crash when the report encounters an address that could not be associated with an mmaped region: #0 0x00005555557bdc4a in callchain_srcline (ip=, sym=0x0, map=0x0) at util/machine.c:2329 #1 unwind_entry (entry=entry@entry=0x7fffffff9180, arg=arg@entry=0x7ffff5642498) at util/machine.c:2329 #2 0x00005555558370af in entry (arg=0x7ffff5642498, cb=0x5555557bdb50 , thread=, ip=18446744073709551615) at util/unwind-libunwind-local.c:586 #3 get_entries (ui=ui@entry=0x7fffffff9620, cb=0x5555557bdb50 , arg=0x7ffff5642498, max_stack=) at util/unwind-libunwind-local.c:703 #4 0x0000555555837192 in _unwind__get_entries (cb=, arg=, thread=, data=, max_stack=) at util/unwind-libunwind-local.c:725 #5 0x00005555557c310f in thread__resolve_callchain_unwind (max_stack=127, sample=0x7fffffff9830, evsel=0x555555c7b3b0, cursor=0x7ffff5642498, thread=0x555555c7f6f0) at util/machine.c:2351 #6 thread__resolve_callchain (thread=0x555555c7f6f0, cursor=0x7ffff5642498, evsel=0x555555c7b3b0, sample=0x7fffffff9830, parent=0x7fffffff97b8, root_al=0x7fffffff9750, max_stack=127) at util/machine.c:2378 #7 0x00005555557ba4ee in sample__resolve_callchain (sample=, cursor=, parent=parent@entry=0x7fffffff97b8, evsel=, al=al@entry=0x7fffffff9750, max_stack=) at util/callchain.c:1085 Signed-off-by: Milian Wolff Tested-by: Sandipan Das Acked-by: Jiri Olsa Cc: Jin Yao Cc: Namhyung Kim Fixes: 2a9d5050dc84 ("perf script: Show correct offsets for DWARF-based unwinding") Link: http://lkml.kernel.org/r/20180926135207.30263-1-milian.wolff@kdab.com Signed-off-by: Arnaldo Carvalho de Melo commit ce01a1575f45bf319e374592656441021a7f5823 Author: Mathieu Desnoyers Date: Thu Sep 27 14:39:19 2018 -0400 rseq/selftests: fix parametrized test with -fpie On x86-64, the parametrized selftest code for rseq crashes with a segmentation fault when compiled with -fpie. This happens when the param_test binary is loaded at an address beyond 32-bit on x86-64. The issue is caused by use of a 32-bit register to hold the address of the loop counter variable. Fix this by using a 64-bit register to calculate the address of the loop counter variables as an offset from rip. Signed-off-by: Mathieu Desnoyers Acked-by: "Paul E . McKenney" Cc: # v4.18 Cc: Shuah Khan Cc: Thomas Gleixner Cc: Joel Fernandes Cc: Peter Zijlstra Cc: Catalin Marinas Cc: Dave Watson Cc: Will Deacon Cc: Andi Kleen Cc: linux-kselftest@vger.kernel.org Cc: "H . Peter Anvin" Cc: Chris Lameter Cc: Russell King Cc: Michael Kerrisk Cc: "Paul E . McKenney" Cc: Paul Turner Cc: Boqun Feng Cc: Josh Triplett Cc: Steven Rostedt Cc: Ben Maurer Cc: Andy Lutomirski Cc: Andrew Morton Cc: Linus Torvalds Signed-off-by: Shuah Khan (Samsung OSG) commit 3baafeffa48a12b3cec9a0b6d4049fba02d53cea Author: Pavel Machek Date: Tue Sep 25 16:56:53 2018 +0300 iwlwifi: 1000: set the TFD queue size .max_tfd_queue_size was ommited for 1000 card serries leading to oops in swiotlb. Fixes: 7b3e42ea2ead ("iwlwifi: support multiple tfd queue max sizes for different devices") Tested-by: Randy Dunlap Signed-off-by: Pavel Machek Signed-off-by: Emmanuel Grumbach Signed-off-by: Luca Coelho Signed-off-by: Kalle Valo commit f52afc93cd018fe6910133a05d44671192d1aeb0 Author: Jan Kara Date: Thu Sep 27 13:23:32 2018 +0200 dax: Fix deadlock in dax_lock_mapping_entry() When dax_lock_mapping_entry() has to sleep to obtain entry lock, it will fail to unlock mapping->i_pages spinlock and thus immediately deadlock against itself when retrying to grab the entry lock again. Fix the problem by unlocking mapping->i_pages before retrying. Fixes: c2a7d2a11552 ("filesystem-dax: Introduce dax_lock_mapping_entry()") Reported-by: Barret Rhoden Signed-off-by: Jan Kara Signed-off-by: Dan Williams commit bdec8d7fa55e6f5314ed72e5a0b435d90ff90548 Author: Kairui Song Date: Thu Sep 27 20:38:45 2018 +0800 x86/boot: Fix kexec booting failure in the SEV bit detection code Commit 1958b5fc4010 ("x86/boot: Add early boot support when running with SEV active") can occasionally cause system resets when kexec-ing a second kernel even if SEV is not active. That's because get_sev_encryption_bit() uses 32-bit rIP-relative addressing to read the value of enc_bit - a variable which caches a previously detected encryption bit position - but kexec may allocate the early boot code to a higher location, beyond the 32-bit addressing limit. In this case, garbage will be read and get_sev_encryption_bit() will return the wrong value, leading to accessing memory with the wrong encryption setting. Therefore, remove enc_bit, and thus get rid of the need to do 32-bit rIP-relative addressing in the first place. [ bp: massage commit message heavily. ] Fixes: 1958b5fc4010 ("x86/boot: Add early boot support when running with SEV active") Suggested-by: Borislav Petkov Signed-off-by: Kairui Song Signed-off-by: Borislav Petkov Reviewed-by: Tom Lendacky Cc: linux-kernel@vger.kernel.org Cc: tglx@linutronix.de Cc: mingo@redhat.com Cc: hpa@zytor.com Cc: brijesh.singh@amd.com Cc: kexec@lists.infradead.org Cc: dyoung@redhat.com Cc: bhe@redhat.com Cc: ghook@redhat.com Link: https://lkml.kernel.org/r/20180927123845.32052-1-kasong@redhat.com commit 0f843e65d9eef4936929bb036c5f771fb261eea4 Author: Guoju Fang Date: Thu Sep 27 23:41:46 2018 +0800 bcache: add separate workqueue for journal_write to avoid deadlock After write SSD completed, bcache schedules journal_write work to system_wq, which is a public workqueue in system, without WQ_MEM_RECLAIM flag. system_wq is also a bound wq, and there may be no idle kworker on current processor. Creating a new kworker may unfortunately need to reclaim memory first, by shrinking cache and slab used by vfs, which depends on bcache device. That's a deadlock. This patch create a new workqueue for journal_write with WQ_MEM_RECLAIM flag. It's rescuer thread will work to avoid the deadlock. Signed-off-by: Guoju Fang Cc: stable@vger.kernel.org Signed-off-by: Coly Li Signed-off-by: Jens Axboe commit d6d1cd2578c4da0764ad334e3411c1c1b1557f58 Author: Xue Liu Date: Fri Aug 31 23:46:41 2018 +0200 ieee802154: mcr20a: Replace magic number with constants The combination of defined constants are used to present the state of IRQ so the magic numbers has been replaced. This is a simple coding style change which should have no impact on runtime code execution. Signed-off-by: Xue Liu Signed-off-by: Stefan Schmidt commit fbbdadf2faf17cd88e9c447701495540377c5743 Author: Bhawanpreet Lakha Date: Wed Sep 26 13:42:10 2018 -0400 drm/amd/display: Fix Edid emulation for linux [Why] EDID emulation didn't work properly for linux, as we stop programming if nothing is connected physically. [How] We get a flag from DRM when we want to do edid emulation. We check if this flag is true and nothing is connected physically, if so we only program the front end using VIRTUAL_SIGNAL. Signed-off-by: Bhawanpreet Lakha Reviewed-by: Harry Wentland Acked-by: Leo Li Signed-off-by: Alex Deucher commit 599760d6d0abbab71f9726b49858d2ec45e74c0a Author: Roman Li Date: Wed Sep 26 13:42:16 2018 -0400 drm/amd/display: Fix Vega10 lightup on S3 resume [Why] There have been a few reports of Vega10 display remaining blank after S3 resume. The regression is caused by workaround for mode change on Vega10 - skip set_bandwidth if stream count is 0. As a result we skipped dispclk reset on suspend, thus on resume we may skip the clock update assuming it hasn't been changed. On some systems it causes display blank or 'out of range'. [How] Revert "drm/amd/display: Fix Vega10 black screen after mode change" Verified that it hadn't cause mode change regression. Signed-off-by: Roman Li Reviewed-by: Sun peng Li Acked-by: Leo Li Signed-off-by: Alex Deucher commit 61ea6f5831974ebd1a57baffd7cc30600a2e26fc Author: Rex Zhu Date: Thu Sep 27 20:48:39 2018 +0800 drm/amdgpu: Fix vce work queue was not cancelled when suspend The vce cancel_delayed_work_sync never be called. driver call the function in error path. This caused the A+A suspend hang when runtime pm enebled. As we will visit the smu in the idle queue. this will cause smu hang because the dgpu has been suspend, and the dgpu also will be waked up. As the smu has been hang, so the dgpu resume will failed. Reviewed-by: Christian König Reviewed-by: Feifei Xu Signed-off-by: Rex Zhu Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit d6a77ba0eb92d8ffa4b05a442fc20d0a9b11c4c4 Author: Linus Walleij Date: Thu Sep 27 14:41:30 2018 +0200 Revert "drm/panel: Add device_link from panel device to DRM device" This reverts commit 0c08754b59da5557532d946599854e6df28edc22. commit 0c08754b59da ("drm/panel: Add device_link from panel device to DRM device") creates a circular dependency under these circumstances: 1. The panel depends on dsi-host because it is MIPI-DSI child device. 2. dsi-host depends on the drm parent device (connector->dev->dev) this should be allowed. 3. drm parent dev (connector->dev->dev) depends on the panel after this patch. This makes the dependency circular and while it appears it does not affect any in-tree drivers (they do not seem to have dsi hosts depending on the same parent device) this does not seem right. As noted in a response from Andrzej Hajda, the intent is likely to make the panel dependent on the DRM device (connector->dev) not its parent. But we have no way of doing that since the DRM device doesn't contain any struct device on its own (arguably it should). Revert this until a proper approach is figured out. Cc: Jyri Sarha Cc: Eric Anholt Cc: Andrzej Hajda Signed-off-by: Linus Walleij Signed-off-by: Sean Paul Link: https://patchwork.freedesktop.org/patch/msgid/20180927124130.9102-1-linus.walleij@linaro.org commit 090bcfd5d1b631ef0f6f46de19ae5a8d0cbfd6a0 Merge: 864f893f31ee 52bf4a900d9c Author: Thomas Gleixner Date: Thu Sep 27 16:50:22 2018 +0200 Merge branch 'clockevents/4.19-fixes' of https://git.linaro.org/people/daniel.lezcano/linux into timers/urgent Pull another fix from Daniel Lezcano, which felt through the cracks: - Fix a potential memory leak reported by smatch in the atmel timer driver commit bf42daed6bd136774415ae6d26c8475152f92b54 Author: Eric Farman Date: Fri Sep 21 22:40:13 2018 +0200 s390/cio: Refactor alloc of ccw_io_region If I attach a vfio-ccw device to my guest, I get the following warning on the host when the host kernel is CONFIG_HARDENED_USERCOPY=y [250757.595325] Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLUB object 'dma-kmalloc-512' (offset 64, size 124)! [250757.595365] WARNING: CPU: 2 PID: 10958 at mm/usercopy.c:81 usercopy_warn+0xac/0xd8 [250757.595369] Modules linked in: kvm vhost_net vhost tap xt_CHECKSUM iptable_mangle ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack libcrc32c devlink tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables sunrpc dm_multipath s390_trng crc32_vx_s390 ghash_s390 prng aes_s390 des_s390 des_generic sha512_s390 sha1_s390 eadm_sch tape_3590 tape tape_class qeth_l2 qeth ccwgroup vfio_ccw vfio_mdev zcrypt_cex4 mdev vfio_iommu_type1 zcrypt vfio sha256_s390 sha_common zfcp scsi_transport_fc qdio dasd_eckd_mod dasd_mod [250757.595424] CPU: 2 PID: 10958 Comm: CPU 2/KVM Not tainted 4.18.0-derp #2 [250757.595426] Hardware name: IBM 3906 M05 780 (LPAR) ...snip regs... [250757.595523] Call Trace: [250757.595529] ([<0000000000349210>] usercopy_warn+0xa8/0xd8) [250757.595535] [<000000000032daaa>] __check_heap_object+0xfa/0x160 [250757.595540] [<0000000000349396>] __check_object_size+0x156/0x1d0 [250757.595547] [<000003ff80332d04>] vfio_ccw_mdev_write+0x74/0x148 [vfio_ccw] [250757.595552] [<000000000034ed12>] __vfs_write+0x3a/0x188 [250757.595556] [<000000000034f040>] vfs_write+0xa8/0x1b8 [250757.595559] [<000000000034f4e6>] ksys_pwrite64+0x86/0xc0 [250757.595568] [<00000000008959a0>] system_call+0xdc/0x2b0 [250757.595570] Last Breaking-Event-Address: [250757.595573] [<0000000000349210>] usercopy_warn+0xa8/0xd8 While vfio_ccw_mdev_{write|read} validates that the input position/count does not run over the ccw_io_region struct, the usercopy code that does copy_{to|from}_user doesn't necessarily know this. It sees the variable length and gets worried that it's affecting a normal kmalloc'd struct, and generates the above warning. Adjust how the ccw_io_region is alloc'd with a whitelist to remove this warning. The boundary checking will continue to do its thing. Signed-off-by: Eric Farman Message-Id: <20180921204013.95804-3-farman@linux.ibm.com> Signed-off-by: Cornelia Huck commit c98e16b2fa1202dd8c66900823591cd110a1a213 Author: Eric Farman Date: Fri Sep 21 22:40:12 2018 +0200 s390/cio: Convert ccw_io_region to pointer In the event that we want to change the layout of the ccw_io_region in the future[1], it might be easier to work with it as a pointer within the vfio_ccw_private struct rather than an embedded struct. [1] https://patchwork.kernel.org/comment/22228541/ Signed-off-by: Eric Farman Message-Id: <20180921204013.95804-2-farman@linux.ibm.com> Signed-off-by: Cornelia Huck commit f151ba989d149bbdfc90e5405724bbea094f9b17 Author: Boris Ostrovsky Date: Sat Sep 22 15:55:49 2018 -0400 xen/blkfront: When purging persistent grants, keep them in the buffer Commit a46b53672b2c ("xen/blkfront: cleanup stale persistent grants") added support for purging persistent grants when they are not in use. As part of the purge, the grants were removed from the grant buffer, This eventually causes the buffer to become empty, with BUG_ON triggered in get_free_grant(). This can be observed even on an idle system, within 20-30 minutes. We should keep the grants in the buffer when purging, and only free the grant ref. Fixes: a46b53672b2c ("xen/blkfront: cleanup stale persistent grants") Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky Signed-off-by: Jens Axboe commit 092ffc51fb3f9b8369e737c9320bf0bffb2c898f Author: David Howells Date: Thu Sep 27 15:13:07 2018 +0100 rxrpc: Remove dup code from rxrpc_find_connection_rcu() rxrpc_find_connection_rcu() initialises variable k twice with the same information. Remove one of the initialisations. Signed-off-by: David Howells commit 659902db7008f233e3d514c774b5ff3d46c8edd8 Author: zhong jiang Date: Fri Sep 14 13:04:37 2018 +0800 ieee802154: ca8210: remove redundant condition check before debugfs_remove debugfs_remove has taken the IS_ERR into account. Just remove the unnecessary condition. Signed-off-by: zhong jiang Signed-off-by: Stefan Schmidt commit 52bf4a900d9cede3eb14982d0f2c5e6db6d97cc3 Author: Alexandre Belloni Date: Wed Apr 25 12:14:39 2018 +0200 clocksource/drivers/timer-atmel-pit: Properly handle error cases The smatch utility reports a possible leak: smatch warnings: drivers/clocksource/timer-atmel-pit.c:183 at91sam926x_pit_dt_init() warn: possible memory leak of 'data' Ensure data is freed before exiting with an error. Reported-by: Dan Carpenter Signed-off-by: Alexandre Belloni Cc: stable@vger.kernel.org Signed-off-by: Daniel Lezcano commit 1222a16014888ed9733c11e221730d4a8196222b Author: Masashi Honma Date: Tue Sep 25 11:15:01 2018 +0900 nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds Use array_index_nospec() to sanitize i with respect to speculation. Note that the user doesn't control i directly, but can make it out of bounds by not finding a threshold in the array. Signed-off-by: Masashi Honma [add note about user control, as explained by Masashi] Signed-off-by: Johannes Berg commit d4ce58082f206bf6e7d697380c7bc5480a8b0264 Author: Maciej Żenczykowski Date: Tue Sep 25 21:59:28 2018 -0700 net-tcp: /proc/sys/net/ipv4/tcp_probe_interval is a u32 not int (fix documentation and sysctl access to treat it as such) Tested: # zcat /proc/config.gz | egrep ^CONFIG_HZ CONFIG_HZ_1000=y CONFIG_HZ=1000 # echo $[(1<<32)/1000 + 1] | tee /proc/sys/net/ipv4/tcp_probe_interval 4294968 tee: /proc/sys/net/ipv4/tcp_probe_interval: Invalid argument # echo $[(1<<32)/1000] | tee /proc/sys/net/ipv4/tcp_probe_interval 4294967 # echo 0 | tee /proc/sys/net/ipv4/tcp_probe_interval # echo -1 | tee /proc/sys/net/ipv4/tcp_probe_interval -1 tee: /proc/sys/net/ipv4/tcp_probe_interval: Invalid argument Signed-off-by: Maciej Żenczykowski Signed-off-by: David S. Miller commit 73f21c653f930f438d53eed29b5e4c65c8a0f906 Author: Michael Chan Date: Wed Sep 26 00:41:04 2018 -0400 bnxt_en: Fix TX timeout during netpoll. The current netpoll implementation in the bnxt_en driver has problems that may miss TX completion events. bnxt_poll_work() in effect is only handling at most 1 TX packet before exiting. In addition, there may be in flight TX completions that ->poll() may miss even after we fix bnxt_poll_work() to handle all visible TX completions. netpoll may not call ->poll() again and HW may not generate IRQ because the driver does not ARM the IRQ when the budget (0 for netpoll) is reached. We fix it by handling all TX completions and to always ARM the IRQ when we exit ->poll() with 0 budget. Also, the logic to ACK the completion ring in case it is almost filled with TX completions need to be adjusted to take care of the 0 budget case, as discussed with Eric Dumazet Reported-by: Song Liu Reviewed-by: Song Liu Tested-by: Song Liu Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 8fd780698745ba121530c5c20fd237aacde4c371 Author: Hangbin Liu Date: Wed Sep 26 10:35:42 2018 +0800 vxlan: fill ttl inherit info When add vxlan ttl inherit support, I forgot to fill it when dump vlxan info. Fix it now. Fixes: 72f6d71e491e6 ("vxlan: add ttl inherit support") Signed-off-by: Hangbin Liu Signed-off-by: David S. Miller commit 3e322474485931e7ea6e4c5560089991a7f03cbc Author: Andrew Lunn Date: Tue Sep 25 01:50:00 2018 +0200 net: phy: sfp: Fix unregistering of HWMON SFP device A HWMON device is only registered is the SFP module supports the diagnostic page and is complient to SFF8472. Don't unconditionally unregister the hwmon device when the SFP module is remove, otherwise we access data structures which don't exist. Reported-by: Florian Fainelli Fixes: 1323061a018a ("net: phy: sfp: Add HWMON support for module sensors") Signed-off-by: Andrew Lunn Tested-by: Florian Fainelli Signed-off-by: David S. Miller commit 77f2d753819b7d50c16abfb778caf1fe075faed0 Author: Nathan Chancellor Date: Mon Sep 24 14:42:12 2018 -0700 qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt Clang warns when one enumerated type is implicitly converted to another. drivers/net/ethernet/qlogic/qed/qed_iwarp.c:1713:25: warning: implicit conversion from enumeration type 'enum tcp_ip_version' to different enumeration type 'enum qed_tcp_ip_version' [-Wenum-conversion] cm_info->ip_version = TCP_IPV4; ~ ^~~~~~~~ drivers/net/ethernet/qlogic/qed/qed_iwarp.c:1733:25: warning: implicit conversion from enumeration type 'enum tcp_ip_version' to different enumeration type 'enum qed_tcp_ip_version' [-Wenum-conversion] cm_info->ip_version = TCP_IPV6; ~ ^~~~~~~~ 2 warnings generated. Use the appropriate values from the expected type, qed_tcp_ip_version: TCP_IPV4 = QED_TCP_IPV4 = 0 TCP_IPV6 = QED_TCP_IPV6 = 1 Link: https://github.com/ClangBuiltLinux/linux/issues/125 Signed-off-by: Nathan Chancellor Signed-off-by: David S. Miller commit 1c492a9d55ba99079210ed901dd8a5423f980487 Author: Nathan Chancellor Date: Mon Sep 24 15:17:03 2018 -0700 qed: Avoid constant logical operation warning in qed_vf_pf_acquire Clang warns when a constant is used in a boolean context as it thinks a bitwise operation may have been intended. drivers/net/ethernet/qlogic/qed/qed_vf.c:415:27: warning: use of logical '&&' with constant operand [-Wconstant-logical-operand] if (!p_iov->b_pre_fp_hsi && ^ drivers/net/ethernet/qlogic/qed/qed_vf.c:415:27: note: use '&' for a bitwise operation if (!p_iov->b_pre_fp_hsi && ^~ & drivers/net/ethernet/qlogic/qed/qed_vf.c:415:27: note: remove constant to silence this warning if (!p_iov->b_pre_fp_hsi && ~^~ 1 warning generated. This has been here since commit 1fe614d10f45 ("qed: Relax VF firmware requirements") and I am not entirely sure why since 0 isn't a special case. Just remove the statement causing Clang to warn since it isn't required. Link: https://github.com/ClangBuiltLinux/linux/issues/126 Signed-off-by: Nathan Chancellor Signed-off-by: David S. Miller commit d4859d749aa7090ffb743d15648adb962a1baeae Author: Mahesh Bandewar Date: Mon Sep 24 14:40:11 2018 -0700 bonding: avoid possible dead-lock Syzkaller reported this on a slightly older kernel but it's still applicable to the current kernel - ====================================================== WARNING: possible circular locking dependency detected 4.18.0-next-20180823+ #46 Not tainted ------------------------------------------------------ syz-executor4/26841 is trying to acquire lock: 00000000dd41ef48 ((wq_completion)bond_dev->name){+.+.}, at: flush_workqueue+0x2db/0x1e10 kernel/workqueue.c:2652 but task is already holding lock: 00000000768ab431 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] 00000000768ab431 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x412/0xc30 net/core/rtnetlink.c:4708 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (rtnl_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:925 [inline] __mutex_lock+0x171/0x1700 kernel/locking/mutex.c:1073 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 bond_netdev_notify drivers/net/bonding/bond_main.c:1310 [inline] bond_netdev_notify_work+0x44/0xd0 drivers/net/bonding/bond_main.c:1320 process_one_work+0xc73/0x1aa0 kernel/workqueue.c:2153 worker_thread+0x189/0x13c0 kernel/workqueue.c:2296 kthread+0x35a/0x420 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415 -> #1 ((work_completion)(&(&nnw->work)->work)){+.+.}: process_one_work+0xc0b/0x1aa0 kernel/workqueue.c:2129 worker_thread+0x189/0x13c0 kernel/workqueue.c:2296 kthread+0x35a/0x420 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415 -> #0 ((wq_completion)bond_dev->name){+.+.}: lock_acquire+0x1e4/0x4f0 kernel/locking/lockdep.c:3901 flush_workqueue+0x30a/0x1e10 kernel/workqueue.c:2655 drain_workqueue+0x2a9/0x640 kernel/workqueue.c:2820 destroy_workqueue+0xc6/0x9d0 kernel/workqueue.c:4155 __alloc_workqueue_key+0xef9/0x1190 kernel/workqueue.c:4138 bond_init+0x269/0x940 drivers/net/bonding/bond_main.c:4734 register_netdevice+0x337/0x1100 net/core/dev.c:8410 bond_newlink+0x49/0xa0 drivers/net/bonding/bond_netlink.c:453 rtnl_newlink+0xef4/0x1d50 net/core/rtnetlink.c:3099 rtnetlink_rcv_msg+0x46e/0xc30 net/core/rtnetlink.c:4711 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2454 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4729 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x5a0/0x760 net/netlink/af_netlink.c:1343 netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:632 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2115 __sys_sendmsg+0x11d/0x290 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2160 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: (wq_completion)bond_dev->name --> (work_completion)(&(&nnw->work)->work) --> rtnl_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(rtnl_mutex); lock((work_completion)(&(&nnw->work)->work)); lock(rtnl_mutex); lock((wq_completion)bond_dev->name); *** DEADLOCK *** 1 lock held by syz-executor4/26841: stack backtrace: CPU: 1 PID: 26841 Comm: syz-executor4 Not tainted 4.18.0-next-20180823+ #46 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 print_circular_bug.isra.34.cold.55+0x1bd/0x27d kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1862 [inline] check_prevs_add kernel/locking/lockdep.c:1975 [inline] validate_chain kernel/locking/lockdep.c:2416 [inline] __lock_acquire+0x3449/0x5020 kernel/locking/lockdep.c:3412 lock_acquire+0x1e4/0x4f0 kernel/locking/lockdep.c:3901 flush_workqueue+0x30a/0x1e10 kernel/workqueue.c:2655 drain_workqueue+0x2a9/0x640 kernel/workqueue.c:2820 destroy_workqueue+0xc6/0x9d0 kernel/workqueue.c:4155 __alloc_workqueue_key+0xef9/0x1190 kernel/workqueue.c:4138 bond_init+0x269/0x940 drivers/net/bonding/bond_main.c:4734 register_netdevice+0x337/0x1100 net/core/dev.c:8410 bond_newlink+0x49/0xa0 drivers/net/bonding/bond_netlink.c:453 rtnl_newlink+0xef4/0x1d50 net/core/rtnetlink.c:3099 rtnetlink_rcv_msg+0x46e/0xc30 net/core/rtnetlink.c:4711 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2454 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4729 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x5a0/0x760 net/netlink/af_netlink.c:1343 netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:632 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2115 __sys_sendmsg+0x11d/0x290 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2160 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457089 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f2df20a5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f2df20a66d4 RCX: 0000000000457089 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 0000000000930140 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004d40b8 R14: 00000000004c8ad8 R15: 0000000000000001 Signed-off-by: Mahesh Bandewar Signed-off-by: David S. Miller commit 6a9e461f6fe4434e6172304b69774daff9a3ac4c Author: Mahesh Bandewar Date: Mon Sep 24 14:39:42 2018 -0700 bonding: pass link-local packets to bonding master also. Commit b89f04c61efe ("bonding: deliver link-local packets with skb->dev set to link that packets arrived on") changed the behavior of how link-local-multicast packets are processed. The change in the behavior broke some legacy use cases where these packets are expected to arrive on bonding master device also. This patch passes the packet to the stack with the link it arrived on as well as passes to the bonding-master device to preserve the legacy use case. Fixes: b89f04c61efe ("bonding: deliver link-local packets with skb->dev set to link that packets arrived on") Reported-by: Michal Soltys Signed-off-by: Mahesh Bandewar Signed-off-by: David S. Miller commit d3a315795b4ce8b105a64a90699103121bde04a8 Author: Nathan Chancellor Date: Mon Sep 24 14:34:53 2018 -0700 qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor Clang warns when one enumerated type is implicitly converted to another. drivers/net/ethernet/qlogic/qed/qed_roce.c:153:12: warning: implicit conversion from enumeration type 'enum roce_mode' to different enumeration type 'enum roce_flavor' [-Wenum-conversion] flavor = ROCE_V2_IPV6; ~ ^~~~~~~~~~~~ drivers/net/ethernet/qlogic/qed/qed_roce.c:156:12: warning: implicit conversion from enumeration type 'enum roce_mode' to different enumeration type 'enum roce_flavor' [-Wenum-conversion] flavor = MAX_ROCE_MODE; ~ ^~~~~~~~~~~~~ 2 warnings generated. Use the appropriate values from the expected type, roce_flavor: ROCE_V2_IPV6 = RROCE_IPV6 = 2 MAX_ROCE_MODE = MAX_ROCE_FLAVOR = 3 While we're add it, ditch the local variable flavor, we can just return the value directly from the switch statement. Link: https://github.com/ClangBuiltLinux/linux/issues/125 Signed-off-by: Nathan Chancellor Signed-off-by: David S. Miller commit db803f36e56f23b5a2266807e190d1dc11554d54 Author: Nathan Chancellor Date: Mon Sep 24 14:05:27 2018 -0700 qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv Clang complains when one enumerated type is implicitly converted to another. drivers/net/ethernet/qlogic/qed/qed_vf.c:686:6: warning: implicit conversion from enumeration type 'enum qed_tunn_mode' to different enumeration type 'enum qed_tunn_clss' [-Wenum-conversion] QED_MODE_L2GENEVE_TUNN, ^~~~~~~~~~~~~~~~~~~~~~ Update mask's parameter to expect qed_tunn_mode, which is what was intended. Link: https://github.com/ClangBuiltLinux/linux/issues/125 Signed-off-by: Nathan Chancellor Signed-off-by: David S. Miller commit a898fba32229efd5e6b6154f83fa86a7145156b9 Author: Nathan Chancellor Date: Mon Sep 24 13:53:34 2018 -0700 qed: Avoid implicit enum conversion in qed_set_tunn_cls_info Clang warns when one enumerated type is implicitly converted to another. drivers/net/ethernet/qlogic/qed/qed_sp_commands.c:163:25: warning: implicit conversion from enumeration type 'enum tunnel_clss' to different enumeration type 'enum qed_tunn_clss' [-Wenum-conversion] p_tun->vxlan.tun_cls = type; ~ ^~~~ drivers/net/ethernet/qlogic/qed/qed_sp_commands.c:165:26: warning: implicit conversion from enumeration type 'enum tunnel_clss' to different enumeration type 'enum qed_tunn_clss' [-Wenum-conversion] p_tun->l2_gre.tun_cls = type; ~ ^~~~ drivers/net/ethernet/qlogic/qed/qed_sp_commands.c:167:26: warning: implicit conversion from enumeration type 'enum tunnel_clss' to different enumeration type 'enum qed_tunn_clss' [-Wenum-conversion] p_tun->ip_gre.tun_cls = type; ~ ^~~~ drivers/net/ethernet/qlogic/qed/qed_sp_commands.c:169:29: warning: implicit conversion from enumeration type 'enum tunnel_clss' to different enumeration type 'enum qed_tunn_clss' [-Wenum-conversion] p_tun->l2_geneve.tun_cls = type; ~ ^~~~ drivers/net/ethernet/qlogic/qed/qed_sp_commands.c:171:29: warning: implicit conversion from enumeration type 'enum tunnel_clss' to different enumeration type 'enum qed_tunn_clss' [-Wenum-conversion] p_tun->ip_geneve.tun_cls = type; ~ ^~~~ 5 warnings generated. Avoid this by changing type to an int. Link: https://github.com/ClangBuiltLinux/linux/issues/125 Signed-off-by: Nathan Chancellor Signed-off-by: David S. Miller commit 079db3fd4ef164a59006425a988b1c73639fade8 Author: Colin Ian King Date: Mon Sep 24 18:39:51 2018 +0100 wimax/i2400m: fix spelling mistake "not unitialized" -> "uninitialized" Trivial fix to spelling mistake in ms_to_errno array of error messages and remove confusing "not" from the error text since the error code refers to an uninitialized error code. Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit 5a94df70d3878ae597dd8331ec0add491bdfe851 Author: Colin Ian King Date: Mon Sep 24 16:51:41 2018 +0100 qed: fix spelling mistake "toogle" -> "toggle" Trivial fix to spelling mistake in DP_VERBOSE message Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit 30ed48719282aecf6728f6777fefe8440bf6ed5a Merge: d31d1d03aa90 93f41e67dc8f Author: David S. Miller Date: Wed Sep 26 20:04:11 2018 -0700 Merge branch 'net-phy-fix-WoL-handling-when-suspending-the-PHY' Heiner Kallweit says: ==================== net: phy: fix WoL handling when suspending the PHY phy_suspend doesn't always recognize that WoL is enabled and therefore suspends the PHY when it should not. First idea to address the issue was to reuse checks used in mdio_bus_phy_may_suspend which check whether relevant devices are wakeup-enabled. Florian raised some concerns because drivers may enable wakeup even if WoL isn't enabled (e.g. certain USB network drivers). The new approach focuses on reducing the risk to break existing stuff. We add a flag wol_enabled to struct net_device which is set in ethtool_set_wol(). Then this flag is checked in phy_suspend(). This doesn't cover 100% of the cases yet (e.g. if WoL is enabled w/o explicit configuration), but it covers the most relevant cases with very little risk of regressions. v2: - Fix a typo ==================== Signed-off-by: David S. Miller commit 93f41e67dc8ff0fd987120a6ef2717f21462c534 Author: Heiner Kallweit Date: Mon Sep 24 22:01:32 2018 +0200 net: phy: fix WoL handling when suspending the PHY Core of the problem is that phy_suspend() suspends the PHY when it should not because of WoL. phy_suspend() checks for WoL already, but this works only if the PHY driver handles WoL (what is rarely the case). Typically WoL is handled by the MAC driver. This patch uses new member wol_enabled of struct net_device as additional criteria in the check when not to suspend the PHY because of WoL. Last but not least change phy_detach() to call phy_suspend() before attached_dev is set to NULL. phy_suspend() accesses attached_dev when checking whether the MAC driver activated WoL. Fixes: f1e911d5d0df ("r8169: add basic phylib support") Fixes: e8cfd9d6c772 ("net: phy: call state machine synchronously in phy_stop") Signed-off-by: Heiner Kallweit Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 6194114324139dc16f3251c67ed853bd6d4ae056 Author: Heiner Kallweit Date: Mon Sep 24 21:58:59 2018 +0200 net: core: add member wol_enabled to struct net_device Add flag wol_enabled to struct net_device indicating whether Wake-on-LAN is enabled. As first user phy_suspend() will use it to decide whether PHY can be suspended or not. Fixes: f1e911d5d0df ("r8169: add basic phylib support") Fixes: e8cfd9d6c772 ("net: phy: call state machine synchronously in phy_stop") Signed-off-by: Heiner Kallweit Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit d31d1d03aa909aa6257d9d581eb0eb5d0ed366e2 Author: David S. Miller Date: Wed Sep 26 20:01:36 2018 -0700 Revert "net: phy: fix WoL handling when suspending the PHY" This reverts commit e0511f6c1ccdd153cf063764e93ac177a8553c5d. I commited the wrong version of these changes. Signed-off-by: David S. Miller commit e0511f6c1ccdd153cf063764e93ac177a8553c5d Author: Heiner Kallweit Date: Sun Sep 23 15:38:21 2018 +0200 net: phy: fix WoL handling when suspending the PHY Actually there's nothing wrong with the two changes marked as "Fixes", they just revealed a problem which has been existing before. After having switched r8169 to phylib it was reported that WoL from shutdown doesn't work any longer (WoL from suspend isn't affected). Reason is that during shutdown phy_disconnect()->phy_detach()-> phy_suspend() is called. A similar issue occurs when the phylib state machine calls phy_suspend() when handling state PHY_HALTED. Core of the problem is that phy_suspend() suspends the PHY when it should not due to WoL. phy_suspend() checks for WoL already, but this works only if the PHY driver handles WoL (what is rarely the case). Typically WoL is handled by the MAC driver. phylib knows about this and handles it in mdio_bus_phy_may_suspend(), but that's used only when suspending the system, not in other cases like shutdown. Therefore factor out the relevant check from mdio_bus_phy_may_suspend() to a new function phy_may_suspend() and use it in phy_suspend(). Last but not least change phy_detach() to call phy_suspend() before attached_dev is set to NULL. phy_suspend() accesses attached_dev when checking whether the MAC driver activated WoL. Fixes: f1e911d5d0df ("r8169: add basic phylib support") Fixes: e8cfd9d6c772 ("net: phy: call state machine synchronously in phy_stop") Signed-off-by: Heiner Kallweit Signed-off-by: David S. Miller commit 36f19d5b4f99fa9fa8263877e5f8e669d7fddc14 Author: David Ahern Date: Wed Sep 26 17:35:14 2018 -0700 net/ipv6: Remove extra call to ip6_convert_metrics for multipath case The change to move metrics from the dst to rt6_info moved the call to ip6_convert_metrics from ip6_route_add to ip6_route_info_create. In doing so it makes the call in ip6_route_info_append redundant and actually leaks the metrics installed as part of the ip6_route_info_create. Remove the now unnecessary call. Fixes: d4ead6b34b67f ("net/ipv6: move metrics from dst to rt6_info") Signed-off-by: David Ahern Signed-off-by: David S. Miller commit 854f31ccdd7964c9c2e68da234a3a8aedb51cf6b Author: Damien Le Moal Date: Thu Sep 27 10:55:13 2018 +0900 block: fix deadline elevator drain for zoned block devices When the deadline scheduler is used with a zoned block device, writes to a zone will be dispatched one at a time. This causes the warning message: deadline: forced dispatching is broken (nr_sorted=X), please report this to be displayed when switching to another elevator with the legacy I/O path while write requests to a zone are being retained in the scheduler queue. Prevent this message from being displayed when executing elv_drain_elevator() for a zoned block device. __blk_drain_queue() will loop until all writes are dispatched and completed, resulting in the desired elevator queue drain without extensive modifications to the deadline code itself to handle forced-dispatch calls. Signed-off-by: Damien Le Moal Fixes: 8dc8146f9c92 ("deadline-iosched: Introduce zone locking support") Cc: stable@vger.kernel.org Signed-off-by: Jens Axboe commit 576156bb01a62c1f64b32b416593862bb34bddaa Merge: e89fe98bba86 89578d04b52c Author: Dave Airlie Date: Thu Sep 27 10:49:44 2018 +1000 Merge branch 'for-upstream/malidp-fixes' of git://linux-arm.org/linux-ld into drm-fixes Fix NV12 writeback and fix vblank reset. Signed-off-by: Dave Airlie From: Liviu Dudau Link: https://patchwork.freedesktop.org/patch/msgid/20180921112354.GR936@e110455-lin.cambridge.arm.com commit e89fe98bba86550c209ecaea44d6ece941f2fda4 Merge: 6bf4ca7fbc85 1a866306e0fb Author: Dave Airlie Date: Thu Sep 27 10:19:26 2018 +1000 Merge branch 'etnaviv/fixes' of https://git.pengutronix.de/git/lst/linux into drm-fixes one fix to get a proper DMA configuration in place for the etnaviv virtual device. I'm sending this as a fix, as a dma-mapping change at the ARC architecture side during the 4.19 cycle broke etnaviv on this platform, which gets remedied with this patch, but it also enables ARM64. Signed-off-by: Dave Airlie From: Lucas Stach Link: https://patchwork.freedesktop.org/patch/msgid/ea1f712bf09bf9439c6b092bf2c2bde7bb01cf5e.camel@pengutronix.de commit 1d71926bbd59facc4bdb6f13117d3a1aee8b83ba Author: Tony Lindgren Date: Tue Sep 18 16:16:56 2018 -0700 mmc: core: Fix debounce time to use microseconds The debounce value in device tree is in milliseconds but needs to be in microseconds for mmc_gpiod_request_cd(). Fixes: bfd694d5e21c ("mmc: core: Add tunable delay before detecting card after card is inserted") Cc: Shawn Lin Signed-off-by: Tony Lindgren Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Ulf Hansson commit f188b99f0b2d33794b4af8a225f95d1e968c0a3f Author: Mika Westerberg Date: Wed Sep 26 15:39:28 2018 -0500 ACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not bridge HP 6730b laptop has an ethernet NIC connected to one of the PCIe root ports. The root ports themselves are native PCIe hotplug capable. Now, during boot after PCI devices are scanned the BIOS triggers ACPI bus check directly to the NIC: ACPI: \_SB_.PCI0.RP06.NIC_: Bus check in hotplug_event() It is not clear why it is sending bus check but regardless the ACPI hotplug notify handler calls enable_slot() directly (instead of going through acpiphp_check_bridge() as there is no bridge), which ends up handling special case for non-hotplug bridges with native PCIe hotplug. This results a crash of some kind but the reporter only sees black screen so it is hard to figure out the exact spot and what actually happens. Based on a few fix proposals it was tracked to crash somewhere inside pci_assign_unassigned_bridge_resources(). In any case we should not really be in that special branch at all because the ACPI notify happened to a slot that is not a PCI bridge (it is just a regular PCI device). Fix this so that we only go to that special branch if we are calling enable_slot() for a bridge (e.g., the ACPI notification was for the bridge). Link: https://bugzilla.kernel.org/show_bug.cgi?id=201127 Fixes: 84c8b58ed3ad ("ACPI / hotplug / PCI: Don't scan bridges managed by native hotplug") Reported-by: Peter Anemone Signed-off-by: Mika Westerberg Signed-off-by: Bjorn Helgaas Reviewed-by: Rafael J. Wysocki CC: stable@vger.kernel.org # v4.18+ commit 7c968791f7753bf0e52a21729498509ea3dd751b Author: Gustavo A. R. Silva Date: Wed Sep 26 18:50:54 2018 +0200 video/fbdev/stifb: Fix spelling mistake in fall-through annotation Replace "fall though" with a proper "fall through" annotation. This fix is part of the ongoing efforts to enabling -Wimplicit-fallthrough Addresses-Coverity-ID: 402013 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Cc: "James E.J. Bottomley" Cc: Helge Deller Signed-off-by: Bartlomiej Zolnierkiewicz commit 676709b1bcb513c6acf0bb7698dffcc53c2a8970 Author: Adam Jackson Date: Wed Sep 26 18:11:23 2018 +0200 uvesafb: Fix URLs in the documentation Signed-off-by: Adam Jackson Reviewed-by: Randy Dunlap Signed-off-by: Bartlomiej Zolnierkiewicz commit cf7389b8095fabae076ef28b49dc3059b9eb899f Author: Hans de Goede Date: Wed Sep 26 18:11:22 2018 +0200 efifb: BGRT: Add nobgrt option In some setups restoring the BGRT logo is undesirable, allow passing video=efifb:nobgrt on the kernel commandline to disable it. Reported-by: David Herrmann Signed-off-by: Hans de Goede Reviewed-by: David Herrmann Signed-off-by: Bartlomiej Zolnierkiewicz commit 1bafcbf59fed92af58955024452f45430d3898c5 Author: Tomi Valkeinen Date: Wed Sep 26 18:11:22 2018 +0200 fbdev/omapfb: fix omapfb_memory_read infoleak OMAPFB_MEMORY_READ ioctl reads pixels from the LCD's memory and copies them to a userspace buffer. The code has two issues: - The user provided width and height could be large enough to overflow the calculations - The copy_to_user() can copy uninitialized memory to the userspace, which might contain sensitive kernel information. Fix these by limiting the width & height parameters, and only copying the amount of data that we actually received from the LCD. Signed-off-by: Tomi Valkeinen Reported-by: Jann Horn Cc: stable@vger.kernel.org Cc: security@kernel.org Cc: Will Deacon Cc: Jann Horn Cc: Tony Lindgren Signed-off-by: Bartlomiej Zolnierkiewicz commit d85536cde91fcfed6fb8d983783bd2b92c843939 Author: Lubomir Rintel Date: Wed Sep 26 18:11:22 2018 +0200 pxa168fb: prepare the clock Add missing prepare/unprepare operations for fbi->clk, this fixes following kernel warning: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1 at drivers/clk/clk.c:874 clk_core_enable+0x2c/0x1b0 Enabling unprepared disp0_clk Modules linked in: CPU: 0 PID: 1 Comm: swapper Not tainted 4.18.0-rc8-00032-g02b43ddd4f21-dirty #25 Hardware name: Marvell MMP2 (Device Tree Support) [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [] (show_stack) from [] (__warn+0xd8/0xf0) [] (__warn) from [] (warn_slowpath_fmt+0x44/0x6c) [] (warn_slowpath_fmt) from [] (clk_core_enable+0x2c/0x1b0) [] (clk_core_enable) from [] (clk_core_enable_lock+0x18/0x2c) [] (clk_core_enable_lock) from [] (pxa168fb_probe+0x464/0x6ac) [] (pxa168fb_probe) from [] (platform_drv_probe+0x48/0x94) [] (platform_drv_probe) from [] (driver_probe_device+0x328/0x470) [] (driver_probe_device) from [] (__driver_attach+0xb0/0x124) [] (__driver_attach) from [] (bus_for_each_dev+0x64/0xa0) [] (bus_for_each_dev) from [] (bus_add_driver+0x1b8/0x230) [] (bus_add_driver) from [] (driver_register+0xac/0xf0) [] (driver_register) from [] (do_one_initcall+0xb8/0x1f0) [] (do_one_initcall) from [] (kernel_init_freeable+0x294/0x2e0) [] (kernel_init_freeable) from [] (kernel_init+0x8/0x10c) [] (kernel_init) from [] (ret_from_fork+0x14/0x2c) Exception stack(0xd008bfb0 to 0xd008bff8) bfa0: 00000000 00000000 00000000 00000000 bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 ---[ end trace c0af40f9e2ed7cb4 ]--- Signed-off-by: Lubomir Rintel [b.zolnierkie: enhance patch description a bit] Signed-off-by: Bartlomiej Zolnierkiewicz commit 337fe9f5c1e7de1f391c6a692531379d2aa2ee11 Author: Jason Ekstrand Date: Wed Sep 26 02:17:03 2018 -0500 drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set We attempt to get fences earlier in the hopes that everything will already have fences and no callbacks will be needed. If we do succeed in getting a fence, getting one a second time will result in a duplicate ref with no unref. This is causing memory leaks in Vulkan applications that create a lot of fences; playing for a few hours can, apparently, bring down the system. Cc: stable@vger.kernel.org Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107899 Reviewed-by: Chris Wilson Signed-off-by: Jason Ekstrand Signed-off-by: Sean Paul Link: https://patchwork.freedesktop.org/patch/msgid/20180926071703.15257-1-jason.ekstrand@intel.com commit aaccf3c97418f169afdbb5855e9cbcbda34e90fd Merge: f39684524b39 6bf4ca7fbc85 Author: Bartlomiej Zolnierkiewicz Date: Wed Sep 26 15:54:31 2018 +0200 Merge tag 'v4.19-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next Sync with upstream (which now contains fbdev-v4.19 changes) to prepare a base for fbdev-v4.20 changes. commit c307aaf3eb47969105887e4e8991ec00960a7ce8 Merge: a38523185b40 5ebb1bc2d63d Author: Greg Kroah-Hartman Date: Wed Sep 26 13:08:53 2018 +0200 Merge tag 'iommu-fixes-v4.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Joerg writes: "IOMMU Fixes for Linux v4.19-rc5 Three fixes queued up: - Warning fix for Rockchip IOMMU where there were IRQ handlers for offlined hardware. - Fix for Intel VT-d because recent changes caused boot failures on some machines because it tried to allocate to much contiguous memory. - Fix for AMD IOMMU to handle eMMC devices correctly that appear as ACPI HID devices." * tag 'iommu-fixes-v4.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/amd: Return devid as alias for ACPI HID devices iommu/vt-d: Handle memory shortage on pasid table allocation iommu/rockchip: Free irqs in shutdown handler commit cb28c306b93b71f2741ce1a5a66289db26715f4d Author: Matias Karhumaa Date: Wed Sep 26 09:13:46 2018 +0300 Bluetooth: SMP: fix crash in unpairing In case unpair_device() was called through mgmt interface at the same time when pairing was in progress, Bluetooth kernel module crash was seen. [ 600.351225] general protection fault: 0000 [#1] SMP PTI [ 600.351235] CPU: 1 PID: 11096 Comm: btmgmt Tainted: G OE 4.19.0-rc1+ #1 [ 600.351238] Hardware name: Dell Inc. Latitude E5440/08RCYC, BIOS A18 05/14/2017 [ 600.351272] RIP: 0010:smp_chan_destroy.isra.10+0xce/0x2c0 [bluetooth] [ 600.351276] Code: c0 0f 84 b4 01 00 00 80 78 28 04 0f 84 53 01 00 00 4d 85 ed 0f 85 ab 00 00 00 48 8b 08 48 8b 50 08 be 10 00 00 00 48 89 51 08 <48> 89 0a 48 b9 00 02 00 00 00 00 ad de 48 89 48 08 48 8b 83 00 01 [ 600.351279] RSP: 0018:ffffa9be839b3b50 EFLAGS: 00010246 [ 600.351282] RAX: ffff9c999ac565a0 RBX: ffff9c9996e98c00 RCX: ffff9c999aa28b60 [ 600.351285] RDX: dead000000000200 RSI: 0000000000000010 RDI: ffff9c999e403500 [ 600.351287] RBP: ffffa9be839b3b70 R08: 0000000000000000 R09: ffffffff92a25c00 [ 600.351290] R10: ffffa9be839b3ae8 R11: 0000000000000001 R12: ffff9c995375b800 [ 600.351292] R13: 0000000000000000 R14: ffff9c99619a5000 R15: ffff9c9962a01c00 [ 600.351295] FS: 00007fb2be27c700(0000) GS:ffff9c999e880000(0000) knlGS:0000000000000000 [ 600.351298] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 600.351300] CR2: 00007fb2bdadbad0 CR3: 000000041c328001 CR4: 00000000001606e0 [ 600.351302] Call Trace: [ 600.351325] smp_failure+0x4f/0x70 [bluetooth] [ 600.351345] smp_cancel_pairing+0x74/0x80 [bluetooth] [ 600.351370] unpair_device+0x1c1/0x330 [bluetooth] [ 600.351399] hci_sock_sendmsg+0x960/0x9f0 [bluetooth] [ 600.351409] ? apparmor_socket_sendmsg+0x1e/0x20 [ 600.351417] sock_sendmsg+0x3e/0x50 [ 600.351422] sock_write_iter+0x85/0xf0 [ 600.351429] do_iter_readv_writev+0x12b/0x1b0 [ 600.351434] do_iter_write+0x87/0x1a0 [ 600.351439] vfs_writev+0x98/0x110 [ 600.351443] ? ep_poll+0x16d/0x3d0 [ 600.351447] ? ep_modify+0x73/0x170 [ 600.351451] do_writev+0x61/0xf0 [ 600.351455] ? do_writev+0x61/0xf0 [ 600.351460] __x64_sys_writev+0x1c/0x20 [ 600.351465] do_syscall_64+0x5a/0x110 [ 600.351471] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 600.351474] RIP: 0033:0x7fb2bdb62fe0 [ 600.351477] Code: 73 01 c3 48 8b 0d b8 6e 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 69 c7 2c 00 00 75 10 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 de 80 01 00 48 89 04 24 [ 600.351479] RSP: 002b:00007ffe062cb8f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 600.351484] RAX: ffffffffffffffda RBX: 000000000255b3d0 RCX: 00007fb2bdb62fe0 [ 600.351487] RDX: 0000000000000001 RSI: 00007ffe062cb920 RDI: 0000000000000004 [ 600.351490] RBP: 00007ffe062cb920 R08: 000000000255bd80 R09: 0000000000000000 [ 600.351494] R10: 0000000000000353 R11: 0000000000000246 R12: 0000000000000001 [ 600.351497] R13: 00007ffe062cbbe0 R14: 0000000000000000 R15: 0000000000000000 [ 600.351501] Modules linked in: algif_hash algif_skcipher af_alg cmac ipt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c br_netfilter bridge stp llc overlay arc4 nls_iso8859_1 dm_crypt intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp dell_laptop kvm_intel crct10dif_pclmul dell_smm_hwmon crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd cryptd glue_helper intel_cstate intel_rapl_perf uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev media hid_multitouch input_leds joydev serio_raw dell_wmi snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic dell_smbios dcdbas sparse_keymap [ 600.351569] snd_hda_intel btusb snd_hda_codec btrtl btbcm btintel snd_hda_core bluetooth(OE) snd_hwdep snd_pcm iwlmvm ecdh_generic wmi_bmof dell_wmi_descriptor snd_seq_midi mac80211 snd_seq_midi_event lpc_ich iwlwifi snd_rawmidi snd_seq snd_seq_device snd_timer cfg80211 snd soundcore mei_me mei dell_rbtn dell_smo8800 mac_hid parport_pc ppdev lp parport autofs4 hid_generic usbhid hid i915 nouveau kvmgt vfio_mdev mdev vfio_iommu_type1 vfio kvm irqbypass i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt mxm_wmi psmouse ahci sdhci_pci cqhci libahci fb_sys_fops sdhci drm e1000e video wmi [ 600.351637] ---[ end trace e49e9f1df09c94fb ]--- [ 600.351664] RIP: 0010:smp_chan_destroy.isra.10+0xce/0x2c0 [bluetooth] [ 600.351666] Code: c0 0f 84 b4 01 00 00 80 78 28 04 0f 84 53 01 00 00 4d 85 ed 0f 85 ab 00 00 00 48 8b 08 48 8b 50 08 be 10 00 00 00 48 89 51 08 <48> 89 0a 48 b9 00 02 00 00 00 00 ad de 48 89 48 08 48 8b 83 00 01 [ 600.351669] RSP: 0018:ffffa9be839b3b50 EFLAGS: 00010246 [ 600.351672] RAX: ffff9c999ac565a0 RBX: ffff9c9996e98c00 RCX: ffff9c999aa28b60 [ 600.351674] RDX: dead000000000200 RSI: 0000000000000010 RDI: ffff9c999e403500 [ 600.351676] RBP: ffffa9be839b3b70 R08: 0000000000000000 R09: ffffffff92a25c00 [ 600.351679] R10: ffffa9be839b3ae8 R11: 0000000000000001 R12: ffff9c995375b800 [ 600.351681] R13: 0000000000000000 R14: ffff9c99619a5000 R15: ffff9c9962a01c00 [ 600.351684] FS: 00007fb2be27c700(0000) GS:ffff9c999e880000(0000) knlGS:0000000000000000 [ 600.351686] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 600.351689] CR2: 00007fb2bdadbad0 CR3: 000000041c328001 CR4: 00000000001606e0 Crash happened because list_del_rcu() was called twice for smp->ltk. This was possible if unpair_device was called right after ltk was generated but before keys were distributed. In this commit smp_cancel_pairing was refactored to cancel pairing if it is in progress and otherwise just removes keys. Once keys are removed from rcu list, pointers to smp context's keys are set to NULL to make sure removed list items are not accessed later. This commit also adjusts the functionality of mgmt unpair_device() little bit. Previously pairing was canceled only if pairing was in state that keys were already generated. With this commit unpair_device() cancels pairing already in earlier states. Bug was found by fuzzing kernel SMP implementation using Synopsys Defensics. Reported-by: Pekka Oikarainen Signed-off-by: Matias Karhumaa Signed-off-by: Johan Hedberg commit 28ef8b49a338dc1844e86b7954cfffc7dfa2660a Author: Martin Willi Date: Tue Sep 25 09:51:02 2018 +0200 mac80211_hwsim: do not omit multicast announce of first added radio The allocation of hwsim radio identifiers uses a post-increment from 0, so the first radio has idx 0. This idx is explicitly excluded from multicast announcements ever since, but it is unclear why. Drop that idx check and announce the first radio as well. This makes userspace happy if it relies on these events. Signed-off-by: Martin Willi Signed-off-by: Johannes Berg commit f1c47eb61d52379de5747d02bb36be20d7a2d0d3 Author: Martin Willi Date: Tue Sep 25 09:41:14 2018 +0200 mac80211_hwsim: fix race in radio destruction from netlink notifier The asynchronous destruction from a work-queue of radios tagged with destroy-on-close may race with the owning namespace about to exit, resulting in potential use-after-free of that namespace. Instead of using a work-queue, move radios about to destroy to a temporary list, which can be worked on synchronously after releasing the lock. This should be safe to do from the netlink socket notifier, as the namespace is guaranteed to not get released. Signed-off-by: Martin Willi Signed-off-by: Johannes Berg commit 628980e5c8f038f730582c6ee50b7410741cd96e Author: Martin Willi Date: Tue Sep 25 09:41:13 2018 +0200 mac80211_hwsim: fix locking when iterating radios during ns exit The cleanup of radios during namespace exit has recently been reworked to directly delete a radio while temporarily releasing the spinlock, fixing a race condition between the work-queue execution and namespace exits. However, the temporary unlock allows unsafe modifications on the iterated list, resulting in a potential crash when continuing the iteration of additional radios. Move radios about to destroy to a temporary list, and clean that up after releasing the spinlock once iteration is complete. Fixes: 8cfd36a0b53a ("mac80211_hwsim: fix use-after-free bug in hwsim_exit_net") Signed-off-by: Martin Willi Signed-off-by: Johannes Berg commit 30fe6d50eb088783c8729c7d930f65296b2b3fa7 Author: Masashi Honma Date: Tue Sep 25 11:15:00 2018 +0900 nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT Use array_index_nospec() to sanitize ridx with respect to speculation. Signed-off-by: Masashi Honma Signed-off-by: Johannes Berg commit 0bcbf6518456f63038a290bd359237d31f6f8ac3 Author: Randy Dunlap Date: Sun Sep 23 11:59:13 2018 -0700 cfg80211: fix reg_query_regdb_wmm kernel-doc Drop @ptr from kernel-doc for function reg_query_regdb_wmm(). This function parameter was recently removed so update the kernel-doc to match that and remove the kernel-doc warnings. Removes 109 occurrences of this warning message: ../include/net/cfg80211.h:4869: warning: Excess function parameter 'ptr' description in 'reg_query_regdb_wmm' Fixes: 38cb87ee47fb ("cfg80211: make wmm_rule part of the reg_rule structure") Signed-off-by: Randy Dunlap Cc: Stanislaw Gruszka Cc: Johannes Berg Cc: Kalle Valo Cc: linux-wireless@vger.kernel.org Signed-off-by: Johannes Berg commit 8105f9b8a8879bff7f1d43d0720c993a99c9d135 Author: Felix Fietkau Date: Sat Sep 22 18:35:31 2018 +0200 mac80211: allocate TXQs for active monitor interfaces Monitor mode interfaces with the active flag are passed down to the driver. Drivers using TXQ expect that all interfaces have allocated TXQs before they get added. Fixes: 79af1f866193d ("mac80211: avoid allocating TXQs that won't be used") Cc: stable@vger.kernel.org Reported-by: Catrinel Catrinescu Signed-off-by: Felix Fietkau Signed-off-by: Johannes Berg commit 5ebb1bc2d63d90dd204169e21fd7a0b4bb8c776e Author: Arindam Nath Date: Tue Sep 18 15:40:58 2018 +0530 iommu/amd: Return devid as alias for ACPI HID devices ACPI HID devices do not actually have an alias for them in the IVRS. But dev_data->alias is still used for indexing into the IOMMU device table for devices being handled by the IOMMU. So for ACPI HID devices, we simply return the corresponding devid as an alias, as parsed from IVRS table. Signed-off-by: Arindam Nath Fixes: 2bf9a0a12749 ('iommu/amd: Add iommu support for ACPI HID devices') Signed-off-by: Joerg Roedel commit 3f32d0be6c16b902b687453c962d17eea5b8ea19 Author: Parthasarathy Bhuvaragan Date: Tue Sep 25 22:09:10 2018 +0200 tipc: lock wakeup & inputq at tipc_link_reset() In tipc_link_reset() we copy the wakeup queue to input queue using skb_queue_splice_init(link->wakeupq, link->inputq). This is performed without holding any locks. The lists might be simultaneously be accessed by other cpu threads in tipc_sk_rcv(), something leading to to random missing packets. Signed-off-by: Parthasarathy Bhuvaragan Signed-off-by: Jon Maloy Signed-off-by: David S. Miller commit 94b6ddce71780575fbbf9d2c36afc8440e61a281 Author: Parthasarathy Bhuvaragan Date: Tue Sep 25 21:56:57 2018 +0200 tipc: reset bearer if device carrier not ok If we detect that under lying carrier detects errors and goes down, we reset the bearer. Signed-off-by: Parthasarathy Bhuvaragan Signed-off-by: Jon Maloy Signed-off-by: David S. Miller commit 082dc55e3c5e559b0e6855c0de23ebd674bcc91e Author: Amelie Delaunay Date: Thu Sep 20 18:34:16 2018 +0200 ARM: dts: stm32: update SPI6 dmas property on stm32mp157c Remove unused parameter from SPI6 dmas property on stm32mp157c SoC. Fixes: dc3f8c86c10d ("ARM: dts: stm32: add SPI support on stm32mp157c") Signed-off-by: Amelie Delaunay Signed-off-by: Alexandre Torgue [olof: Without this patch, SPI6 will fall back to interrupt mode with lower perfmance] Signed-off-by: Olof Johansson commit 530ca2c9bd6949c72c9b5cfc330cb3dbccaa3f5b Author: Keith Busch Date: Tue Sep 25 10:36:20 2018 -0600 blk-mq: Allow blocking queue tag iter callbacks A recent commit runs tag iterator callbacks under the rcu read lock, but existing callbacks do not satisfy the non-blocking requirement. The commit intended to prevent an iterator from accessing a queue that's being modified. This patch fixes the original issue by taking a queue reference instead of reading it, which allows callbacks to make blocking calls. Fixes: f5bbbbe4d6357 ("blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter") Acked-by: Jianchao Wang Signed-off-by: Keith Busch Signed-off-by: Jens Axboe commit bb830add192e9d8338082c0fc2c209e23b43d865 Author: Susobhan Dey Date: Tue Sep 25 12:29:15 2018 -0700 nvme: properly propagate errors in nvme_mpath_init Signed-off-by: Susobhan Dey Signed-off-by: Christoph Hellwig commit 974c24c5bed75b53e229a6f68a0533b6d5f48feb Author: Christoph Hellwig Date: Tue Sep 11 11:00:49 2018 +0200 dma-mapping: add the missing ARCH_HAS_SYNC_DMA_FOR_CPU_ALL declaration The patch adding the infrastructure failed to actually add the symbol declaration, oops.. Fixes: faef87723a ("dma-noncoherent: add a arch_sync_dma_for_cpu_all hook") Signed-off-by: Christoph Hellwig Reviewed-by: Paul Burton Acked-by: Florian Fainelli Signed-off-by: Christoph Hellwig commit 5c5702e259dc66e6fceed5117effab79c186e87a Author: Parav Pandit Date: Tue Sep 25 12:10:40 2018 +0300 RDMA/core: Set right entry state before releasing reference Currently add_modify_gid() for IB link layer has followong issue in cache update path. When GID update event occurs, core releases reference to the GID table without updating its state and/or entry pointer. CPU-0 CPU-1 ------ ----- ib_cache_update() IPoIB ULP add_modify_gid() [..] put_gid_entry() refcnt = 0, but state = valid, entry is valid. (work item is not yet executed). ipoib_create_ah() rdma_create_ah() rdma_get_gid_attr() <-- Tries to acquire gid_attr which has refcnt = 0. This is incorrect. GID entry state and entry pointer is provides the accurate GID enty state. Such fields must be updated with rwlock to protect against readers and, such fields must be in sane state before refcount can drop to zero. Otherwise above race condition can happen leading to use-after-free situation. Following backtrace has been observed when cache update for an IB port is triggered while IPoIB ULP is creating an AH. Therefore, when updating GID entry, first mark a valid entry as invalid through state and set the barrier so that no callers can acquired the GID entry, followed by release reference to it. refcount_t: increment on 0; use-after-free. WARNING: CPU: 4 PID: 29106 at lib/refcount.c:153 refcount_inc_checked+0x30/0x50 Workqueue: ib-comp-unb-wq ib_cq_poll_work [ib_core] RIP: 0010:refcount_inc_checked+0x30/0x50 RSP: 0018:ffff8802ad36f600 EFLAGS: 00010082 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000008 RDI: ffffffff86710100 RBP: ffff8802d6e60a30 R08: ffffed005d67bf8b R09: ffffed005d67bf8b R10: 0000000000000001 R11: ffffed005d67bf8a R12: ffff88027620cee8 R13: ffff8802d6e60988 R14: ffff8802d6e60a78 R15: 0000000000000202 FS: 0000000000000000(0000) GS:ffff8802eb200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3ab35e5c88 CR3: 00000002ce84a000 CR4: 00000000000006e0 IPv6: ADDRCONF(NETDEV_CHANGE): ib1: link becomes ready Call Trace: rdma_get_gid_attr+0x220/0x310 [ib_core] ? lock_acquire+0x145/0x3a0 rdma_fill_sgid_attr+0x32c/0x470 [ib_core] rdma_create_ah+0x89/0x160 [ib_core] ? rdma_fill_sgid_attr+0x470/0x470 [ib_core] ? ipoib_create_ah+0x52/0x260 [ib_ipoib] ipoib_create_ah+0xf5/0x260 [ib_ipoib] ipoib_mcast_join_complete+0xbbe/0x2540 [ib_ipoib] Fixes: b150c3862d21 ("IB/core: Introduce GID entry reference counts") Signed-off-by: Parav Pandit Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 96fc74333f84cfdf8d434c6c07254e215e2aad00 Author: Zhao Qiang Date: Thu Feb 1 14:54:32 2018 +0800 soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift() There is a copy and paste bug so we accidentally use the RX_ shift when we're in TX_ mode. Fixes: bb8b2062aff3 ("fsl/qe: setup clock source for TDM mode") Signed-off-by: Dan Carpenter Signed-off-by: Zhao Qiang Signed-off-by: Li Yang (cherry picked from commit 3cb31b634052ed458922e0c8e2b4b093d7fb60b9) Signed-off-by: Olof Johansson commit 64e9e22e68512da8df3c9a7430f07621e48db3c2 Author: Alexandre Belloni Date: Thu Aug 23 23:36:00 2018 +0200 soc: fsl: qbman: qman: avoid allocating from non existing gen_pool If the qman driver didn't probe, calling qman_alloc_fqid_range, qman_alloc_pool_range or qman_alloc_cgrid_range (as done in dpaa_eth) will pass a NULL pointer to gen_pool_alloc, leading to a NULL pointer dereference. Signed-off-by: Alexandre Belloni Reviewed-by: Roy Pledge Signed-off-by: Li Yang (cherry picked from commit f72487a2788aa70c3aee1d0ebd5470de9bac953a) Signed-off-by: Olof Johansson commit 1a677ff4ce6acc3bdb2d01bb25eb687a6e28aa1d Merge: 9f71e7d5d97b 3ab97942d021 Author: Olof Johansson Date: Tue Sep 25 13:51:16 2018 -0700 Merge tag 'arm-soc/for-4.19/devicetree-fixes' of https://github.com/Broadcom/stblinux into fixes This pull request contains Broadcom ARM-based SoCs Device Tree changes intended for 4.19, please pull the following: - Florian fixes the PPI and SPI interrupts in the BCM63138 (DSL) SoC DTS * tag 'arm-soc/for-4.19/devicetree-fixes' of https://github.com/Broadcom/stblinux: ARM: dts: BCM63xx: Fix incorrect interrupt specifiers Signed-off-by: Olof Johansson commit e8ef090a614292db01b5956a6f5467afbe6c5cf7 Author: Yishai Hadas Date: Tue Sep 25 12:11:12 2018 +0300 IB/mlx5: Destroy the DEVX object upon error flow Upon DEVX object creation the object must be destroyed upon a follows error flow. Fixes: 7efce3691d33 ("IB/mlx5: Add obj create and destroy functionality") Signed-off-by: Yishai Hadas Reviewed-by: Artemy Kovalyov Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit a9360abd3de0aad745d25d003923d56afb28a04b Author: Mark Bloch Date: Tue Sep 25 11:23:55 2018 +0300 IB/uverbs: Free uapi on destroy Make sure we free struct uverbs_api once we clean the radix tree. It was allocated by uverbs_alloc_api(). Fixes: 9ed3e5f44772 ("IB/uverbs: Build the specs into a radix tree at runtime") Reported-by: Bart Van Assche Signed-off-by: Mark Bloch Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit a38523185b40fd85d2afe5b5fbfb0952f7153e96 Merge: 846e8dd47c26 41c9b1be335b Author: Greg Kroah-Hartman Date: Tue Sep 25 21:37:41 2018 +0200 erge tag 'libnvdimm-fixes-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Dan writes: "libnvdimm/dax for 4.19-rc6 * (2) fixes for the dax error handling updates that were merged for v4.19-rc1. My mails to Al have been bouncing recently, so I do not have his ack but the uaccess change is of the trivial / obviously correct variety. The address_space_operations fixes a regression. * A filesystem-dax fix to correct the zero page lookup to be compatible with non-x86 (mips and s390) architectures." * tag 'libnvdimm-fixes-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: device-dax: Add missing address_space_operations uaccess: Fix is_source param for check_copy_size() in copy_to_iter_mcsafe() filesystem-dax: Fix use of zero page commit 9f71e7d5d97b8ed1262b777fd5b37667aa18d3fd Merge: e6f0e1c75695 379e36d3f591 Author: Olof Johansson Date: Tue Sep 25 12:30:16 2018 -0700 Merge tag 'at91-4.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/at91/linux into fixes AT91 fixes for 4.19: - fix a NAND issue on sama5d2_ptc_ek (drive strength setting to fix corruption) * tag 'at91-4.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/at91/linux: ARM: dts: at91: sama5d2_ptc_ek: fix nand pinctrl Signed-off-by: Olof Johansson commit 69383c5913a5d74b4aa7e2b78a5cf14ebfbba538 Author: Wei Yongjun Date: Tue Sep 25 14:57:42 2018 +0000 ovl: make symbol 'ovl_aops' static Fixes the following sparse warning: fs/overlayfs/inode.c:507:39: warning: symbol 'ovl_aops' was not declared. Should it be static? Fixes: 5b910bd615ba ("ovl: fix GPF in swapfile_activate of file from overlayfs over xfs") Signed-off-by: Wei Yongjun Signed-off-by: Miklos Szeredi commit 92ef12b32feab8f277b69e9fb89ede2796777f4d Author: Parthasarathy Bhuvaragan Date: Tue Sep 25 18:21:58 2018 +0200 tipc: fix flow control accounting for implicit connect In the case of implicit connect message with data > 1K, the flow control accounting is incorrect. At this state, the socket does not know the peer nodes capability and falls back to legacy flow control by return 1, however the receiver of this message will perform the new block accounting. This leads to a slack and eventually traffic disturbance. In this commit, we perform tipc_node_get_capabilities() at implicit connect and perform accounting based on the peer's capability. Signed-off-by: Parthasarathy Bhuvaragan Signed-off-by: Jon Maloy Signed-off-by: David S. Miller commit 2e9361efa707e186d91b938e44f9e326725259f7 Author: Yunsheng Lin Date: Tue Sep 25 10:21:55 2018 +0100 net: hns: fix for unmapping problem when SMMU is on If SMMU is on, there is more likely that skb_shinfo(skb)->frags[i] can not send by a single BD. when this happen, the hns_nic_net_xmit_hw function map the whole data in a frags using skb_frag_dma_map, but unmap each BD' data individually when tx is done, which causes problem when SMMU is on. This patch fixes this problem by ummapping the whole data in a frags when tx is done. Signed-off-by: Yunsheng Lin Signed-off-by: Peng Li Reviewed-by: Yisen Zhuang Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit 970f1713ce22e625257af62a3f7d5e1761cc4f02 Merge: e1e5d8a9fe73 871088bf92e1 Author: David S. Miller Date: Tue Sep 25 10:39:35 2018 -0700 Merge branch 'xen-netback-hash' Jan Beulich says: ==================== xen-netback: hash mapping handling adjustments First and foremost the fix for XSA-270. On top of that further changes which looked desirable to me while investigating that XSA. 1: fix input validation in xenvif_set_hash_mapping() 2: validate queue numbers in xenvif_set_hash_mapping() 3: handle page straddling in xenvif_set_hash_mapping() ==================== Signed-off-by: Jan Beulich Signed-off-by: David S. Miller commit 871088bf92e11efb69bbdbd537e48c0ad4f63729 Author: Jan Beulich Date: Tue Sep 25 02:13:37 2018 -0600 xen-netback: handle page straddling in xenvif_set_hash_mapping() There's no guarantee that the mapping array doesn't cross a page boundary. Use a second grant copy operation if necessary. Signed-off-by: Jan Beulich Acked-by: Wei Liu Reviewed-by: Paul Durrant Signed-off-by: David S. Miller commit 22f9cde3401077ea450b69bf9b0bba373e12e454 Author: Jan Beulich Date: Tue Sep 25 02:13:01 2018 -0600 xen-netback: validate queue numbers in xenvif_set_hash_mapping() Checking them before the grant copy means nothing as to the validity of the incoming request. As we shouldn't make the new data live before having validated it, introduce a second instance of the mapping array. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Signed-off-by: David S. Miller commit 780e83c259fc33e8959fed8dfdad17e378d72b62 Author: Jan Beulich Date: Tue Sep 25 02:12:30 2018 -0600 xen-netback: fix input validation in xenvif_set_hash_mapping() Both len and off are frontend specified values, so we need to make sure there's no overflow when adding the two for the bounds check. We also want to avoid undefined behavior and hence use off to index into ->hash.mapping[] only after bounds checking. This at the same time allows to take care of not applying off twice for the bounds checking against vif->num_queues. It is also insufficient to bounds check copy_op.len, as this is len truncated to 16 bits. This is XSA-270 / CVE-2018-15471. Reported-by: Felix Wilhelm Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Tested-by: Paul Durrant Cc: stable@vger.kernel.org [4.7 onwards] Signed-off-by: David S. Miller commit e1e5d8a9fe737d94ccc0ccbaf0c97f69a8f3e000 Author: Michal Simek Date: Tue Sep 25 08:32:50 2018 +0200 net: macb: Clean 64b dma addresses if they are not detected Clear ADDR64 dma bit in DMACFG register in case that HW_DMA_CAP_64B is not detected on 64bit system. The issue was observed when bootloader(u-boot) does not check macb feature at DCFG6 register (DAW64_OFFSET) and enabling 64bit dma support by default. Then macb driver is reading DMACFG register back and only adding 64bit dma configuration but not cleaning it out. Signed-off-by: Michal Simek Acked-by: Nicolas Ferre Signed-off-by: David S. Miller commit 846e8dd47c264e0b359afed28ea88e0acdee6818 Merge: bfb0e9b490bc f1f1fadacaf0 Author: Greg Kroah-Hartman Date: Tue Sep 25 18:14:14 2018 +0200 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi James writes: "SCSI fixes on 20180925 Nine obvious bug fixes mostly in individual drivers. The target fix is of particular importance because it's CVE related." * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: sd: don't crash the host on invalid commands scsi: ipr: System hung while dlpar adding primary ipr adapter back scsi: target: iscsi: Use bin2hex instead of a re-implementation scsi: target: iscsi: Use hex2bin instead of a re-implementation scsi: lpfc: Synchronize access to remoteport via rport scsi: ufs: Disable blk-mq for now scsi: sd: Contribute to randomness when running rotational device scsi: ibmvscsis: Ensure partition name is properly NUL terminated scsi: ibmvscsis: Fix a stringop-overflow warning commit bfb0e9b490bc15f243009359745a9d8a94089dc4 Merge: ccf791e5e6b1 3e3b81965cbf Author: Greg Kroah-Hartman Date: Tue Sep 25 17:54:55 2018 +0200 Merge tag 'usb-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb I wrote: "USB fixes for 4.19-rc6 Here are some small USB core and driver fixes for reported issues for 4.19-rc6. The most visible is the oops fix for when the USB core is built into the kernel that is present in 4.18. Turns out not many people actually do that so it went unnoticed for a while. The rest is some tiny typec, musb, and other core fixes. All have been in linux-next with no reported issues." * tag 'usb-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: usb: typec: mux: Take care of driver module reference counting usb: core: safely deal with the dynamic quirk lists usb: roles: Take care of driver module reference counting USB: handle NULL config in usb_find_alt_setting() USB: fix error handling in usb_driver_claim_interface() USB: remove LPM management from usb_driver_claim_interface() USB: usbdevfs: restore warning for nonsensical flags USB: usbdevfs: sanitize flags more Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" usb: musb: dsps: do not disable CPPI41 irq in driver teardown commit ccf791e5e6b16477b196e81b85f7d5a067e0c8d9 Merge: fc0c8146680e 7e620984b625 Author: Greg Kroah-Hartman Date: Tue Sep 25 17:22:50 2018 +0200 Merge tag 'tty-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty I wrote: "TTY/Serial driver fixes for 4.19-rc6 Here are a number of small tty and serial driver fixes for reported issues for 4.19-rc6. One should hopefully resolve a much-reported issue that syzbot has found in the tty layer. Although there are still more issues there, getting this fixed is nice to see finally happen. All of these have been in linux-next for a while with no reported issues." * tag 'tty-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: serial: imx: restore handshaking irq for imx1 tty: vt_ioctl: fix potential Spectre v1 tty: Drop tty->count on tty_reopen() failure serial: cpm_uart: return immediately from console poll tty: serial: lpuart: avoid leaking struct tty_struct serial: mvebu-uart: Fix reporting of effective CSIZE to userspace commit fc0c8146680e362ebeaed0294b869425cc18230e Merge: 8c0f9f5b309d 59d08d00d43c Author: Greg Kroah-Hartman Date: Tue Sep 25 17:01:52 2018 +0200 Merge tag 'char-misc-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Greg (well I), wrote: "Char/Misc driver fixes for 4.19-rc6 Here are some soundwire and intel_th (tracing) driver fixes for some reported issues. All of these have been in linux-next for a week with no reported issues." * tag 'char-misc-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: intel_th: pci: Add Ice Lake PCH support intel_th: Fix resource handling for ACPI glue layer intel_th: Fix device removal logic soundwire: Fix acquiring bus lock twice during master release soundwire: Fix incorrect exit after configuring stream soundwire: Fix duplicate stream state assignment commit d005efe18db0b4a123dd92ea8e77e27aee8f99fd Author: Adrian Hunter Date: Tue Sep 11 14:45:04 2018 +0300 perf script python: Fix export-to-sqlite.py sample columns With the "branches" export option, not all sample columns are exported. However the unwanted columns are not at the end of the tuple, as assumed by the code. Fix by taking the first 15 and last 3 values, instead of the first 18. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20180911114504.28516-3-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit 25e11700b54c7b6b5ebfc4361981dae12299557b Author: Adrian Hunter Date: Tue Sep 11 14:45:03 2018 +0300 perf script python: Fix export-to-postgresql.py occasional failure Occasional export failures were found to be caused by truncating 64-bit pointers to 32-bits. Fix by explicitly setting types for all ctype arguments and results. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20180911114504.28516-2-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit 2483ef056f6e42f61cd266452e2841165dfe1b5c Author: Srikar Dronamraju Date: Tue Sep 25 17:55:15 2018 +0530 powerpc/numa: Use associativity if VPHN hcall is successful Currently associativity is used to lookup node-id even if the preceding VPHN hcall failed. However this can cause CPU to be made part of the wrong node, (most likely to be node 0). This is because VPHN is not enabled on KVM guests. With 2ea6263 ("powerpc/topology: Get topology for shared processors at boot"), associativity is used to set to the wrong node. Hence KVM guest topology is broken. For example : A 4 node KVM guest before would have reported. [root@localhost ~]# numactl -H available: 4 nodes (0-3) node 0 cpus: 0 1 2 3 node 0 size: 1746 MB node 0 free: 1604 MB node 1 cpus: 4 5 6 7 node 1 size: 2044 MB node 1 free: 1765 MB node 2 cpus: 8 9 10 11 node 2 size: 2044 MB node 2 free: 1837 MB node 3 cpus: 12 13 14 15 node 3 size: 2044 MB node 3 free: 1903 MB node distances: node 0 1 2 3 0: 10 40 40 40 1: 40 10 40 40 2: 40 40 10 40 3: 40 40 40 10 Would now report: [root@localhost ~]# numactl -H available: 4 nodes (0-3) node 0 cpus: 0 2 3 4 5 6 7 8 9 10 11 12 13 14 15 node 0 size: 1746 MB node 0 free: 1244 MB node 1 cpus: node 1 size: 2044 MB node 1 free: 2032 MB node 2 cpus: 1 node 2 size: 2044 MB node 2 free: 2028 MB node 3 cpus: node 3 size: 2044 MB node 3 free: 2032 MB node distances: node 0 1 2 3 0: 10 40 40 40 1: 40 10 40 40 2: 40 40 10 40 3: 40 40 40 10 Fix this by skipping associativity lookup if the VPHN hcall failed. Fixes: 2ea626306810 ("powerpc/topology: Get topology for shared processors at boot") Signed-off-by: Srikar Dronamraju Signed-off-by: Michael Ellerman commit 96dc89d526ef77604376f06220e3d2931a0bfd58 Author: Michael Neuling Date: Tue Sep 25 19:36:47 2018 +1000 powerpc/tm: Avoid possible userspace r1 corruption on reclaim Current we store the userspace r1 to PACATMSCRATCH before finally saving it to the thread struct. In theory an exception could be taken here (like a machine check or SLB miss) that could write PACATMSCRATCH and hence corrupt the userspace r1. The SLB fault currently doesn't touch PACATMSCRATCH, but others do. We've never actually seen this happen but it's theoretically possible. Either way, the code is fragile as it is. This patch saves r1 to the kernel stack (which can't fault) before we turn MSR[RI] back on. PACATMSCRATCH is still used but only with MSR[RI] off. We then copy r1 from the kernel stack to the thread struct once we have MSR[RI] back on. Suggested-by: Breno Leitao Signed-off-by: Michael Neuling Signed-off-by: Michael Ellerman commit cf13435b730a502e814c63c84d93db131e563f5f Author: Michael Neuling Date: Mon Sep 24 17:27:04 2018 +1000 powerpc/tm: Fix userspace r13 corruption When we treclaim we store the userspace checkpointed r13 to a scratch SPR and then later save the scratch SPR to the user thread struct. Unfortunately, this doesn't work as accessing the user thread struct can take an SLB fault and the SLB fault handler will write the same scratch SPRG that now contains the userspace r13. To fix this, we store r13 to the kernel stack (which can't fault) before we access the user thread struct. Found by running P8 guest + powervm + disable_1tb_segments + TM. Seen as a random userspace segfault with r13 looking like a kernel address. Signed-off-by: Michael Neuling Reviewed-by: Breno Leitao Signed-off-by: Michael Ellerman commit be9e6598aeb0db70a7927d6b3bb4d3d6fb1c3e18 Author: Lu Baolu Date: Sat Sep 8 09:42:53 2018 +0800 iommu/vt-d: Handle memory shortage on pasid table allocation Pasid table memory allocation could return failure due to memory shortage. Limit the pasid table size to 1MiB because current 8MiB contiguous physical memory allocation can be hard to come by. W/o a PASID table, the device could continue to work with only shared virtual memory impacted. So, let's go ahead with context mapping even the memory allocation for pasid table failed. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107783 Fixes: cc580e41260d ("iommu/vt-d: Per PCI device pasid table interfaces") Cc: Ashok Raj Cc: Jacob Pan Cc: Mika Westerberg Reported-and-tested-by: Pelton Kyle D Tested-by: Mika Westerberg Signed-off-by: Lu Baolu Signed-off-by: Joerg Roedel commit 8c0f9f5b309d627182d5da72a69246f58bde1026 Author: Lubomir Rintel Date: Mon Sep 24 13:18:34 2018 +0100 Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name" This changes UAPI, breaking iwd and libell: ell/key.c: In function 'kernel_dh_compute': ell/key.c:205:38: error: 'struct keyctl_dh_params' has no member named 'private'; did you mean 'dh_private'? struct keyctl_dh_params params = { .private = private, ^~~~~~~ dh_private This reverts commit 8a2336e549d385bb0b46880435b411df8d8200e8. Fixes: 8a2336e549d3 ("uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name") Signed-off-by: Lubomir Rintel Signed-off-by: David Howells cc: Randy Dunlap cc: Mat Martineau cc: Stephan Mueller cc: James Morris cc: "Serge E. Hallyn" cc: Mat Martineau cc: Andrew Morton cc: Linus Torvalds cc: Signed-off-by: James Morris Signed-off-by: Greg Kroah-Hartman commit 72923e5488f0604fac8ef2c7e683fabd3b4c203b Author: Mika Westerberg Date: Mon Sep 24 17:32:12 2018 +0300 Revert "pinctrl: intel: Do pin translation when lock IRQ" This reverts commit 55aedef50d4d810670916d9fce4a40d5da2079e7. Commit 55aedef50d4d ("pinctrl: intel: Do pin translation when lock IRQ") added special translation from GPIO number to hardware pin number to irq_reqres/relres hooks to avoid failure when IRQs are requested. The actual failure happened inside gpiochip_lock_as_irq() because it calls gpiod_get_direction() and pinctrl-intel.c::intel_gpio_get_direction() implementation originally missed the translation so the two hooks made it work by skipping the ->get_direction() call entirely (it overwrote the default GPIOLIB provided functions). The proper fix that adds translation to GPIO callbacks was merged with commit 96147db1e1df ("pinctrl: intel: Do pin translation in other GPIO operations as well"). This allows us to use the default GPIOLIB provided functions again. In addition as find out by Benjamin Tissoires the two functions (intel_gpio_irq_reqres()/intel_gpio_irq_relres()) now cause problems of their own because they operate on pin numbers and pass that pin number to gpiochip_lock_as_irq() which actually expects a GPIO number. Link: https://bugzilla.kernel.org/show_bug.cgi?id=199911 Fixes: 55aedef50d4d ("pinctrl: intel: Do pin translation when lock IRQ") Reported-and-tested-by: Benjamin Tissoires Signed-off-by: Mika Westerberg Acked-by: Andy Shevchenko Signed-off-by: Linus Walleij commit e50d95e2ad1266f8d3fcdf0724f03dbdffd400aa Author: Mika Westerberg Date: Mon Sep 24 17:32:11 2018 +0300 pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant It turns out the HOSTSW_OWN register offset is different between LP and H variants. The latter should use 0xc0 instead so fix that. Link: https://bugzilla.kernel.org/show_bug.cgi?id=199911 Fixes: a663ccf0fea1 ("pinctrl: intel: Add Intel Cannon Lake PCH-H pin controller support") Signed-off-by: Mika Westerberg Reviewed-by: Andy Shevchenko Signed-off-by: Linus Walleij commit b85bfa246efd24ea3fdb5ee949c28e3110c6d299 Author: Daniel Kurtz Date: Sat Sep 22 13:58:26 2018 -0600 pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type From the AMD BKDG, if WAKE_INT_MASTER_REG.MaskStsEn is set, a software write to the debounce registers of *any* gpio will block wake/interrupt status generation for *all* gpios for a length of time that depends on WAKE_INT_MASTER_REG.MaskStsLength[11:0]. During this period the Interrupt Delivery bit (INTERRUPT_ENABLE) will read as 0. In commit 4c1de0414a1340 ("pinctrl/amd: poll InterruptEnable bits in enable_irq") we tried to fix this same "gpio Interrupts are blocked immediately after writing debounce registers" problem, but incorrectly assumed it only affected the gpio whose debounce was being configured and not ALL gpios. To solve this for all gpios, we move the polling loop from amd_gpio_irq_enable() to amd_gpio_irq_set_type(), while holding the gpio spinlock. This ensures that another gpio operation (e.g. amd_gpio_irq_unmask()) can read a temporarily disabled IRQ and incorrectly disable it while trying to modify some other register bits. Fixes: 4c1de0414a1340 pinctrl/amd: poll InterruptEnable bits in enable_irq Signed-off-by: Daniel Kurtz Signed-off-by: Linus Walleij commit 2dd68cc7fd8c3ae9c151c0565824b5ef42e3806b Merge: 02214bfc89c7 f4a518797b40 Author: Greg Kroah-Hartman Date: Tue Sep 25 11:19:28 2018 +0200 Merge gitolite.kernel.org:/pub/scm/linux/kernel/git/davem/net Dave writes: "Networking fixes: 1) Fix multiqueue handling of coalesce timer in stmmac, from Jose Abreu. 2) Fix memory corruption in NFC, from Suren Baghdasaryan. 3) Don't write reserved bits in ravb driver, from Kazuya Mizuguchi. 4) SMC bug fixes from Karsten Graul, YueHaibing, and Ursula Braun. 5) Fix TX done race in mvpp2, from Antoine Tenart. 6) ipv6 metrics leak, from Wei Wang. 7) Adjust firmware version requirements in mlxsw, from Petr Machata. 8) Fix autonegotiation on resume in r8169, from Heiner Kallweit. 9) Fixed missing entries when dumping /proc/net/if_inet6, from Jeff Barnhill. 10) Fix double free in devlink, from Dan Carpenter. 11) Fix ethtool regression from UFO feature removal, from Maciej Żenczykowski. 12) Fix drivers that have a ndo_poll_controller() that captures the cpu entirely on loaded hosts by trying to drain all rx and tx queues, from Eric Dumazet. 13) Fix memory corruption with jumbo frames in aquantia driver, from Friedemann Gerold." * gitolite.kernel.org:/pub/scm/linux/kernel/git/davem/net: (79 commits) net: mvneta: fix the remaining Rx descriptor unmapping issues ip_tunnel: be careful when accessing the inner header mpls: allow routes on ip6gre devices net: aquantia: memory corruption on jumbo frames tun: remove ndo_poll_controller nfp: remove ndo_poll_controller bnxt: remove ndo_poll_controller bnx2x: remove ndo_poll_controller mlx5: remove ndo_poll_controller mlx4: remove ndo_poll_controller i40evf: remove ndo_poll_controller ice: remove ndo_poll_controller igb: remove ndo_poll_controller ixgb: remove ndo_poll_controller fm10k: remove ndo_poll_controller ixgbevf: remove ndo_poll_controller ixgbe: remove ndo_poll_controller bonding: use netpoll_poll_dev() helper netpoll: make ndo_poll_controller() optional rds: Fix build regression. ... commit 74bc2abca7603c956d1e331e8b9bee7b874c1eec Author: Heiko Stuebner Date: Mon Aug 27 12:56:24 2018 +0200 iommu/rockchip: Free irqs in shutdown handler In the iommu's shutdown handler we disable runtime-pm which could result in the irq-handler running unclocked and since commit 3fc7c5c0cff3 ("iommu/rockchip: Handle errors returned from PM framework") we warn about that fact. This can cause warnings on shutdown on some Rockchip machines, so free the irqs in the shutdown handler before we disable runtime-pm. Reported-by: Enric Balletbo i Serra Fixes: 3fc7c5c0cff3 ("iommu/rockchip: Handle errors returned from PM framework") Signed-off-by: Heiko Stuebner Tested-by: Enric Balletbo i Serra Acked-by: Marc Zyngier Signed-off-by: Joerg Roedel commit ea51e17b953f391c0a7d6684141e76a5ab209fef Author: Colin Ian King Date: Mon Sep 24 18:14:37 2018 +0100 i2c: i2c-isch: fix spelling mistake "unitialized" -> "uninitialized" Trivial fix to spelling mistake in dev_notice message. Signed-off-by: Colin Ian King Reviewed-by: Jean Delvare Signed-off-by: Wolfram Sang commit 6697576788816985f9c79da190abfaad7c9e1738 Author: Stephen Boyd Date: Thu Sep 20 11:03:22 2018 -0700 i2c: i2c-qcom-geni: Properly handle DMA safe buffers We shouldn't attempt to DMA map the message buffers passed into this driver from the i2c core unless the message we're mapping have been properly setup for DMA. The i2c core indicates such a situation by setting the I2C_M_DMA_SAFE flag, so check for that flag before using DMA mode. We can also bounce the buffer if it isn't already mapped properly by using the i2c_get_dma_safe_msg_buf() APIs, so do that when we want to use DMA for a message. This fixes a problem where the kernel oopses cleaning pages for a buffer that's mapped into the vmalloc space. The pages are returned from request_firmware() and passed down directly to the i2c master to write to the i2c touchscreen device. Mapping vmalloc buffers with dma_map_single() won't work reliably, causing an oops like below: Unable to handle kernel paging request at virtual address ffffffc01391d000 ... Reported-by: Philip Chen Signed-off-by: Stephen Boyd Reviewed-by: Douglas Anderson Signed-off-by: Wolfram Sang commit 57a489786de9ec37d6e25ef1305dc337047f0236 Author: James Cowgill Date: Thu Sep 6 22:57:56 2018 +0100 RISC-V: include linux/ftrace.h in asm-prototypes.h Building a riscv kernel with CONFIG_FUNCTION_TRACER and CONFIG_MODVERSIONS enabled results in these two warnings: MODPOST vmlinux.o WARNING: EXPORT symbol "return_to_handler" [vmlinux] version generation failed, symbol will not be versioned. WARNING: EXPORT symbol "_mcount" [vmlinux] version generation failed, symbol will not be versioned. When exporting symbols from an assembly file, the MODVERSIONS code requires their prototypes to be defined in asm-prototypes.h (see scripts/Makefile.build). Since both of these symbols have prototypes defined in linux/ftrace.h, include this header from RISC-V's asm-prototypes.h. Reported-by: Karsten Merker Signed-off-by: James Cowgill Signed-off-by: Palmer Dabbelt commit f4a518797b40e956b6e6220b42657e045dc24470 Author: Antoine Tenart Date: Mon Sep 24 16:56:13 2018 +0200 net: mvneta: fix the remaining Rx descriptor unmapping issues With CONFIG_DMA_API_DEBUG enabled we get DMA unmapping warning in various places of the mvneta driver, for example when putting down an interface while traffic is passing through. The issue is when using s/w buffer management, the Rx buffers are mapped using dma_map_page but unmapped with dma_unmap_single. This patch fixes this by using the right unmapping function. Fixes: 562e2f467e71 ("net: mvneta: Improve the buffer allocation method for SWBM") Signed-off-by: Antoine Tenart Reviewed-by: Gregory CLEMENT Signed-off-by: David S. Miller commit ccfec9e5cb2d48df5a955b7bf47f7782157d3bc2 Author: Paolo Abeni Date: Mon Sep 24 15:48:19 2018 +0200 ip_tunnel: be careful when accessing the inner header Cong noted that we need the same checks introduced by commit 76c0ddd8c3a6 ("ip6_tunnel: be careful when accessing the inner header") even for ipv4 tunnels. Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.") Suggested-by: Cong Wang Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller commit d8e2262a5044c1a05b4da51e5d0976f10c487a9f Author: Saif Hasan Date: Fri Sep 21 14:30:05 2018 -0700 mpls: allow routes on ip6gre devices Summary: This appears to be necessary and sufficient change to enable `MPLS` on `ip6gre` tunnels (RFC4023). This diff allows IP6GRE devices to be recognized by MPLS kernel module and hence user can configure interface to accept packets with mpls headers as well setup mpls routes on them. Test Plan: Test plan consists of multiple containers connected via GRE-V6 tunnel. Then carrying out testing steps as below. - Carry out necessary sysctl settings on all containers ``` sysctl -w net.mpls.platform_labels=65536 sysctl -w net.mpls.ip_ttl_propagate=1 sysctl -w net.mpls.conf.lo.input=1 ``` - Establish IP6GRE tunnels ``` ip -6 tunnel add name if_1_2_1 mode ip6gre \ local 2401:db00:21:6048:feed:0::1 \ remote 2401:db00:21:6048:feed:0::2 key 1 ip link set dev if_1_2_1 up sysctl -w net.mpls.conf.if_1_2_1.input=1 ip -4 addr add 169.254.0.2/31 dev if_1_2_1 scope link ip -6 tunnel add name if_1_3_1 mode ip6gre \ local 2401:db00:21:6048:feed:0::1 \ remote 2401:db00:21:6048:feed:0::3 key 1 ip link set dev if_1_3_1 up sysctl -w net.mpls.conf.if_1_3_1.input=1 ip -4 addr add 169.254.0.4/31 dev if_1_3_1 scope link ``` - Install MPLS encap rules on node-1 towards node-2 ``` ip route add 192.168.0.11/32 nexthop encap mpls 32/64 \ via inet 169.254.0.3 dev if_1_2_1 ``` - Install MPLS forwarding rules on node-2 and node-3 ``` // node2 ip -f mpls route add 32 via inet 169.254.0.7 dev if_2_4_1 // node3 ip -f mpls route add 64 via inet 169.254.0.12 dev if_4_3_1 ``` - Ping 192.168.0.11 (node4) from 192.168.0.1 (node1) (where routing towards 192.168.0.1 is via IP route directly towards node1 from node4) ``` ping 192.168.0.11 ``` - tcpdump on interface to capture ping packets wrapped within MPLS header which inturn wrapped within IP6GRE header ``` 16:43:41.121073 IP6 2401:db00:21:6048:feed::1 > 2401:db00:21:6048:feed::2: DSTOPT GREv0, key=0x1, length 100: MPLS (label 32, exp 0, ttl 255) (label 64, exp 0, [S], ttl 255) IP 192.168.0.1 > 192.168.0.11: ICMP echo request, id 1208, seq 45, length 64 0x0000: 6000 2cdb 006c 3c3f 2401 db00 0021 6048 `.,..l Signed-off-by: David S. Miller commit 3ab97942d0213b6583a5408630a8cbbfbf54730f Author: Florian Fainelli Date: Wed Sep 19 17:14:01 2018 -0700 ARM: dts: BCM63xx: Fix incorrect interrupt specifiers A number of our interrupts were incorrectly specified, fix both the PPI and SPI interrupts to be correct. Fixes: b5762cacc411 ("ARM: bcm63138: add NAND DT support") Fixes: 46d4bca0445a ("ARM: BCM63XX: add BCM63138 minimal Device Tree") Signed-off-by: Florian Fainelli commit d2f85c9e1cf8ecdccae3e44fb2c4a36b1bbc4cb7 Merge: d26ed6b0e5e2 fad0c40fab14 Author: David S. Miller Date: Mon Sep 24 10:08:45 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Daniel Borkmann says: ==================== pull-request: bpf 2018-09-24 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Several fixes for BPF sockmap to only allow sockets being attached in ESTABLISHED state, from John. 2) Fix up the license to LGPL/BSD for the libc compat header which contains fallback helpers that libbpf and bpftool is using, from Jakub. ==================== Signed-off-by: David S. Miller commit 031e6e6b4e1277e76e73a6ab209095ad9bf3ce52 Author: Steve Capper Date: Fri Sep 21 16:34:05 2018 +0100 arm64: hugetlb: Avoid unnecessary clearing in huge_ptep_set_access_flags For contiguous hugetlb, huge_ptep_set_access_flags performs a get_clear_flush (which then flushes the TLBs) even when no change of ptes is necessary. Unfortunately, this behaviour can lead to back-to-back page faults being generated when running with multiple threads that access the same contiguous huge page. Thread 1 | Thread 2 -----------------------------+------------------------------ hugetlb_fault | huge_ptep_set_access_flags | -> invalidate pte range | hugetlb_fault continue processing | wait for hugetlb_fault_mutex release mutex and return | huge_ptep_set_access_flags | -> invalidate pte range hugetlb_fault ... This patch changes huge_ptep_set_access_flags s.t. we first read the contiguous range of ptes (whilst preserving dirty information); the pte range is only then invalidated where necessary and this prevents further spurious page faults. Fixes: d8bdcff28764 ("arm64: hugetlb: Add break-before-make logic for contiguous entries") Reported-by: Lei Zhang Signed-off-by: Steve Capper Signed-off-by: Will Deacon commit 469ed9d823b7d240d6b9574f061ded7c3834c167 Author: Steve Capper Date: Fri Sep 21 16:34:04 2018 +0100 arm64: hugetlb: Fix handling of young ptes In the contiguous bit hugetlb break-before-make code we assume that all hugetlb pages are young. In fact, remove_migration_pte is able to place an old hugetlb pte so this assumption is not valid. This patch fixes the contiguous hugetlb scanning code to preserve young ptes. Fixes: d8bdcff28764 ("arm64: hugetlb: Add break-before-make logic for contiguous entries") Signed-off-by: Steve Capper Signed-off-by: Will Deacon commit 4679b61f2640e07724507fcd9dc070517bc6e6cb Author: Paolo Bonzini Date: Mon Sep 24 17:23:01 2018 +0200 KVM: x86: never trap MSR_KERNEL_GS_BASE KVM has an old optimization whereby accesses to the kernel GS base MSR are trapped when the guest is in 32-bit and not when it is in 64-bit mode. The idea is that swapgs is not available in 32-bit mode, thus the guest has no reason to access the MSR unless in 64-bit mode and 32-bit applications need not pay the price of switching the kernel GS base between the host and the guest values. However, this optimization adds complexity to the code for little benefit (these days most guests are going to be 64-bit anyway) and in fact broke after commit 678e315e78a7 ("KVM: vmx: add dedicated utility to access guest's kernel_gs_base", 2018-08-06); the guest kernel GS base can be corrupted across SMIs and UEFI Secure Boot is therefore broken (a secure boot Linux guest, for example, fails to reach the login prompt about half the time). This patch just removes the optimization; the kernel GS base MSR is now never trapped by KVM, similarly to the FS and GS base MSRs. Fixes: 678e315e78a780dbef384b92339c8414309dbc11 Reviewed-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit de5c95d0f518537f59ee5aef762abc46f868c377 Author: Selvin Xavier Date: Thu Sep 20 22:33:00 2018 -0700 RDMA/bnxt_re: Fix system crash during RDMA resource initialization bnxt_re_ib_reg acquires and releases the rtnl lock whenever it accesses the L2 driver. The following sequence can trigger a crash Acquires the rtnl_lock -> Registers roce driver callback with L2 driver -> release the rtnl lock bnxt_re acquires the rtnl_lock -> Request for MSIx vectors -> release the rtnl_lock Issue happens when bnxt_re proceeds with remaining part of initialization and L2 driver invokes bnxt_ulp_irq_stop as a part of bnxt_open_nic. The crash is in bnxt_qplib_nq_stop_irq as the NQ structures are not initialized yet, [ 3551.726647] BUG: unable to handle kernel NULL pointer dereference at (null) [ 3551.726656] IP: [] bnxt_qplib_nq_stop_irq+0x59/0xb0 [bnxt_re] [ 3551.726674] PGD 0 [ 3551.726679] Oops: 0002 1 SMP ... [ 3551.726822] Hardware name: Dell Inc. PowerEdge R720/08RW36, BIOS 2.4.3 07/09/2014 [ 3551.726826] task: ffff97e30eec5ee0 ti: ffff97e3173bc000 task.ti: ffff97e3173bc000 [ 3551.726829] RIP: 0010:[] [] bnxt_qplib_nq_stop_irq+0x59/0xb0 [bnxt_re] ... [ 3551.726872] Call Trace: [ 3551.726886] [] bnxt_re_stop_irq+0x4e/0x70 [bnxt_re] [ 3551.726899] [] bnxt_ulp_irq_stop+0x43/0x70 [bnxt_en] [ 3551.726908] [] bnxt_reserve_rings+0x174/0x1e0 [bnxt_en] [ 3551.726917] [] __bnxt_open_nic+0x368/0x9a0 [bnxt_en] [ 3551.726925] [] bnxt_open_nic+0x1b/0x50 [bnxt_en] [ 3551.726934] [] bnxt_setup_mq_tc+0x11f/0x260 [bnxt_en] [ 3551.726943] [] bnxt_dcbnl_ieee_setets+0xb8/0x1f0 [bnxt_en] [ 3551.726954] [] dcbnl_ieee_set+0x9a/0x250 [ 3551.726966] [] ? __alloc_skb+0xa1/0x2d0 [ 3551.726972] [] dcb_doit+0x13a/0x210 [ 3551.726981] [] rtnetlink_rcv_msg+0xa7/0x260 [ 3551.726989] [] ? rtnl_unicast+0x20/0x30 [ 3551.726996] [] ? __kmalloc_node_track_caller+0x58/0x290 [ 3551.727002] [] ? dcb_doit+0x166/0x210 [ 3551.727007] [] ? __alloc_skb+0x8d/0x2d0 [ 3551.727012] [] ? rtnl_newlink+0x880/0x880 ... [ 3551.727104] [] system_call_fastpath+0x1c/0x21 ... [ 3551.727164] RIP [] bnxt_qplib_nq_stop_irq+0x59/0xb0 [bnxt_re] [ 3551.727175] RSP [ 3551.727177] CR2: 0000000000000000 Avoid this inconsistent state and system crash by acquiring the rtnl lock for the entire duration of device initialization. Re-factor the code to remove the rtnl lock from the individual function and acquire and release it from the caller. Fixes: 1ac5a4047975 ("RDMA/bnxt_re: Add bnxt_re RoCE driver") Fixes: 6e04b1035689 ("RDMA/bnxt_re: Fix broken RoCE driver due to recent L2 driver changes") Signed-off-by: Selvin Xavier Signed-off-by: Jason Gunthorpe commit f5fad711c06e652f90f581fc7c2caee327c33d31 Author: Johan Hovold Date: Mon Sep 24 15:28:10 2018 +0200 USB: serial: simple: add Motorola Tetra MTP6550 id Add device-id for the Motorola Tetra radio MTP6550. Bus 001 Device 004: ID 0cad:9012 Motorola CGISS Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x0cad Motorola CGISS idProduct 0x9012 bcdDevice 24.16 iManufacturer 1 Motorola Solutions, Inc. iProduct 2 TETRA PEI interface iSerial 0 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 55 bNumInterfaces 2 bConfigurationValue 1 iConfiguration 3 Generic Serial config bmAttributes 0x80 (Bus Powered) MaxPower 500mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x01 EP 1 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x82 EP 2 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x02 EP 2 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Device Qualifier (for other device speed): bLength 10 bDescriptorType 6 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 bNumConfigurations 1 Device Status: 0x0000 (Bus Powered) Reported-by: Hans Hult Cc: stable Signed-off-by: Johan Hovold commit 02214bfc89c71bcc5167f653994cfa5c57f10ff1 Merge: 6bf4ca7fbc85 324493fba775 Author: Greg Kroah-Hartman Date: Mon Sep 24 15:16:41 2018 +0200 Merge tag 'media/v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Mauro briefly writes: "media fixes for v4.19-rc5 some drivers and Kbuild fixes" * tag 'media/v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: media: platform: fix cros-ec-cec build error media: staging/media/mt9t031/Kconfig: remove bogus entry media: i2c: mt9v111: Fix v4l2-ctrl error handling media: camss: add missing includes media: camss: Use managed memory allocations media: camss: mark PM functions as __maybe_unused media: af9035: prevent buffer overflow on write media: video_function_calls.rst: drop obsolete video-set-attributes reference commit 8604895a34d92f5e186ceb931b0d1b384030ea3d Author: Michael Bringmann Date: Thu Sep 20 11:45:13 2018 -0500 powerpc/pseries: Fix unitialized timer reset on migration After migration of a powerpc LPAR, the kernel executes code to update the system state to reflect new platform characteristics. Such changes include modifications to device tree properties provided to the system by PHYP. Property notifications received by the post_mobility_fixup() code are passed along to the kernel in general through a call to of_update_property() which in turn passes such events back to all modules through entries like the '.notifier_call' function within the NUMA module. When the NUMA module updates its state, it resets its event timer. If this occurs after a previous call to stop_topology_update() or on a system without VPHN enabled, the code runs into an unitialized timer structure and crashes. This patch adds a safety check along this path toward the problem code. An example crash log is as follows. ibmvscsi 30000081: Re-enabling adapter! ------------[ cut here ]------------ kernel BUG at kernel/time/timer.c:958! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA pSeries Modules linked in: nfsv3 nfs_acl nfs tcp_diag udp_diag inet_diag lockd unix_diag af_packet_diag netlink_diag grace fscache sunrpc xts vmx_crypto pseries_rng sg binfmt_misc ip_tables xfs libcrc32c sd_mod ibmvscsi ibmveth scsi_transport_srp dm_mirror dm_region_hash dm_log dm_mod CPU: 11 PID: 3067 Comm: drmgr Not tainted 4.17.0+ #179 ... NIP mod_timer+0x4c/0x400 LR reset_topology_timer+0x40/0x60 Call Trace: 0xc0000003f9407830 (unreliable) reset_topology_timer+0x40/0x60 dt_update_callback+0x100/0x120 notifier_call_chain+0x90/0x100 __blocking_notifier_call_chain+0x60/0x90 of_property_notify+0x90/0xd0 of_update_property+0x104/0x150 update_dt_property+0xdc/0x1f0 pseries_devicetree_update+0x2d0/0x510 post_mobility_fixup+0x7c/0xf0 migration_store+0xa4/0xc0 kobj_attr_store+0x30/0x60 sysfs_kf_write+0x64/0xa0 kernfs_fop_write+0x16c/0x240 __vfs_write+0x40/0x200 vfs_write+0xc8/0x240 ksys_write+0x5c/0x100 system_call+0x58/0x6c Fixes: 5d88aa85c00b ("powerpc/pseries: Update CPU maps when device tree is updated") Cc: stable@vger.kernel.org # v3.10+ Signed-off-by: Michael Bringmann Signed-off-by: Michael Ellerman commit 9ff3541e3ddf96800ce8fcd225c9e7956da49418 Author: Srinivas Pandruvada Date: Tue Sep 11 16:45:43 2018 -0700 HID: intel-ish-hid: Enable Ice Lake mobile Added PCI ID for Ice Lake mobile platform. Signed-off-by: Srinivas Pandruvada Signed-off-by: Jiri Kosina commit afbb1169ed5b58cfca017e368b53e019cf285853 Author: Hans de Goede Date: Wed Sep 19 20:52:45 2018 +0200 HID: i2c-hid: Remove RESEND_REPORT_DESCR quirk and its handling Commit 52cf93e63ee6 ("HID: i2c-hid: Don't reset device upon system resume") removes the need for the RESEND_REPORT_DESCR quirk for Raydium devices, but kept it for the SIS device id 10FB touchscreens, as the author of that commit could not determine if the quirk is still necessary there. I've tested suspend/resume on a Toshiba Click Mini L9W-B which is the device for which this quirk was added in the first place and with the "Don't reset device upon system resume" fix the quirk is no longer necessary, so this commit removes it. Note even better I also had some other devices with SIS touchscreens which suspend/resume issues, where the RESEND_REPORT_DESCR quirk did not help. I've also tested these devices with the "Don't reset device upon system resume" fix and I'm happy to report that that fix also fixes touchscreen resume on the following devices: Asus T100HA Asus T200TA Peaq C1010 Cc: Kai-Heng Feng Acked-by: Benjamin Tissoires Signed-off-by: Hans de Goede Signed-off-by: Jiri Kosina commit 864f893f31eecf4d944539ad5ec1d004aefc3f41 Merge: 6bf4ca7fbc85 4451d3f59f2a Author: Thomas Gleixner Date: Mon Sep 24 10:55:38 2018 +0200 Merge branch 'clockevents/4.19-fixes' of https://git.linaro.org/people/daniel.lezcano/linux into timers/urgent Pull clockevent fixed from Daniel Lezcano: - Add the CLOCK_SOURCE_SUSPEND_NONSTOP for non-am43 SoCs (Keerthy) - Fix set_next_event handler for the fttmr010 (Tao Ren) commit a725356b6659469d182d662f22d770d83d3bc7b5 Author: Amir Goldstein Date: Tue Sep 18 16:34:34 2018 +0300 vfs: swap names of {do,vfs}_clone_file_range() Commit 031a072a0b8a ("vfs: call vfs_clone_file_range() under freeze protection") created a wrapper do_clone_file_range() around vfs_clone_file_range() moving the freeze protection to former, so overlayfs could call the latter. The more common vfs practice is to call do_xxx helpers from vfs_xxx helpers, where freeze protecction is taken in the vfs_xxx helper, so this anomality could be a source of confusion. It seems that commit 8ede205541ff ("ovl: add reflink/copyfile/dedup support") may have fallen a victim to this confusion - ovl_clone_file_range() calls the vfs_clone_file_range() helper in the hope of getting freeze protection on upper fs, but in fact results in overlayfs allowing to bypass upper fs freeze protection. Swap the names of the two helpers to conform to common vfs practice and call the correct helpers from overlayfs and nfsd. Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit d9d150ae50675e3c1d68047aafb2e981be685d90 Author: Amir Goldstein Date: Tue Sep 18 16:34:33 2018 +0300 ovl: fix freeze protection bypass in ovl_clone_file_range() Tested by doing clone on overlayfs while upper xfs+reflink is frozen: xfs_io -f /ovl/y fsfreeze -f /xfs xfs_io> reflink /ovl/x Before the fix xfs_io enters xfs_reflink_remap_range() and blocks in xfs_trans_alloc(). After the fix, xfs_io blocks outside xfs code in ovl_clone_file_range(). Fixes: 8ede205541ff ("ovl: add reflink/copyfile/dedup support") Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 898cc19d8af2d6a80a9f2804b0db2e83c5dd8863 Author: Amir Goldstein Date: Tue Sep 18 16:34:32 2018 +0300 ovl: fix freeze protection bypass in ovl_write_iter() Tested by re-writing to an open overlayfs file while upper ext4 is frozen: xfs_io -f /ovl/x xfs_io> pwrite 0 4096 fsfreeze -f /ext4 xfs_io> pwrite 0 4096 WARNING: CPU: 0 PID: 1492 at fs/ext4/ext4_jbd2.c:53 \ ext4_journal_check_start+0x48/0x82 After the fix, the second write blocks in ovl_write_iter() and avoids hitting WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE) in ext4_journal_check_start(). Fixes: 2a92e07edc5e ("ovl: add ovl_write_iter()") Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 63e132528032ce937126aba591a7b37ec593a6bb Author: Amir Goldstein Date: Tue Sep 18 16:34:31 2018 +0300 ovl: fix memory leak on unlink of indexed file The memory leak was detected by kmemleak when running xfstests overlay/051,053 Fixes: caf70cb2ba5d ("ovl: cleanup orphan index entries") Cc: # v4.13 Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit d26ed6b0e5e23190d43ab34bc69cbecdc464a2cf Author: Friedemann Gerold Date: Sat Sep 15 18:03:39 2018 +0300 net: aquantia: memory corruption on jumbo frames This patch fixes skb_shared area, which will be corrupted upon reception of 4K jumbo packets. Originally build_skb usage purpose was to reuse page for skb to eliminate needs of extra fragments. But that logic does not take into account that skb_shared_info should be reserved at the end of skb data area. In case packet data consumes all the page (4K), skb_shinfo location overflows the page. As a consequence, __build_skb zeroed shinfo data above the allocated page, corrupting next page. The issue is rarely seen in real life because jumbo are normally larger than 4K and that causes another code path to trigger. But it 100% reproducible with simple scapy packet, like: sendp(IP(dst="192.168.100.3") / TCP(dport=443) \ / Raw(RandString(size=(4096-40))), iface="enp1s0") Fixes: 018423e90bee ("net: ethernet: aquantia: Add ring support code") Reported-by: Friedemann Gerold Reported-by: Michael Rauch Signed-off-by: Friedemann Gerold Tested-by: Nikita Danilov Signed-off-by: Igor Russkikh Signed-off-by: David S. Miller commit 841dfa43788a309d353b3b7a81c85ed8d3eac130 Merge: 16fdf8ba9839 765cdc209cb8 Author: David S. Miller Date: Sun Sep 23 21:55:26 2018 -0700 Merge branch 'netpoll-avoid-capture-effects-for-NAPI-drivers' Eric Dumazet says: ==================== netpoll: avoid capture effects for NAPI drivers As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture, showing one ksoftirqd eating all cycles can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. It seems that all networking drivers that do use NAPI for their TX completions, should not provide a ndo_poll_controller() : Most NAPI drivers have netpoll support already handled in core networking stack, since netpoll_poll_dev() uses poll_napi(dev) to iterate through registered NAPI contexts for a device. This patch series take care of the first round, we will handle other drivers in future rounds. ==================== Signed-off-by: David S. Miller commit 765cdc209cb89fb81215310a066cd0a3018ffef7 Author: Eric Dumazet Date: Fri Sep 21 15:27:52 2018 -0700 tun: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. tun uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller commit 0825ce70318e9c576acbdd5ceb4a8d563263cf8f Author: Eric Dumazet Date: Fri Sep 21 15:27:51 2018 -0700 nfp: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. nfp uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Jakub Kicinski Acked-by: Jakub Kicinski Tested-by: Jakub Kicinski Signed-off-by: David S. Miller commit 58e0e22bff638055278ea73e34d0d07a95260790 Author: Eric Dumazet Date: Fri Sep 21 15:27:50 2018 -0700 bnxt: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. bnxt uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Michael Chan Signed-off-by: David S. Miller commit d8ea6a91ad70ae0881d76446df27d3f58fd478c3 Author: Eric Dumazet Date: Fri Sep 21 15:27:49 2018 -0700 bnx2x: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. bnx2x uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Ariel Elior Signed-off-by: David S. Miller commit 9c29bcd189f4ab1644b7125713602532d0aefdb7 Author: Eric Dumazet Date: Fri Sep 21 15:27:48 2018 -0700 mlx5: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. mlx5 uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Saeed Mahameed Signed-off-by: David S. Miller commit a24b66c249f71dde11da5ba3b4c397a42ece3fc9 Author: Eric Dumazet Date: Fri Sep 21 15:27:47 2018 -0700 mlx4: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. mlx4 uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Tariq Toukan Signed-off-by: David S. Miller commit 1aa28fb98368078bcaf527bf46c0e001db934414 Author: Eric Dumazet Date: Fri Sep 21 15:27:46 2018 -0700 i40evf: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. i40evf uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Jeff Kirsher Signed-off-by: David S. Miller commit 158a08a694c4ecf9574fe452db24a6b4943853aa Author: Eric Dumazet Date: Fri Sep 21 15:27:45 2018 -0700 ice: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. ice uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Jeff Kirsher Signed-off-by: David S. Miller commit 0542997edece2d75e0bf3e173dfddf1b2b3ef756 Author: Eric Dumazet Date: Fri Sep 21 15:27:44 2018 -0700 igb: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. igb uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Jeff Kirsher Signed-off-by: David S. Miller commit 2753166e4be9df4677745a7f7d9d8daa94938a08 Author: Eric Dumazet Date: Fri Sep 21 15:27:43 2018 -0700 ixgb: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. ixgb uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. This also removes a problematic use of disable_irq() in a context it is forbidden, as explained in commit af3e0fcf7887 ("8139too: Use disable_irq_nosync() in rtl8139_poll_controller()") Signed-off-by: Eric Dumazet Cc: Jeff Kirsher Signed-off-by: David S. Miller commit dda9d57e2d4245c0d8e309ee7399bf2ebfca64ae Author: Eric Dumazet Date: Fri Sep 21 15:27:42 2018 -0700 fm10k: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture lasts for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. fm10k uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Jeff Kirsher Signed-off-by: David S. Miller commit 6f5d941ebadeb1150530f205af0eb5cf5bfeb219 Author: Eric Dumazet Date: Fri Sep 21 15:27:41 2018 -0700 ixgbevf: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. ixgbevf uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Signed-off-by: Eric Dumazet Cc: Jeff Kirsher Signed-off-by: David S. Miller commit b80e71a986c2ab5677dc6b84923cd7030b690800 Author: Eric Dumazet Date: Fri Sep 21 15:27:40 2018 -0700 ixgbe: remove ndo_poll_controller As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. ixgbe uses NAPI for TX completions, so we better let core networking stack call the napi->poll() to avoid the capture. Reported-by: Song Liu Signed-off-by: Eric Dumazet Tested-by: Song Liu Cc: Jeff Kirsher Signed-off-by: David S. Miller commit 93f62ad5e83a13e0c224dfca5ef40f90c09aad51 Author: Eric Dumazet Date: Fri Sep 21 15:27:39 2018 -0700 bonding: use netpoll_poll_dev() helper We want to allow NAPI drivers to no longer provide ndo_poll_controller() method, as it has been proven problematic. team driver must not look at its presence, but instead call netpoll_poll_dev() which factorize the needed actions. Signed-off-by: Eric Dumazet Cc: Jay Vosburgh Cc: Veaceslav Falico Cc: Andy Gospodarek Acked-by: Jay Vosburgh Signed-off-by: David S. Miller commit ac3d9dd034e565df2c034ab2ca71f0a9f69153c1 Author: Eric Dumazet Date: Fri Sep 21 15:27:38 2018 -0700 netpoll: make ndo_poll_controller() optional As diagnosed by Song Liu, ndo_poll_controller() can be very dangerous on loaded hosts, since the cpu calling ndo_poll_controller() might steal all NAPI contexts (for all RX/TX queues of the NIC). This capture can last for unlimited amount of time, since one cpu is generally not able to drain all the queues under load. It seems that all networking drivers that do use NAPI for their TX completions, should not provide a ndo_poll_controller(). NAPI drivers have netpoll support already handled in core networking stack, since netpoll_poll_dev() uses poll_napi(dev) to iterate through registered NAPI contexts for a device. This patch allows netpoll_poll_dev() to process NAPI contexts even for drivers not providing ndo_poll_controller(), allowing for following patches in NAPI drivers. Also we export netpoll_poll_dev() so that it can be called by bonding/team drivers in following patches. Reported-by: Song Liu Signed-off-by: Eric Dumazet Tested-by: Song Liu Signed-off-by: David S. Miller commit 4451d3f59f2a6f95e5d205c2d04ea072955d080d Author: Tao Ren Date: Wed Sep 19 15:13:31 2018 -0700 clocksource/drivers/fttmr010: Fix set_next_event handler Currently, the aspeed MATCH1 register is updated to in set_next_event handler, with the assumption that COUNT register value is preserved when the timer is disabled and it continues decrementing after the timer is enabled. But the assumption is wrong: RELOAD register is loaded into COUNT register when the aspeed timer is enabled, which means the next event may be delayed because timer interrupt won't be generated until <0xFFFFFFFF - current_count + cycles>. The problem can be fixed by updating RELOAD register to , and COUNT register will be re-loaded when the timer is enabled and interrupt is generated when COUNT register overflows. The test result on Facebook Backpack-CMM BMC hardware (AST2500) shows the issue is fixed: without the patch, usleep(100) suspends the process for several milliseconds (and sometimes even over 40 milliseconds); after applying the fix, usleep(100) takes averagely 240 microseconds to return under the same workload level. Signed-off-by: Tao Ren Reviewed-by: Linus Walleij Tested-by: Lei YU Signed-off-by: Daniel Lezcano commit 16fdf8ba98391650ce4bc4f3f71629d8a413bc21 Author: David S. Miller Date: Sun Sep 23 12:25:15 2018 -0700 rds: Fix build regression. Use DECLARE_* not DEFINE_* Fixes: 8360ed6745df ("RDS: IB: Use DEFINE_PER_CPU_SHARED_ALIGNED for rds_ib_stats") Signed-off-by: David S. Miller commit 6bf4ca7fbc85d80446ac01c0d1d77db4d91a6d84 Author: Greg Kroah-Hartman Date: Sun Sep 23 19:15:18 2018 +0200 Linux 4.19-rc5 commit d02771fb166274e75ebda8aefc86ea2816416165 Merge: 18d49ec3c62f 10492ee8ed91 Author: Greg Kroah-Hartman Date: Sun Sep 23 17:19:27 2018 +0200 Merge tag 'mfd-fixes-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd Lee writes: "MFD fixes for v4.19 - Fix Dialog DA9063 regulator constraints issue causing failure in probe - Fix OMAP Device Tree compatible strings to match DT" * tag 'mfd-fixes-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: mfd: omap-usb-host: Fix dts probe of children mfd: da9063: Fix DT probing with constraints commit e6f0e1c7569508f5b0e23cbac6e5d9da3f9bb284 Merge: a4986b08287e 13b91ed77a65 Author: Olof Johansson Date: Sun Sep 23 05:30:28 2018 -0700 Merge tag 'sunxi-fixes-for-4.19-2' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux into fixes Allwinner fixes - round 2 One additional fix regarding HDMI on the R40 SoC. Based on preliminary tests and code dumps for the R40, it was thought that the whole HDMI block was the same on the R40 and A64. Recent tests regarding the A64 showed that this was not the case. The HDMI PHY on the A64 only has one clock parent. How this occurs at the hardware level is unclear, as Allwinner has not given any feedback on this matter. Nevertheless it is clear that the hardware acts differently between the A64 and R40 in such a way that the R40's HDMI PHY is not backward compatible with the A64's. As such we need to drop the fallback compatible string in the R40's device tree. This was added in v4.19-rc1. * tag 'sunxi-fixes-for-4.19-2' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux: ARM: dts: sun8i: drop A64 HDMI PHY fallback compatible from R40 DT Signed-off-by: Olof Johansson commit a4986b08287e0868fad6dd1b6e8ed840b2f1003f Author: Antoine Tenart Date: Wed Sep 19 08:58:02 2018 +0200 MAINTAINERS: update the Annapurna Labs maintainer email Free Electrons became Bootlin. Update my email accordingly. Signed-off-by: Antoine Tenart Signed-off-by: Olof Johansson commit 18d49ec3c62f46d7225f822e112742fbe0daf94b Merge: a83f87c1d2a9 d59f532480f5 Author: Greg Kroah-Hartman Date: Sun Sep 23 13:32:19 2018 +0200 Merge tag 'for-linus-4.19d-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Juergen writes: "xen: Two small fixes for xen drivers." * tag 'for-linus-4.19d-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen: issue warning message when out of grant maptrack entries xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code commit a83f87c1d2a93a8fd2413ce8f410b69848db0fd5 Merge: 328c6333ba3d b57e99b4b8b0 Author: Greg Kroah-Hartman Date: Sun Sep 23 08:33:28 2018 +0200 Merge tag 'for-linus-20180922' of git://git.kernel.dk/linux-block Jens writes: "Just a single fix in this pull request, fixing a regression in /proc/diskstats caused by the unification of timestamps." * tag 'for-linus-20180922' of git://git.kernel.dk/linux-block: block: use nanosecond resolution for iostat commit 328c6333ba3df92d5ea7f2cee46379ed57882af6 Merge: 52890d2afc6a 05ab1d8a4b36 Author: Greg Kroah-Hartman Date: Sun Sep 23 08:10:12 2018 +0200 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Thomas writes: "A set of fixes for x86: - Resolve the kvmclock regression on AMD systems with memory encryption enabled. The rework of the kvmclock memory allocation during early boot results in encrypted storage, which is not shareable with the hypervisor. Create a new section for this data which is mapped unencrypted and take care that the later allocations for shared kvmclock memory is unencrypted as well. - Fix the build regression in the paravirt code introduced by the recent spectre v2 updates. - Ensure that the initial static page tables cover the fixmap space correctly so early console always works. This worked so far by chance, but recent modifications to the fixmap layout can - depending on kernel configuration - move the relevant entries to a different place which is not covered by the initial static page tables. - Address the regressions and issues which got introduced with the recent extensions to the Intel Recource Director Technology code. - Update maintainer entries to document reality" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mm: Expand static page table for fixmap space MAINTAINERS: Add X86 MM entry x86/intel_rdt: Add Reinette as co-maintainer for RDT MAINTAINERS: Add Borislav to the x86 maintainers x86/paravirt: Fix some warning messages x86/intel_rdt: Fix incorrect loop end condition x86/intel_rdt: Fix exclusive mode handling of MBA resource x86/intel_rdt: Fix incorrect loop end condition x86/intel_rdt: Do not allow pseudo-locking of MBA resource x86/intel_rdt: Fix unchecked MSR access x86/intel_rdt: Fix invalid mode warning when multiple resources are managed x86/intel_rdt: Global closid helper to support future fixes x86/intel_rdt: Fix size reporting of MBA resource x86/intel_rdt: Fix data type in parsing callbacks x86/kvm: Use __bss_decrypted attribute in shared variables x86/mm: Add .bss..decrypted section to hold shared variables commit 52890d2afc6a06d6121ae1fd4bfc2448b0d67728 Merge: ea092676b0d9 5d05dfd13f20 Author: Greg Kroah-Hartman Date: Sun Sep 23 08:09:16 2018 +0200 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Thomas writes: "- Provide a strerror_r wrapper so lib/bpf can be built on systems without _GNU_SOURCE - Unbreak the man page generator when building out of tree" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf Documentation: Fix out-of-tree asciidoctor man page generation tools lib bpf: Provide wrapper for strerror_r to build in !_GNU_SOURCE systems commit ea092676b0d9c13f20a3bc02c5b0bf537c27346e Merge: 10dc890d4228 008d2f444222 Author: Greg Kroah-Hartman Date: Sun Sep 23 08:06:54 2018 +0200 Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Thomas writes: "Make the EFI arm stub device tree loader default on to unbreak existing EFI boot loaders which do not have DTB support." * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: efi/libstub/arm: default EFI_ARMSTUB_DTB_LOADER to y commit 474ff2600889e16280dbc6ada8bfecb216169a70 Author: Maciej Żenczykowski Date: Sat Sep 22 01:34:01 2018 -0700 net-ethtool: ETHTOOL_GUFO did not and should not require CAP_NET_ADMIN So it should not fail with EPERM even though it is no longer implemented... This is a fix for: (userns)$ egrep ^Cap /proc/self/status CapInh: 0000003fffffffff CapPrm: 0000003fffffffff CapEff: 0000003fffffffff CapBnd: 0000003fffffffff CapAmb: 0000003fffffffff (userns)$ tcpdump -i usb_rndis0 tcpdump: WARNING: usb_rndis0: SIOCETHTOOL(ETHTOOL_GUFO) ioctl failed: Operation not permitted Warning: Kernel filter failed: Bad file descriptor tcpdump: can't remove kernel filter: Bad file descriptor With this change it returns EOPNOTSUPP instead of EPERM. See also https://github.com/the-tcpdump-group/libpcap/issues/689 Fixes: 08a00fea6de2 "net: Remove references to NETIF_F_UFO from ethtool." Cc: David S. Miller Signed-off-by: Maciej Żenczykowski Signed-off-by: David S. Miller commit 41c9b1be335b5afc3b5fb71c5d16f9d5939cd13f Author: Dave Jiang Date: Mon Sep 10 16:18:29 2018 -0700 device-dax: Add missing address_space_operations With address_space_operations missing for device dax, namely the .set_page_dirty, we hit a kernel warning when running destructive ndctl unit test: make TESTS=device-dax check WARNING: CPU: 3 PID: 7380 at fs/buffer.c:581 __set_page_dirty+0xb1/0xc0 Setting address_space_operations to noop_set_page_dirty and noop_invalidatepage for device dax to prevent fallback to __set_page_dirty_buffers() and block_invalidatepage() respectively. Fixes: 2232c6382a ("device-dax: Enable page_mapping()") Acked-by: Jeff Moyer Reported-by: Vishal Verma Signed-off-by: Dave Jiang Signed-off-by: Dan Williams commit 8360ed6745df6de2d8ddff8e2116789258fe5890 Author: Nathan Chancellor Date: Fri Sep 21 11:04:51 2018 -0700 RDS: IB: Use DEFINE_PER_CPU_SHARED_ALIGNED for rds_ib_stats Clang warns when two declarations' section attributes don't match. net/rds/ib_stats.c:40:1: warning: section does not match previous declaration [-Wsection] DEFINE_PER_CPU_SHARED_ALIGNED(struct rds_ib_statistics, rds_ib_stats); ^ ./include/linux/percpu-defs.h:142:2: note: expanded from macro 'DEFINE_PER_CPU_SHARED_ALIGNED' DEFINE_PER_CPU_SECTION(type, name, PER_CPU_SHARED_ALIGNED_SECTION) \ ^ ./include/linux/percpu-defs.h:93:9: note: expanded from macro 'DEFINE_PER_CPU_SECTION' extern __PCPU_ATTRS(sec) __typeof__(type) name; \ ^ ./include/linux/percpu-defs.h:49:26: note: expanded from macro '__PCPU_ATTRS' __percpu __attribute__((section(PER_CPU_BASE_SECTION sec))) \ ^ net/rds/ib.h:446:1: note: previous attribute is here DECLARE_PER_CPU(struct rds_ib_statistics, rds_ib_stats); ^ ./include/linux/percpu-defs.h:111:2: note: expanded from macro 'DECLARE_PER_CPU' DECLARE_PER_CPU_SECTION(type, name, "") ^ ./include/linux/percpu-defs.h:87:9: note: expanded from macro 'DECLARE_PER_CPU_SECTION' extern __PCPU_ATTRS(sec) __typeof__(type) name ^ ./include/linux/percpu-defs.h:49:26: note: expanded from macro '__PCPU_ATTRS' __percpu __attribute__((section(PER_CPU_BASE_SECTION sec))) \ ^ 1 warning generated. The initial definition was added in commit ec16227e1414 ("RDS/IB: Infiniband transport") and the cache aligned definition was added in commit e6babe4cc4ce ("RDS/IB: Stats and sysctls") right after. The definition probably should have been updated in net/rds/ib.h, which is what this patch does. Link: https://github.com/ClangBuiltLinux/linux/issues/114 Signed-off-by: Nathan Chancellor Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller commit b57e99b4b8b0ebdf9707424e7ddc0c392bdc5fe6 Author: Omar Sandoval Date: Fri Sep 21 16:44:34 2018 -0700 block: use nanosecond resolution for iostat Klaus Kusche reported that the I/O busy time in /proc/diskstats was not updating properly on 4.18. This is because we started using ktime to track elapsed time, and we convert nanoseconds to jiffies when we update the partition counter. However, this gets rounded down, so any I/Os that take less than a jiffy are not accounted for. Previously in this case, the value of jiffies would sometimes increment while we were doing I/O, so at least some I/Os were accounted for. Let's convert the stats to use nanoseconds internally. We still report milliseconds as before, now more accurately than ever. The value is still truncated to 32 bits for backwards compatibility. Fixes: 522a777566f5 ("block: consolidate struct request timestamp fields") Cc: stable@vger.kernel.org Reported-by: Klaus Kusche Signed-off-by: Omar Sandoval Signed-off-by: Jens Axboe commit 8ac1ee6f4d62e781e3b3fd8b9c42b70371427669 Author: Nathan Chancellor Date: Fri Sep 21 02:44:12 2018 -0700 net/mlx4: Use cpumask_available for eq->affinity_mask Clang warns that the address of a pointer will always evaluated as true in a boolean context: drivers/net/ethernet/mellanox/mlx4/eq.c:243:11: warning: address of array 'eq->affinity_mask' will always evaluate to 'true' [-Wpointer-bool-conversion] if (!eq->affinity_mask || cpumask_empty(eq->affinity_mask)) ~~~~~^~~~~~~~~~~~~ 1 warning generated. Use cpumask_available, introduced in commit f7e30f01a9e2 ("cpumask: Add helper cpumask_available()"), which does the proper checking and avoids this warning. Link: https://github.com/ClangBuiltLinux/linux/issues/86 Signed-off-by: Nathan Chancellor Signed-off-by: David S. Miller commit 83fe9a966111b51a34f10c35e568e45bff34de48 Author: Dan Carpenter Date: Fri Sep 21 11:07:55 2018 +0300 devlink: double free in devlink_resource_fill() Smatch reports that devlink_dpipe_send_and_alloc_skb() frees the skb on error so this is a double free. We fixed a bunch of these bugs in commit 7fe4d6dcbcb4 ("devlink: Remove redundant free on error path") but we accidentally overlooked this one. Fixes: d9f9b9a4d05f ("devlink: Add support for resource abstraction") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller commit e6ce3822a9f264b3f24c1acdc624131fb014f2f0 Author: YueHaibing Date: Fri Sep 21 11:46:37 2018 +0800 net: apple: fix return type of ndo_start_xmit function The method ndo_start_xmit() is defined as returning an 'netdev_tx_t', which is a typedef for an enum type, so make sure the implementation in this driver has returns 'netdev_tx_t' value, and change the function return type to netdev_tx_t. Found by coccinelle. Signed-off-by: YueHaibing Signed-off-by: David S. Miller commit 648c361a568dcd098a3496c6c66bca4c8473e52b Author: YueHaibing Date: Fri Sep 21 11:44:05 2018 +0800 net: i825xx: fix return type of ndo_start_xmit function The method ndo_start_xmit() is defined as returning an 'netdev_tx_t', which is a typedef for an enum type, so make sure the implementation in this driver has returns 'netdev_tx_t' value, and change the function return type to netdev_tx_t. Found by coccinelle. Signed-off-by: YueHaibing Signed-off-by: David S. Miller commit f0f25516e3b9efff2a34059347d13361d26e314a Author: YueHaibing Date: Fri Sep 21 11:35:11 2018 +0800 net: wiznet: fix return type of ndo_start_xmit function The method ndo_start_xmit() is defined as returning an 'netdev_tx_t', which is a typedef for an enum type, so make sure the implementation in this driver has returns 'netdev_tx_t' value, and change the function return type to netdev_tx_t. Found by coccinelle. Signed-off-by: YueHaibing Signed-off-by: David S. Miller commit 28d304efb88f18aadfe9219f0e4b2b0ef9558a3b Author: YueHaibing Date: Fri Sep 21 11:05:50 2018 +0800 net: sgi: fix return type of ndo_start_xmit function The method ndo_start_xmit() is defined as returning an 'netdev_tx_t', which is a typedef for an enum type, so make sure the implementation in this driver has returns 'netdev_tx_t' value, and change the function return type to netdev_tx_t. Found by coccinelle. Signed-off-by: YueHaibing Signed-off-by: David S. Miller commit f3bf939f3d4552becb115d76e17b3e5957bab4a2 Author: YueHaibing Date: Fri Sep 21 11:02:37 2018 +0800 net: cirrus: fix return type of ndo_start_xmit function The method ndo_start_xmit() is defined as returning an 'netdev_tx_t', which is a typedef for an enum type, so make sure the implementation in this driver has returns 'netdev_tx_t' value, and change the function return type to netdev_tx_t. Found by coccinelle. Signed-off-by: YueHaibing Signed-off-by: David S. Miller commit 72b462798c2a258725dd741d1c6c139446e20d12 Author: YueHaibing Date: Fri Sep 21 10:53:47 2018 +0800 net: seeq: fix return type of ndo_start_xmit function The method ndo_start_xmit() is defined as returning an 'netdev_tx_t', which is a typedef for an enum type, so make sure the implementation in this driver has returns 'netdev_tx_t' value, and change the function return type to netdev_tx_t. Found by coccinelle. Signed-off-by: YueHaibing Signed-off-by: David S. Miller commit 54be5b8ce33f8d1a05b258070c81ed98f935883d Author: Wei Yongjun Date: Fri Sep 21 02:53:17 2018 +0000 PCI: hv: Fix return value check in hv_pci_assign_slots() In case of error, the function pci_create_slot() returns ERR_PTR() and never returns NULL. The NULL test in the return value check should be replaced with IS_ERR(). Fixes: a15f2c08c708 ("PCI: hv: support reporting serial number as slot information") Signed-off-by: Wei Yongjun Signed-off-by: David S. Miller commit 86f9bd1ff61c413a2a251fa736463295e4e24733 Author: Jeff Barnhill <0xeffeff@gmail.com> Date: Fri Sep 21 00:45:27 2018 +0000 net/ipv6: Display all addresses in output of /proc/net/if_inet6 The backend handling for /proc/net/if_inet6 in addrconf.c doesn't properly handle starting/stopping the iteration. The problem is that at some point during the iteration, an overflow is detected and the process is subsequently stopped. The item being shown via seq_printf() when the overflow occurs is not actually shown, though. When start() is subsequently called to resume iterating, it returns the next item, and thus the item that was being processed when the overflow occurred never gets printed. Alter the meaning of the private data member "offset". Currently, when it is not 0 (which only happens at the very beginning), "offset" represents the next hlist item to be printed. After this change, "offset" always represents the current item. This is also consistent with the private data member "bucket", which represents the current bucket, and also the use of "pos" as defined in seq_file.txt: The pos passed to start() will always be either zero, or the most recent pos used in the previous session. Signed-off-by: Jeff Barnhill <0xeffeff@gmail.com> Signed-off-by: David S. Miller commit f88b4c01b97e09535505cf3c327fdbce55c27f00 Author: Sean Tranchetti Date: Thu Sep 20 14:29:45 2018 -0600 netlabel: check for IPV4MASK in addrinfo_get netlbl_unlabel_addrinfo_get() assumes that if it finds the NLBL_UNLABEL_A_IPV4ADDR attribute, it must also have the NLBL_UNLABEL_A_IPV4MASK attribute as well. However, this is not necessarily the case as the current checks in netlbl_unlabel_staticadd() and friends are not sufficent to enforce this. If passed a netlink message with NLBL_UNLABEL_A_IPV4ADDR, NLBL_UNLABEL_A_IPV6ADDR, and NLBL_UNLABEL_A_IPV6MASK attributes, these functions will all call netlbl_unlabel_addrinfo_get() which will then attempt dereference NULL when fetching the non-existent NLBL_UNLABEL_A_IPV4MASK attribute: Unable to handle kernel NULL pointer dereference at virtual address 0 Process unlab (pid: 31762, stack limit = 0xffffff80502d8000) Call trace: netlbl_unlabel_addrinfo_get+0x44/0xd8 netlbl_unlabel_staticremovedef+0x98/0xe0 genl_rcv_msg+0x354/0x388 netlink_rcv_skb+0xac/0x118 genl_rcv+0x34/0x48 netlink_unicast+0x158/0x1f0 netlink_sendmsg+0x32c/0x338 sock_sendmsg+0x44/0x60 ___sys_sendmsg+0x1d0/0x2a8 __sys_sendmsg+0x64/0xb4 SyS_sendmsg+0x34/0x4c el0_svc_naked+0x34/0x38 Code: 51001149 7100113f 540000a0 f9401508 (79400108) ---[ end trace f6438a488e737143 ]--- Kernel panic - not syncing: Fatal exception Signed-off-by: Sean Tranchetti Signed-off-by: David S. Miller commit fad0c40fab14523ca381a30fef88b7c3266bef1c Merge: 080220b68714 5028027844cf Author: Daniel Borkmann Date: Sat Sep 22 02:46:42 2018 +0200 Merge branch 'bpf-sockmap-estab-fixes' John Fastabend says: ==================== Eric noted that using the close callback is not sufficient to catch all transitions from ESTABLISHED state to a LISTEN state. So this series does two things. First, only allow adding socks in ESTABLISH state and second use unhash callback to catch tcp_disconnect() transitions. v2: added check for ESTABLISH state in hash update sockmap as well v3: Do not release lock from unhash in error path, no lock was used in the first place. And drop not so useful code comments v4: convert, if (unhash()) return unhash(); return to if (unhash()) unhash(); return; Thanks for reviewing Yonghong I carried your ACKs forward. ==================== Signed-off-by: Daniel Borkmann commit 5028027844cfc6168e39650abecd817ba64c9d98 Author: John Fastabend Date: Tue Sep 18 09:01:54 2018 -0700 bpf: test_maps, only support ESTABLISHED socks Ensure that sockets added to a sock{map|hash} that is not in the ESTABLISHED state is rejected. Fixes: 1aa12bdf1bfb ("bpf: sockmap, add sock close() hook to remove socks") Signed-off-by: John Fastabend Acked-by: Yonghong Song Signed-off-by: Daniel Borkmann commit b05545e15e1ff1d6a6a8593971275f9cc3e6b92b Author: John Fastabend Date: Tue Sep 18 09:01:49 2018 -0700 bpf: sockmap, fix transition through disconnect without close It is possible (via shutdown()) for TCP socks to go trough TCP_CLOSE state via tcp_disconnect() without actually calling tcp_close which would then call our bpf_tcp_close() callback. Because of this a user could disconnect a socket then put it in a LISTEN state which would break our assumptions about sockets always being ESTABLISHED state. To resolve this rely on the unhash hook, which is called in the disconnect case, to remove the sock from the sockmap. Reported-by: Eric Dumazet Fixes: 1aa12bdf1bfb ("bpf: sockmap, add sock close() hook to remove socks") Signed-off-by: John Fastabend Acked-by: Yonghong Song Signed-off-by: Daniel Borkmann commit 5607fff303636d48b88414c6be353d9fed700af2 Author: John Fastabend Date: Tue Sep 18 09:01:44 2018 -0700 bpf: sockmap only allow ESTABLISHED sock state After this patch we only allow socks that are in ESTABLISHED state or are being added via a sock_ops event that is transitioning into an ESTABLISHED state. By allowing sock_ops events we allow users to manage sockmaps directly from sock ops programs. The two supported sock_ops ops are BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB and BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB. Similar to TLS ULP this ensures sk_user_data is correct. Reported-by: Eric Dumazet Fixes: 1aa12bdf1bfb ("bpf: sockmap, add sock close() hook to remove socks") Signed-off-by: John Fastabend Acked-by: Yonghong Song Signed-off-by: Daniel Borkmann commit 10dc890d4228cd17ddfd09ba9aaa9221627e29b2 Merge: a27fb6d983c7 96147db1e1df Author: Greg Kroah-Hartman Date: Fri Sep 21 20:01:16 2018 +0200 Merge tag 'pinctrl-v4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Linus writes: "Pin control fixes for v4.19: - Two fixes for the Intel pin controllers than cause problems on laptops." * tag 'pinctrl-v4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: intel: Do pin translation in other GPIO operations as well pinctrl: cannonlake: Fix gpio base for GPP-E commit f1f1fadacaf08b7cf11714c0c29f8fa4d4ef68a9 Author: Johannes Thumshirn Date: Fri Sep 21 09:01:01 2018 +0200 scsi: sd: don't crash the host on invalid commands When sd_init_command() get's a command with a unknown req_op() it crashes the system via BUG(). This makes debugging the actual reason for the broken request cmd_flags pretty hard as the system is down before it's able to write out debugging data on the serial console or the trace buffer. Change the BUG() to a WARN_ON() and return BLKPREP_KILL to fail gracefully and return an I/O error to the producer of the request. Signed-off-by: Johannes Thumshirn Cc: Hannes Reinecke Cc: Bart Van Assche Cc: Christoph Hellwig Reviewed-by: Christoph Hellwig Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 318ddb34b2052f838aa243d07173e2badf3e630e Author: Wen Xiong Date: Thu Sep 20 19:32:12 2018 -0500 scsi: ipr: System hung while dlpar adding primary ipr adapter back While dlpar adding primary ipr adapter back, driver goes through adapter initialization then schedule ipr_worker_thread to start te disk scan by dropping the host lock, calling scsi_add_device. Then get the adapter reset request again, so driver does scsi_block_requests, this will cause the scsi_add_device get hung until we unblock. But we can't run ipr_worker_thread to do the unblock because its stuck in scsi_add_device. This patch fixes the issue. [mkp: typo and whitespace fixes] Signed-off-by: Wen Xiong Acked-by: Brian King Signed-off-by: Martin K. Petersen commit 8c39e2699f8acb2e29782a834e56306da24937fe Author: Vincent Pelletier Date: Sun Sep 9 04:09:27 2018 +0000 scsi: target: iscsi: Use bin2hex instead of a re-implementation Signed-off-by: Vincent Pelletier Reviewed-by: Mike Christie Signed-off-by: Martin K. Petersen commit 1816494330a83f2a064499d8ed2797045641f92c Author: Vincent Pelletier Date: Sun Sep 9 04:09:26 2018 +0000 scsi: target: iscsi: Use hex2bin instead of a re-implementation This change has the following effects, in order of descreasing importance: 1) Prevent a stack buffer overflow 2) Do not append an unnecessary NULL to an anyway binary buffer, which is writing one byte past client_digest when caller is: chap_string_to_hex(client_digest, chap_r, strlen(chap_r)); The latter was found by KASAN (see below) when input value hes expected size (32 hex chars), and further analysis revealed a stack buffer overflow can happen when network-received value is longer, allowing an unauthenticated remote attacker to smash up to 17 bytes after destination buffer (16 bytes attacker-controlled and one null). As switching to hex2bin requires specifying destination buffer length, and does not internally append any null, it solves both issues. This addresses CVE-2018-14633. Beyond this: - Validate received value length and check hex2bin accepted the input, to log this rejection reason instead of just failing authentication. - Only log received CHAP_R and CHAP_C values once they passed sanity checks. ================================================================== BUG: KASAN: stack-out-of-bounds in chap_string_to_hex+0x32/0x60 [iscsi_target_mod] Write of size 1 at addr ffff8801090ef7c8 by task kworker/0:0/1021 CPU: 0 PID: 1021 Comm: kworker/0:0 Tainted: G O 4.17.8kasan.sess.connops+ #2 Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 05/19/2014 Workqueue: events iscsi_target_do_login_rx [iscsi_target_mod] Call Trace: dump_stack+0x71/0xac print_address_description+0x65/0x22e ? chap_string_to_hex+0x32/0x60 [iscsi_target_mod] kasan_report.cold.6+0x241/0x2fd chap_string_to_hex+0x32/0x60 [iscsi_target_mod] chap_server_compute_md5.isra.2+0x2cb/0x860 [iscsi_target_mod] ? chap_binaryhex_to_asciihex.constprop.5+0x50/0x50 [iscsi_target_mod] ? ftrace_caller_op_ptr+0xe/0xe ? __orc_find+0x6f/0xc0 ? unwind_next_frame+0x231/0x850 ? kthread+0x1a0/0x1c0 ? ret_from_fork+0x35/0x40 ? ret_from_fork+0x35/0x40 ? iscsi_target_do_login_rx+0x3bc/0x4c0 [iscsi_target_mod] ? deref_stack_reg+0xd0/0xd0 ? iscsi_target_do_login_rx+0x3bc/0x4c0 [iscsi_target_mod] ? is_module_text_address+0xa/0x11 ? kernel_text_address+0x4c/0x110 ? __save_stack_trace+0x82/0x100 ? ret_from_fork+0x35/0x40 ? save_stack+0x8c/0xb0 ? 0xffffffffc1660000 ? iscsi_target_do_login+0x155/0x8d0 [iscsi_target_mod] ? iscsi_target_do_login_rx+0x3bc/0x4c0 [iscsi_target_mod] ? process_one_work+0x35c/0x640 ? worker_thread+0x66/0x5d0 ? kthread+0x1a0/0x1c0 ? ret_from_fork+0x35/0x40 ? iscsi_update_param_value+0x80/0x80 [iscsi_target_mod] ? iscsit_release_cmd+0x170/0x170 [iscsi_target_mod] chap_main_loop+0x172/0x570 [iscsi_target_mod] ? chap_server_compute_md5.isra.2+0x860/0x860 [iscsi_target_mod] ? rx_data+0xd6/0x120 [iscsi_target_mod] ? iscsit_print_session_params+0xd0/0xd0 [iscsi_target_mod] ? cyc2ns_read_begin.part.2+0x90/0x90 ? _raw_spin_lock_irqsave+0x25/0x50 ? memcmp+0x45/0x70 iscsi_target_do_login+0x875/0x8d0 [iscsi_target_mod] ? iscsi_target_check_first_request.isra.5+0x1a0/0x1a0 [iscsi_target_mod] ? del_timer+0xe0/0xe0 ? memset+0x1f/0x40 ? flush_sigqueue+0x29/0xd0 iscsi_target_do_login_rx+0x3bc/0x4c0 [iscsi_target_mod] ? iscsi_target_nego_release+0x80/0x80 [iscsi_target_mod] ? iscsi_target_restore_sock_callbacks+0x130/0x130 [iscsi_target_mod] process_one_work+0x35c/0x640 worker_thread+0x66/0x5d0 ? flush_rcu_work+0x40/0x40 kthread+0x1a0/0x1c0 ? kthread_bind+0x30/0x30 ret_from_fork+0x35/0x40 The buggy address belongs to the page: page:ffffea0004243bc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x17fffc000000000() raw: 017fffc000000000 0000000000000000 0000000000000000 00000000ffffffff raw: ffffea0004243c20 ffffea0004243ba0 0000000000000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801090ef680: f2 f2 f2 f2 f2 f2 f2 01 f2 f2 f2 f2 f2 f2 f2 00 ffff8801090ef700: f2 f2 f2 f2 f2 f2 f2 00 02 f2 f2 f2 f2 f2 f2 00 >ffff8801090ef780: 00 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 ^ ffff8801090ef800: 00 f2 f2 f2 f2 f2 f2 00 00 00 00 02 f2 f2 f2 f2 ffff8801090ef880: f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 ================================================================== Signed-off-by: Vincent Pelletier Reviewed-by: Mike Christie Signed-off-by: Martin K. Petersen commit 652ef42c134da1bbb03bd4c9b4291dfaf8d7febb Author: Antoine Tenart Date: Thu Sep 20 12:08:54 2018 +0200 net: mscc: fix the frame extraction into the skb When extracting frames from the Ocelot switch, the frame check sequence (FCS) is present at the end of the data extracted. The FCS was put into the sk buffer which introduced some issues (as length related ones), as the FCS shouldn't be part of an Rx sk buffer. This patch fixes the Ocelot switch extraction behaviour by discarding the FCS. Fixes: a556c76adc05 ("net: mscc: Add initial Ocelot switch support") Signed-off-by: Antoine Tenart Signed-off-by: David S. Miller commit a27fb6d983c7b5bb0129ae4d7a7c81758173bfab Merge: 0eba8697bce1 26b471c7e2f7 Author: Greg Kroah-Hartman Date: Fri Sep 21 16:21:42 2018 +0200 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Paolo writes: "It's mostly small bugfixes and cleanups, mostly around x86 nested virtualization. One important change, not related to nested virtualization, is that the ability for the guest kernel to trap CPUID instructions (in Linux that's the ARCH_SET_CPUID arch_prctl) is now masked by default. This is because the feature is detected through an MSR; a very bad idea that Intel seems to like more and more. Some applications choke if the other fields of that MSR are not initialized as on real hardware, hence we have to disable the whole MSR by default, as was the case before Linux 4.12." * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (23 commits) KVM: nVMX: Fix bad cleanup on error of get/set nested state IOCTLs kvm: selftests: Add platform_info_test KVM: x86: Control guest reads of MSR_PLATFORM_INFO KVM: x86: Turbo bits in MSR_PLATFORM_INFO nVMX x86: Check VPID value on vmentry of L2 guests nVMX x86: check posted-interrupt descriptor addresss on vmentry of L2 KVM: nVMX: Wake blocked vCPU in guest-mode if pending interrupt in virtual APICv KVM: VMX: check nested state and CR4.VMXE against SMM kvm: x86: make kvm_{load|put}_guest_fpu() static x86/hyper-v: rename ipi_arg_{ex,non_ex} structures KVM: VMX: use preemption timer to force immediate VMExit KVM: VMX: modify preemption timer bit only when arming timer KVM: VMX: immediately mark preemption timer expired only for zero value KVM: SVM: Switch to bitmap_zalloc() KVM/MMU: Fix comment in walk_shadow_page_lockless_end() kvm: selftests: use -pthread instead of -lpthread KVM: x86: don't reset root in kvm_mmu_setup() kvm: mmu: Don't read PDPTEs when paging is not enabled x86/kvm/lapic: always disable MMIO interface in x2APIC mode KVM: s390: Make huge pages unavailable in ucontrol VMs ... commit 0eba8697bce15dc06e2b5c4c66d672c37ca43be0 Merge: 211b100a5ced f061c1cc404a Author: Greg Kroah-Hartman Date: Fri Sep 21 15:29:44 2018 +0200 Merge tag 'upstream-4.19-rc4' of git://git.infradead.org/linux-ubifs Richard writes: "This pull request contains fixes for UBIFS: - A wrong UBIFS assertion in mount code - Fix for a NULL pointer deref in mount code - Revert of a bad fix for xattrs" * tag 'upstream-4.19-rc4' of git://git.infradead.org/linux-ubifs: Revert "ubifs: xattr: Don't operate on deleted inodes" ubifs: drop false positive assertion ubifs: Check for name being NULL while mounting commit 98e616fe7c94f9c787092b6364405d99bdf42153 Author: zhong jiang Date: Sat Sep 8 21:44:08 2018 +0800 ieee802154: remove unecessary condition check before debugfs_remove_recursive debugfs_remove_recursive has taken IS_ERR_OR_NULL into account. So just remove the condition check before debugfs_remove_recursive. Signed-off-by: zhong jiang Signed-off-by: Stefan Schmidt commit 89578d04b52c872aef6b1257b5f6caf6bcc35abe Author: Alexandru Gheorghe Date: Wed Aug 22 16:18:19 2018 +0100 drm/malidp: Fix writeback in NV12 When we want to writeback to memory in NV12 format we need to program the RGB2YUV coefficients. Currently, we don't program the coefficients and NV12 doesn't work at all. This patchset fixes that by programming a sane default(bt709, limited range) as rgb2yuv coefficients. In the long run, probably we need to think of a way for userspace to be able to program that, but for now I think this is better than not working at all or not advertising NV12 as a supported format for memwrite. Changes since v1: - Write the rgb2yuv coefficients only once, since we don't change them at all, just write them the first time NV12 is programmed, suggested by Brian Starkey, here [1] [1] https://lists.freedesktop.org/archives/dri-devel/2018-August/186819.html Signed-off-by: Alexandru Gheorghe Acked-by: Liviu Dudau Signed-off-by: Liviu Dudau commit 69be1984ded00a11b1ed0888c6d8e4f35370372f Author: Alexandru Gheorghe Date: Mon Jul 16 11:07:07 2018 +0100 drm: mali-dp: Call drm_crtc_vblank_reset on device init Currently, if userspace calls drm_wait_vblank before the crtc is activated the crtc vblank_enable hook is called, which in case of malidp driver triggers some warninngs. This happens because on device init we don't inform the drm core about the vblank state by calling drm_crtc_vblank_on/off/reset which together with drm_vblank_get have some magic that prevents calling drm_vblank_enable when crtc is off. Signed-off-by: Alexandru Gheorghe Acked-by: Liviu Dudau Signed-off-by: Liviu Dudau commit 5b3686c7aaade973b8806dba4ecc99bec8c988f3 Author: YueHaibing Date: Thu Aug 9 14:44:29 2018 +0800 ieee802154: Use kmemdup instead of duplicating it in ca8210_test_int_driver_write Replace calls to kmalloc followed by a memcpy with a direct call to kmemdup. Signed-off-by: YueHaibing Signed-off-by: Stefan Schmidt commit 211b100a5ceda9d1856a3f84334f9ca5f680b638 Merge: a38fd7d808e6 d611aaf336b2 Author: Greg Kroah-Hartman Date: Fri Sep 21 09:41:05 2018 +0200 Merge tag 'for-linus-20180920' of git://git.kernel.dk/linux-block Jens writes: "Storage fixes for 4.19-rc5 - Fix for leaking kernel pointer in floppy ioctl (Andy Whitcroft) - NVMe pull request from Christoph, and a single ANA log page fix (Hannes) - Regression fix for libata qd32 support, where we trigger an illegal active command transition. This fixes a CD-ROM detection issue that was reported, but could also trigger premature completion of the internal tag (me)" * tag 'for-linus-20180920' of git://git.kernel.dk/linux-block: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl libata: mask swap internal and hardware tag nvme: count all ANA groups for ANA Log page commit a38fd7d808e6a9dcc8fac30fc870ccb88ce07221 Merge: 234b69e3e089 4fcb7f8be829 Author: Greg Kroah-Hartman Date: Fri Sep 21 09:11:18 2018 +0200 Merge tag 'drm-fixes-2018-09-21' of git://anongit.freedesktop.org/drm/drm David writes: "drm fixes for 4.19-rc5: - core: fix debugfs for atomic, fix the check for atomic for non-modesetting drivers - amdgpu: adds a new PCI id, some kfd fixes and a sdma fix - i915: a bunch of GVT fixes. - vc4: scaling fix - vmwgfx: modesetting fixes and a old buffer eviction fix - udl: framebuffer destruction fix - sun4i: disable on R40 fix until next kernel - pl111: NULL termination on table fix" * tag 'drm-fixes-2018-09-21' of git://anongit.freedesktop.org/drm/drm: (21 commits) drm/amdkfd: Fix ATS capablity was not reported correctly on some APUs drm/amdkfd: Change the control stack MTYPE from UC to NC on GFX9 drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 drm/vmwgfx: Fix buffer object eviction drm/vmwgfx: Don't impose STDU limits on framebuffer size drm/vmwgfx: limit mode size for all display unit to texture_max drm/vmwgfx: limit screen size to stdu_max during check_modeset drm/vmwgfx: don't check for old_crtc_state enable status drm/amdgpu: add new polaris pci id drm: sun4i: drop second PLL from A64 HDMI PHY drm: fix drm_drv_uses_atomic_modeset on non modesetting drivers. drm/i915/gvt: clear ggtt entries when destroy vgpu drm/i915/gvt: request srcu_read_lock before checking if one gfn is valid drm/i915/gvt: Add GEN9_CLKGATE_DIS_4 to default BXT mmio handler drm/i915/gvt: Init PHY related registers for BXT drm/atomic: Use drm_drv_uses_atomic_modeset() for debugfs creation drm/fb-helper: Remove set but not used variable 'connector_funcs' drm: udl: Destroy framebuffer only if it was initialized drm/sun4i: Remove R40 display pipeline compatibles drm/pl111: Make sure of_device_id tables are NULL terminated ... commit 13cc6f48c7434ce46ba6dbc90003a136a263d75a Author: Horia Geantă Date: Fri Sep 14 18:34:28 2018 +0300 crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic In some cases the zero-length hw_desc array at the end of ablkcipher_edesc struct requires for 4B of tail padding. Due to tail padding and the way pointers to S/G table and IV are computed: edesc->sec4_sg = (void *)edesc + sizeof(struct ablkcipher_edesc) + desc_bytes; iv = (u8 *)edesc->hw_desc + desc_bytes + sec4_sg_bytes; first 4 bytes of IV are overwritten by S/G table. Update computation of pointer to S/G table to rely on offset of hw_desc member and not on sizeof() operator. Cc: # 4.13+ Fixes: 115957bb3e59 ("crypto: caam - fix IV DMA mapping and updating") Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu commit 10bc6a6042c900934a097988b5d50e3cf3f91781 Author: Heiner Kallweit Date: Thu Sep 20 22:47:09 2018 +0200 r8169: fix autoneg issue on resume with RTL8168E It was reported that chip version 33 (RTL8168E) ends up with 10MBit/Half on a 1GBit link after resuming from S3 (with different link partners). For whatever reason the PHY on this chip doesn't properly start a renegotiation when soft-reset. Explicitly requesting a renegotiation fixes this. Fixes: a2965f12fde6 ("r8169: remove rtl8169_set_speed_xmii") Signed-off-by: Heiner Kallweit Reported-by: Neil MacLeod Tested-by: Neil MacLeod Signed-off-by: David S. Miller commit 9e210178267b80c4eeb832fade7e146a18c84915 Author: James Smart Date: Thu Sep 13 15:41:10 2018 -0700 scsi: lpfc: Synchronize access to remoteport via rport The driver currently uses the ndlp to get the local rport which is then used to get the nvme transport remoteport pointer. There can be cases where a stale remoteport pointer is obtained as synchronization isn't done through the different dereferences. Correct by using locks to synchronize the dereferences. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen commit d87161bea405e3260377026ca8a704a3f68bd67a Author: Adrian Hunter Date: Thu Sep 13 14:28:48 2018 +0300 scsi: ufs: Disable blk-mq for now blk-mq does not support runtime pm, so disable blk-mq support for now. Fixes: d5038a13eca7 ("scsi: core: switch to scsi-mq by default") Signed-off-by: Adrian Hunter Acked-by: Christoph Hellwig Signed-off-by: Martin K. Petersen commit b4a4957d3d1c328b733fce783b7264996f866ad2 Author: Michael J. Ruhl Date: Thu Sep 20 12:59:14 2018 -0700 IB/hfi1: Fix destroy_qp hang after a link down rvt_destroy_qp() cannot complete until all in process packets have been released from the underlying hardware. If a link down event occurs, an application can hang with a kernel stack similar to: cat /proc//stack quiesce_qp+0x178/0x250 [hfi1] rvt_reset_qp+0x23d/0x400 [rdmavt] rvt_destroy_qp+0x69/0x210 [rdmavt] ib_destroy_qp+0xba/0x1c0 [ib_core] nvme_rdma_destroy_queue_ib+0x46/0x80 [nvme_rdma] nvme_rdma_free_queue+0x3c/0xd0 [nvme_rdma] nvme_rdma_destroy_io_queues+0x88/0xd0 [nvme_rdma] nvme_rdma_error_recovery_work+0x52/0xf0 [nvme_rdma] process_one_work+0x17a/0x440 worker_thread+0x126/0x3c0 kthread+0xcf/0xe0 ret_from_fork+0x58/0x90 0xffffffffffffffff quiesce_qp() waits until all outstanding packets have been freed. This wait should be momentary. During a link down event, the cleanup handling does not ensure that all packets caught by the link down are flushed properly. This is caused by the fact that the freeze path and the link down event is handled the same. This is not correct. The freeze path waits until the HFI is unfrozen and then restarts PIO. A link down is not a freeze event. The link down path cannot restart the PIO until link is restored. If the PIO path is restarted before the link comes up, the application (QP) using the PIO path will hang (until link is restored). Fix by separating the linkdown path from the freeze path and use the link down path for link down events. Close a race condition sc_disable() by acquiring both the progress and release locks. Close a race condition in sc_stop() by moving the setting of the flag bits under the alloc lock. Cc: # 4.9.x+ Fixes: 7724105686e7 ("IB/hfi1: add driver files") Reviewed-by: Mike Marciniszyn Signed-off-by: Michael J. Ruhl Signed-off-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit d623500b3c4efd8d4e945ac9003c6b87b469a9ab Author: Michael J. Ruhl Date: Thu Sep 20 12:59:05 2018 -0700 IB/hfi1: Fix context recovery when PBC has an UnsupportedVL If a packet stream uses an UnsupportedVL (virtual lane), the send engine will not send the packet, and it will not indicate that an error has occurred. This will cause the packet stream to block. HFI has 8 virtual lanes available for packet streams. Each lane can be enabled or disabled using the UnsupportedVL mask. If a lane is disabled, adding a packet to the send context must be disallowed. The current mask for determining unsupported VLs defaults to 0 (allow all). This is incorrect. Only the VLs that are defined should be allowed. Determine which VLs are disabled (mtu == 0), and set the appropriate unsupported bit in the mask. The correct mask will allow the send engine to error on the invalid VL, and error recovery will work correctly. Cc: # 4.9.x+ Fixes: 7724105686e7 ("IB/hfi1: add driver files") Reviewed-by: Mike Marciniszyn Reviewed-by: Lukasz Odzioba Signed-off-by: Michael J. Ruhl Signed-off-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit 94694d18cf27a6faad91487a38ce516c2b16e7d9 Author: Michael J. Ruhl Date: Thu Sep 20 12:58:56 2018 -0700 IB/hfi1: Invalid user input can result in crash If the number of packets in a user sdma request does not match the actual iovectors being sent, sdma_cleanup can be called on an uninitialized request structure, resulting in a crash similar to this: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: [] __sdma_txclean+0x57/0x1e0 [hfi1] PGD 8000001044f61067 PUD 1052706067 PMD 0 Oops: 0000 [#1] SMP CPU: 30 PID: 69912 Comm: upsm Kdump: loaded Tainted: G OE ------------ 3.10.0-862.el7.x86_64 #1 Hardware name: Intel Corporation S2600KPR/S2600KPR, BIOS SE5C610.86B.01.01.0019.101220160604 10/12/2016 task: ffff8b331c890000 ti: ffff8b2ed1f98000 task.ti: ffff8b2ed1f98000 RIP: 0010:[] [] __sdma_txclean+0x57/0x1e0 [hfi1] RSP: 0018:ffff8b2ed1f9bab0 EFLAGS: 00010286 RAX: 0000000000008b2b RBX: ffff8b2adf6e0000 RCX: 0000000000000000 RDX: 00000000000000a0 RSI: ffff8b2e9eedc540 RDI: ffff8b2adf6e0000 RBP: ffff8b2ed1f9bad8 R08: 0000000000000000 R09: ffffffffc0b04a06 R10: ffff8b331c890190 R11: ffffe6ed00bf1840 R12: ffff8b3315480000 R13: ffff8b33154800f0 R14: 00000000fffffff2 R15: ffff8b2e9eedc540 FS: 00007f035ac47740(0000) GS:ffff8b331e100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 0000000c03fe6000 CR4: 00000000001607e0 Call Trace: [] user_sdma_send_pkts+0xdcd/0x1990 [hfi1] [] ? gup_pud_range+0x140/0x290 [] ? hfi1_mmu_rb_insert+0x155/0x1b0 [hfi1] [] hfi1_user_sdma_process_request+0xc5b/0x11b0 [hfi1] [] hfi1_aio_write+0xba/0x110 [hfi1] [] do_sync_readv_writev+0x7b/0xd0 [] do_readv_writev+0xce/0x260 [] ? tty_ldisc_deref+0x19/0x20 [] ? n_tty_ioctl+0xe0/0xe0 [] vfs_writev+0x35/0x60 [] SyS_writev+0x7f/0x110 [] system_call_fastpath+0x1c/0x21 Code: 06 49 c7 47 18 00 00 00 00 0f 87 89 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 66 2e 0f 1f 84 00 00 00 00 00 48 8b 4e 10 48 89 fb <48> 8b 51 08 49 89 d4 83 e2 0c 41 81 e4 00 e0 00 00 48 c1 ea 02 RIP [] __sdma_txclean+0x57/0x1e0 [hfi1] RSP CR2: 0000000000000008 There are two exit points from user_sdma_send_pkts(). One (free_tx) merely frees the slab entry and one (free_txreq) cleans the sdma_txreq prior to freeing the slab entry. The free_txreq variation can only be called after one of the sdma_init*() variations has been called. In the panic case, the slab entry had been allocated but not inited. Fix the issue by exiting through free_tx thus avoiding sdma_clean(). Cc: # 4.9.x+ Fixes: 7724105686e7 ("IB/hfi1: add driver files") Reviewed-by: Mike Marciniszyn Reviewed-by: Lukasz Odzioba Signed-off-by: Michael J. Ruhl Signed-off-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit 0dbfaa9f2813787679e296eb5476e40938ab48c8 Author: Ira Weiny Date: Thu Sep 20 12:58:46 2018 -0700 IB/hfi1: Fix SL array bounds check The SL specified by a user needs to be a valid SL. Add a range check to the user specified SL value which protects from running off the end of the SL to SC table. CC: stable@vger.kernel.org Fixes: 7724105686e7 ("IB/hfi1: add driver files") Signed-off-by: Ira Weiny Signed-off-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit 4fcb7f8be829d21bcbb24eef2204fb6b34ed1f80 Merge: 618cc1514b1e 44d8cc6f1a90 Author: Dave Airlie Date: Fri Sep 21 09:52:21 2018 +1000 Merge branch 'drm-fixes-4.19' of git://people.freedesktop.org/~agd5f/linux into drm-fixes A few fixes for 4.19: - Add a new polaris pci id - KFD fixes for raven and gfx7 Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20180920155850.5455-1-alexander.deucher@amd.com commit 618cc1514b1eed3bc1c46914d73a9914211aa9a4 Merge: 8ca4fff974ad e71cf5918765 Author: Dave Airlie Date: Fri Sep 21 09:50:46 2018 +1000 Merge branch 'vmwgfx-fixes-4.19' of git://people.freedesktop.org/~thomash/linux into drm-fixes A couple of modesetting fixes and a fix for a long-standing buffer-eviction problem cc'd stable. Signed-off-by: Dave Airlie From: Thomas Hellstrom Link: https://patchwork.freedesktop.org/patch/msgid/20180920063935.35492-1-thellstrom@vmware.com commit 4eeed3686981ff887bbdd7254139e2eca276534c Author: Majd Dibbiny Date: Tue Sep 18 10:51:37 2018 +0300 RDMA/uverbs: Fix validity check for modify QP Uverbs shouldn't enforce QP state in the command unless the user set the QP state bit in the attribute mask. In addition, only copy qp attr fields which have the corresponding bit set in the attribute mask over to the internal attr structure. Fixes: 88de869bbe4f ("RDMA/uverbs: Ensure validity of current QP state value") Fixes: bc38a6abdd5a ("[PATCH] IB uverbs: core implementation") Signed-off-by: Majd Dibbiny Signed-off-by: Jack Morgenstein Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 9024143e700f89d74b8cdaf316a3499d74fc56fe Author: Jisheng Zhang Date: Thu Sep 20 16:32:52 2018 -0500 PCI: dwc: Fix scheduling while atomic issues When programming the inbound/outbound ATUs, we call usleep_range() after each checking PCIE_ATU_ENABLE bit. Unfortunately, the ATU programming can be executed in atomic context: inbound ATU programming could be called through pci_epc_write_header() =>dw_pcie_ep_write_header() =>dw_pcie_prog_inbound_atu() outbound ATU programming could be called through pci_bus_read_config_dword() =>dw_pcie_rd_conf() =>dw_pcie_prog_outbound_atu() Fix this issue by calling mdelay() instead. Fixes: f8aed6ec624f ("PCI: dwc: designware: Add EP mode support") Fixes: d8bbeb39fbf3 ("PCI: designware: Wait for iATU enable") Signed-off-by: Jisheng Zhang [lorenzo.pieralisi@arm.com: commit log update] Signed-off-by: Lorenzo Pieralisi Signed-off-by: Bjorn Helgaas Acked-by: Gustavo Pimentel commit b3027b7746ce1e5a9429715ee6492aca2a6e4cf0 Author: Lorenzo Pieralisi Date: Wed Sep 19 17:06:36 2018 +0100 MAINTAINERS: Move mobiveil PCI driver entry where it belongs Commit 92f9ccca4c08 ("PCI: mobiveil: Add Mobiveil PCIe Host Bridge IP driver DT bindings") managed to add a MAINTAINERS entry where it does not really belong (ie in the middle of a totally unrelated series of entries and in the wrong alphabetical order). Fix it. Signed-off-by: Lorenzo Pieralisi Signed-off-by: Bjorn Helgaas Cc: Subrahmanya Lingappa commit 05ab1d8a4b36ee912b7087c6da127439ed0a903e Author: Feng Tang Date: Thu Sep 20 10:58:28 2018 +0800 x86/mm: Expand static page table for fixmap space We met a kernel panic when enabling earlycon, which is due to the fixmap address of earlycon is not statically setup. Currently the static fixmap setup in head_64.S only covers 2M virtual address space, while it actually could be in 4M space with different kernel configurations, e.g. when VSYSCALL emulation is disabled. So increase the static space to 4M for now by defining FIXMAP_PMD_NUM to 2, and add a build time check to ensure that the fixmap is covered by the initial static page tables. Fixes: 1ad83c858c7d ("x86_64,vsyscall: Make vsyscall emulation configurable") Suggested-by: Thomas Gleixner Signed-off-by: Feng Tang Signed-off-by: Thomas Gleixner Tested-by: kernel test robot Reviewed-by: Juergen Gross (Xen parts) Cc: H Peter Anvin Cc: Peter Zijlstra Cc: Michal Hocko Cc: Yinghai Lu Cc: Dave Hansen Cc: Andi Kleen Cc: Andy Lutomirsky Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180920025828.23699-1-feng.tang@intel.com commit 234b69e3e089d850a98e7b3145bd00e9b52b1111 Author: Junxiao Bi Date: Thu Sep 20 12:22:51 2018 -0700 ocfs2: fix ocfs2 read block panic While reading block, it is possible that io error return due to underlying storage issue, in this case, BH_NeedsValidate was left in the buffer head. Then when reading the very block next time, if it was already linked into journal, that will trigger the following panic. [203748.702517] kernel BUG at fs/ocfs2/buffer_head_io.c:342! [203748.702533] invalid opcode: 0000 [#1] SMP [203748.702561] Modules linked in: ocfs2 ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs sunrpc dm_switch dm_queue_length dm_multipath bonding be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i iw_cxgb4 cxgb4 cxgb3i libcxgbi iw_cxgb3 cxgb3 mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_devintf iTCO_wdt iTCO_vendor_support dcdbas ipmi_ssif i2c_core ipmi_si ipmi_msghandler acpi_pad pcspkr sb_edac edac_core lpc_ich mfd_core shpchp sg tg3 ptp pps_core ext4 jbd2 mbcache2 sr_mod cdrom sd_mod ahci libahci megaraid_sas wmi dm_mirror dm_region_hash dm_log dm_mod [203748.703024] CPU: 7 PID: 38369 Comm: touch Not tainted 4.1.12-124.18.6.el6uek.x86_64 #2 [203748.703045] Hardware name: Dell Inc. PowerEdge R620/0PXXHP, BIOS 2.5.2 01/28/2015 [203748.703067] task: ffff880768139c00 ti: ffff88006ff48000 task.ti: ffff88006ff48000 [203748.703088] RIP: 0010:[] [] ocfs2_read_blocks+0x669/0x7f0 [ocfs2] [203748.703130] RSP: 0018:ffff88006ff4b818 EFLAGS: 00010206 [203748.703389] RAX: 0000000008620029 RBX: ffff88006ff4b910 RCX: 0000000000000000 [203748.703885] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00000000023079fe [203748.704382] RBP: ffff88006ff4b8d8 R08: 0000000000000000 R09: ffff8807578c25b0 [203748.704877] R10: 000000000f637376 R11: 000000003030322e R12: 0000000000000000 [203748.705373] R13: ffff88006ff4b910 R14: ffff880732fe38f0 R15: 0000000000000000 [203748.705871] FS: 00007f401992c700(0000) GS:ffff880bfebc0000(0000) knlGS:0000000000000000 [203748.706370] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [203748.706627] CR2: 00007f4019252440 CR3: 00000000a621e000 CR4: 0000000000060670 [203748.707124] Stack: [203748.707371] ffff88006ff4b828 ffffffffa0609f52 ffff88006ff4b838 0000000000000001 [203748.707885] 0000000000000000 0000000000000000 ffff880bf67c3800 ffffffffa05eca00 [203748.708399] 00000000023079ff ffffffff81c58b80 0000000000000000 0000000000000000 [203748.708915] Call Trace: [203748.709175] [] ? ocfs2_inode_cache_io_unlock+0x12/0x20 [ocfs2] [203748.709680] [] ? ocfs2_empty_dir_filldir+0x80/0x80 [ocfs2] [203748.710185] [] ocfs2_read_dir_block_direct+0x3b/0x200 [ocfs2] [203748.710691] [] ocfs2_prepare_dx_dir_for_insert.isra.57+0x19f/0xf60 [ocfs2] [203748.711204] [] ? ocfs2_metadata_cache_io_unlock+0x1f/0x30 [ocfs2] [203748.711716] [] ocfs2_prepare_dir_for_insert+0x13a/0x890 [ocfs2] [203748.712227] [] ? ocfs2_check_dir_for_entry+0x8e/0x140 [ocfs2] [203748.712737] [] ocfs2_mknod+0x4b2/0x1370 [ocfs2] [203748.713003] [] ocfs2_create+0x65/0x170 [ocfs2] [203748.713263] [] vfs_create+0xdb/0x150 [203748.713518] [] do_last+0x815/0x1210 [203748.713772] [] ? path_init+0xb9/0x450 [203748.714123] [] path_openat+0x80/0x600 [203748.714378] [] ? handle_pte_fault+0xd15/0x1620 [203748.714634] [] do_filp_open+0x3a/0xb0 [203748.714888] [] ? __alloc_fd+0xa7/0x130 [203748.715143] [] do_sys_open+0x12c/0x220 [203748.715403] [] ? syscall_trace_enter_phase1+0x11b/0x180 [203748.715668] [] ? system_call_after_swapgs+0xe9/0x190 [203748.715928] [] SyS_open+0x1e/0x20 [203748.716184] [] system_call_fastpath+0x18/0xd7 [203748.716440] Code: 00 00 48 8b 7b 08 48 83 c3 10 45 89 f8 44 89 e1 44 89 f2 4c 89 ee e8 07 06 11 e1 48 8b 03 48 85 c0 75 df 8b 5d c8 e9 4d fa ff ff <0f> 0b 48 8b 7d a0 e8 dc c6 06 00 48 b8 00 00 00 00 00 00 00 10 [203748.717505] RIP [] ocfs2_read_blocks+0x669/0x7f0 [ocfs2] [203748.717775] RSP Joesph ever reported a similar panic. Link: https://oss.oracle.com/pipermail/ocfs2-devel/2013-May/008931.html Link: http://lkml.kernel.org/r/20180912063207.29484-1-junxiao.bi@oracle.com Signed-off-by: Junxiao Bi Cc: Joseph Qi Cc: Mark Fasheh Cc: Joel Becker Cc: Changwei Ge Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 172b06c32b949759fe6313abec514bc4f15014f4 Author: Roman Gushchin Date: Thu Sep 20 12:22:46 2018 -0700 mm: slowly shrink slabs with a relatively small number of objects 9092c71bb724 ("mm: use sc->priority for slab shrink targets") changed the way that the target slab pressure is calculated and made it priority-based: delta = freeable >> priority; delta *= 4; do_div(delta, shrinker->seeks); The problem is that on a default priority (which is 12) no pressure is applied at all, if the number of potentially reclaimable objects is less than 4096 (1<<12). This causes the last objects on slab caches of no longer used cgroups to (almost) never get reclaimed. It's obviously a waste of memory. It can be especially painful, if these stale objects are holding a reference to a dying cgroup. Slab LRU lists are reparented on memcg offlining, but corresponding objects are still holding a reference to the dying cgroup. If we don't scan these objects, the dying cgroup can't go away. Most likely, the parent cgroup hasn't any directly charged objects, only remaining objects from dying children cgroups. So it can easily hold a reference to hundreds of dying cgroups. If there are no big spikes in memory pressure, and new memory cgroups are created and destroyed periodically, this causes the number of dying cgroups grow steadily, causing a slow-ish and hard-to-detect memory "leak". It's not a real leak, as the memory can be eventually reclaimed, but it could not happen in a real life at all. I've seen hosts with a steadily climbing number of dying cgroups, which doesn't show any signs of a decline in months, despite the host is loaded with a production workload. It is an obvious waste of memory, and to prevent it, let's apply a minimal pressure even on small shrinker lists. E.g. if there are freeable objects, let's scan at least min(freeable, scan_batch) objects. This fix significantly improves a chance of a dying cgroup to be reclaimed, and together with some previous patches stops the steady growth of the dying cgroups number on some of our hosts. Link: http://lkml.kernel.org/r/20180905230759.12236-1-guro@fb.com Fixes: 9092c71bb724 ("mm: use sc->priority for slab shrink targets") Signed-off-by: Roman Gushchin Acked-by: Rik van Riel Cc: Josef Bacik Cc: Johannes Weiner Cc: Shakeel Butt Cc: Michal Hocko Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 3bf181bc5d8bc86f04ffd538d7fda9e69af1f2c2 Author: YueHaibing Date: Thu Sep 20 12:22:43 2018 -0700 kernel/sys.c: remove duplicated include Link: http://lkml.kernel.org/r/20180821133424.18716-1-yuehaibing@huawei.com Signed-off-by: YueHaibing Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit b45d71fb89ab8adfe727b9d0ee188ed58582a647 Author: Joel Fernandes (Google) Date: Thu Sep 20 12:22:39 2018 -0700 mm: shmem.c: Correctly annotate new inodes for lockdep Directories and inodes don't necessarily need to be in the same lockdep class. For ex, hugetlbfs splits them out too to prevent false positives in lockdep. Annotate correctly after new inode creation. If its a directory inode, it will be put into a different class. This should fix a lockdep splat reported by syzbot: > ====================================================== > WARNING: possible circular locking dependency detected > 4.18.0-rc8-next-20180810+ #36 Not tainted > ------------------------------------------------------ > syz-executor900/4483 is trying to acquire lock: > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: inode_lock > include/linux/fs.h:765 [inline] > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > > but task is already holding lock: > 0000000025208078 (ashmem_mutex){+.+.}, at: ashmem_shrink_scan+0xb4/0x630 > drivers/staging/android/ashmem.c:448 > > which lock already depends on the new lock. > > -> #2 (ashmem_mutex){+.+.}: > __mutex_lock_common kernel/locking/mutex.c:925 [inline] > __mutex_lock+0x171/0x1700 kernel/locking/mutex.c:1073 > mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088 > ashmem_mmap+0x55/0x520 drivers/staging/android/ashmem.c:361 > call_mmap include/linux/fs.h:1844 [inline] > mmap_region+0xf27/0x1c50 mm/mmap.c:1762 > do_mmap+0xa10/0x1220 mm/mmap.c:1535 > do_mmap_pgoff include/linux/mm.h:2298 [inline] > vm_mmap_pgoff+0x213/0x2c0 mm/util.c:357 > ksys_mmap_pgoff+0x4da/0x660 mm/mmap.c:1585 > __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] > __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline] > __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #1 (&mm->mmap_sem){++++}: > __might_fault+0x155/0x1e0 mm/memory.c:4568 > _copy_to_user+0x30/0x110 lib/usercopy.c:25 > copy_to_user include/linux/uaccess.h:155 [inline] > filldir+0x1ea/0x3a0 fs/readdir.c:196 > dir_emit_dot include/linux/fs.h:3464 [inline] > dir_emit_dots include/linux/fs.h:3475 [inline] > dcache_readdir+0x13a/0x620 fs/libfs.c:193 > iterate_dir+0x48b/0x5d0 fs/readdir.c:51 > __do_sys_getdents fs/readdir.c:231 [inline] > __se_sys_getdents fs/readdir.c:212 [inline] > __x64_sys_getdents+0x29f/0x510 fs/readdir.c:212 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #0 (&sb->s_type->i_mutex_key#9){++++}: > lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 > down_write+0x8f/0x130 kernel/locking/rwsem.c:70 > inode_lock include/linux/fs.h:765 [inline] > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > ashmem_shrink_scan+0x236/0x630 drivers/staging/android/ashmem.c:455 > ashmem_ioctl+0x3ae/0x13a0 drivers/staging/android/ashmem.c:797 > vfs_ioctl fs/ioctl.c:46 [inline] > file_ioctl fs/ioctl.c:501 [inline] > do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685 > ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702 > __do_sys_ioctl fs/ioctl.c:709 [inline] > __se_sys_ioctl fs/ioctl.c:707 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > other info that might help us debug this: > > Chain exists of: > &sb->s_type->i_mutex_key#9 --> &mm->mmap_sem --> ashmem_mutex > > Possible unsafe locking scenario: > > CPU0 CPU1 > ---- ---- > lock(ashmem_mutex); > lock(&mm->mmap_sem); > lock(ashmem_mutex); > lock(&sb->s_type->i_mutex_key#9); > > *** DEADLOCK *** > > 1 lock held by syz-executor900/4483: > #0: 0000000025208078 (ashmem_mutex){+.+.}, at: > ashmem_shrink_scan+0xb4/0x630 drivers/staging/android/ashmem.c:448 Link: http://lkml.kernel.org/r/20180821231835.166639-1-joel@joelfernandes.org Signed-off-by: Joel Fernandes (Google) Reported-by: syzbot Reviewed-by: NeilBrown Suggested-by: NeilBrown Cc: Matthew Wilcox Cc: Peter Zijlstra Cc: Hugh Dickins Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit a1b3d2f217cf51505858c5c160abef96c3e91721 Author: Dominique Martinet Date: Thu Sep 20 12:22:35 2018 -0700 fs/proc/kcore.c: fix invalid memory access in multi-page read optimization The 'm' kcore_list item could point to kclist_head, and it is incorrect to look at m->addr / m->size in this case. There is no choice but to run through the list of entries for every address if we did not find any entry in the previous iteration Reset 'm' to NULL in that case at Omar Sandoval's suggestion. [akpm@linux-foundation.org: add comment] Link: http://lkml.kernel.org/r/1536100702-28706-1-git-send-email-asmadeus@codewreck.org Fixes: bf991c2231117 ("proc/kcore: optimize multiple page reads") Signed-off-by: Dominique Martinet Reviewed-by: Andrew Morton Cc: Omar Sandoval Cc: Alexey Dobriyan Cc: Eric Biederman Cc: James Morse Cc: Bhupesh Sharma Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 889c695d419f19e5db52592dafbaf26143c36d1f Author: Pasha Tatashin Date: Thu Sep 20 12:22:30 2018 -0700 mm: disable deferred struct page for 32-bit arches Deferred struct page init is needed only on systems with large amount of physical memory to improve boot performance. 32-bit systems do not benefit from this feature. Jiri reported a problem where deferred struct pages do not work well with x86-32: [ 0.035162] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes) [ 0.035725] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes) [ 0.036269] Initializing CPU#0 [ 0.036513] Initializing HighMem for node 0 (00036ffe:0007ffe0) [ 0.038459] page:f6780000 is uninitialized and poisoned [ 0.038460] raw: ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff [ 0.039509] page dumped because: VM_BUG_ON_PAGE(1 && PageCompound(page)) [ 0.040038] ------------[ cut here ]------------ [ 0.040399] kernel BUG at include/linux/page-flags.h:293! [ 0.040823] invalid opcode: 0000 [#1] SMP PTI [ 0.041166] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc1_pt_jiri #9 [ 0.041694] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014 [ 0.042496] EIP: free_highmem_page+0x64/0x80 [ 0.042839] Code: 13 46 d8 c1 e8 18 5d 83 e0 03 8d 04 c0 c1 e0 06 ff 80 ec 5f 44 d8 c3 8d b4 26 00 00 00 00 ba 08 65 28 d8 89 d8 e8 fc 71 02 00 <0f> 0b 8d 76 00 8d bc 27 00 00 00 00 ba d0 b1 26 d8 89 d8 e8 e4 71 [ 0.044338] EAX: 0000003c EBX: f6780000 ECX: 00000000 EDX: d856cbe8 [ 0.044868] ESI: 0007ffe0 EDI: d838df20 EBP: d838df00 ESP: d838defc [ 0.045372] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210086 [ 0.045913] CR0: 80050033 CR2: 00000000 CR3: 18556000 CR4: 00040690 [ 0.046413] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 0.046913] DR6: fffe0ff0 DR7: 00000400 [ 0.047220] Call Trace: [ 0.047419] add_highpages_with_active_regions+0xbd/0x10d [ 0.047854] set_highmem_pages_init+0x5b/0x71 [ 0.048202] mem_init+0x2b/0x1e8 [ 0.048460] start_kernel+0x1d2/0x425 [ 0.048757] i386_start_kernel+0x93/0x97 [ 0.049073] startup_32_smp+0x164/0x168 [ 0.049379] Modules linked in: [ 0.049626] ---[ end trace 337949378db0abbb ]--- We free highmem pages before their struct pages are initialized: mem_init() set_highmem_pages_init() add_highpages_with_active_regions() free_highmem_page() .. Access uninitialized struct page here.. Because there is no reason to have this feature on 32-bit systems, just disable it. Link: http://lkml.kernel.org/r/20180831150506.31246-1-pavel.tatashin@microsoft.com Fixes: 2e3ca40f03bb ("mm: relax deferred struct page requirements") Signed-off-by: Pavel Tatashin Reported-by: Jiri Slaby Acked-by: Michal Hocko Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit f83606f5eb007adc33bc8541ede00590f477bdeb Author: KJ Tsanaktsidis Date: Thu Sep 20 12:22:25 2018 -0700 fork: report pid exhaustion correctly Make the clone and fork syscalls return EAGAIN when the limit on the number of pids /proc/sys/kernel/pid_max is exceeded. Currently, when the pid_max limit is exceeded, the kernel will return ENOSPC from the fork and clone syscalls. This is contrary to the documented behaviour, which explicitly calls out the pid_max case as one where EAGAIN should be returned. It also leads to really confusing error messages in userspace programs which will complain about a lack of disk space when they fail to create processes/threads for this reason. This error is being returned because alloc_pid() uses the idr api to find a new pid; when there are none available, idr_alloc_cyclic() returns -ENOSPC, and this is being propagated back to userspace. This behaviour has been broken before, and was explicitly fixed in commit 35f71bc0a09a ("fork: report pid reservation failure properly"), so I think -EAGAIN is definitely the right thing to return in this case. The current behaviour change dates from commit 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") and was I believe unintentional. This patch has no impact on the case where allocating a pid fails because the child reaper for the namespace is dead; that case will still return -ENOMEM. Link: http://lkml.kernel.org/r/20180903111016.46461-1-ktsanaktsidis@zendesk.com Fixes: 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") Signed-off-by: KJ Tsanaktsidis Reviewed-by: Andrew Morton Acked-by: Michal Hocko Cc: Gargi Sharma Cc: Rik van Riel Cc: Oleg Nesterov Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 9068a427ee0beb1365a0925e8c33f338f09f5e97 Author: Thomas Gleixner Date: Wed Sep 19 14:33:14 2018 +0200 MAINTAINERS: Add X86 MM entry Dave, Andy and Peter are de facto overseing the mm parts of X86. Add an explicit maintainers entry. Signed-off-by: Thomas Gleixner Acked-by: Dave Hansen Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra Acked-by: Ingo Molnar commit a8b3bb338e4ee4cc84a2b9a6fdf27049b84baa59 Author: Fenghua Yu Date: Thu Sep 20 12:37:08 2018 -0700 x86/intel_rdt: Add Reinette as co-maintainer for RDT Reinette Chatre is doing great job on enabling pseudo-locking and other features in RDT. Add her as co-maintainer for RDT. Suggested-by: Thomas Gleixner Signed-off-by: Fenghua Yu Signed-off-by: Thomas Gleixner Acked-by: Ingo Molnar Acked-by: Reinette Chatre Cc: "H Peter Anvin" Cc: "Tony Luck" Link: https://lkml.kernel.org/r/1537472228-221799-1-git-send-email-fenghua.yu@intel.com commit f061c1cc404a618858a77aea233fde0aeaad2f2d Author: Richard Weinberger Date: Sun Sep 16 23:57:35 2018 +0200 Revert "ubifs: xattr: Don't operate on deleted inodes" This reverts commit 11a6fc3dc743e22fb50f2196ec55bee5140d3c52. UBIFS wants to assert that xattr operations are only issued on files with positive link count. The said patch made this operations return -ENOENT for unlinked files such that the asserts will no longer trigger. This was wrong since xattr operations are perfectly fine on unlinked files. Instead the assertions need to be fixed/removed. Cc: Fixes: 11a6fc3dc743 ("ubifs: xattr: Don't operate on deleted inodes") Reported-by: Koen Vandeputte Tested-by: Joel Stanley Signed-off-by: Richard Weinberger commit d3bdc016c598e09a4ddf17805d17d43759b0a582 Author: Sascha Hauer Date: Wed Sep 12 14:51:38 2018 +0200 ubifs: drop false positive assertion The following sequence triggers ubifs_assert(c, c->lst.taken_empty_lebs > 0); at the end of ubifs_remount_fs(): mount -t ubifs /dev/ubi0_0 /mnt echo 1 > /sys/kernel/debug/ubifs/ubi0_0/ro_error umount /mnt mount -t ubifs -o ro /dev/ubix_y /mnt mount -o remount,ro /mnt The resulting UBIFS assert failed in ubifs_remount_fs at 1878 (pid 161) is a false positive. In the case above c->lst.taken_empty_lebs has never been changed from its initial zero value. This will only happen when the deferred recovery is done. Fix this by doing the assertion only when recovery has been done already. Signed-off-by: Sascha Hauer Signed-off-by: Richard Weinberger commit 37f31b6ca4311b94d985fb398a72e5399ad57925 Author: Richard Weinberger Date: Mon Sep 3 23:06:23 2018 +0200 ubifs: Check for name being NULL while mounting The requested device name can be NULL or an empty string. Check for that and refuse to continue. UBIFS has to do this manually since we cannot use mount_bdev(), which checks for this condition. Fixes: 1e51764a3c2ac ("UBIFS: add new flash file system") Reported-by: syzbot+38bd0f7865e5c6379280@syzkaller.appspotmail.com Signed-off-by: Richard Weinberger commit c949a8e8b43f2c75567269bcc9a50d704ae3c420 Author: Boris Brezillon Date: Thu Sep 20 09:31:11 2018 +0200 spi: spi-mem: Move the DMA-able constraint doc to the kerneldoc header We'd better have that documented in the kerneldoc header, so that it's exposed to the doc generated by Sphinx. Signed-off-by: Boris Brezillon Signed-off-by: Mark Brown commit 60489f085574157c343fc62a32f997fe7346a659 Author: Boris Brezillon Date: Thu Sep 20 09:31:10 2018 +0200 spi: spi-mem: Add missing description for data.nbytes field Add a description for spi_mem_op.data.nbytes to the kerneldoc header. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Signed-off-by: Boris Brezillon Signed-off-by: Mark Brown commit d7ab5cdce54da631f0c8c11e506c974536a3581e Author: Xin Long Date: Thu Sep 20 17:27:28 2018 +0800 sctp: update dst pmtu with the correct daddr When processing pmtu update from an icmp packet, it calls .update_pmtu with sk instead of skb in sctp_transport_update_pmtu. However for sctp, the daddr in the transport might be different from inet_sock->inet_daddr or sk->sk_v6_daddr, which is used to update or create the route cache. The incorrect daddr will cause a different route cache created for the path. So before calling .update_pmtu, inet_sock->inet_daddr/sk->sk_v6_daddr should be updated with the daddr in the transport, and update it back after it's done. The issue has existed since route exceptions introduction. Fixes: 4895c771c7f0 ("ipv4: Add FIB nexthop exceptions.") Reported-by: ian.periam@dialogic.com Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller commit 8c6ec3613e7b0aade20a3196169c0bab32ed3e3f Author: Davide Caratti Date: Wed Sep 19 19:01:37 2018 +0200 bnxt_en: don't try to offload VLAN 'modify' action bnxt offload code currently supports only 'push' and 'pop' operation: let .ndo_setup_tc() return -EOPNOTSUPP if VLAN 'modify' action is configured. Fixes: 2ae7408fedfe ("bnxt_en: bnxt: add TC flower filter offload support") Signed-off-by: Davide Caratti Acked-by: Sathya Perla Signed-off-by: David S. Miller commit 26b471c7e2f7befd0f59c35b257749ca57e0ed70 Author: Liran Alon Date: Sun Sep 16 14:28:20 2018 +0300 KVM: nVMX: Fix bad cleanup on error of get/set nested state IOCTLs The handlers of IOCTLs in kvm_arch_vcpu_ioctl() are expected to set their return value in "r" local var and break out of switch block when they encounter some error. This is because vcpu_load() is called before the switch block which have a proper cleanup of vcpu_put() afterwards. However, KVM_{GET,SET}_NESTED_STATE IOCTLs handlers just return immediately on error without performing above mentioned cleanup. Thus, change these handlers to behave as expected. Fixes: 8fcc4b5923af ("kvm: nVMX: Introduce KVM_CAP_NESTED_STATE") Reviewed-by: Mark Kanda Reviewed-by: Patrick Colp Signed-off-by: Liran Alon Signed-off-by: Paolo Bonzini commit 346fa83d10934cf206e2fd0f514bf8ce186f08fe Author: zhong jiang Date: Wed Sep 19 20:21:11 2018 +0800 netfilter: conntrack: get rid of double sizeof sizeof(sizeof()) is quite strange and does not seem to be what is wanted here. The issue is detected with the help of Coccinelle. Fixes: 39215846740a ("netfilter: conntrack: remove nlattr_size pointer from l4proto trackers") Signed-off-by: zhong jiang Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit bab4344975fe2c719eda32de59298d6de26fe126 Author: Stefan Agner Date: Mon Sep 17 22:21:36 2018 -0700 netfilter: nft_osf: use enum nft_data_types for nft_validate_register_store The function nft_validate_register_store requires a struct of type struct nft_data_types. NFTA_DATA_VALUE is of type enum nft_verdict_attributes. Pass the correct enum type. This fixes a warning seen with Clang: net/netfilter/nft_osf.c:52:8: warning: implicit conversion from enumeration type 'enum nft_data_attributes' to different enumeration type 'enum nft_data_types' [-Wenum-conversion] NFTA_DATA_VALUE, NFT_OSF_MAXGENRELEN); ^~~~~~~~~~~~~~~ Fixes: b96af92d6eaf ("netfilter: nf_tables: implement Passive OS fingerprint module in nft_osf") Link: https://github.com/ClangBuiltLinux/linux/issues/103 Signed-off-by: Stefan Agner Signed-off-by: Pablo Neira Ayuso commit a173f066c7cfc031acb8f541708041e009fc9812 Author: David Ahern Date: Mon Sep 17 08:20:36 2018 -0700 netfilter: bridge: Don't sabotage nf_hook calls from an l3mdev For starters, the bridge netfilter code registers operations that are invoked any time nh_hook is called. Specifically, ip_sabotage_in watches for nested calls for NF_INET_PRE_ROUTING when a bridge is in the stack. Packet wise, the bridge netfilter hook runs first. br_nf_pre_routing allocates nf_bridge, sets in_prerouting to 1 and calls NF_HOOK for NF_INET_PRE_ROUTING. It's finish function, br_nf_pre_routing_finish, then resets in_prerouting flag to 0 and the packet continues up the stack. The packet eventually makes it to the VRF driver and it invokes nf_hook for NF_INET_PRE_ROUTING in case any rules have been added against the vrf device. Because of the registered operations the call to nf_hook causes ip_sabotage_in to be invoked. That function sees the nf_bridge on the skb and that in_prerouting is not set. Thinking it is an invalid nested call it steals (drops) the packet. Update ip_sabotage_in to recognize that the bridge or one of its upper devices (e.g., vlan) can be enslaved to a VRF (L3 master device) and allow the packet to go through the nf_hook a second time. Fixes: 73e20b761acf ("net: vrf: Add support for PREROUTING rules on vrf device") Reported-by: D'Souza, Nelson Signed-off-by: David Ahern Signed-off-by: Pablo Neira Ayuso commit e0dccce1193f87597548d0db6ecc942fb92c04cd Author: Hans Verkuil Date: Mon Aug 27 14:28:50 2018 +0200 drm/i2c: tda9950: set MAX_RETRIES for errors only The CEC_TX_STATUS_MAX_RETRIES should be set for errors only to prevent the CEC framework from retrying the transmit. If the transmit was successful, then don't set this flag. Found by running 'cec-compliance -A' on a beaglebone box. Signed-off-by: Hans Verkuil Signed-off-by: Russell King commit d98627d1360d55e3b28f702caca8b6342c4a4e45 Author: Colin Ian King Date: Sun May 27 22:42:55 2018 +0100 drm/i2c: tda9950: fix timeout counter check Currently the check to see if the timeout has reached zero is incorrect and the check is instead checking if the timeout is non-zero and not zero, hence it will break out of the loop on the first iteration and the msleep is never executed. Fix this by breaking from the loop when timeout is zero. Detected by CoverityScan, CID#1469404 ("Logically Dead Code") Fixes: f0316f93897c ("drm/i2c: tda9950: add CEC driver") Signed-off-by: Colin Ian King Signed-off-by: Russell King commit fb6de923ca3358a91525552b4907d4cb38730bdd Author: Yu Zhao Date: Wed Sep 19 15:30:51 2018 -0600 regulator: fix crash caused by null driver data dev_set_drvdata() needs to be called before device_register() exposes device to userspace. Otherwise kernel crashes after it gets null pointer from dev_get_drvdata() when userspace tries to access sysfs entries. [Removed backtrace for length -- broonie] Signed-off-by: Yu Zhao Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit 44d8cc6f1a905e4bb1d4221a898abb0d7e9d100a Author: Yong Zhao Date: Wed Sep 12 21:42:20 2018 -0400 drm/amdkfd: Fix ATS capablity was not reported correctly on some APUs Because CRAT_CU_FLAGS_IOMMU_PRESENT was not set in some BIOS crat, we need to workaround this. For future compatibility, we also overwrite the bit in capability according to the value of needs_iommu_device. Acked-by: Alex Deucher Signed-off-by: Yong Zhao Reviewed-by: Felix Kuehling Signed-off-by: Felix Kuehling Signed-off-by: Alex Deucher commit 15426dbb65c5b37680d27e84d58a1ed3b8532518 Author: Yong Zhao Date: Wed Sep 12 21:42:19 2018 -0400 drm/amdkfd: Change the control stack MTYPE from UC to NC on GFX9 CWSR fails on Raven if the control stack is MTYPE_UC, which is used for regular GART mappings. As a workaround we map it using MTYPE_NC. The MEC firmware expects the control stack at one page offset from the start of the MQD so it is part of the MQD allocation on GFXv9. AMDGPU added a memory allocation flag just for this purpose. Acked-by: Alex Deucher Signed-off-by: Yong Zhao Reviewed-by: Felix Kuehling Signed-off-by: Felix Kuehling Signed-off-by: Alex Deucher commit caaa4c8a6be2a275bd14f2369ee364978ff74704 Author: Amber Lin Date: Wed Sep 12 21:42:18 2018 -0400 drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 A wrong register bit was examinated for checking SDMA status so it reports false failures. This typo only appears on gfx_v7. gfx_v8 checks the correct bit. Acked-by: Alex Deucher Signed-off-by: Amber Lin Reviewed-by: Felix Kuehling Signed-off-by: Felix Kuehling Signed-off-by: Alex Deucher commit 96147db1e1dff83679e71ac92193cbcab761a14c Author: Mika Westerberg Date: Tue Sep 18 18:36:21 2018 +0300 pinctrl: intel: Do pin translation in other GPIO operations as well For some reason I thought GPIOLIB handles translation from GPIO ranges to pinctrl pins but it turns out not to be the case. This means that when GPIOs operations are performed for a pin controller having a custom GPIO base such as Cannon Lake and Ice Lake incorrect pin number gets used internally. Fix this in the same way we did for lock/unlock IRQ operations and translate the GPIO number to pin before using it. Fixes: a60eac3239f0 ("pinctrl: intel: Allow custom GPIO base for pad groups") Reported-by: Rajat Jain Signed-off-by: Mika Westerberg Tested-by: Rajat Jain Signed-off-by: Linus Walleij commit d611aaf336b2e8e81f98490eabf7b92889b15319 Merge: 65eea8edc315 be1277f5eb17 Author: Jens Axboe Date: Thu Sep 20 09:10:38 2018 -0600 Merge branch 'nvme-4.19' of git://git.infradead.org/nvme into for-linus Pull NVMe fix from Christoph. * 'nvme-4.19' of git://git.infradead.org/nvme: nvme: count all ANA groups for ANA Log page commit 65eea8edc315589d6c993cf12dbb5d0e9ef1fe4e Author: Andy Whitcroft Date: Thu Sep 20 09:09:48 2018 -0600 floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl The final field of a floppy_struct is the field "name", which is a pointer to a string in kernel memory. The kernel pointer should not be copied to user memory. The FDGETPRM ioctl copies a floppy_struct to user memory, including this "name" field. This pointer cannot be used by the user and it will leak a kernel address to user-space, which will reveal the location of kernel code and data and undermine KASLR protection. Model this code after the compat ioctl which copies the returned data to a previously cleared temporary structure on the stack (excluding the name pointer) and copy out to userspace from there. As we already have an inparam union with an appropriate member and that memory is already cleared even for read only calls make use of that as a temporary store. Based on an initial patch by Brian Belleville. CVE-2018-7755 Signed-off-by: Andy Whitcroft Broke up long line. Signed-off-by: Jens Axboe commit 56ce3c5a50f4d8cc95361b1ec7f152006c6320d8 Author: Johannes Berg Date: Thu Sep 20 09:27:30 2018 +0200 smc: generic netlink family should be __ro_after_init The generic netlink family is only initialized during module init, so it should be __ro_after_init like all other generic netlink families. Signed-off-by: Johannes Berg Signed-off-by: David S. Miller commit f9d5b1d50840320fb6c66fafd1a532a995fc3758 Author: Petr Machata Date: Thu Sep 20 09:31:45 2018 +0300 mlxsw: spectrum: Bump required firmware version MC-aware mode was introduced to mlxsw in commit 7b8195306694 ("mlxsw: spectrum: Configure MC-aware mode on mlxsw ports") and fixed up later in commit 3a3539cd3632 ("mlxsw: spectrum_buffers: Set up a dedicated pool for BUM traffic"). As the final piece of puzzle, a firmware issue whereby a wrong priority was assigned to BUM traffic was corrected in FW version 13.1703.4. Therefore require this FW version in the driver. Fixes: 7b8195306694 ("mlxsw: spectrum: Configure MC-aware mode on mlxsw ports") Signed-off-by: Petr Machata Reviewed-by: Jiri Pirko Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit 7ce5c8cd753f9afa8e79e9ec40351998e354f239 Author: Jens Axboe Date: Thu Sep 20 08:30:55 2018 -0600 libata: mask swap internal and hardware tag hen we're comparing the hardware completion mask passed in from the driver with the internal tag pending mask, we need to account for the fact that the internal tag is different from the hardware tag. If not, then we can end up either prematurely completing the internal tag (since it's not set in the hw mask), or simply flag an error: ata2: illegal qc_active transition (100000000->00000001) If the internal tag is set, then swap that with the hardware tag in this case before comparing with what the hardware reports. Fixes: 28361c403683 ("libata: add extra internal command") Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=201151 Cc: stable@vger.kernel.org Reported-by: Paul Sbarra Tested-by: Paul Sbarra Signed-off-by: Jens Axboe commit ae596de1a0c8c2c924dc99d23c026259372ab234 Author: Miguel Ojeda Date: Tue Sep 18 18:55:42 2018 +0200 Compiler Attributes: naked can be shared The naked attribute is supported by at least gcc >= 4.6 (for ARM, which is the only current user), gcc >= 8 (for x86), clang >= 3.1 and icc >= 13. See https://godbolt.org/z/350Dyc Therefore, move it out of compiler-gcc.h so that the definition is shared by all compilers. This also fixes Clang support for ARM32 --- 815f0ddb346c ("include/linux/compiler*.h: make compiler-*.h mutually exclusive"). Fixes: 815f0ddb346c ("include/linux/compiler*.h: make compiler-*.h mutually exclusive") Cc: Rasmus Villemoes Cc: Eli Friedman Cc: Christopher Li Cc: Kees Cook Cc: Ingo Molnar Cc: Geert Uytterhoeven Cc: Greg Kroah-Hartman Cc: Masahiro Yamada Cc: Joe Perches Cc: Dominique Martinet Cc: Linus Torvalds Cc: linux-sparse@vger.kernel.org Suggested-by: Arnd Bergmann Tested-by: Stefan Agner Reviewed-by: Stefan Agner Reviewed-by: Luc Van Oostenryck Reviewed-by: Nick Desaulniers Signed-off-by: Miguel Ojeda Signed-off-by: Greg Kroah-Hartman commit d124b44f09cab67fc6da4a4513417e3e54b01efc Author: Miguel Ojeda Date: Tue Sep 18 18:55:41 2018 +0200 Compiler Attributes: naked was fixed in gcc 4.6 Commit 9c695203a7dd ("compiler-gcc.h: gcc-4.5 needs noclone and noinline on __naked functions") added noinline and noclone as a workaround for a gcc 4.5 bug, which was resolved in 4.6.0. Since now the minimum gcc supported version is 4.6, we can clean it up. See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=44290 and https://godbolt.org/z/h6NMIL Fixes: 815f0ddb346c ("include/linux/compiler*.h: make compiler-*.h mutually exclusive") Cc: Rasmus Villemoes Cc: Eli Friedman Cc: Christopher Li Cc: Kees Cook Cc: Ingo Molnar Cc: Geert Uytterhoeven Cc: Arnd Bergmann Cc: Greg Kroah-Hartman Cc: Masahiro Yamada Cc: Joe Perches Cc: Dominique Martinet Cc: Linus Torvalds Cc: linux-sparse@vger.kernel.org Tested-by: Stefan Agner Reviewed-by: Stefan Agner Reviewed-by: Luc Van Oostenryck Reviewed-by: Nick Desaulniers Signed-off-by: Miguel Ojeda Signed-off-by: Greg Kroah-Hartman commit 7e620984b62532783912312e334f3c48cdacbd5d Author: Uwe Kleine-König Date: Thu Sep 20 14:11:17 2018 +0200 serial: imx: restore handshaking irq for imx1 Back in 2015 when irda was dropped from the driver imx1 was broken. This change reintroduces the support for the third interrupt of the UART. Fixes: afe9cbb1a6ad ("serial: imx: drop support for IRDA") Cc: stable Signed-off-by: Uwe Kleine-König Reviewed-by: Leonard Crestez Signed-off-by: Greg Kroah-Hartman commit c716a25b9b70084e1144f77423f5aedd772ea478 Author: Thiago Jung Bauermann Date: Thu Sep 20 01:38:58 2018 -0300 powerpc/pkeys: Fix reading of ibm, processor-storage-keys property scan_pkey_feature() uses of_property_read_u32_array() to read the ibm,processor-storage-keys property and calls be32_to_cpu() on the value it gets. The problem is that of_property_read_u32_array() already returns the value converted to the CPU byte order. The value of pkeys_total ends up more or less sane because there's a min() call in pkey_initialize() which reduces pkeys_total to 32. So in practice the kernel ignores the fact that the hypervisor reserved one key for itself (the device tree advertises 31 keys in my test VM). This is wrong, but the effect in practice is that when a process tries to allocate the 32nd key, it gets an -EINVAL error instead of -ENOSPC which would indicate that there aren't any keys available Fixes: cf43d3b26452 ("powerpc: Enable pkey subsystem") Cc: stable@vger.kernel.org # v4.16+ Signed-off-by: Thiago Jung Bauermann Signed-off-by: Michael Ellerman commit 2823c8716c687d6c7e261a3a02b3cab43809fe9c Author: Larry Finger Date: Mon Aug 27 10:34:07 2018 -0500 b43: fix DMA error related regression with proprietary firmware In commit 66cffd6daab7 ("b43: fix transmit failure when VT is switched"), a condition is noted where the network controller needs to be reset. Note that this situation happens when running the open-source firmware (http://netweb.ing.unibs.it/~openfwwf/), plus a number of other special conditions. for a different card model, it is reported that this change breaks operation running the proprietary firmware (https://marc.info/?l=linux-wireless&m=153504546924558&w=2). Rather than reverting the previous patch, the code is tweaked to avoid the reset unless the open-source firmware is being used. Fixes: 66cffd6daab7 ("b43: fix transmit failure when VT is switched") Cc: Stable # 4.18+ Cc: Taketo Kabe Reported-and-tested-by: D. Prabhu Signed-off-by: Larry Finger Signed-off-by: Kalle Valo commit 3e3b81965cbfa01fda6d77750feedc3c46fc28d0 Author: Heikki Krogerus Date: Wed Sep 19 10:58:04 2018 +0300 usb: typec: mux: Take care of driver module reference counting Functions typec_mux_get() and typec_switch_get() already make sure that the mux device reference count is incremented, but the same must be done to the driver module as well to prevent the drivers from being unloaded in the middle of operation. This fixes a potential "BUG: unable to handle kernel paging request at ..." from happening. Fixes: 93dd2112c7b2 ("usb: typec: mux: Get the mux identifier from function parameter") Acked-by: Hans de Goede Tested-by: Hans de Goede Signed-off-by: Heikki Krogerus Signed-off-by: Greg Kroah-Hartman commit 16c4cb19fa85c648a803752eb63cac0ef69231c2 Author: Harry Pan Date: Fri Sep 14 16:58:16 2018 +0800 usb: core: safely deal with the dynamic quirk lists Applying dynamic usbcore quirks in early booting when the slab is not yet ready would cause kernel panic of null pointer dereference because the quirk_count has been counted as 1 while the quirk_list was failed to allocate. i.e., [ 1.044970] BUG: unable to handle kernel NULL pointer dereference at (null) [ 1.044995] IP: [] usb_detect_quirks+0x88/0xd1 [ 1.045016] PGD 0 [ 1.045026] Oops: 0000 [#1] PREEMPT SMP [ 1.046986] gsmi: Log Shutdown Reason 0x03 [ 1.046995] Modules linked in: [ 1.047008] CPU: 0 PID: 81 Comm: kworker/0:3 Not tainted 4.4.154 #28 [ 1.047016] Hardware name: Google Coral/Coral, BIOS Google_Coral.10068.27.0 12/04/2017 [ 1.047028] Workqueue: usb_hub_wq hub_event [ 1.047037] task: ffff88017a321c80 task.stack: ffff88017a384000 [ 1.047044] RIP: 0010:[] [] usb_detect_quirks+0x88/0xd1 To tackle this odd, let's balance the quirk_count to 0 when the kcalloc call fails, and defer the quirk setting into a lower level callback which ensures that the kernel memory management has been initialized. Fixes: 027bd6cafd9a ("usb: core: Add "quirks" parameter for usbcore") Signed-off-by: Harry Pan Acked-by: Kai-Heng Feng Cc: stable Signed-off-by: Greg Kroah-Hartman commit 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b Author: Heikki Krogerus Date: Wed Sep 19 10:58:05 2018 +0300 usb: roles: Take care of driver module reference counting This fixes potential "BUG: unable to handle kernel paging request at ..." from happening. Fixes: fde0aa6c175a ("usb: common: Small class for USB role switches") Cc: Acked-by: Hans de Goede Tested-by: Hans de Goede Signed-off-by: Heikki Krogerus Signed-off-by: Greg Kroah-Hartman commit 55a5542a546238354d1f209f794414168cf8c71d Author: Gerald Schaefer Date: Mon Sep 10 18:03:29 2018 +0200 s390/hibernate: fix error handling when suspend cpu != resume cpu The resume code checks if the resume cpu is the same as the suspend cpu. If not, and if it is also not possible to switch to the suspend cpu, an error message should be printed and the resume process should be stopped by loading a disabled wait psw. The current logic is broken in multiple ways, the message is never printed, and the disabled wait psw never loaded because the kernel panics before that: - sam31 and SIGP_SET_ARCHITECTURE to ESA mode is wrong, this will break on the first 64bit instruction in sclp_early_printk(). - The init stack should be used, but the stack pointer is not set up correctly (missing aghi %r15,-STACK_FRAME_OVERHEAD). - __sclp_early_printk() checks the sclp_init_state. If it is not sclp_init_state_uninitialized, it simply returns w/o printing anything. In the resumed kernel however, sclp_init_state will never be uninitialized. This patch fixes those issues by removing the sam31/ESA logic, adding a correct init stack pointer, and also introducing sclp_early_printk_force() to allow using sclp_early_printk() even when sclp_init_state is not uninitialized. Reviewed-by: Heiko Carstens Signed-off-by: Gerald Schaefer Signed-off-by: Martin Schwidefsky commit 85682a7e3b9c664995ad477520f917039afdc330 Author: Christophe Leroy Date: Mon Sep 10 06:09:04 2018 +0000 powerpc: fix csum_ipv6_magic() on little endian platforms On little endian platforms, csum_ipv6_magic() keeps len and proto in CPU byte order. This generates a bad results leading to ICMPv6 packets from other hosts being dropped by powerpc64le platforms. In order to fix this, len and proto should be converted to network byte order ie bigendian byte order. However checksumming 0x12345678 and 0x56341278 provide the exact same result so it is enough to rotate the sum of len and proto by 1 byte. PPC32 only support bigendian so the fix is needed for PPC64 only Fixes: e9c4943a107b ("powerpc: Implement csum_ipv6_magic in assembly") Reported-by: Jianlin Shi Reported-by: Xin Long Cc: # 4.18+ Signed-off-by: Christophe Leroy Tested-by: Xin Long Signed-off-by: Michael Ellerman commit c9a4cb204e9eb7fa7dfbe3f7d3a674fa530aa193 Author: Alan Stern Date: Mon Sep 10 14:00:53 2018 -0400 USB: handle NULL config in usb_find_alt_setting() usb_find_alt_setting() takes a pointer to a struct usb_host_config as an argument; it searches for an interface with specified interface and alternate setting numbers in that config. However, it crashes if the usb_host_config pointer argument is NULL. Since this is a general-purpose routine, available for use in many places, we want to to be more robust. This patch makes it return NULL whenever the config argument is NULL. Signed-off-by: Alan Stern Reported-by: syzbot+19c3aaef85a89d451eac@syzkaller.appspotmail.com CC: Signed-off-by: Greg Kroah-Hartman commit bd729f9d67aa9a303d8925bb8c4f06af25f407d1 Author: Alan Stern Date: Mon Sep 10 13:59:59 2018 -0400 USB: fix error handling in usb_driver_claim_interface() The syzbot fuzzing project found a use-after-free bug in the USB core. The bug was caused by usbfs not unbinding from an interface when the USB device file was closed, which led another process to attempt the unbind later on, after the private data structure had been deallocated. The reason usbfs did not unbind the interface at the appropriate time was because it thought the interface had never been claimed in the first place. This was caused by the fact that usb_driver_claim_interface() does not clean up properly when device_bind_driver() returns an error. Although the error code gets passed back to the caller, the iface->dev.driver pointer remains set and iface->condition remains equal to USB_INTERFACE_BOUND. This patch adds proper error handling to usb_driver_claim_interface(). Signed-off-by: Alan Stern Reported-by: syzbot+f84aa7209ccec829536f@syzkaller.appspotmail.com CC: Signed-off-by: Greg Kroah-Hartman commit c183813fcee44a249339b7c46e1ad271ca1870aa Author: Alan Stern Date: Mon Sep 10 13:58:51 2018 -0400 USB: remove LPM management from usb_driver_claim_interface() usb_driver_claim_interface() disables and re-enables Link Power Management, but it shouldn't do either one, for the reasons listed below. This patch removes the two LPM-related function calls from the routine. The reason for disabling LPM in the analogous function usb_probe_interface() is so that drivers won't have to deal with unwanted LPM transitions in their probe routine. But usb_driver_claim_interface() doesn't call the driver's probe routine (or any other callbacks), so that reason doesn't apply here. Furthermore, no driver other than usbfs will ever call usb_driver_claim_interface() unless it is already bound to another interface in the same device, which means disabling LPM here would be redundant. usbfs doesn't interact with LPM at all. Lastly, the error return from usb_unlocked_disable_lpm() isn't handled properly; the code doesn't clean up its earlier actions before returning. Signed-off-by: Alan Stern Fixes: 8306095fd2c1 ("USB: Disable USB 3.0 LPM in critical sections.") CC: Signed-off-by: Greg Kroah-Hartman commit 81e0403b26d94360abd1f6a57311337973bc82cd Author: Oliver Neukum Date: Wed Sep 5 12:07:03 2018 +0200 USB: usbdevfs: restore warning for nonsensical flags If we filter flags before they reach the core we need to generate our own warnings. Signed-off-by: Oliver Neukum Fixes: 0cb54a3e47cb ("USB: debugging code shouldn't alter control flow") Cc: stable Signed-off-by: Greg Kroah-Hartman commit 7a68d9fb851012829c29e770621905529bd9490b Author: Oliver Neukum Date: Wed Sep 5 12:07:02 2018 +0200 USB: usbdevfs: sanitize flags more Requesting a ZERO_PACKET or not is sensible only for output. In the input direction the device decides. Likewise accepting short packets makes sense only for input. This allows operation with panic_on_warn without opening up a local DOS. Signed-off-by: Oliver Neukum Reported-by: syzbot+843efa30c8821bd69f53@syzkaller.appspotmail.com Fixes: 0cb54a3e47cb ("USB: debugging code shouldn't alter control flow") Cc: stable Signed-off-by: Greg Kroah-Hartman commit e871db8d78df1c411032cbb3acfdf8930509360e Author: Sebastian Andrzej Siewior Date: Tue Sep 11 10:00:44 2018 +0200 Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" This reverts commit 6e22e3af7bb3a7b9dc53cb4687659f6e63fca427. The bug the patch describes to, has been already fixed in commit 2df6948428542 ("USB: cdc-wdm: don't enable interrupts in USB-giveback") so need to this, revert it. Fixes: 6e22e3af7bb3 ("usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()") Cc: stable Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Greg Kroah-Hartman commit 783f3b4e9ec50491c21746e7e05ec6c39c21f563 Author: Bin Liu Date: Mon Sep 17 11:40:22 2018 -0500 usb: musb: dsps: do not disable CPPI41 irq in driver teardown TI AM335x CPPI 4.1 module uses a single register bit for CPPI interrupts in both musb controllers. So disabling the CPPI irq in one musb driver breaks the other musb module. Since musb is already disabled before tearing down dma controller in musb_remove(), it is safe to not disable CPPI irq in musb_dma_controller_destroy(). Fixes: 255348289f71 ("usb: musb: dsps: Manage CPPI 4.1 DMA interrupt in DSPS") Cc: stable@vger.kernel.org Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman commit 4b92e7fd76e94624e3d5ff56b3d6a5788c4a7ac8 Merge: d82920849f30 4a3e85f2674c Author: Greg Kroah-Hartman Date: Thu Sep 20 11:25:20 2018 +0200 Merge tag 'mtd/fixes-for-4.19-rc5' of git://git.infradead.org/linux-mtd Boris writes: "- Fixes a bug in the ->read/write_reg() implementation of the m25p80 driver - Make sure of_node_get/put() calls are balanced in the partition parsing code - Fix a race in the denali NAND controller driver - Fix false positive WARN_ON() in the marvell NAND controller driver" * tag 'mtd/fixes-for-4.19-rc5' of git://git.infradead.org/linux-mtd: mtd: devices: m25p80: Make sure the buffer passed in op is DMA-able mtd: partitions: fix unbalanced of_node_get/put() mtd: rawnand: denali: fix a race condition when DMA is kicked mtd: rawnand: marvell: prevent harmless warnings commit d82920849f305a83b893a90eca6391de411d77ef Merge: eb9a29f9e585 196f4eeeb78f Author: Greg Kroah-Hartman Date: Thu Sep 20 09:50:49 2018 +0200 Merge tag 'sound-4.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Takashi writes: "sound fixes for 4.19-rc5 here comes a collection of various fixes, mostly for stable-tree or regression fixes. Two relatively high LOCs are about the (rather simple) conversion of uapi integer types in topology API, and a regression fix about HDMI hotplug notification on AMD HD-audio. The rest are all small individual fixes like ASoC Intel Skylake race condition, minor uninitialized page leak in emu10k1 ioctl, Firewire audio error paths, and so on." * tag 'sound-4.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (33 commits) ALSA: fireworks: fix memory leak of response buffer at error path ALSA: oxfw: fix memory leak of discovered stream formats at error path ALSA: oxfw: fix memory leak for model-dependent data at error path ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path ALSA: hda - Enable runtime PM only for discrete GPU ALSA: oxfw: fix memory leak of private data ALSA: firewire-tascam: fix memory leak of private data ALSA: firewire-digi00x: fix memory leak of private data sound: don't call skl_init_chip() to reset intel skl soc sound: enable interrupt after dma buffer initialization Revert "ASoC: Intel: Skylake: Acquire irq after RIRB allocation" ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO ASoC: cs4265: fix MMTLR Data switch control ASoC: AMD: Ensure reset bit is cleared before configuring ALSA: fireface: fix memory leak in ff400_switch_fetching_mode() ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER ASoC: rsnd: adg: care clock-frequency size ASoC: uniphier: change status to orphan ASoC: rsnd: fixup not to call clk_get/set under non-atomic ... commit b3a5402cbcebaf5a9db4d6a3268070e4a099355d Author: Takashi Iwai Date: Tue Sep 18 18:21:11 2018 +0200 ALSA: hda: Fix the audio-component completion timeout The timeout of audio component binding was incorrectly specified in msec, not in jiffies, which results in way too shorter timeout than expected. Along with fixing it, add the information print about the binding failure to show the unexpected situation more clearly. Fixes: a57942bfdd61 ("ALSA: hda: Make audio component support more generic") Signed-off-by: Takashi Iwai commit 32bf94fb5c2ec4ec842152d0e5937cd4bb6738fa Author: Sean Tranchetti Date: Wed Sep 19 13:54:56 2018 -0600 xfrm: validate template mode XFRM mode parameters passed as part of the user templates in the IP_XFRM_POLICY are never properly validated. Passing values other than valid XFRM modes can cause stack-out-of-bounds reads to occur later in the XFRM processing: [ 140.535608] ================================================================ [ 140.543058] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x17e4/0x1cc4 [ 140.550306] Read of size 4 at addr ffffffc0238a7a58 by task repro/5148 [ 140.557369] [ 140.558927] Call trace: [ 140.558936] dump_backtrace+0x0/0x388 [ 140.558940] show_stack+0x24/0x30 [ 140.558946] __dump_stack+0x24/0x2c [ 140.558949] dump_stack+0x8c/0xd0 [ 140.558956] print_address_description+0x74/0x234 [ 140.558960] kasan_report+0x240/0x264 [ 140.558963] __asan_report_load4_noabort+0x2c/0x38 [ 140.558967] xfrm_state_find+0x17e4/0x1cc4 [ 140.558971] xfrm_resolve_and_create_bundle+0x40c/0x1fb8 [ 140.558975] xfrm_lookup+0x238/0x1444 [ 140.558977] xfrm_lookup_route+0x48/0x11c [ 140.558984] ip_route_output_flow+0x88/0xc4 [ 140.558991] raw_sendmsg+0xa74/0x266c [ 140.558996] inet_sendmsg+0x258/0x3b0 [ 140.559002] sock_sendmsg+0xbc/0xec [ 140.559005] SyS_sendto+0x3a8/0x5a8 [ 140.559008] el0_svc_naked+0x34/0x38 [ 140.559009] [ 140.592245] page dumped because: kasan: bad access detected [ 140.597981] page_owner info is not active (free page?) [ 140.603267] [ 140.653503] ================================================================ Signed-off-by: Sean Tranchetti Signed-off-by: Steffen Klassert commit bffd5e86951c43e87abf12157e4d6ff7dc37cec9 Merge: cf5cca6e4cc4 7e3e375ceede Author: David S. Miller Date: Wed Sep 19 23:12:24 2018 -0700 Merge branch 'qed-fixes' Sudarsana Reddy Kalluru says: ==================== qed: Fix series for multi-function mode implementation. The patch series addresses few issues in the switch dependent multi-function modes. Please consider applying it to 'net' tree. ==================== Signed-off-by: David S. Miller commit 7e3e375ceede8fba5218362d14db7de25fa83f12 Author: Sudarsana Reddy Kalluru Date: Wed Sep 19 21:59:12 2018 -0700 qed: Add missing device config for RoCE EDPM in UFP mode. This patch adds support to configure the DORQ to use vlan-id/priority for roce EDPM. Fixes: cac6f691 ("qed: Add support for Unified Fabric Port") Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Tomer Tayar Signed-off-by: David S. Miller commit 0216da9413afa546627a1b0d319dfd17fef34050 Author: Sudarsana Reddy Kalluru Date: Wed Sep 19 21:59:11 2018 -0700 qed: Do not add VLAN 0 tag to untagged frames in multi-function mode. In certain multi-function switch dependent modes, firmware adds vlan tag 0 to the untagged frames. This leads to double tagging for the traffic if the dcbx is enabled, which is not the desired behavior. To avoid this, driver needs to set "dcb_dont_add_vlan0" flag. Fixes: cac6f691 ("qed: Add support for Unified Fabric Port") Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Tomer Tayar Signed-off-by: David S. Miller commit 50fdf60181b01b7383b85d4b9acbb842263d96a2 Author: Sudarsana Reddy Kalluru Date: Wed Sep 19 21:59:10 2018 -0700 qed: Fix populating the invalid stag value in multi function mode. In multi-function mode, driver receives the stag value (outer vlan) for a PF from management FW (MFW). If the stag value is negotiated prior to the driver load, then the stag is not notified to the driver and hence driver will have the invalid stag value. The fix is to request the MFW for STAG value during the driver load time. Fixes: cac6f691 ("qed: Add support for Unified Fabric Port") Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Tomer Tayar Signed-off-by: David S. Miller commit e71cf591876536f7dd5a54ef68d631278ca6faa1 Author: Thomas Hellstrom Date: Fri Sep 14 09:24:19 2018 +0200 drm/vmwgfx: Fix buffer object eviction Commit 19be55701071 ("drm/ttm: add operation ctx to ttm_bo_validate v2") introduced a regression where the vmwgfx driver refused to evict a buffer that was still busy instead of waiting for it to become idle. Fix this. Cc: Signed-off-by: Thomas Hellstrom Reviewed-by: Christian König commit a4bd815a94b7aae27e2413f2ce7b458f9843b8ae Author: Deepak Rawat Date: Thu Sep 13 12:46:10 2018 +0200 drm/vmwgfx: Don't impose STDU limits on framebuffer size If framebuffers are larger, we create bounce surfaces that are within STDU limits. Signed-off-by: Deepak Rawat Reviewed-by: Thomas Hellstrom Signed-off-by: Thomas Hellstrom commit 140b4e67c2e1269a945c5caacdcb0c0346ad4cef Author: Deepak Rawat Date: Thu Sep 13 12:44:13 2018 +0200 drm/vmwgfx: limit mode size for all display unit to texture_max For all display units, limit mode size exposed to texture_max_width/ height as this is the maximum framebuffer size that virtual device can create. Signed-off-by: Deepak Rawat Reviewed-by: Sinclair Yeh Reviewed-by: Thomas Hellstrom Signed-off-by: Thomas Hellstrom commit 0c1b174b1b9a497230f937345d4db76fea267398 Author: Deepak Rawat Date: Thu Sep 13 12:34:37 2018 +0200 drm/vmwgfx: limit screen size to stdu_max during check_modeset For STDU individual screen target size is limited by SVGA_REG_SCREENTARGET_MAX_WIDTH/HEIGHT registers so add that limit during atomic check_modeset. An additional limit is placed in the update_layout ioctl to avoid requesting layouts that current user-space typically can't support. Also modified the comments to reflect current limitation on topology. Signed-off-by: Deepak Rawat Reviewed-by: Sinclair Yeh Reviewed-by: Thomas Hellstrom Signed-off-by: Thomas Hellstrom commit bfc888261474efb0676f0e1d128f22c9692b97b1 Author: Deepak Rawat Date: Thu Sep 13 12:33:49 2018 +0200 drm/vmwgfx: don't check for old_crtc_state enable status During atomic check to prepare the new topology no need to check if old_crtc_state was enabled or not. This will cause atomic_check to fail because due to connector routing a crtc can be in atomic_state even if there was no change to enable status. Detected this issue with igt run. Signed-off-by: Deepak Rawat Reviewed-by: Sinclair Yeh Signed-off-by: Thomas Hellstrom commit 7233b8cab39014620ac9534da11f0f3e506d8fd8 Author: Alexey Kardashevskiy Date: Tue Sep 11 15:38:05 2018 +1000 powerpc/powernv/ioda2: Reduce upper limit for DMA window size (again) mpe: This was fixed originally in commit d3d4ffaae439 ("powerpc/powernv/ioda2: Reduce upper limit for DMA window size"), but contrary to what the merge commit says was inadvertently lost by me in commit ce57c6610cc2 ("Merge branch 'topic/ppc-kvm' into next") which brought in changes that moved the code to a new file. So reapply it to the new file. Original commit message follows: We use PHB in mode1 which uses bit 59 to select a correct DMA window. However there is mode2 which uses bits 59:55 and allows up to 32 DMA windows per a PE. Even though documentation does not clearly specify that, it seems that the actual hardware does not support bits 59:55 even in mode1, in other words we can create a window as big as 1<<58 but DMA simply won't work. This reduces the upper limit from 59 to 55 bits to let the userspace know about the hardware limits. Fixes: ce57c6610cc2 ("Merge branch 'topic/ppc-kvm' into next") Signed-off-by: Alexey Kardashevskiy Signed-off-by: Michael Ellerman commit cf5cca6e4cc4dea604d8c83e7676f10459d6809c Author: Antoine Tenart Date: Wed Sep 19 15:29:06 2018 +0200 net: mvneta: fix the Rx desc buffer DMA unmapping With CONFIG_DMA_API_DEBUG enabled we now get a warning when using the mvneta driver: mvneta d0030000.ethernet: DMA-API: device driver frees DMA memory with wrong function [device address=0x000000001165b000] [size=4096 bytes] [mapped as page] [unmapped as single] This is because when using the s/w buffer management, the Rx descriptor buffer is mapped with dma_map_page but unmapped with dma_unmap_single. This patch fixes this by using the right unmapping function. Fixes: 562e2f467e71 ("net: mvneta: Improve the buffer allocation method for SWBM") Signed-off-by: Antoine Tenart Signed-off-by: David S. Miller commit 76c0ddd8c3a683f6e2c6e60e11dc1a1558caf4bc Author: Paolo Abeni Date: Wed Sep 19 15:02:07 2018 +0200 ip6_tunnel: be careful when accessing the inner header the ip6 tunnel xmit ndo assumes that the processed skb always contains an ip[v6] header, but syzbot has found a way to send frames that fall short of this assumption, leading to the following splat: BUG: KMSAN: uninit-value in ip6ip6_tnl_xmit net/ipv6/ip6_tunnel.c:1307 [inline] BUG: KMSAN: uninit-value in ip6_tnl_start_xmit+0x7d2/0x1ef0 net/ipv6/ip6_tunnel.c:1390 CPU: 0 PID: 4504 Comm: syz-executor558 Not tainted 4.16.0+ #87 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:683 ip6ip6_tnl_xmit net/ipv6/ip6_tunnel.c:1307 [inline] ip6_tnl_start_xmit+0x7d2/0x1ef0 net/ipv6/ip6_tunnel.c:1390 __netdev_start_xmit include/linux/netdevice.h:4066 [inline] netdev_start_xmit include/linux/netdevice.h:4075 [inline] xmit_one net/core/dev.c:3026 [inline] dev_hard_start_xmit+0x5f1/0xc70 net/core/dev.c:3042 __dev_queue_xmit+0x27ee/0x3520 net/core/dev.c:3557 dev_queue_xmit+0x4b/0x60 net/core/dev.c:3590 packet_snd net/packet/af_packet.c:2944 [inline] packet_sendmsg+0x7c70/0x8a30 net/packet/af_packet.c:2969 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg net/socket.c:640 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2046 __sys_sendmmsg+0x42d/0x800 net/socket.c:2136 SYSC_sendmmsg+0xc4/0x110 net/socket.c:2167 SyS_sendmmsg+0x63/0x90 net/socket.c:2162 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x441819 RSP: 002b:00007ffe58ee8268 EFLAGS: 00000213 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441819 RDX: 0000000000000002 RSI: 0000000020000100 RDI: 0000000000000003 RBP: 00000000006cd018 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000402510 R13: 00000000004025a0 R14: 0000000000000000 R15: 0000000000000000 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline] kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:188 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:314 kmsan_slab_alloc+0x11/0x20 mm/kmsan/kmsan.c:321 slab_post_alloc_hook mm/slab.h:445 [inline] slab_alloc_node mm/slub.c:2737 [inline] __kmalloc_node_track_caller+0xaed/0x11c0 mm/slub.c:4369 __kmalloc_reserve net/core/skbuff.c:138 [inline] __alloc_skb+0x2cf/0x9f0 net/core/skbuff.c:206 alloc_skb include/linux/skbuff.h:984 [inline] alloc_skb_with_frags+0x1d4/0xb20 net/core/skbuff.c:5234 sock_alloc_send_pskb+0xb56/0x1190 net/core/sock.c:2085 packet_alloc_skb net/packet/af_packet.c:2803 [inline] packet_snd net/packet/af_packet.c:2894 [inline] packet_sendmsg+0x6454/0x8a30 net/packet/af_packet.c:2969 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg net/socket.c:640 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2046 __sys_sendmmsg+0x42d/0x800 net/socket.c:2136 SYSC_sendmmsg+0xc4/0x110 net/socket.c:2167 SyS_sendmmsg+0x63/0x90 net/socket.c:2162 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 This change addresses the issue adding the needed check before accessing the inner header. The ipv4 side of the issue is apparently there since the ipv4 over ipv6 initial support, and the ipv6 side predates git history. Fixes: c4d3efafcc93 ("[IPV6] IP6TUNNEL: Add support to IPv4 over IPv6 tunnel.") Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+3fde91d4d394747d6db4@syzkaller.appspotmail.com Tested-by: Alexander Potapenko Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller commit 13b91ed77a65cf3bf23353880245d0cbd9138294 Author: Icenowy Zheng Date: Sun Sep 16 12:34:09 2018 +0800 ARM: dts: sun8i: drop A64 HDMI PHY fallback compatible from R40 DT The R40 HDMI PHY seems to be different to the A64 one, the A64 one has no input mux, but the R40 one has. Drop the A64 fallback compatible from the HDMI PHY node in R40 DT. Signed-off-by: Icenowy Zheng Signed-off-by: Maxime Ripard [wens@csie.org: Fix subject prefix order] Signed-off-by: Chen-Yu Tsai commit 30f3984ede683b98a4e8096e200df78bf0609b4f Author: Alex Deucher Date: Tue Sep 18 15:28:24 2018 -0500 drm/amdgpu: add new polaris pci id Add new pci id. Reviewed-by: Rex Zhu Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit aa86b03c3ee65fc7bd4438dbb70665534df86050 Merge: 69ba423d35c2 dabeb13eee81 Author: David S. Miller Date: Wed Sep 19 20:32:46 2018 -0700 Merge tag 'batadv-net-for-davem-20180919' of git://git.open-mesh.org/linux-merge Simon Wunderlich says: ==================== pull request for net: batman-adv 2018-09-19 here are some bugfixes which we would like to see integrated into net. We forgot to bump the version number in the last round for net-next, so the belated patch to do that is included - we hope you can adopt it. This will most likely create a merge conflict later when merging into net-next with this rounds net-next patchset, but net-next should keep the 2018.4 version[1]. [1] resolution: --- a/net/batman-adv/main.h +++ b/net/batman-adv/main.h @@ -25,11 +25,7 @@ #define BATADV_DRIVER_DEVICE "batman-adv" #ifndef BATADV_SOURCE_VERSION -<<<<<<< -#define BATADV_SOURCE_VERSION "2018.3" -======= #define BATADV_SOURCE_VERSION "2018.4" ->>>>>>> #endif /* B.A.T.M.A.N. parameters */ Please pull or let me know of any problem! Here are some batman-adv bugfixes: - Avoid ELP information leak, by Sven Eckelmann - Fix sysfs segfault issues, by Sven Eckelmann (2 patches) - Fix locking when adding entries in various lists, by Sven Eckelmann (5 patches) - Fix refcount if queue_work() fails, by Marek Lindner (2 patches) - Fixup forgotten version bump, by Sven Eckelmann ==================== Signed-off-by: David S. Miller commit 8ca4fff974ad5288d38298f15bf218f2eac2d5e7 Merge: d5b3a31b1cea a530bf948ab7 Author: Dave Airlie Date: Thu Sep 20 10:01:46 2018 +1000 Merge tag 'drm-intel-fixes-2018-09-19' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes Only fixes coming from gvt containing "Two more BXT fixes from Colin, one srcu locking fix and one fix for GGTT clear when destroy vGPU." Signed-off-by: Dave Airlie From: Rodrigo Vivi Link: https://patchwork.freedesktop.org/patch/msgid/20180919151915.GA6309@intel.com commit d5b3a31b1ceaa9d6f44646848ebde590f2a03d84 Merge: 7876320f8880 558a9ef94a32 Author: Dave Airlie Date: Thu Sep 20 10:00:31 2018 +1000 Merge tag 'drm-misc-fixes-2018-09-19' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes drm-misc-fixes for v4.19-rc5: - Fix crash in vgem in drm_drv_uses_atomic_modeset. - Allow atomic drivers that don't set DRIVER_ATOMIC to create debugfs entries. - Fix compiler warning for unused connector_funcs. - Fix null pointer deref on UDL unplug. - Disable DRM support for sun4i's R40 for now. (Not all patches went in for v4.19, so it has to wait a cycle.) - NULL-terminate the of_device_id table in pl111. - Make sure vc4 NV12 planar format works when displaying an unscaled fb. Signed-off-by: Dave Airlie From: Maarten Lankhorst Link: https://patchwork.freedesktop.org/patch/msgid/dda393bb-f13f-8d36-711b-cacfc578e5a3@linux.intel.com commit 8b56ee91ffc88ea01400c012e10fe22a9d233265 Author: Drew Schmitt Date: Mon Aug 20 10:32:16 2018 -0700 kvm: selftests: Add platform_info_test Test guest access to MSR_PLATFORM_INFO when the capability is enabled or disabled. Signed-off-by: Drew Schmitt Signed-off-by: Paolo Bonzini commit 6fbbde9a1969dfb476467ebf69a475095ef3fd4d Author: Drew Schmitt Date: Mon Aug 20 10:32:15 2018 -0700 KVM: x86: Control guest reads of MSR_PLATFORM_INFO Add KVM_CAP_MSR_PLATFORM_INFO so that userspace can disable guest access to reads of MSR_PLATFORM_INFO. Disabling access to reads of this MSR gives userspace the control to "expose" this platform-dependent information to guests in a clear way. As it exists today, guests that read this MSR would get unpopulated information if userspace hadn't already set it (and prior to this patch series, only the CPUID faulting information could have been populated). This existing interface could be confusing if guests don't handle the potential for incorrect/incomplete information gracefully (e.g. zero reported for base frequency). Signed-off-by: Drew Schmitt Signed-off-by: Paolo Bonzini commit d84f1cff9028c00ee870f0293b0c7a3866071dfa Author: Drew Schmitt Date: Mon Aug 20 10:32:14 2018 -0700 KVM: x86: Turbo bits in MSR_PLATFORM_INFO Allow userspace to set turbo bits in MSR_PLATFORM_INFO. Previously, only the CPUID faulting bit was settable. But now any bit in MSR_PLATFORM_INFO would be settable. This can be used, for example, to convey frequency information about the platform on which the guest is running. Signed-off-by: Drew Schmitt Signed-off-by: Paolo Bonzini commit ba8e23db59dc07e5de74fd7bd310e297d3e4ba54 Author: Krish Sadhukhan Date: Tue Sep 4 14:42:58 2018 -0400 nVMX x86: Check VPID value on vmentry of L2 guests According to section "Checks on VMX Controls" in Intel SDM vol 3C, the following check needs to be enforced on vmentry of L2 guests: If the 'enable VPID' VM-execution control is 1, the value of the of the VPID VM-execution control field must not be 0000H. Signed-off-by: Krish Sadhukhan Reviewed-by: Mark Kanda Reviewed-by: Liran Alon Reviewed-by: Jim Mattson Signed-off-by: Paolo Bonzini commit 6de84e581c083c4357b45c31b7ef71335725d850 Author: Krish Sadhukhan Date: Thu Aug 23 20:03:03 2018 -0400 nVMX x86: check posted-interrupt descriptor addresss on vmentry of L2 According to section "Checks on VMX Controls" in Intel SDM vol 3C, the following check needs to be enforced on vmentry of L2 guests: - Bits 5:0 of the posted-interrupt descriptor address are all 0. - The posted-interrupt descriptor address does not set any bits beyond the processor's physical-address width. Signed-off-by: Krish Sadhukhan Reviewed-by: Mark Kanda Reviewed-by: Liran Alon Reviewed-by: Darren Kenny Reviewed-by: Karl Heubaum Signed-off-by: Paolo Bonzini commit e6c67d8cf1173b229f0c4343d1cc7925eca11c11 Author: Liran Alon Date: Tue Sep 4 10:56:52 2018 +0300 KVM: nVMX: Wake blocked vCPU in guest-mode if pending interrupt in virtual APICv In case L1 do not intercept L2 HLT or enter L2 in HLT activity-state, it is possible for a vCPU to be blocked while it is in guest-mode. According to Intel SDM 26.6.5 Interrupt-Window Exiting and Virtual-Interrupt Delivery: "These events wake the logical processor if it just entered the HLT state because of a VM entry". Therefore, if L1 enters L2 in HLT activity-state and L2 has a pending deliverable interrupt in vmcs12->guest_intr_status.RVI, then the vCPU should be waken from the HLT state and injected with the interrupt. In addition, if while the vCPU is blocked (while it is in guest-mode), it receives a nested posted-interrupt, then the vCPU should also be waken and injected with the posted interrupt. To handle these cases, this patch enhances kvm_vcpu_has_events() to also check if there is a pending interrupt in L2 virtual APICv provided by L1. That is, it evaluates if there is a pending virtual interrupt for L2 by checking RVI[7:4] > VPPR[7:4] as specified in Intel SDM 29.2.1 Evaluation of Pending Interrupts. Note that this also handles the case of nested posted-interrupt by the fact RVI is updated in vmx_complete_nested_posted_interrupt() which is called from kvm_vcpu_check_block() -> kvm_arch_vcpu_runnable() -> kvm_vcpu_running() -> vmx_check_nested_events() -> vmx_complete_nested_posted_interrupt(). Reviewed-by: Nikita Leshenko Reviewed-by: Darren Kenny Signed-off-by: Liran Alon Signed-off-by: Paolo Bonzini commit 5bea5123cbf08f990a1aee8f08c643a272e06a0f Author: Paolo Bonzini Date: Tue Sep 18 15:19:17 2018 +0200 KVM: VMX: check nested state and CR4.VMXE against SMM VMX cannot be enabled under SMM, check it when CR4 is set and when nested virtualization state is restored. This should fix some WARNs reported by syzkaller, mostly around alloc_shadow_vmcs. Signed-off-by: Paolo Bonzini commit 822f312d47f0200dc0999c9f006fe94aa43bd0bd Author: Sebastian Andrzej Siewior Date: Wed Sep 12 15:33:45 2018 +0200 kvm: x86: make kvm_{load|put}_guest_fpu() static The functions kvm_load_guest_fpu() kvm_put_guest_fpu() are only used locally, make them static. This requires also that both functions are moved because they are used before their implementation. Those functions were exported (via EXPORT_SYMBOL) before commit e5bb40251a920 ("KVM: Drop kvm_{load,put}_guest_fpu() exports"). Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Paolo Bonzini commit a1efa9b70097a7ebb7c0a10bb72648776771b281 Author: Vitaly Kuznetsov Date: Mon Aug 27 18:48:57 2018 +0200 x86/hyper-v: rename ipi_arg_{ex,non_ex} structures These structures are going to be used from KVM code so let's make their names reflect their Hyper-V origin. Signed-off-by: Vitaly Kuznetsov Reviewed-by: Roman Kagan Acked-by: K. Y. Srinivasan Signed-off-by: Paolo Bonzini commit d264ee0c2ed20c6a426663590d4fc7a36cb6abd7 Author: Sean Christopherson Date: Mon Aug 27 15:21:12 2018 -0700 KVM: VMX: use preemption timer to force immediate VMExit A VMX preemption timer value of '0' is guaranteed to cause a VMExit prior to the CPU executing any instructions in the guest. Use the preemption timer (if it's supported) to trigger immediate VMExit in place of the current method of sending a self-IPI. This ensures that pending VMExit injection to L1 occurs prior to executing any instructions in the guest (regardless of nesting level). When deferring VMExit injection, KVM generates an immediate VMExit from the (possibly nested) guest by sending itself an IPI. Because hardware interrupts are blocked prior to VMEnter and are unblocked (in hardware) after VMEnter, this results in taking a VMExit(INTR) before any guest instruction is executed. But, as this approach relies on the IPI being received before VMEnter executes, it only works as intended when KVM is running as L0. Because there are no architectural guarantees regarding when IPIs are delivered, when running nested the INTR may "arrive" long after L2 is running e.g. L0 KVM doesn't force an immediate switch to L1 to deliver an INTR. For the most part, this unintended delay is not an issue since the events being injected to L1 also do not have architectural guarantees regarding their timing. The notable exception is the VMX preemption timer[1], which is architecturally guaranteed to cause a VMExit prior to executing any instructions in the guest if the timer value is '0' at VMEnter. Specifically, the delay in injecting the VMExit causes the preemption timer KVM unit test to fail when run in a nested guest. Note: this approach is viable even on CPUs with a broken preemption timer, as broken in this context only means the timer counts at the wrong rate. There are no known errata affecting timer value of '0'. [1] I/O SMIs also have guarantees on when they arrive, but I have no idea if/how those are emulated in KVM. Signed-off-by: Sean Christopherson [Use a hook for SVM instead of leaving the default in x86.c - Paolo] Signed-off-by: Paolo Bonzini commit f459a707ed313f110e4939d634317edcf9e96774 Author: Sean Christopherson Date: Mon Aug 27 15:21:11 2018 -0700 KVM: VMX: modify preemption timer bit only when arming timer Provide a singular location where the VMX preemption timer bit is set/cleared so that future usages of the preemption timer can ensure the VMCS bit is up-to-date without having to modify unrelated code paths. For example, the preemption timer can be used to force an immediate VMExit. Cache the status of the timer to avoid redundant VMREAD and VMWRITE, e.g. if the timer stays armed across multiple VMEnters/VMExits. Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit 4c008127e4716d246b44b403f8a65ae9744d32c4 Author: Sean Christopherson Date: Mon Aug 27 15:21:10 2018 -0700 KVM: VMX: immediately mark preemption timer expired only for zero value A VMX preemption timer value of '0' at the time of VMEnter is architecturally guaranteed to cause a VMExit prior to the CPU executing any instructions in the guest. This architectural definition is in place to ensure that a previously expired timer is correctly recognized by the CPU as it is possible for the timer to reach zero and not trigger a VMexit due to a higher priority VMExit being signalled instead, e.g. a pending #DB that morphs into a VMExit. Whether by design or coincidence, commit f4124500c2c1 ("KVM: nVMX: Fully emulate preemption timer") special cased timer values of '0' and '1' to ensure prompt delivery of the VMExit. Unlike '0', a timer value of '1' has no has no architectural guarantees regarding when it is delivered. Modify the timer emulation to trigger immediate VMExit if and only if the timer value is '0', and document precisely why '0' is special. Do this even if calibration of the virtual TSC failed, i.e. VMExit will occur immediately regardless of the frequency of the timer. Making only '0' a special case gives KVM leeway to be more aggressive in ensuring the VMExit is injected prior to executing instructions in the nested guest, and also eliminates any ambiguity as to why '1' is a special case, e.g. why wasn't the threshold for a "short timeout" set to 10, 100, 1000, etc... Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit a101c9d63ebb294144e596bfe9b4ae3156b1be96 Author: Andy Shevchenko Date: Thu Aug 30 14:49:59 2018 +0300 KVM: SVM: Switch to bitmap_zalloc() Switch to bitmap_zalloc() to show clearly what we are allocating. Besides that it returns pointer of bitmap type instead of opaque void *. Signed-off-by: Andy Shevchenko Signed-off-by: Paolo Bonzini commit 9a9845867c28dc876e7a3289c1745644a34bb393 Author: Tianyu Lan Date: Fri Sep 7 05:45:02 2018 +0000 KVM/MMU: Fix comment in walk_shadow_page_lockless_end() kvm_commit_zap_page() has been renamed to kvm_mmu_commit_zap_page() This patch is to fix the commit. Signed-off-by: Lan Tianyu Signed-off-by: Paolo Bonzini commit 6bd317d3c865ebcddcb287a424093fe4758c40ef Author: Lei Yang Date: Wed Aug 29 15:04:08 2018 +0800 kvm: selftests: use -pthread instead of -lpthread I run into the following error testing/selftests/kvm/dirty_log_test.c:285: undefined reference to `pthread_create' testing/selftests/kvm/dirty_log_test.c:297: undefined reference to `pthread_join' collect2: error: ld returned 1 exit status my gcc version is gcc version 4.8.4 "-pthread" would work everywhere Signed-off-by: Lei Yang Signed-off-by: Paolo Bonzini commit 83b20b28c670868bfb717be4fe1557c925a81657 Author: Wei Yang Date: Fri Sep 7 19:59:47 2018 +0800 KVM: x86: don't reset root in kvm_mmu_setup() Here is the code path which shows kvm_mmu_setup() is invoked after kvm_mmu_create(). Since kvm_mmu_setup() is only invoked in this code path, this means the root_hpa and prev_roots are guaranteed to be invalid. And it is not necessary to reset it again. kvm_vm_ioctl_create_vcpu() kvm_arch_vcpu_create() vmx_create_vcpu() kvm_vcpu_init() kvm_arch_vcpu_init() kvm_mmu_create() kvm_arch_vcpu_setup() kvm_mmu_setup() kvm_init_mmu() This patch set reset_roots to false in kmv_mmu_setup(). Fixes: 50c28f21d045dde8c52548f8482d456b3f0956f5 Signed-off-by: Wei Yang Reviewed-by: Liran Alon Signed-off-by: Paolo Bonzini commit d35b34a9a70edae7ef923f100e51b8b5ae9fe899 Author: Junaid Shahid Date: Wed Aug 8 17:45:24 2018 -0700 kvm: mmu: Don't read PDPTEs when paging is not enabled kvm should not attempt to read guest PDPTEs when CR0.PG = 0 and CR4.PAE = 1. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit d1766202779e81d0f2a94c4650a6ba31497d369d Author: Vitaly Kuznetsov Date: Thu Aug 2 17:08:16 2018 +0200 x86/kvm/lapic: always disable MMIO interface in x2APIC mode When VMX is used with flexpriority disabled (because of no support or if disabled with module parameter) MMIO interface to lAPIC is still available in x2APIC mode while it shouldn't be (kvm-unit-tests): PASS: apic_disable: Local apic enabled in x2APIC mode PASS: apic_disable: CPUID.1H:EDX.APIC[bit 9] is set FAIL: apic_disable: *0xfee00030: 50014 The issue appears because we basically do nothing while switching to x2APIC mode when APIC access page is not used. apic_mmio_{read,write} only check if lAPIC is disabled before proceeding to actual write. When APIC access is virtualized we correctly manipulate with VMX controls in vmx_set_virtual_apic_mode() and we don't get vmexits from memory writes in x2APIC mode so there's no issue. Disabling MMIO interface seems to be easy. The question is: what do we do with these reads and writes? If we add apic_x2apic_mode() check to apic_mmio_in_range() and return -EOPNOTSUPP these reads and writes will go to userspace. When lAPIC is in kernel, Qemu uses this interface to inject MSIs only (see kvm_apic_mem_write() in hw/i386/kvm/apic.c). This somehow works with disabled lAPIC but when we're in xAPIC mode we will get a real injected MSI from every write to lAPIC. Not good. The simplest solution seems to be to just ignore writes to the region and return ~0 for all reads when we're in x2APIC mode. This is what this patch does. However, this approach is inconsistent with what currently happens when flexpriority is enabled: we allocate APIC access page and create KVM memory region so in x2APIC modes all reads and writes go to this pre-allocated page which is, btw, the same for all vCPUs. Signed-off-by: Vitaly Kuznetsov Signed-off-by: Paolo Bonzini commit 080220b687147fd9376878534aba7194f17f6ef5 Author: Jakub Kicinski Date: Tue Sep 18 10:13:59 2018 -0700 tools: bpf: fix license for a compat header file libc_compat.h is used by libbpf so make sure it's licensed under LGPL or BSD license. The license change should be OK, I'm the only author of the file. Signed-off-by: Jakub Kicinski Reviewed-by: Quentin Monnet Acked-by: Yonghong Song Signed-off-by: Daniel Borkmann commit ee92efe41cf358f4b99e73509f2bfd4733609f26 Author: Bart Van Assche Date: Mon Sep 17 18:10:05 2018 -0700 IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Use different loop variables for the inner and outer loop. This avoids that an infinite loop occurs if there are more RDMA channels than target->req_ring_size. Fixes: d92c0da71a35 ("IB/srp: Add multichannel support") Cc: Signed-off-by: Bart Van Assche Signed-off-by: Jason Gunthorpe commit eb9a29f9e585044ec71e82d815298ad7e4908858 Merge: 6ad49fa1993d 55066354285b Author: Greg Kroah-Hartman Date: Wed Sep 19 22:59:30 2018 +0200 Merge tag 'hwmon-for-linus-v4.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Guenter writes: "Various bug fixes for nct6775 driver" commit 6ad49fa1993d92ef652ed85d525b8ce85fa653fd Merge: 4ca719a338d5 cbe3fd39d223 Author: Greg Kroah-Hartman Date: Wed Sep 19 22:34:22 2018 +0200 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi James writes: "SCSI fixes on 20180919 A couple of small but important fixes, one affecting big endian and the other fixing a BUG_ON in scatterlist processing. Signed-off-by: James E.J. Bottomley " commit d59f532480f5231bf62615a9287e05b78225fb05 Author: Juergen Gross Date: Wed Sep 19 15:42:33 2018 +0200 xen: issue warning message when out of grant maptrack entries When a driver domain (e.g. dom0) is running out of maptrack entries it can't map any more foreign domain pages. Instead of silently stalling the affected domUs issue a rate limited warning in this case in order to make it easier to detect that situation. Signed-off-by: Juergen Gross Reviewed-by: Boris Ostrovsky Signed-off-by: Boris Ostrovsky commit 70513d58751d7c6c1a0133557b13089b9f2e3e66 Author: Boris Ostrovsky Date: Thu Jul 12 13:27:00 2018 -0400 xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code Otherwise we may leak kernel stack for events that sample user registers. Reported-by: Mark Rutland Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky Cc: stable@vger.kernel.org commit ef8c4ed9db80261f397f0c0bf723684601ae3b52 Author: Stefan Agner Date: Mon Sep 17 19:31:57 2018 -0700 kbuild: allow to use GCC toolchain not in Clang search path When using a GCC cross toolchain which is not in a compiled in Clang search path, Clang reverts to the system assembler and linker. This leads to assembler or linker errors, depending on which tool is first used for a given architecture. It seems that Clang is not searching $PATH for a matching assembler or linker. Make sure that Clang picks up the correct assembler or linker by passing the cross compilers bin directory as search path. This allows to use Clang provided by distributions with GCC toolchains not in /usr/bin. Link: https://github.com/ClangBuiltLinux/linux/issues/78 Signed-off-by: Stefan Agner Reviewed-and-tested-by: Nick Desaulniers Signed-off-by: Masahiro Yamada commit 5a4630aadb9a9525474e9ac92965829f990cb5c4 Author: Joel Stanley Date: Mon Sep 17 17:07:54 2018 +0930 ftrace: Build with CPPFLAGS to get -Qunused-arguments When building to record the mcount locations the kernel uses KBUILD_CFLAGS but not KBUILD_CPPFLAGS. This means it lacks -Qunused-arguments when building with clang, resulting in a lot of noisy warnings. Signed-off-by: Joel Stanley Reviewed-by: Nick Desaulniers Signed-off-by: Masahiro Yamada commit 336b08088d4da009108d4418e241ca95c9152237 Author: Thomas Gleixner Date: Wed Sep 19 13:48:41 2018 +0200 MAINTAINERS: Add Borislav to the x86 maintainers Borislav is effectivly maintaining parts of X86 already, make it official. Signed-off-by: Thomas Gleixner Acked-by: Ingo Molnar Acked-by: Borislav Petkov commit 9e796c9db93b4840d1b00e550eea26db7cb741e2 Author: Toshi Kani Date: Fri Sep 14 08:51:14 2018 -0600 ext2, dax: set ext2_dax_aops for dax files Sync syscall to DAX file needs to flush processor cache, but it currently does not flush to existing DAX files. This is because 'ext2_da_aops' is set to address_space_operations of existing DAX files, instead of 'ext2_dax_aops', since S_DAX flag is set after ext2_set_aops() in the open path. Similar to ext4, change ext2_iget() to initialize i_flags before ext2_set_aops(). Fixes: fb094c90748f ("ext2, dax: introduce ext2_dax_aops") Signed-off-by: Toshi Kani Suggested-by: Jan Kara Cc: Jan Kara Cc: Dan Williams Cc: "Theodore Ts'o" Cc: Andreas Dilger Cc: Signed-off-by: Jan Kara commit 5d05dfd13f20b01a3cd5d293058baa7d5c1583b6 Merge: f21f7fa263ac 169e366c0808 Author: Ingo Molnar Date: Wed Sep 19 13:25:35 2018 +0200 Merge tag 'perf-urgent-for-mingo-4.19-20180918' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/urgent fixes from Arnaldo Carvalho de Melo: - Fix the build on !_GNU_SOURCE libc systems such as Alpine Linux/musl libc due to usage of strerror_r glibc variant on libbpf (Arnaldo Carvalho de Melo) - Fix out-of-tree asciidoctor man page generation (Ben Hutchings) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit 571d0563c8881595f4ab027aef9ed1c55e3e7b7c Author: Dan Carpenter Date: Wed Sep 19 13:35:53 2018 +0300 x86/paravirt: Fix some warning messages The first argument to WARN_ONCE() is a condition. Fixes: 5800dc5c19f3 ("x86/paravirt: Fix spectre-v2 mitigations for paravirt guests") Signed-off-by: Dan Carpenter Signed-off-by: Thomas Gleixner Reviewed-by: Juergen Gross Cc: Peter Zijlstra Cc: Alok Kataria Cc: "H. Peter Anvin" Cc: virtualization@lists.linux-foundation.org Cc: kernel-janitors@vger.kernel.org Link: https://lkml.kernel.org/r/20180919103553.GD9238@mwanda commit 3a58ac65e2d7969bcdf1b6acb70fa4d12a88e53e Author: Thomas Petazzoni Date: Thu Sep 13 16:48:08 2018 +0100 ARM: 8799/1: mm: fix pci_ioremap_io() offset check IO_SPACE_LIMIT is the ending address of the PCI IO space, i.e something like 0xfffff (and not 0x100000). Therefore, when offset = 0xf0000 is passed as argument, this function fails even though the offset + SZ_64K fits below the IO_SPACE_LIMIT. This makes the last chunk of 64 KB of the I/O space not usable as it cannot be mapped. This patch fixes that by substracing 1 to offset + SZ_64K, so that we compare the addrss of the last byte of the I/O space against IO_SPACE_LIMIT instead of the address of the first byte of what is after the I/O space. Fixes: c2794437091a4 ("ARM: Add fixed PCI i/o mapping") Signed-off-by: Thomas Petazzoni Acked-by: Nicolas Pitre Signed-off-by: Russell King commit 73aeb2cbcdc9be391b3d32a55319a59ce425426f Author: Stefan Agner Date: Tue Sep 11 04:27:41 2018 +0100 ARM: 8787/1: wire up io_pgetevents syscall Wire up the new io_pgetevents syscall for ARM. Signed-off-by: Stefan Agner Acked-by: Christoph Hellwig Signed-off-by: Russell King commit 558a9ef94a329a1ac75613407ad15d0d0071ff4c Author: Icenowy Zheng Date: Sun Sep 16 12:34:06 2018 +0800 drm: sun4i: drop second PLL from A64 HDMI PHY The A64 HDMI PHY seems to be not able to use the second video PLL as clock parent in experiments. Drop the support for the second PLL from A64 HDMI PHY driver. Fixes: b46e2c9f5f64 ("drm/sun4i: Add support for A64 HDMI PHY") Signed-off-by: Icenowy Zheng Signed-off-by: Maxime Ripard Link: https://patchwork.freedesktop.org/patch/msgid/20180916043409.62374-2-icenowy@aosc.io commit 4ca719a338d5ebb713e0ae56c208a689f1efe20f Merge: f21f7fa263ac 24568b47d48e Author: Greg Kroah-Hartman Date: Wed Sep 19 08:29:42 2018 +0200 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Crypto stuff from Herbert: "This push fixes a potential boot hang in ccp and an incorrect CPU capability check in aegis/morus on x86." * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: x86/aegis,morus - Do not require OSXSAVE for SSE2 crypto: ccp - add timeout support in the SEV command commit f21f7fa263ac005713f0a7a43179c5aea0fabe85 Merge: eba2d6b34a32 83f365554e47 Author: Greg Kroah-Hartman Date: Wed Sep 19 07:41:46 2018 +0200 Merge tag 'trace-v4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Steven writes: "Vaibhav Nagarnaik found that modifying the ring buffer size could cause a huge latency in the system because it does a while loop to free pages without releasing the CPU (on non preempt kernels). In a case where there are hundreds of thousands of pages to free it could actually cause a system stall. A properly place cond_resched() solves this issue." commit eba2d6b34a32bdc3585c5810633ec38f9472380c Merge: 5211da9ca526 ff0e9f26288d Author: Greg Kroah-Hartman Date: Wed Sep 19 07:21:21 2018 +0200 Merge tag 'platform-drivers-x86-v4.19-2' of git://git.infradead.org/linux-platform-drivers-x86 Darren writes: "platform-drivers-x86 for v4.19-2 Free allocated ACPI buffers in two drivers. The following is an automated git shortlog grouped by driver: alienware-wmi: - Correct a memory leak dell-smbios-wmi: - Correct a memory leak" * tag 'platform-drivers-x86-v4.19-2' of git://git.infradead.org/linux-platform-drivers-x86: platform/x86: alienware-wmi: Correct a memory leak platform/x86: dell-smbios-wmi: Correct a memory leak commit 69ba423d35c25ae06fa419ac1d4f6c4e2b74e412 Merge: 126d6848ef13 ce7ea4af0838 Author: David S. Miller Date: Tue Sep 18 20:17:01 2018 -0700 Merge branch 'ipv6-fix-issues-on-accessing-fib6_metrics' Wei Wang says: ==================== ipv6: fix issues on accessing fib6_metrics The latest fix on the memory leak of fib6_metrics still causes use-after-free. This patch series first revert the previous fix and propose a new fix that is more inline with ipv4 logic and is tested to fix the use-after-free issue reported. ==================== Signed-off-by: David S. Miller commit ce7ea4af0838ffd4667ecad4eb5eec7a25342f1e Author: Wei Wang Date: Tue Sep 18 13:45:00 2018 -0700 ipv6: fix memory leak on dst->_metrics When dst->_metrics and f6i->fib6_metrics share the same memory, both take reference count on the dst_metrics structure. However, when dst is destroyed, ip6_dst_destroy() only invokes dst_destroy_metrics_generic() which does not take care of READONLY metrics and does not release refcnt. This causes memory leak. Similar to ipv4 logic, the fix is to properly release refcnt and free the memory space pointed by dst->_metrics if refcnt becomes 0. Fixes: 93531c674315 ("net/ipv6: separate handling of FIB entries from dst based routes") Reported-by: Sabrina Dubroca Signed-off-by: Wei Wang Signed-off-by: Eric Dumazet Reviewed-by: David Ahern Signed-off-by: David S. Miller commit 8675860592321a43bbb0b5aedc244a9b2321edc3 Author: Wei Wang Date: Tue Sep 18 13:44:59 2018 -0700 Revert "ipv6: fix double refcount of fib6_metrics" This reverts commit e70a3aad44cc8b24986687ffc98c4a4f6ecf25ea. This change causes use-after-free on dst->_metrics. The crash trace looks like this: [ 97.763269] BUG: KASAN: use-after-free in ip6_mtu+0x116/0x140 [ 97.769038] Read of size 4 at addr ffff881781d2cf84 by task svw_NetThreadEv/8801 [ 97.777954] CPU: 76 PID: 8801 Comm: svw_NetThreadEv Not tainted 4.15.0-smp-DEV #11 [ 97.777956] Hardware name: Default string Default string/Indus_QC_02, BIOS 5.46.4 03/29/2018 [ 97.777957] Call Trace: [ 97.777971] [] dump_stack+0x4d/0x72 [ 97.777985] [] print_address_description+0x6f/0x260 [ 97.777997] [] kasan_report+0x257/0x370 [ 97.778001] [] ? ip6_mtu+0x116/0x140 [ 97.778004] [] __asan_report_load4_noabort+0x19/0x20 [ 97.778008] [] ip6_mtu+0x116/0x140 [ 97.778013] [] tcp_current_mss+0x12e/0x280 [ 97.778016] [] ? tcp_mtu_to_mss+0x2d0/0x2d0 [ 97.778022] [] ? depot_save_stack+0x138/0x4a0 [ 97.778037] [] ? __mmdrop+0x145/0x1f0 [ 97.778040] [] ? save_stack+0xb1/0xd0 [ 97.778046] [] tcp_send_mss+0x22/0x220 [ 97.778059] [] tcp_sendmsg_locked+0x4f9/0x39f0 [ 97.778062] [] ? kasan_check_write+0x14/0x20 [ 97.778066] [] ? tcp_sendpage+0x60/0x60 [ 97.778070] [] ? rw_copy_check_uvector+0x69/0x280 [ 97.778075] [] ? import_iovec+0x9f/0x430 [ 97.778078] [] ? kasan_slab_free+0x87/0xc0 [ 97.778082] [] ? memzero_page+0x140/0x140 [ 97.778085] [] ? kasan_check_write+0x14/0x20 [ 97.778088] [] tcp_sendmsg+0x2c/0x50 [ 97.778092] [] ? tcp_sendmsg+0x2c/0x50 [ 97.778098] [] inet_sendmsg+0x103/0x480 [ 97.778102] [] ? inet_gso_segment+0x15b0/0x15b0 [ 97.778105] [] sock_sendmsg+0xba/0xf0 [ 97.778108] [] ___sys_sendmsg+0x6ca/0x8e0 [ 97.778113] [] ? hrtimer_try_to_cancel+0x71/0x3b0 [ 97.778116] [] ? copy_msghdr_from_user+0x3d0/0x3d0 [ 97.778119] [] ? memset+0x31/0x40 [ 97.778123] [] ? schedule_hrtimeout_range_clock+0x165/0x380 [ 97.778127] [] ? hrtimer_nanosleep_restart+0x250/0x250 [ 97.778130] [] ? __hrtimer_init+0x180/0x180 [ 97.778133] [] ? ktime_get_ts64+0x172/0x200 [ 97.778137] [] ? __fget_light+0x8c/0x2f0 [ 97.778141] [] __sys_sendmsg+0xe6/0x190 [ 97.778144] [] ? __sys_sendmsg+0xe6/0x190 [ 97.778147] [] ? SyS_shutdown+0x20/0x20 [ 97.778152] [] ? wake_up_q+0xe0/0xe0 [ 97.778155] [] ? __sys_sendmsg+0x190/0x190 [ 97.778158] [] SyS_sendmsg+0x13/0x20 [ 97.778162] [] do_syscall_64+0x2ac/0x430 [ 97.778166] [] ? do_page_fault+0x35/0x3d0 [ 97.778171] [] ? page_fault+0x2f/0x50 [ 97.778174] [] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 97.778177] RIP: 0033:0x7f83fa36000d [ 97.778178] RSP: 002b:00007f83ef9229e0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e [ 97.778180] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f83fa36000d [ 97.778182] RDX: 0000000000004000 RSI: 00007f83ef922f00 RDI: 0000000000000036 [ 97.778183] RBP: 00007f83ef923040 R08: 00007f83ef9231f8 R09: 00007f83ef923168 [ 97.778184] R10: 0000000000000000 R11: 0000000000000293 R12: 00007f83f69c5b40 [ 97.778185] R13: 000000000000001c R14: 0000000000000001 R15: 0000000000004000 [ 97.779684] Allocated by task 5919: [ 97.783185] save_stack+0x46/0xd0 [ 97.783187] kasan_kmalloc+0xad/0xe0 [ 97.783189] kmem_cache_alloc_trace+0xdf/0x580 [ 97.783190] ip6_convert_metrics.isra.79+0x7e/0x190 [ 97.783192] ip6_route_info_create+0x60a/0x2480 [ 97.783193] ip6_route_add+0x1d/0x80 [ 97.783195] inet6_rtm_newroute+0xdd/0xf0 [ 97.783198] rtnetlink_rcv_msg+0x641/0xb10 [ 97.783200] netlink_rcv_skb+0x27b/0x3e0 [ 97.783202] rtnetlink_rcv+0x15/0x20 [ 97.783203] netlink_unicast+0x4be/0x720 [ 97.783204] netlink_sendmsg+0x7bc/0xbf0 [ 97.783205] sock_sendmsg+0xba/0xf0 [ 97.783207] ___sys_sendmsg+0x6ca/0x8e0 [ 97.783208] __sys_sendmsg+0xe6/0x190 [ 97.783209] SyS_sendmsg+0x13/0x20 [ 97.783211] do_syscall_64+0x2ac/0x430 [ 97.783213] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 97.784709] Freed by task 0: [ 97.785056] knetbase: Error: /proc/sys/net/core/txcs_enable does not exist [ 97.794497] save_stack+0x46/0xd0 [ 97.794499] kasan_slab_free+0x71/0xc0 [ 97.794500] kfree+0x7c/0xf0 [ 97.794501] fib6_info_destroy_rcu+0x24f/0x310 [ 97.794504] rcu_process_callbacks+0x38b/0x1730 [ 97.794506] __do_softirq+0x1c8/0x5d0 Reported-by: John Sperbeck Signed-off-by: Wei Wang Signed-off-by: Eric Dumazet Reviewed-by: David Ahern Signed-off-by: David S. Miller commit 126d6848ef13958e1cb959e96c21d19bc498ade9 Author: Russell King Date: Tue Sep 18 16:48:53 2018 +0100 sfp: fix oops with ethtool -m If a network interface is created prior to the SFP socket being available, ethtool can request module information. This unfortunately leads to an oops: Unable to handle kernel NULL pointer dereference at virtual address 00000008 pgd = (ptrval) [00000008] *pgd=7c400831, *pte=00000000, *ppte=00000000 Internal error: Oops: 17 [#1] SMP ARM Modules linked in: CPU: 0 PID: 1480 Comm: ethtool Not tainted 4.19.0-rc3 #138 Hardware name: Broadcom Northstar Plus SoC PC is at sfp_get_module_info+0x8/0x10 LR is at dev_ethtool+0x218c/0x2afc Fix this by not filling in the network device's SFP bus pointer until SFP is fully bound, thereby avoiding the core calling into the SFP bus code. Fixes: ce0aa27ff3f6 ("sfp: add sfp-bus to bridge between network devices and sfp cages") Reported-by: Florian Fainelli Tested-by: Florian Fainelli Signed-off-by: Russell King Signed-off-by: David S. Miller commit 774268f3e51b53ed432a1ec516574fd5ba469398 Author: Antoine Tenart Date: Tue Sep 18 16:58:47 2018 +0200 net: mvpp2: fix a txq_done race condition When no Tx IRQ is available, the txq_done() routine (called from tx_done()) shouldn't be called from the polling function, as in such case it is already called in the Tx path thanks to an hrtimer. This mostly occurred when using PPv2.1, as the engine then do not have Tx IRQs. Fixes: edc660fa09e2 ("net: mvpp2: replace TX coalescing interrupts with hrtimer") Reported-by: Stefan Chulski Signed-off-by: Antoine Tenart Signed-off-by: David S. Miller commit 81d0b759e161f8c560fb0fce1aa95b00ac19e624 Merge: 2fe397a3959d 381897798a94 Author: David S. Miller Date: Tue Sep 18 20:11:43 2018 -0700 Merge branch 'net-smc-fixes' Ursula Braun says: ==================== net/smc: fixes 2018-09-18 here are some fixes in different areas of the smc code for the net tree. ==================== Signed-off-by: David S. Miller commit 381897798a94065ffcad0772eecdc6b04a7ff23d Author: YueHaibing Date: Tue Sep 18 15:46:38 2018 +0200 net/smc: fix sizeof to int comparison Comparing an int to a size, which is unsigned, causes the int to become unsigned, giving the wrong result. kernel_sendmsg can return a negative error code. Signed-off-by: YueHaibing Signed-off-by: Ursula Braun Signed-off-by: David S. Miller commit 71d117f527425e2d6a5029e8365d82a8d2d6916a Author: Karsten Graul Date: Tue Sep 18 15:46:37 2018 +0200 net/smc: no urgent data check for listen sockets Don't check a listen socket for pending urgent data in smc_poll(). Signed-off-by: Karsten Graul Signed-off-by: Ursula Braun Signed-off-by: David S. Miller commit dd65d87a6abd537ae9bb3bdcee8905704b936884 Author: Ursula Braun Date: Tue Sep 18 15:46:36 2018 +0200 net/smc: enable fallback for connection abort in state INIT If a linkgroup is terminated abnormally already due to failing LLC CONFIRM LINK or LLC ADD LINK, fallback to TCP is still possible. In this case do not switch to state SMC_PEERABORTWAIT and do not set sk_err. Signed-off-by: Ursula Braun Signed-off-by: David S. Miller commit 1ca52fcfaca43665d525645348801a6f4a4b9e9a Author: Ursula Braun Date: Tue Sep 18 15:46:35 2018 +0200 net/smc: remove duplicate mutex_unlock For a failing smc_listen_rdma_finish() smc_listen_decline() is called. If fallback is possible, the new socket is already enqueued to be accepted in smc_listen_decline(). Avoid enqueuing a second time afterwards in this case, otherwise the smc_create_lgr_pending lock is released twice: [ 373.463976] WARNING: bad unlock balance detected! [ 373.463978] 4.18.0-rc7+ #123 Tainted: G O [ 373.463979] ------------------------------------- [ 373.463980] kworker/1:1/30 is trying to release lock (smc_create_lgr_pending) at: [ 373.463990] [<000003ff801205fc>] smc_listen_work+0x22c/0x5d0 [smc] [ 373.463991] but there are no more locks to release! [ 373.463991] other info that might help us debug this: [ 373.463993] 2 locks held by kworker/1:1/30: [ 373.463994] #0: 00000000772cbaed ((wq_completion)"events"){+.+.}, at: process_one_work+0x1ec/0x6b0 [ 373.464000] #1: 000000003ad0894a ((work_completion)(&new_smc->smc_listen_work)){+.+.}, at: process_one_work+0x1ec/0x6b0 [ 373.464003] stack backtrace: [ 373.464005] CPU: 1 PID: 30 Comm: kworker/1:1 Kdump: loaded Tainted: G O 4.18.0-rc7uschi+ #123 [ 373.464007] Hardware name: IBM 2827 H43 738 (LPAR) [ 373.464010] Workqueue: events smc_listen_work [smc] [ 373.464011] Call Trace: [ 373.464015] ([<0000000000114100>] show_stack+0x60/0xd8) [ 373.464019] [<0000000000a8c9bc>] dump_stack+0x9c/0xd8 [ 373.464021] [<00000000001dcaf8>] print_unlock_imbalance_bug+0xf8/0x108 [ 373.464022] [<00000000001e045c>] lock_release+0x114/0x4f8 [ 373.464025] [<0000000000aa87fa>] __mutex_unlock_slowpath+0x4a/0x300 [ 373.464027] [<000003ff801205fc>] smc_listen_work+0x22c/0x5d0 [smc] [ 373.464029] [<0000000000197a68>] process_one_work+0x2a8/0x6b0 [ 373.464030] [<0000000000197ec2>] worker_thread+0x52/0x410 [ 373.464033] [<000000000019fd0e>] kthread+0x15e/0x178 [ 373.464035] [<0000000000aaf58a>] kernel_thread_starter+0x6/0xc [ 373.464052] [<0000000000aaf584>] kernel_thread_starter+0x0/0xc [ 373.464054] INFO: lockdep is turned off. Signed-off-by: Ursula Braun Signed-off-by: David S. Miller commit 648a5a7aed346c3b8fe7c32a835edfb0dfbf4451 Author: Ursula Braun Date: Tue Sep 18 15:46:34 2018 +0200 net/smc: fix non-blocking connect problem In state SMC_INIT smc_poll() delegates polling to the internal CLC socket. This means, once the connect worker has finished its kernel_connect() step, the poll wake-up may occur. This is not intended. The wake-up should occur from the wake up call in smc_connect_work() after __smc_connect() has finished. Thus in state SMC_INIT this patch now calls sock_poll_wait() on the main SMC socket. Signed-off-by: Ursula Braun Signed-off-by: David S. Miller commit 2fe397a3959de8a472f165e6d152f64cb77fa2cc Author: Kazuya Mizuguchi Date: Tue Sep 18 12:22:26 2018 +0200 ravb: do not write 1 to reserved bits EtherAVB hardware requires 0 to be written to status register bits in order to clear them, however, care must be taken not to: 1. Clear other bits, by writing zero to them 2. Write one to reserved bits This patch corrects the ravb driver with respect to the second point above. This is done by defining reserved bit masks for the affected registers and, after auditing the code, ensure all sites that may write a one to a reserved bit use are suitably masked. Signed-off-by: Kazuya Mizuguchi Signed-off-by: Simon Horman Reviewed-by: Sergei Shtylyov Signed-off-by: David S. Miller commit 65fac4fe9080714df80d430888834ce87c6716ba Author: zhong jiang Date: Tue Sep 18 15:15:44 2018 +0800 net: bnxt: Fix a uninitialized variable warning. Fix the following compile warning: drivers/net/ethernet/broadcom/bnxt/bnxt_devlink.c:49:5: warning: ‘nvm_param.dir_type’ may be used uninitialized in this function [-Wmaybe-uninitialized] if (nvm_param.dir_type == BNXT_NVM_PORT_CFG) Signed-off-by: zhong jiang Acked-by: Michael Chan Signed-off-by: David S. Miller commit 6344244c71fdb797853ad5d0b9a076b911fa18a4 Merge: 08e39982ef64 8f92e35aff96 Author: David S. Miller Date: Tue Sep 18 19:59:23 2018 -0700 Merge tag 'mlx5-fixes-2018-09-17' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux Saeed Mahameed says: ==================== Mellanox, mlx5 fixes 2018-09-17 Sorry about the previous submission of this series which was mistakenly marked for net-next, here I am resending with 'net' mark. This series provides three fixes to mlx5 core and mlx5e netdevice driver. Please pull and let me know if there's any problem. For -stable v4.16: ('net/mlx5: Check for SQ and not RQ state when modifying hairpin SQ') ==================== Signed-off-by: David S. Miller commit 08e39982ef64f800fd1f9b9b92968d14d5fafa82 Author: Christian Lamparter Date: Mon Sep 17 17:22:40 2018 +0200 net: emac: fix fixed-link setup for the RTL8363SB switch On the Netgear WNDAP620, the emac ethernet isn't receiving nor xmitting any frames from/to the RTL8363SB (identifies itself as a RTL8367RB). This is caused by the emac hardware not knowing the forced link parameters for speed, duplex, pause, etc. This begs the question, how this was working on the original driver code, when it was necessary to set the phy_address and phy_map to 0xffffffff. But I guess without access to the old PPC405/440/460 hardware, it's not possible to know. Signed-off-by: Christian Lamparter Signed-off-by: David S. Miller commit e285d5bfb7e9785d289663baef252dd315e171f8 Author: Suren Baghdasaryan Date: Mon Sep 17 15:51:41 2018 +0200 NFC: Fix the number of pipes According to ETSI TS 102 622 specification chapter 4.4 pipe identifier is 7 bits long which allows for 128 unique pipe IDs. Because NFC_HCI_MAX_PIPES is used as the number of pipes supported and not as the max pipe ID, its value should be 128 instead of 127. nfc_hci_recv_from_llc extracts pipe ID from packet header using NFC_HCI_FRAGMENT(0x7F) mask which allows for pipe ID value of 127. Same happens when NCI_HCP_MSG_GET_PIPE() is being used. With pipes array having only 127 elements and pipe ID of 127 the OOB memory access will result. Cc: Samuel Ortiz Cc: Allen Pais Cc: "David S. Miller" Suggested-by: Dan Carpenter Signed-off-by: Suren Baghdasaryan Reviewed-by: Kees Cook Cc: stable Signed-off-by: Greg Kroah-Hartman Signed-off-by: David S. Miller commit 674d9de02aa7d521ebdf66c3958758bdd9c64e11 Author: Suren Baghdasaryan Date: Mon Sep 17 15:51:40 2018 +0200 NFC: Fix possible memory corruption when handling SHDLC I-Frame commands When handling SHDLC I-Frame commands "pipe" field used for indexing into an array should be checked before usage. If left unchecked it might access memory outside of the array of size NFC_HCI_MAX_PIPES(127). Malformed NFC HCI frames could be injected by a malicious NFC device communicating with the device being attacked (remote attack vector), or even by an attacker with physical access to the I2C bus such that they could influence the data transfers on that bus (local attack vector). skb->data is controlled by the attacker and has only been sanitized in the most trivial ways (CRC check), therefore we can consider the create_info struct and all of its members to tainted. 'create_info->pipe' with max value of 255 (uint8) is used to take an offset of the hdev->pipes array of 127 elements which can lead to OOB write. Cc: Samuel Ortiz Cc: Allen Pais Cc: "David S. Miller" Suggested-by: Kevin Deus Signed-off-by: Suren Baghdasaryan Acked-by: Kees Cook Cc: stable Signed-off-by: Greg Kroah-Hartman Signed-off-by: David S. Miller commit 0a286afee5a1e8dca86d824209dbd3200294f86f Author: Sabrina Dubroca Date: Mon Sep 17 15:30:06 2018 +0200 selftests: pmtu: properly redirect stderr to /dev/null The cleanup function uses "$CMD 2 > /dev/null", which doesn't actually send stderr to /dev/null, so when the netns doesn't exist, the error message is shown. Use "2> /dev/null" instead, so that those messages disappear, as was intended. Fixes: d1f1b9cbf34c ("selftests: net: Introduce first PMTU test") Signed-off-by: Sabrina Dubroca Acked-by: Stefano Brivio Signed-off-by: David S. Miller commit 87ebcffd82ecc58175f1667af58b8138d43fb859 Merge: 5211da9ca526 0431100b3d82 Author: David S. Miller Date: Tue Sep 18 19:48:08 2018 -0700 Merge branch 'stmmac-Coalesce-and-tail-addr-fixes' Jose Abreu says: ==================== net: stmmac: Coalesce and tail addr fixes The fix for coalesce timer and a fix in tail address setting that impacts XGMAC2 operation. The series is: Tested-by: Jerome Brunet on a113 s400 board (single queue) ==================== Signed-off-by: David S. Miller commit 0431100b3d82c509729ece1ab22ada2484e209c1 Author: Jose Abreu Date: Mon Sep 17 09:22:57 2018 +0100 net: stmmac: Fixup the tail addr setting in xmit path Currently we are always setting the tail address of descriptor list to the end of the pre-allocated list. According to databook this is not correct. Tail address should point to the last available descriptor + 1, which means we have to update the tail address everytime we call the xmit function. This should make no impact in older versions of MAC but in newer versions there are some DMA features which allows the IP to fetch descriptors in advance and in a non sequential order so its critical that we set the tail address correctly. Signed-off-by: Jose Abreu Fixes: f748be531d70 ("stmmac: support new GMAC4") Cc: David S. Miller Cc: Joao Pinto Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Signed-off-by: David S. Miller commit 8fce3331702316d4bcfeb0771c09ac75d2192bbc Author: Jose Abreu Date: Mon Sep 17 09:22:56 2018 +0100 net: stmmac: Rework coalesce timer and fix multi-queue races This follows David Miller advice and tries to fix coalesce timer in multi-queue scenarios. We are now using per-queue coalesce values and per-queue TX timer. Coalesce timer default values was changed to 1ms and the coalesce frames to 25. Tested in B2B setup between XGMAC2 and GMAC5. Signed-off-by: Jose Abreu Fixes: ce736788e8a ("net: stmmac: adding multiple buffers for TX") Cc: Florian Fainelli Cc: Neil Armstrong Cc: Jerome Brunet Cc: Martin Blumenstingl Cc: David S. Miller Cc: Joao Pinto Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Signed-off-by: David S. Miller commit 19a4fbffc94e41abaa2a623a25ce2641d69eccf0 Author: Ricardo Ribalda Delgado Date: Thu Sep 13 15:37:04 2018 +0200 gpiolib: Free the last requested descriptor The current code only frees N-1 gpios if an error occurs during gpiod_set_transitory, gpiod_direction_output or gpiod_direction_input. Leading to gpios that cannot be used by userspace nor other drivers. Cc: Timur Tabi Cc: stable@vger.kernel.org Fixes: ab3dbcf78f60f46d ("gpioib: do not free unrequested descriptors) Reported-by: Jan Lorenzen Reported-by: Jim Paris Signed-off-by: Ricardo Ribalda Delgado Signed-off-by: Linus Walleij commit 8e2aac333785f91ff74e219a1e78e6bdc1ef2c41 Author: Simon Detheridge Date: Sat Sep 15 22:15:18 2018 +0100 pinctrl: cannonlake: Fix gpio base for GPP-E The gpio base for GPP-E was set incorrectly to 258 instead of 256, preventing the touchpad working on my Tong Fang GK5CN5Z laptop. Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=200787 Signed-off-by: Simon Detheridge Acked-by: Mika Westerberg Signed-off-by: Linus Walleij commit 4fef1250eafddc5182cd5c3c354a6971bcf7520d Author: Peter Hutterer Date: Tue Sep 18 09:53:32 2018 -0700 Input: uinput - allow for max == min during input_absinfo validation These values are inclusive, so a range of 1 requires min == max. Signed-off-by: Peter Hutterer Reviewed-by: Martin Kepplinger Signed-off-by: Dmitry Torokhov commit 91a97507323e1ad4bfc10f4a5922e67cdaf8b3cd Author: Aaron Ma Date: Tue Sep 18 09:32:22 2018 -0700 Input: elantech - enable middle button of touchpad on ThinkPad P72 Adding 2 new touchpad IDs to support middle button support. Cc: stable@vger.kernel.org Signed-off-by: Aaron Ma Signed-off-by: Dmitry Torokhov commit 52d2c7bf7c90217fbe875d2d76f310979c48eb83 Author: Michael Schmitz Date: Mon Sep 17 15:27:49 2018 -0700 Input: atakbd - fix Atari CapsLock behaviour The CapsLock key on Atari keyboards is not a toggle, it does send the normal make and break scancodes. Drop the CapsLock toggle handling code, which did cause the CapsLock key to merely act as a Shift key. Tested-by: Michael Schmitz Signed-off-by: Michael Schmitz Signed-off-by: Andreas Schwab Signed-off-by: Dmitry Torokhov commit 9e62df51be993035c577371ffee5477697a56aad Author: Andreas Schwab Date: Mon Sep 17 12:43:34 2018 -0700 Input: atakbd - fix Atari keymap Fix errors in Atari keymap (mostly in keypad, help and undo keys). Patch provided on debian-68k ML by Andreas Schwab , keymap array size and unhandled scancode limit adjusted to 0x73 by me. Tested-by: Michael Schmitz Signed-off-by: Michael Schmitz Signed-off-by: Andreas Schwab Signed-off-by: Dmitry Torokhov commit 49f62249a9577b0f8c20c7c843d23289d143daf1 Author: Anson Huang Date: Mon Sep 17 11:08:52 2018 -0700 Input: egalax_ts - add system wakeup support This patch adds wakeup function support for egalax touch screen, if "wakeup-source" is added to device tree's egalax touch screen node, the wakeup function will be enabled, and egalax touch screen will be able to wakeup system from suspend. Signed-off-by: Anson Huang Reviewed-by: Fabio Estevam Signed-off-by: Dmitry Torokhov commit b8a946d8dc245ec3adae65c8eab6f3e73a950af3 Author: Song Qiang Date: Mon Sep 17 11:08:01 2018 -0700 Input: gpio-keys - fix a documentation index issue gpio_keys.c now exists in the drivers/input/keyboard/ rather than drivers/input/. Signed-off-by: Song Qiang Signed-off-by: Dmitry Torokhov commit 008d2f444222554289867e1686f1be1c1bcd0ef4 Merge: 11da3a7f84f1 d31095936594 Author: Thomas Gleixner Date: Wed Sep 19 00:12:06 2018 +0200 Merge tag 'efi-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi into efi/urgent Pull EFI fix from Ard Biesheuvel: Apply a fix from Scott to make the ARM stub's DTB loader opt-out rather than opt-in. commit 235fe0851bcf1d6ffd6cef4c7eb0d701d0946053 Author: Bjorn Helgaas Date: Wed Sep 12 11:55:26 2018 -0500 MAINTAINERS: Update PPC contacts for PCI core error handling The original PCI error recovery functionality was for the powerpc-specific IBM EEH feature. PCIe subsequently added some similar features, including AER and DPC, that can be used on any architecture. We want the generic PCI core error handling support to work with all of these features. Driver error recovery callbacks should be independent of which feature the platform provides. Add the generic PCI core error recovery files to the powerpc EEH MAINTAINERS entry so the powerpc folks will be copied on changes to the generic PCI error handling strategy. Add Sam and Oliver as maintainers for this area. Signed-off-by: Bjorn Helgaas Acked-by: Russell Currey Acked-by: Sam Bobroff commit ffb2315fd22c2568747402eecdc581a245a2f5ba Author: Reinette Chatre Date: Sat Sep 15 14:58:27 2018 -0700 x86/intel_rdt: Fix incorrect loop end condition In order to determine a sane default cache allocation for a new CAT/CDP resource group, all resource groups are checked to determine which cache portions are available to share. At this time all possible CLOSIDs that can be supported by the resource is checked. This is problematic if the resource supports more CLOSIDs than another CAT/CDP resource. In this case, the number of CLOSIDs that could be allocated are fewer than the number of CLOSIDs that can be supported by the resource. Limit the check of closids to that what is supported by the system based on the minimum across all resources. Fixes: 95f0b77ef ("x86/intel_rdt: Initialize new resource group with sane defaults") Signed-off-by: Reinette Chatre Signed-off-by: Fenghua Yu Signed-off-by: Thomas Gleixner Cc: "H Peter Anvin" Cc: "Tony Luck" Cc: "Xiaochen Shen" Cc: "Chen Yu" Link: https://lkml.kernel.org/r/1537048707-76280-10-git-send-email-fenghua.yu@intel.com commit 939b90b20bc87e199b6b53942764b987289b87ce Author: Reinette Chatre Date: Sat Sep 15 14:58:26 2018 -0700 x86/intel_rdt: Fix exclusive mode handling of MBA resource It is possible for a resource group to consist out of MBA as well as CAT/CDP resources. The "exclusive" resource mode only applies to the CAT/CDP resources since MBA allocations cannot be specified to overlap or not. When a user requests a resource group to become "exclusive" then it can only be successful if there are CAT/CDP resources in the group and none of their CBMs associated with the group's CLOSID overlaps with any other resource group. Fix the "exclusive" mode setting by failing if there isn't any CAT/CDP resource in the group and ensuring that the CBM checking is only done on CAT/CDP resources. Fixes: 49f7b4efa ("x86/intel_rdt: Enable setting of exclusive mode") Signed-off-by: Reinette Chatre Signed-off-by: Fenghua Yu Signed-off-by: Thomas Gleixner Cc: "H Peter Anvin" Cc: "Tony Luck" Cc: "Xiaochen Shen" Cc: "Chen Yu" Link: https://lkml.kernel.org/r/1537048707-76280-9-git-send-email-fenghua.yu@intel.com commit f0df4e1acf3d721958dcafb2c9c0bdf25189068d Author: Reinette Chatre Date: Sat Sep 15 14:58:25 2018 -0700 x86/intel_rdt: Fix incorrect loop end condition A loop is used to check if a CAT resource's CBM of one CLOSID overlaps with the CBM of another CLOSID of the same resource. The loop is run over all CLOSIDs supported by the resource. The problem with running the loop over all CLOSIDs supported by the resource is that its number of supported CLOSIDs may be more than the number of supported CLOSIDs on the system, which is the minimum number of CLOSIDs supported across all resources. Fix the loop to only consider the number of system supported CLOSIDs, not all that are supported by the resource. Fixes: 49f7b4efa ("x86/intel_rdt: Enable setting of exclusive mode") Signed-off-by: Reinette Chatre Signed-off-by: Fenghua Yu Signed-off-by: Thomas Gleixner Cc: "H Peter Anvin" Cc: "Tony Luck" Cc: "Xiaochen Shen" Cc: "Chen Yu" Link: https://lkml.kernel.org/r/1537048707-76280-8-git-send-email-fenghua.yu@intel.com commit 32d736abed4febff4b6bf85d5d240ee24d254322 Author: Reinette Chatre Date: Sat Sep 15 14:58:24 2018 -0700 x86/intel_rdt: Do not allow pseudo-locking of MBA resource A system supporting pseudo-locking may have MBA as well as CAT resources of which only the CAT resources could support cache pseudo-locking. When the schemata to be pseudo-locked is provided it should be checked that that schemata does not attempt to pseudo-lock a MBA resource. Fixes: e0bdfe8e3 ("x86/intel_rdt: Support creation/removal of pseudo-locked region") Signed-off-by: Reinette Chatre Signed-off-by: Fenghua Yu Signed-off-by: Thomas Gleixner Cc: "H Peter Anvin" Cc: "Tony Luck" Cc: "Xiaochen Shen" Cc: "Chen Yu" Link: https://lkml.kernel.org/r/1537048707-76280-7-git-send-email-fenghua.yu@intel.com commit 70479c012b67b89e219c40eddc5dc338b7c447a3 Author: Reinette Chatre Date: Sat Sep 15 14:58:23 2018 -0700 x86/intel_rdt: Fix unchecked MSR access When a new resource group is created, it is initialized with sane defaults that currently assume the resource being initialized is a CAT resource. This code path is also followed by a MBA resource that is not allocated the same as a CAT resource and as a result we encounter the following unchecked MSR access error: unchecked MSR access error: WRMSR to 0xd51 (tried to write 0x0000 000000000064) at rIP: 0xffffffffae059994 (native_write_msr+0x4/0x20) Call Trace: mba_wrmsr+0x41/0x80 update_domains+0x125/0x130 rdtgroup_mkdir+0x270/0x500 Fix the above by ensuring the initial allocation is only attempted on a CAT resource. Fixes: 95f0b77ef ("x86/intel_rdt: Initialize new resource group with sane defaults") Signed-off-by: Reinette Chatre Signed-off-by: Fenghua Yu Signed-off-by: Thomas Gleixner Cc: "H Peter Anvin" Cc: "Tony Luck" Cc: "Xiaochen Shen" Cc: "Chen Yu" Link: https://lkml.kernel.org/r/1537048707-76280-6-git-send-email-fenghua.yu@intel.com commit 47d53b184aee983ab9492503da11b0a81b19145b Author: Reinette Chatre Date: Sat Sep 15 14:58:22 2018 -0700 x86/intel_rdt: Fix invalid mode warning when multiple resources are managed When multiple resources are managed by RDT, the number of CLOSIDs used is the minimum of the CLOSIDs supported by each resource. In the function rdt_bit_usage_show(), the annotated bitmask is created to depict how the CAT supporting caches are being used. During this annotated bitmask creation, each resource group is queried for its mode that is used as a label in the annotated bitmask. The maximum number of resource groups is currently assumed to be the number of CLOSIDs supported by the resource for which the information is being displayed. This is incorrect since the number of active CLOSIDs is the minimum across all resources. If information for a cache instance with more CLOSIDs than another is being generated we thus encounter a warning like: invalid mode for closid 8 WARNING: CPU: 88 PID: 1791 at [SNIP]/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c :827 rdt_bit_usage_show+0x221/0x2b0 Fix this by ensuring that only the number of supported CLOSIDs are considered. Fixes: e651901187ab8 ("x86/intel_rdt: Introduce "bit_usage" to display cache allocations details") Signed-off-by: Reinette Chatre Signed-off-by: Fenghua Yu Signed-off-by: Thomas Gleixner Cc: "H Peter Anvin" Cc: "Tony Luck" Cc: "Xiaochen Shen" Cc: "Chen Yu" Link: https://lkml.kernel.org/r/1537048707-76280-5-git-send-email-fenghua.yu@intel.com commit c793da8e4c62d2c002a79c47f44efead450cbcae Author: Reinette Chatre Date: Sat Sep 15 14:58:21 2018 -0700 x86/intel_rdt: Global closid helper to support future fixes The number of CLOSIDs supported by a system is the minimum number of CLOSIDs supported by any of its resources. Care should be taken when iterating over the CLOSIDs of a resource since it may be that the number of CLOSIDs supported on the system is less than the number of CLOSIDs supported by the resource. Introduce a helper function that can be used to query the number of CLOSIDs that is supported by all resources, irrespective of how many CLOSIDs are supported by a particular resource. Signed-off-by: Reinette Chatre Signed-off-by: Fenghua Yu Signed-off-by: Thomas Gleixner Cc: "H Peter Anvin" Cc: "Tony Luck" Cc: "Xiaochen Shen" Cc: "Chen Yu" Link: https://lkml.kernel.org/r/1537048707-76280-4-git-send-email-fenghua.yu@intel.com commit f968dc119a159a95628a20de2a2dcc913d0a82d7 Author: Reinette Chatre Date: Sat Sep 15 14:58:20 2018 -0700 x86/intel_rdt: Fix size reporting of MBA resource Chen Yu reported a divide-by-zero error when accessing the 'size' resctrl file when a MBA resource is enabled. divide error: 0000 [#1] SMP PTI CPU: 93 PID: 1929 Comm: cat Not tainted 4.19.0-rc2-debug-rdt+ #25 RIP: 0010:rdtgroup_cbm_to_size+0x7e/0xa0 Call Trace: rdtgroup_size_show+0x11a/0x1d0 seq_read+0xd8/0x3b0 Quoting Chen Yu's report: This is because for MB resource, the r->cache.cbm_len is zero, thus calculating size in rdtgroup_cbm_to_size() will trigger the exception. Fix this issue in the 'size' file by getting correct memory bandwidth value which is in MBps when MBA software controller is enabled or in percentage when MBA software controller is disabled. Fixes: d9b48c86eb38 ("x86/intel_rdt: Display resource groups' allocations in bytes") Reported-by: Chen Yu Signed-off-by: Reinette Chatre Signed-off-by: Fenghua Yu Signed-off-by: Thomas Gleixner Tested-by: Chen Yu Cc: "H Peter Anvin" Cc: "Tony Luck" Cc: "Xiaochen Shen" Link: https://lkml.kernel.org/r/20180904174614.26682-1-yu.c.chen@intel.com Link: https://lkml.kernel.org/r/1537048707-76280-3-git-send-email-fenghua.yu@intel.com commit 753694a8df318f204a0ac1303de136def16f2e9c Author: Xiaochen Shen Date: Sat Sep 15 14:58:19 2018 -0700 x86/intel_rdt: Fix data type in parsing callbacks Each resource is associated with a parsing callback to parse the data provided from user space when writing schemata file. The 'data' parameter in the callbacks is defined as a void pointer which is error prone due to lack of type check. parse_bw() processes the 'data' parameter as a string while its caller actually passes the parameter as a pointer to struct rdt_cbm_parse_data. Thus, parse_bw() takes wrong data and causes failure of parsing MBA throttle value. To fix the issue, the 'data' parameter in all parsing callbacks is defined and handled as a pointer to struct rdt_parse_data (renamed from struct rdt_cbm_parse_data). Fixes: 7604df6e16ae ("x86/intel_rdt: Support flexible data to parsing callbacks") Fixes: 9ab9aa15c309 ("x86/intel_rdt: Ensure requested schemata respects mode") Signed-off-by: Xiaochen Shen Signed-off-by: Reinette Chatre Signed-off-by: Fenghua Yu Signed-off-by: Thomas Gleixner Cc: "H Peter Anvin" Cc: "Tony Luck" Cc: "Chen Yu" Link: https://lkml.kernel.org/r/1537048707-76280-2-git-send-email-fenghua.yu@intel.com commit 40660f1fcee8d524a60b5101538e42b1f39f106d Author: Alexey Brodkin Date: Sun Sep 16 23:47:57 2018 +0300 ARC: build: Don't set CROSS_COMPILE in arch's Makefile There's not much sense in doing that because if user or his build-system didn't set CROSS_COMPILE we still may very well make incorrect guess. But as it turned out setting CROSS_COMPILE is not as harmless as one may think: with recent changes that implemented automatic discovery of __host__ gcc features unconditional setup of CROSS_COMPILE leads to failures on execution of "make xxx_defconfig" with absent cross-compiler, for more info see [1]. Set CROSS_COMPILE as well gets in the way if we want only to build .dtb's (again with absent cross-compiler which is not really needed for building .dtb's), see [2]. Note, we had to change LIBGCC assignment type from ":=" to "=" so that is is resolved on its usage, otherwise if it is resolved at declaration time with missing CROSS_COMPILE we're getting this error message from host GCC: | gcc: error: unrecognized command line option -mmedium-calls | gcc: error: unrecognized command line option -mno-sdata [1] http://lists.infradead.org/pipermail/linux-snps-arc/2018-September/004308.html [2] http://lists.infradead.org/pipermail/linux-snps-arc/2018-September/004320.html Signed-off-by: Alexey Brodkin Cc: Masahiro Yamada Cc: Rob Herring Signed-off-by: Vineet Gupta commit a530bf948ab77b0f5cc57c55dd525eb813768782 Merge: 7876320f8880 7759ca3aac79 Author: Rodrigo Vivi Date: Tue Sep 18 08:09:43 2018 -0700 Merge tag 'gvt-fixes-2018-09-18' of https://github.com/intel/gvt-linux into drm-intel-fixes gvt-fixes-2018-09-18 - Fix initial DPIO PHY register state for BXT (Colin) - BXT untracked GEN9_CLKGATE_DIS_4 warning fix (Colin) - Fix srcu lock for GFN valid check (Weinan) - Should clear GGTT entry value after vGPU destroy (Zhipeng) Signed-off-by: Rodrigo Vivi From: Zhenyu Wang Link: https://patchwork.freedesktop.org/patch/msgid/20180918073349.GQ20737@zhen-hp.sh.intel.com commit 59d08d00d43c644ee2011d7ff1807bdd69f31fe0 Author: Alexander Shishkin Date: Tue Sep 18 16:10:49 2018 +0300 intel_th: pci: Add Ice Lake PCH support This adds Intel(R) Trace Hub PCI ID for Ice Lake PCH. Signed-off-by: Alexander Shishkin Signed-off-by: Greg Kroah-Hartman commit ebe4582281d6e90972f057318a6edea14810ea48 Author: Alexander Shishkin Date: Tue Sep 18 16:10:48 2018 +0300 intel_th: Fix resource handling for ACPI glue layer The core of the driver expects the resource array from the glue layer to be indexed by even numbers, as is the case for 64-bit PCI resources. This doesn't hold true for others, ACPI in this instance, which leads to an out-of-bounds access and an ioremap() on whatever address that access fetches. This patch fixes the problem by reading resource array differently based on whether the 64-bit flag is set, which would indicate PCI glue layer. Signed-off-by: Alexander Shishkin Fixes: ebc57e399b8e ("intel_th: Add ACPI glue layer") CC: stable@vger.kernel.org # v4.17+ Signed-off-by: Greg Kroah-Hartman commit 8801922cd94c918e4dc3a108ecaa500c4d40583f Author: Alexander Shishkin Date: Tue Sep 18 16:10:47 2018 +0300 intel_th: Fix device removal logic Commit a753bfcfdb1f ("intel_th: Make the switch allocate its subdevices") brings in new subdevice addition/removal logic that's broken for "host mode": the SWITCH device has no children to begin with, which is not handled in the code. This results in a null dereference bug later down the path. This patch fixes the subdevice removal code to handle host mode correctly. Signed-off-by: Alexander Shishkin Fixes: a753bfcfdb1f ("intel_th: Make the switch allocate its subdevices") CC: stable@vger.kernel.org # v4.14+ Signed-off-by: Greg Kroah-Hartman commit e97267cb4d1ee01ca0929638ec0fcbb0904f903d Author: Gustavo A. R. Silva Date: Thu Aug 16 15:30:38 2018 -0500 tty: vt_ioctl: fix potential Spectre v1 vsa.console is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: drivers/tty/vt/vt_ioctl.c:711 vt_ioctl() warn: potential spectre issue 'vc_cons' [r] Fix this by sanitizing vsa.console before using it to index vc_cons Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva Reviewed-by: Alan Cox Signed-off-by: Greg Kroah-Hartman commit fe32416790093b31364c08395727de17ec96ace1 Author: Dmitry Safonov Date: Tue Sep 18 00:52:52 2018 +0100 tty: Drop tty->count on tty_reopen() failure In case of tty_ldisc_reinit() failure, tty->count should be decremented back, otherwise we will never release_tty(). Tetsuo reported that it fixes noisy warnings on tty release like: pts pts4033: tty_release: tty->count(10529) != (#fd's(7) + #kopen's(0)) Fixes: commit 892d1fa7eaae ("tty: Destroy ldisc instance on hangup") Cc: stable@vger.kernel.org # v4.6+ Cc: Greg Kroah-Hartman Cc: Jiri Slaby Reviewed-by: Jiri Slaby Tested-by: Jiri Slaby Tested-by: Mark Rutland Tested-by: Tetsuo Handa Signed-off-by: Dmitry Safonov Signed-off-by: Greg Kroah-Hartman commit be28c1e3ca29887e207f0cbcd294cefe5074bab6 Author: Christophe Leroy Date: Fri Sep 14 10:32:50 2018 +0000 serial: cpm_uart: return immediately from console poll kgdb expects poll function to return immediately and returning NO_POLL_CHAR when no character is available. Fixes: f5316b4aea024 ("kgdb,8250,pl011: Return immediately from console poll") Cc: Jason Wessel Cc: Signed-off-by: Christophe Leroy Signed-off-by: Greg Kroah-Hartman commit 3216c622a24b0ebb9c159a8d1daf7f17a106b3f5 Author: Stefan Agner Date: Tue Aug 28 12:44:24 2018 +0200 tty: serial: lpuart: avoid leaking struct tty_struct The function tty_port_tty_get() gets a reference to the tty. Since the code is not using tty_port_tty_set(), the reference is kept even after closing the tty. Avoid using tty_port_tty_get() by directly access the tty instance. Since lpuart_start_rx_dma() is called from the .startup() and .set_termios() callback, it is safe to assume the tty instance is valid. Cc: stable@vger.kernel.org # v4.9+ Fixes: 5887ad43ee02 ("tty: serial: fsl_lpuart: Use cyclic DMA for Rx") Signed-off-by: Stefan Agner Signed-off-by: Greg Kroah-Hartman commit e0bf2d4982fe7d9ddaf550dd023803ea286f47fc Author: Jan Kiszka Date: Sun Aug 26 19:49:32 2018 +0200 serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Apparently, this driver (or the hardware) does not support character length settings. It's apparently running in 8-bit mode, but it makes userspace believe it's in 5-bit mode. That makes tcsetattr with CS8 incorrectly fail, breaking e.g. getty from busybox, thus the login shell on ttyMVx. Fix by hard-wiring CS8 into c_cflag. Signed-off-by: Jan Kiszka Fixes: 30530791a7a0 ("serial: mvebu-uart: initial support for Armada-3700 serial port") Cc: stable # 4.6+ Signed-off-by: Greg Kroah-Hartman commit 169e366c08084aeb49a3793c892c9abfaa47eeda Author: Ben Hutchings Date: Sun Sep 16 16:17:05 2018 +0100 perf Documentation: Fix out-of-tree asciidoctor man page generation The dependency for the man page rule using asciidoctor incorrectly specifies a source file in $(OUTPUT). When building out-of-tree, the source file is not found, resulting in a fall-back to the following rule which uses xmlto. Signed-off-by: Ben Hutchings Cc: Alexander Shishkin Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180916151704.GF4765@decadent.org.uk Fixes: ffef80ecf89f ("perf Documentation: Support for asciidoctor") Signed-off-by: Arnaldo Carvalho de Melo commit 6d41907c630d3196be89c9ed5a7f8258486b3eaf Author: Arnaldo Carvalho de Melo Date: Fri Sep 14 16:47:14 2018 -0300 tools lib bpf: Provide wrapper for strerror_r to build in !_GNU_SOURCE systems Same problem that got fixed in a similar fashion in tools/perf/ in c8b5f2c96d1b ("tools: Introduce str_error_r()"), fix it in the same way, licensing needs to be sorted out to libbpf to use libapi, so, for this simple case, just get the same wrapper in tools/lib/bpf. This makes libbpf and its users (bpftool, selftests, perf) to build again in Alpine Linux 3.[45678] and edge. Acked-by: Alexei Starovoitov Cc: Adrian Hunter Cc: Daniel Borkmann Cc: David Ahern Cc: Hendrik Brueckner Cc: Jakub Kicinski Cc: Jiri Olsa Cc: Martin KaFai Lau Cc: Namhyung Kim Cc: Quentin Monnet Cc: Thomas Richter Cc: Wang Nan Cc: Yonghong Song Fixes: 1ce6a9fc1549 ("bpf: fix build error in libbpf with EXTRA_CFLAGS="-Wp, -D_FORTIFY_SOURCE=2 -O2"") Link: https://lkml.kernel.org/r/20180917151636.GA21790@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 1795f81f6167bd57b37459789f1f05ab61ace896 Merge: cb5fb87a2fbe 71d29f43b633 Author: Paolo Bonzini Date: Tue Sep 18 15:13:00 2018 +0200 Merge tag 'kvm-ppc-fixes-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into HEAD Second set of PPC KVM fixes for 4.19 Two fixes for KVM on POWER machines. Both of these relate to memory corruption and host crashes seen when transparent huge pages are enabled. The first fixes a host crash that can occur when a DMA mapping is removed by the guest and the page mapped was part of a transparent huge page; the second fixes corruption that could occur when a hypervisor page fault for a radix guest is being serviced at the same time that the backing page is being collapsed or split. commit cb5fb87a2fbee188fac605e0ebff8c35efdbaf3d Merge: 7876320f8880 40ebdb8e59df Author: Paolo Bonzini Date: Tue Sep 18 15:12:51 2018 +0200 Merge tag 'kvm-s390-master-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD KVM: s390: Fixes for 4.19 - more fallout from the hugetlbfs enablement - bugfix for vma handling commit 51c3c62b58b357e8d35e4cc32f7b4ec907426fe3 Author: Michael Neuling Date: Fri Sep 14 11:14:11 2018 +1000 powerpc: Avoid code patching freed init sections This stops us from doing code patching in init sections after they've been freed. In this chain: kvm_guest_init() -> kvm_use_magic_page() -> fault_in_pages_readable() -> __get_user() -> __get_user_nocheck() -> barrier_nospec(); We have a code patching location at barrier_nospec() and kvm_guest_init() is an init function. This whole chain gets inlined, so when we free the init section (hence kvm_guest_init()), this code goes away and hence should no longer be patched. We seen this as userspace memory corruption when using a memory checker while doing partition migration testing on powervm (this starts the code patching post migration via /sys/kernel/mobility/migration). In theory, it could also happen when using /sys/kernel/debug/powerpc/barrier_nospec. Cc: stable@vger.kernel.org # 4.13+ Signed-off-by: Michael Neuling Reviewed-by: Nicholas Piggin Reviewed-by: Christophe Leroy Signed-off-by: Michael Ellerman commit ffc4c92227db5699493e43eb140b4cb5904c30ff Author: Andreas Gruenbacher Date: Tue Sep 18 00:36:36 2018 -0400 sysfs: Do not return POSIX ACL xattrs via listxattr Commit 786534b92f3c introduced a regression that caused listxattr to return the POSIX ACL attribute names even though sysfs doesn't support POSIX ACLs. This happens because simple_xattr_list checks for NULL i_acl / i_default_acl, but inode_init_always initializes those fields to ACL_NOT_CACHED ((void *)-1). For example: $ getfattr -m- -d /sys /sys: system.posix_acl_access: Operation not supported /sys: system.posix_acl_default: Operation not supported Fix this in simple_xattr_list by checking if the filesystem supports POSIX ACLs. Fixes: 786534b92f3c ("tmpfs: listxattr should include POSIX ACL xattrs") Reported-by: Marc Aurèle La France Tested-by: Marc Aurèle La France Signed-off-by: Andreas Gruenbacher Cc: stable@vger.kernel.org # v4.5+ Signed-off-by: Al Viro commit 57078338b2e4c07fb76bef23369cae0acfb1f7bc Author: Dave Airlie Date: Tue Sep 18 16:20:18 2018 +1000 drm: fix drm_drv_uses_atomic_modeset on non modesetting drivers. vgem seems to oops on the intel CI due to the vgem debugfs init hitting this path now. Check if we have mode_config funcs before checking one. Signed-off-by: Dave Airlie Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20180918062018.24942-1-airlied@gmail.com commit d193d1a210ff98ee2f47d54665d1aa716ae8051b Merge: 7876320f8880 8d6ccf5cebbc Author: Greg Kroah-Hartman Date: Tue Sep 18 11:11:06 2018 +0200 Merge tag 'soundwire-4.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire into char-misc-linus Vinod writes: soundwire fixes for 4.19 - fixes in bus for - bus lock on master release - incorrect exit after stream configuration - duplicate stream state assignment commit 4a3e85f2674cbfb81052059107d0165269778e2f Author: Boris Brezillon Date: Mon Sep 17 16:31:30 2018 +0200 mtd: devices: m25p80: Make sure the buffer passed in op is DMA-able As documented in spi-mem.h, spi_mem_op->data.buf.{in,out} must be DMA-able, and commit 4120f8d158ef ("mtd: spi-nor: Use the spi_mem_xx() API") failed to follow this rule as buffers passed to ->{read,write}_reg() are usually placed on the stack. Fix that by allocating a scratch buffer and copying the data around. Fixes: 4120f8d158ef ("mtd: spi-nor: Use the spi_mem_xx() API") Reported-by: Jarkko Nikula Cc: Signed-off-by: Boris Brezillon Tested-by: Jarkko Nikula Reviewed-by: Jarkko Nikula commit 5211da9ca526a5adddee1ccd078e6e33a583ab36 Merge: 3918c21eacb0 30bfd9306281 Author: Greg Kroah-Hartman Date: Tue Sep 18 09:31:53 2018 +0200 Merge gitolite.kernel.org:/pub/scm/linux/kernel/git/davem/net Dave writes: "Various fixes, all over the place: 1) OOB data generation fix in bluetooth, from Matias Karhumaa. 2) BPF BTF boundary calculation fix, from Martin KaFai Lau. 3) Don't bug on excessive frags, to be compatible in situations mixing older and newer kernels on each end. From Juergen Gross. 4) Scheduling in RCU fix in hv_netvsc, from Stephen Hemminger. 5) Zero keying information in TLS layer before freeing copies of them, from Sabrina Dubroca. 6) Fix NULL deref in act_sample, from Davide Caratti. 7) Orphan SKB before GRO in veth to prevent crashes with XDP, from Toshiaki Makita. 8) Fix use after free in ip6_xmit, from Eric Dumazet. 9) Fix VF mac address regression in bnxt_en, from Micahel Chan. 10) Fix MSG_PEEK behavior in TLS layer, from Daniel Borkmann. 11) Programming adjustments to r8169 which fix not being to enter deep sleep states on some machines, from Kai-Heng Feng and Hans de Goede. 12) Fix DST_NOCOUNT flag handling for ipv6 routes, from Peter Oskolkov." * gitolite.kernel.org:/pub/scm/linux/kernel/git/davem/net: (45 commits) net/ipv6: do not copy dst flags on rt init qmi_wwan: set DTR for modems in forced USB2 mode clk: x86: Stop marking clocks as CLK_IS_CRITICAL r8169: Get and enable optional ether_clk clock clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail r8169: enable ASPM on RTL8106E r8169: Align ASPM/CLKREQ setting function with vendor driver Revert "kcm: remove any offset before parsing messages" kcm: remove any offset before parsing messages net: ethernet: Fix a unused function warning. net: dsa: mv88e6xxx: Fix ATU Miss Violation tls: fix currently broken MSG_PEEK behavior hv_netvsc: pair VF based on serial number PCI: hv: support reporting serial number as slot information bnxt_en: Fix VF mac address regression. ipv6: fix possible use-after-free in ip6_xmit() net: hp100: fix always-true check for link up state ARM: dts: at91: add new compatibility string for macb on sama5d3 net: macb: disable scatter-gather for macb on sama5d3 net: mvpp2: let phylink manage the carrier state ... commit 0328ba90407c82874f9f39f9a5a6e5ad6cb76f44 Author: Geert Uytterhoeven Date: Mon Sep 17 10:02:34 2018 +0200 dm raid: remove bogus const from decipher_sync_action() return type With gcc-4.1.2: drivers/md/dm-raid.c:3357: warning: type qualifiers ignored on function return type Remove the "const" keyword to fix this. Fixes: 36a240a706d43383 ("dm raid: fix RAID leg rebuild errors") Signed-off-by: Geert Uytterhoeven Acked-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer commit b592211c33f745af67a3271ce77c10fc1e6d6241 Author: Mike Snitzer Date: Mon Sep 17 11:38:47 2018 -0400 dm mpath: fix attached_handler_name leak and dangling hw_handler_name pointer Commit e8f74a0f0011 ("dm mpath: eliminate need to use scsi_device_from_queue") introduced 2 regressions: 1) memory leak occurs if attached_handler_name is not assigned to m->hw_handler_name 2) m->hw_handler_name can become a dangling pointer if the RETAIN_ATTACHED_HW_HANDLER flag is set and scsi_dh_attach() returns -EBUSY. Fix both of these by clearing 'attached_handler_name' pointer passed to setup_scsi_dh() after it is assigned to m->hw_handler_name. And if setup_scsi_dh() doesn't consume 'attached_handler_name' parse_path() will kfree() it. Fixes: e8f74a0f0011 ("dm mpath: eliminate need to use scsi_device_from_queue") Cc: stable@vger.kernel.org # 4.16+ Reported-by: Bart Van Assche Signed-off-by: Mike Snitzer commit 30bfd93062814d6767e452a8f5ddcd97f7e38c7e Author: Peter Oskolkov Date: Mon Sep 17 10:20:53 2018 -0700 net/ipv6: do not copy dst flags on rt init DST_NOCOUNT in dst_entry::flags tracks whether the entry counts toward route cache size (net->ipv6.sysctl.ip6_rt_max_size). If the flag is NOT set, dst_ops::pcpuc_entries counter is incremented in dist_init() and decremented in dst_destroy(). This flag is tied to allocation/deallocation of dst_entry and should not be copied from another dst/route. Otherwise it can happen that dst_ops::pcpuc_entries counter grows until no new routes can be allocated because the counter reached ip6_rt_max_size due to DST_NOCOUNT not set and thus no counter decrements on gc-ed routes. Fixes: 3b6761d18bc1 ("net/ipv6: Move dst flags to booleans in fib entries") Cc: David Ahern Acked-by: Wei Wang Signed-off-by: Peter Oskolkov Reviewed-by: David Ahern Signed-off-by: David S. Miller commit 7759ca3aac79648d01c9edcb3b00503c02bec2f5 Author: Zhipeng Gong Date: Mon Sep 17 15:45:08 2018 +0800 drm/i915/gvt: clear ggtt entries when destroy vgpu When one vgpu is destroyed, its ggtt entries are not cleared. This patch clears ggtt entries to avoid information leak. v2: add 'Fixes' tag (Zhenyu) Fixes: 2707e4446688 ("drm/i915/gvt: vGPU graphics memory virtualization") Signed-off-by: Zhipeng Gong Reviewed-by: Hang Yuan Signed-off-by: Zhenyu Wang commit a1ac5f0943019bfd76345fe05a42cbc400da685c Author: Weinan Li Date: Mon Sep 17 09:46:14 2018 +0800 drm/i915/gvt: request srcu_read_lock before checking if one gfn is valid Fix the suspicious RCU usage issue in intel_vgpu_emulate_mmio_write. Here need to request the srcu read lock of kvm->srcu before doing gfn_to_memslot(). The detailed log is as below: [ 218.710688] ============================= [ 218.710690] WARNING: suspicious RCU usage [ 218.710693] 4.14.15-dd+ #314 Tainted: G U [ 218.710695] ----------------------------- [ 218.710697] ./include/linux/kvm_host.h:575 suspicious rcu_dereference_check() usage! [ 218.710699] other info that might help us debug this: [ 218.710702] rcu_scheduler_active = 2, debug_locks = 1 [ 218.710704] 1 lock held by qemu-system-x86/2144: [ 218.710706] #0: (&gvt->lock){+.+.}, at: [] intel_vgpu_emulate_mmio_write+0x5a/0x2d0 [ 218.710721] stack backtrace: [ 218.710724] CPU: 0 PID: 2144 Comm: qemu-system-x86 Tainted: G U 4.14.15-dd+ #314 [ 218.710727] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.1.1 10/07/2015 [ 218.710729] Call Trace: [ 218.710734] dump_stack+0x7c/0xb3 [ 218.710739] gfn_to_memslot+0x15f/0x170 [ 218.710743] kvm_is_visible_gfn+0xa/0x30 [ 218.710746] intel_vgpu_emulate_gtt_mmio_write+0x267/0x3c0 [ 218.710751] ? __mutex_unlock_slowpath+0x3b/0x260 [ 218.710754] intel_vgpu_emulate_mmio_write+0x182/0x2d0 [ 218.710759] intel_vgpu_rw+0xba/0x170 [kvmgt] [ 218.710763] intel_vgpu_write+0x14d/0x1a0 [kvmgt] [ 218.710767] __vfs_write+0x23/0x130 [ 218.710770] vfs_write+0xb0/0x1b0 [ 218.710774] SyS_pwrite64+0x73/0x90 [ 218.710777] entry_SYSCALL_64_fastpath+0x25/0x9c [ 218.710780] RIP: 0033:0x7f33e8a91da3 [ 218.710783] RSP: 002b:00007f33dddc8700 EFLAGS: 00000293 v2: add 'Fixes' tag, refine log format.(Zhenyu) Fixes: cc753fbe1ac4 ("drm/i915/gvt: validate gfn before set shadow page") Reviewed-by: Zhenyu Wang Signed-off-by: Weinan Li Signed-off-by: Zhenyu Wang commit d817de3bc186c305b8e72a52547df2971c06499d Author: Colin Xu Date: Fri Sep 14 15:12:23 2018 +0800 drm/i915/gvt: Add GEN9_CLKGATE_DIS_4 to default BXT mmio handler Host prints lots of untracked MMIO at 0x4653c when creating linux guest. "gvt: vgpu 2: untracked MMIO 0004653c len 4" GEN9_CLKGATE_DIS_4 (0x4653c) is accessed by i915 for gmbus clockgating. However vgpu doesn't support any clockgating powergating operations on related mmio access trap so need add it to default handler. GEN9_CLKGATE_DIS_4 is accessed in bxt_gmbus_clock_gating() which only applies to GEN9_LP so doens't show the warning on other platforms. The solution is to add it to default handler init_bxt_mmio_info(). Reviewed-by: He, Min Signed-off-by: Colin Xu Signed-off-by: Zhenyu Wang commit db7c8f1e5f1c1a5e1aaec04e50be6721c1cb4dff Author: Colin Xu Date: Mon Sep 17 12:19:03 2018 +0800 drm/i915/gvt: Init PHY related registers for BXT Recent patch fixed the call trace "ERROR Port B enabled but PHY powered down? (PHY_CTL 00000000)". but introduced another similar call trace shown as: "ERROR Port C enabled but PHY powered down? (PHY_CTL 00000200)". The call trace will appear when host and guest enabled different ports, i.e. host using PORT C or neither PORT is enabled, while guest is always using PORT B as simulated by gvt. The issue is actually covered previously before the commit and reverals now when the commit do the right thing. On BXT, some PHY registers are initialized by vbios, before i915 loaded. Later i915 will re-program some, or skip some based on the implementation. The initialized mmio for guest i915 is done by gvt, based on the snapshot taken from host. If host and guest have different PORT enabled, some DPIO PHY mmios that gvt initialized for guest i915 will not match the simualted monitor for guest, which leads to guest i915 print the calltrace when it's trying to enable PHY and PORT. The solution is to init these DPIO PHY registers to default value, then guest i915 will program them to reasonable value based on the default powerwell table and enabled PORT. Together with the old patch, all similar call trace in guest kernel on BXT can be resolved. v2: Move PHY register init to intel_vgpu_reset_mmio (Min) v3: Do not delete empty line in issue fix patch. (zhenyu) Fixes: c8ab5ac30ccc ("drm/i915/gvt: Make correct handling to vreg BXT_PHY_CTL_FAMILY") Reviewed-by: He, Min Signed-off-by: Colin Xu Signed-off-by: Zhenyu Wang commit 922005c7f50e7f4b2a6dbc182e9c575b4f92396b Author: Bjørn Mork Date: Mon Sep 17 22:00:24 2018 +0200 qmi_wwan: set DTR for modems in forced USB2 mode Recent firmware revisions have added the ability to force these modems to USB2 mode, hiding their SuperSpeed capabilities from the host. The driver has been using the SuperSpeed capability, as shown by the bcdUSB field of the device descriptor, to detect the need to enable the DTR quirk. This method fails when the modems are forced to USB2 mode by the modem firmware. Fix by unconditionally enabling the DTR quirk for the affected device IDs. Reported-by: Fred Veldini Reported-by: Deshu Wen Signed-off-by: Bjørn Mork Reported-by: Fred Veldini Reported-by: Deshu Wen Signed-off-by: Bjørn Mork Signed-off-by: David S. Miller commit 89bfd48d679ed4f2ce4cbd9a8f8cbcd041c9050c Merge: 0866cd15029b 648e921888ad Author: David S. Miller Date: Mon Sep 17 18:47:58 2018 -0700 Merge branch 'r8169-clk-fixes' Hans de Goede says: ==================== r8169 (x86) clk fixes to fix S0ix not being reached This series adds code to the r8169 ethernet driver to get and enable an external clock if present, avoiding the need for a hack in the clk-pmc-atom driver where that clock was left on continuesly causing x86 some devices to not reach deep power saving states (S0ix) when suspended causing to them to quickly drain their battery while suspended. The 3 commits in this series need to be merged in order to avoid regressions while bisecting. The clk-pmc-atom driver does not see much changes (it was last touched over a year ago). So the clk maintainers have agreed with merging all 3 patches through the net tree. All 3 patches have Stephen Boyd's Acked-by for this purpose. This v2 of the series only had some minor tweaks done to the commit messages and is ready for merging through the net tree now. ==================== Signed-off-by: David S. Miller commit 648e921888ad96ea3dc922739e96716ad3225d7f Author: Hans de Goede Date: Wed Sep 12 11:34:56 2018 +0200 clk: x86: Stop marking clocks as CLK_IS_CRITICAL Commit d31fd43c0f9a ("clk: x86: Do not gate clocks enabled by the firmware"), which added the code to mark clocks as CLK_IS_CRITICAL, causes all unclaimed PMC clocks on Cherry Trail devices to be on all the time, resulting on the device not being able to reach S0i3 when suspended. The reason for this commit is that on some Bay Trail / Cherry Trail devices the r8169 ethernet controller uses pmc_plt_clk_4. Now that the clk-pmc-atom driver exports an "ether_clk" alias for pmc_plt_clk_4 and the r8169 driver has been modified to get and enable this clock (if present) the marking of the clocks as CLK_IS_CRITICAL is no longer necessary. This commit removes the CLK_IS_CRITICAL marking, fixing Cherry Trail devices not being able to reach S0i3 greatly decreasing their battery drain when suspended. Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=193891#c102 Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=196861 Cc: Johannes Stezenbach Cc: Carlo Caione Reported-by: Johannes Stezenbach Reviewed-by: Andy Shevchenko Acked-by: Stephen Boyd Signed-off-by: Hans de Goede Signed-off-by: David S. Miller commit c2f6f3ee7f22521fabc3295f51149bc3f4dd9202 Author: Hans de Goede Date: Wed Sep 12 11:34:55 2018 +0200 r8169: Get and enable optional ether_clk clock On some boards a platform clock is used as clock for the r8169 chip, this commit adds support for getting and enabling this clock (assuming it has an "ether_clk" alias set on it). This is related to commit d31fd43c0f9a ("clk: x86: Do not gate clocks enabled by the firmware") which is a previous attempt to fix this for some x86 boards, but this causes all Cherry Trail SoC using boards to not reach there lowest power states when suspending. This commit (together with an atom-pmc-clk driver commit adding the alias) fixes things properly by making the r8169 get the clock and enable it when it needs it. Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=193891#c102 Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=196861 Cc: Johannes Stezenbach Cc: Carlo Caione Reported-by: Johannes Stezenbach Acked-by: Stephen Boyd Reviewed-by: Andy Shevchenko Signed-off-by: Hans de Goede Signed-off-by: David S. Miller commit b1e3454d39f992e5409cd19f97782185950df6e7 Author: Hans de Goede Date: Wed Sep 12 11:34:54 2018 +0200 clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail Commit d31fd43c0f9a ("clk: x86: Do not gate clocks enabled by the firmware") causes all unclaimed PMC clocks on Cherry Trail devices to be on all the time, resulting on the device not being able to reach S0i2 or S0i3 when suspended. The reason for this commit is that on some Bay Trail / Cherry Trail devices the ethernet controller uses pmc_plt_clk_4. This commit adds an "ether_clk" alias, so that the relevant ethernet drivers can try to (optionally) use this, without needing X86 specific code / hacks, thus fixing ethernet on these devices without breaking S0i3 support. This commit uses clkdev_hw_create() to create the alias, mirroring the code for the already existing "mclk" alias for pmc_plt_clk_3. Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=193891#c102 Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=196861 Cc: Johannes Stezenbach Cc: Carlo Caione Reported-by: Johannes Stezenbach Acked-by: Stephen Boyd Reviewed-by: Andy Shevchenko Signed-off-by: Hans de Goede Signed-off-by: David S. Miller commit 0866cd15029baa3331ba347794053472306e8eb3 Author: Kai-Heng Feng Date: Wed Sep 12 14:58:21 2018 +0800 r8169: enable ASPM on RTL8106E The Intel SoC was prevented from entering lower idle state because of RTL8106E's ASPM was not enabled. So enable ASPM on RTL8106E (chip version 39). Now the Intel SoC can enter lower idle state, power consumption and temperature are much lower. Signed-off-by: Kai-Heng Feng Signed-off-by: David S. Miller commit 94235460f9eaefc4f0a3a4a6014fb4c6db4241cc Author: Kai-Heng Feng Date: Wed Sep 12 14:58:20 2018 +0800 r8169: Align ASPM/CLKREQ setting function with vendor driver There's a small delay after setting ASPM in vendor drivers, r8101 and r8168. In addition, those drivers enable ASPM before ClkReq, also change that to align with vendor driver. I haven't seen anything bad becasue of this, but I think it's better to keep in sync with vendor driver. Signed-off-by: Kai-Heng Feng Signed-off-by: David S. Miller commit 3275b4df3c39f97ee3fe982c9bafd6f3b7ff0dfe Author: David S. Miller Date: Mon Sep 17 18:43:42 2018 -0700 Revert "kcm: remove any offset before parsing messages" This reverts commit 072222b488bc55cce92ff246bdc10115fd57d3ab. I just read that this causes regressions. Signed-off-by: David S. Miller commit 072222b488bc55cce92ff246bdc10115fd57d3ab Author: Dominique Martinet Date: Tue Sep 11 11:21:43 2018 +0200 kcm: remove any offset before parsing messages The current code assumes kcm users know they need to look for the strparser offset within their bpf program, which is not documented anywhere and examples laying around do not do. The actual recv function does handle the offset well, so we can create a temporary clone of the skb and pull that one up as required for parsing. The pull itself has a cost if we are pulling beyond the head data, measured to 2-3% latency in a noisy VM with a local client stressing that path. The clone's impact seemed too small to measure. This bug can be exhibited easily by implementing a "trivial" kcm parser taking the first bytes as size, and on the client sending at least two such packets in a single write(). Note that bpf sockmap has the same problem, both for parse and for recv, so it would pulling twice or a real pull within the strparser logic if anyone cares about that. Signed-off-by: Dominique Martinet Signed-off-by: David S. Miller commit 3c499ea0c662e2f38aafbd4f516b08aab8cfa0e5 Author: Lyude Paul Date: Mon Sep 17 13:37:33 2018 -0400 drm/atomic: Use drm_drv_uses_atomic_modeset() for debugfs creation As pointed out by Daniel Vetter, we should be usinng drm_drv_uses_atomic_modeset() for determining whether or not we want to make the debugfs nodes for atomic instead of checking DRIVER_ATOMIC, as the former isn't an accurate representation of whether or not the driver is actually using atomic modesetting internally (even though it might not be exposing atomic capabilities). Signed-off-by: Lyude Paul Cc: Daniel Vetter Cc: stable@vger.kernel.org Reviewed-by: Sean Paul Link: https://patchwork.freedesktop.org/patch/msgid/20180917173733.21293-1-lyude@redhat.com commit 83f365554e47997ec68dc4eca3f5dce525cd15c3 Author: Vaibhav Nagarnaik Date: Fri Sep 7 15:31:29 2018 -0700 ring-buffer: Allow for rescheduling when removing pages When reducing ring buffer size, pages are removed by scheduling a work item on each CPU for the corresponding CPU ring buffer. After the pages are removed from ring buffer linked list, the pages are free()d in a tight loop. The loop does not give up CPU until all pages are removed. In a worst case behavior, when lot of pages are to be freed, it can cause system stall. After the pages are removed from the list, the free() can happen while the work is rescheduled. Call cond_resched() in the loop to prevent the system hangup. Link: http://lkml.kernel.org/r/20180907223129.71994-1-vnagarnaik@google.com Cc: stable@vger.kernel.org Fixes: 83f40318dab00 ("ring-buffer: Make removal of ring buffer pages atomic") Reported-by: Jason Behmer Signed-off-by: Vaibhav Nagarnaik Signed-off-by: Steven Rostedt (VMware) commit 8f92e35aff9692028279d3c03e88547df6d15020 Author: Saeed Mahameed Date: Sat Sep 15 00:50:02 2018 -0700 net/mlx5e: TLS, Read capabilities only when it is safe Read TLS caps from the core driver only when TLS is supported, i.e mlx5_accel_is_tls_device returns true. Fixes: 790af90c00d2 ("net/mlx5e: TLS, build TLS netdev from capabilities") Change-Id: I5f21ff4d684901af487e366a7e0cf032b54ee9cf Reported-by: Michal Kubecek Signed-off-by: Saeed Mahameed Reviewed-by: Boris Pismenny Reviewed-by: Tariq Toukan commit 6b359d5550a1ae7a1269c9dc1dd73dfdc4d6fe58 Author: Alaa Hleihel Date: Mon Sep 3 10:38:14 2018 +0300 net/mlx5: Check for SQ and not RQ state when modifying hairpin SQ When modifying hairpin SQ, instead of checking if the next state equals to MLX5_SQC_STATE_RDY, we compare it against the MLX5_RQC_STATE_RDY enum value. The code worked since both of MLX5_RQC_STATE_RDY and MLX5_SQC_STATE_RDY have the same value today. This patch fixes this issue. Fixes: 18e568c390c6 ("net/mlx5: Hairpin pair core object setup") Change-Id: I6758aa7b4bd137966ae28206b70648c5bc223b46 Signed-off-by: Alaa Hleihel Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed commit 250ae0d46d857ed61f3e0abf584901e46bd2c638 Author: Eli Cohen Date: Sun Sep 2 12:01:53 2018 +0300 net/mlx5: Fix read from coherent memory Use accessor function READ_ONCE to read from coherent memory modified by the device and read by the driver. This becomes most important in preemptive kernels where cond_resched implementation does not have the side effect which guaranteed the updated value. Fixes: 269d26f47f6f ("net/mlx5: Reduce command polling interval") Change-Id: Ie6deeb565ffaf76777b07448c7fbcce3510bbb8a Signed-off-by: Eli Cohen Reported-by: Jesper Dangaard Brouer Signed-off-by: Saeed Mahameed commit 3918c21eacb06e3d9d43f718354cbce6703f4812 Merge: ad3273d5f1b9 5223c9c1cbfc Author: Greg Kroah-Hartman Date: Mon Sep 17 22:34:25 2018 +0200 Merge tag 'spi-fix-v4.19-rc4' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Mark writes: "spi: Fixes for v4.19 As well as one driver fix there's a couple of fixes here which address issues with the use of IDRs for allocation of dynamic bus numbers, ensuring that dynamic bus numbers interact well with static bus numbers assigned via DT and otherwise." * tag 'spi-fix-v4.19-rc4' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE spi: Fix double IDR allocation with DT aliases spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers commit 324493fba77500592bbaa66421729421f139d4b5 Author: Randy Dunlap Date: Tue Aug 14 12:02:31 2018 -0400 media: platform: fix cros-ec-cec build error Fix build when MFD_CROS_EC is not enabled but COMPILE_TEST=y. Fixes this build error: ERROR: "cros_ec_cmd_xfer_status" [drivers/media/platform/cros-ec-cec/cros-ec-cec.ko] undefined! Signed-off-by: Randy Dunlap Cc: Neil Armstrong Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab commit 2ea15030c3f0554db695f85e4760da8621c183d3 Author: Wolfram Sang Date: Tue Sep 11 15:06:26 2018 +0200 mmc: sdhi: sys_dmac: check for all Gen3 types when whitelisting Fixes: 26eb2607fa28 ("mmc: renesas_sdhi: add eMMC HS400 mode support") Signed-off-by: Wolfram Sang Reviewed-by: Simon Horman Signed-off-by: Ulf Hansson commit 196f4eeeb78f53e0a598db8f9408b6f8b270c355 Merge: c3b55e2ec9c7 75383f8d39d4 Author: Takashi Iwai Date: Mon Sep 17 18:59:21 2018 +0200 Merge tag 'asoc-v4.19-rc4' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v4.19 This is the usual set of small fixes scatterd around various drivers, plus one fix for DAPM and a UAPI build fix. There's not a huge amount that stands out here relative to anything else. commit 013ad043906b2befd4a9bfb06219ed9fedd92716 Author: Mike Snitzer Date: Thu Sep 13 21:16:20 2018 -0400 dm thin metadata: fix __udivdi3 undefined on 32-bit sector_div() is only viable for use with sector_t. dm_block_t is typedef'd to uint64_t -- so use div_u64() instead. Fixes: 3ab918281 ("dm thin metadata: try to avoid ever aborting transactions") Signed-off-by: Mike Snitzer commit c73480910e9686a5c25155cb4d418d594b678196 Author: zhong jiang Date: Mon Sep 17 18:44:19 2018 +0800 net: ethernet: Fix a unused function warning. Fix the following compile warning: drivers/net/ethernet/microchip/lan743x_main.c:2964:12: warning: ‘lan743x_pm_suspend’ defined but not used [-Wunused-function] static int lan743x_pm_suspend(struct device *dev) drivers/net/ethernet/microchip/lan743x_main.c:2987:12: warning: ‘lan743x_pm_resume’ defined but not used [-Wunused-function] static int lan743x_pm_resume(struct device *dev) Signed-off-by: zhong jiang Signed-off-by: David S. Miller commit ddca24dfcf1bec608668dd44c45d49397b70f520 Author: Andrew Lunn Date: Fri Sep 14 23:46:12 2018 +0200 net: dsa: mv88e6xxx: Fix ATU Miss Violation Fix a cut/paste error and a typo which results in ATU miss violations not being reported. Fixes: 0977644c5005 ("net: dsa: mv88e6xxx: Decode ATU problem interrupt") Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit 50c6b58a814d86a93c0f6964570f839632854044 Author: Daniel Borkmann Date: Fri Sep 14 23:00:55 2018 +0200 tls: fix currently broken MSG_PEEK behavior In kTLS MSG_PEEK behavior is currently failing, strace example: [pid 2430] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3 [pid 2430] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 4 [pid 2430] bind(4, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [pid 2430] listen(4, 10) = 0 [pid 2430] getsockname(4, {sa_family=AF_INET, sin_port=htons(38855), sin_addr=inet_addr("0.0.0.0")}, [16]) = 0 [pid 2430] connect(3, {sa_family=AF_INET, sin_port=htons(38855), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [pid 2430] setsockopt(3, SOL_TCP, 0x1f /* TCP_??? */, [7564404], 4) = 0 [pid 2430] setsockopt(3, 0x11a /* SOL_?? */, 1, "\3\0033\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 40) = 0 [pid 2430] accept(4, {sa_family=AF_INET, sin_port=htons(49636), sin_addr=inet_addr("127.0.0.1")}, [16]) = 5 [pid 2430] setsockopt(5, SOL_TCP, 0x1f /* TCP_??? */, [7564404], 4) = 0 [pid 2430] setsockopt(5, 0x11a /* SOL_?? */, 2, "\3\0033\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 40) = 0 [pid 2430] close(4) = 0 [pid 2430] sendto(3, "test_read_peek", 14, 0, NULL, 0) = 14 [pid 2430] sendto(3, "_mult_recs\0", 11, 0, NULL, 0) = 11 [pid 2430] recvfrom(5, "test_read_peektest_read_peektest"..., 64, MSG_PEEK, NULL, NULL) = 64 As can be seen from strace, there are two TLS records sent, i) 'test_read_peek' and ii) '_mult_recs\0' where we end up peeking 'test_read_peektest_read_peektest'. This is clearly wrong, and what happens is that given peek cannot call into tls_sw_advance_skb() to unpause strparser and proceed with the next skb, we end up looping over the current one, copying the 'test_read_peek' over and over into the user provided buffer. Here, we can only peek into the currently held skb (current, full TLS record) as otherwise we would end up having to hold all the original skb(s) (depending on the peek depth) in a separate queue when unpausing strparser to process next records, minimally intrusive is to return only up to the current record's size (which likely was what c46234ebb4d1 ("tls: RX path for ktls") originally intended as well). Thus, after patch we properly peek the first record: [pid 2046] wait4(2075, [pid 2075] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3 [pid 2075] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 4 [pid 2075] bind(4, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [pid 2075] listen(4, 10) = 0 [pid 2075] getsockname(4, {sa_family=AF_INET, sin_port=htons(55115), sin_addr=inet_addr("0.0.0.0")}, [16]) = 0 [pid 2075] connect(3, {sa_family=AF_INET, sin_port=htons(55115), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [pid 2075] setsockopt(3, SOL_TCP, 0x1f /* TCP_??? */, [7564404], 4) = 0 [pid 2075] setsockopt(3, 0x11a /* SOL_?? */, 1, "\3\0033\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 40) = 0 [pid 2075] accept(4, {sa_family=AF_INET, sin_port=htons(45732), sin_addr=inet_addr("127.0.0.1")}, [16]) = 5 [pid 2075] setsockopt(5, SOL_TCP, 0x1f /* TCP_??? */, [7564404], 4) = 0 [pid 2075] setsockopt(5, 0x11a /* SOL_?? */, 2, "\3\0033\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 40) = 0 [pid 2075] close(4) = 0 [pid 2075] sendto(3, "test_read_peek", 14, 0, NULL, 0) = 14 [pid 2075] sendto(3, "_mult_recs\0", 11, 0, NULL, 0) = 11 [pid 2075] recvfrom(5, "test_read_peek", 64, MSG_PEEK, NULL, NULL) = 14 Fixes: c46234ebb4d1 ("tls: RX path for ktls") Signed-off-by: Daniel Borkmann Signed-off-by: David S. Miller commit aa079bd05032bc068c28fc9111d952d67134b395 Merge: 28ea334bd165 00d7ddba1143 Author: David S. Miller Date: Mon Sep 17 07:59:41 2018 -0700 Merge branch 'hv_netvsc-associate-VF-and-PV-device-by-serial-number' Stephen Hemminger says: ==================== hv_netvsc: associate VF and PV device by serial number The Hyper-V implementation of PCI controller has concept of 32 bit serial number (not to be confused with PCI-E serial number). This value is sent in the protocol from the host to indicate SR-IOV VF device is attached to a synthetic NIC. Using the serial number (instead of MAC address) to associate the two devices avoids lots of potential problems when there are duplicate MAC addresses from tunnels or layered devices. The patch set is broken into two parts, one is for the PCI controller and the other is for the netvsc device. Normally, these go through different trees but sending them together here for better review. The PCI changes were submitted previously, but the main review comment was "why do you need this?". This is why. v2 - slot name can be shorter. remove locking when creating pci_slots; see comment for explaination ==================== Signed-off-by: David S. Miller commit 00d7ddba1143623b31bc2c15d18216e2da031b14 Author: Stephen Hemminger Date: Fri Sep 14 12:54:57 2018 -0700 hv_netvsc: pair VF based on serial number Matching network device based on MAC address is problematic since a non VF network device can be creted with a duplicate MAC address causing confusion and problems. The VMBus API does provide a serial number that is a better matching method. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller commit a15f2c08c70811f120d99288d81f70d7f3d104f1 Author: Stephen Hemminger Date: Fri Sep 14 12:54:56 2018 -0700 PCI: hv: support reporting serial number as slot information The Hyper-V host API for PCI provides a unique "serial number" which can be used as basis for sysfs PCI slot table. This can be useful for cases where userspace wants to find the PCI device based on serial number. When an SR-IOV NIC is added, the host sends an attach message with serial number. The kernel doesn't use the serial number, but it is useful when doing the same thing in a userspace driver such as the DPDK. By having /sys/bus/pci/slots/N it provides a direct way to find the matching PCI device. There maybe some cases where serial number is not unique such as when using GPU's. But the PCI slot infrastructure will handle that. This has a side effect which may also be useful. The common udev network device naming policy uses the slot information (rather than PCI address). Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller commit 28ea334bd1657f3c43485b4a8592672fc6835fac Author: Michael Chan Date: Fri Sep 14 15:41:29 2018 -0400 bnxt_en: Fix VF mac address regression. The recent commit to always forward the VF MAC address to the PF for approval may not work if the PF driver or the firmware is older. This will cause the VF driver to fail during probe: bnxt_en 0000:00:03.0 (unnamed net_device) (uninitialized): hwrm req_type 0xf seq id 0x5 error 0xffff bnxt_en 0000:00:03.0 (unnamed net_device) (uninitialized): VF MAC address 00:00:17:02:05:d0 not approved by the PF bnxt_en 0000:00:03.0: Unable to initialize mac address. bnxt_en: probe of 0000:00:03.0 failed with error -99 We fix it by treating the error as fatal only if the VF MAC address is locally generated by the VF. Fixes: 707e7e966026 ("bnxt_en: Always forward VF MAC address to the PF.") Reported-by: Seth Forshee Reported-by: Siwei Liu Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit bbd6528d28c1b8e80832b3b018ec402b6f5c3215 Author: Eric Dumazet Date: Fri Sep 14 12:02:31 2018 -0700 ipv6: fix possible use-after-free in ip6_xmit() In the unlikely case ip6_xmit() has to call skb_realloc_headroom(), we need to call skb_set_owner_w() before consuming original skb, otherwise we risk a use-after-free. Bring IPv6 in line with what we do in IPv4 to fix this. Fixes: 1da177e4c3f41 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: David S. Miller commit a7f38002fb69b44f8fc622ecb838665d0b8666af Author: Colin Ian King Date: Fri Sep 14 17:39:53 2018 +0100 net: hp100: fix always-true check for link up state The operation ~(p100_inb(VG_LAN_CFG_1) & HP100_LINK_UP) returns a value that is always non-zero and hence the wait for the link to drop always terminates prematurely. Fix this by using a logical not operator instead of a bitwise complement. This issue has been in the driver since pre-2.6.12-rc2. Detected by CoverityScan, CID#114157 ("Logical vs. bitwise operator") Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit 321cc359d899a8e988f3725d87c18a628e1cc624 Author: Nicolas Ferre Date: Fri Sep 14 17:48:11 2018 +0200 ARM: dts: at91: add new compatibility string for macb on sama5d3 We need this new compatibility string as we experienced different behavior for this 10/100Mbits/s macb interface on this particular SoC. Backward compatibility is preserved as we keep the alternative strings. Signed-off-by: Nicolas Ferre Signed-off-by: David S. Miller commit eb4ed8e2d7fecb5f40db38e4498b9ee23cddf196 Author: Nicolas Ferre Date: Fri Sep 14 17:48:10 2018 +0200 net: macb: disable scatter-gather for macb on sama5d3 Create a new configuration for the sama5d3-macb new compatibility string. This configuration disables scatter-gather because we experienced lock down of the macb interface of this particular SoC under very high load. Signed-off-by: Nicolas Ferre Signed-off-by: David S. Miller commit 41948ccb4a856dddacfbd4d789d4fa8663fe41bb Author: Antoine Tenart Date: Fri Sep 14 16:56:35 2018 +0200 net: mvpp2: let phylink manage the carrier state Net drivers using phylink shouldn't mess with the link carrier themselves and should let phylink manage it. The mvpp2 driver wasn't following this best practice as the mac_config() function made calls to change the link carrier state. This led to wrongly reported carrier link state which then triggered other issues. This patch fixes this behaviour. But the PPv2 driver relied on this misbehaviour in two cases: for fixed links and when not using phylink (ACPI mode). The later was fixed by adding an explicit call to link_up(), which when the ACPI mode will use phylink should be removed. The fixed link case was relying on the mac_config() function to set the link up, as we found an issue in phylink_start() which assumes the carrier is off. If not, the link_up() function is never called. To fix this, a call to netif_carrier_off() is added just before phylink_start() so that we do not introduce a regression in the driver. Fixes: 4bb043262878 ("net: mvpp2: phylink support") Reported-by: Russell King Signed-off-by: Antoine Tenart Signed-off-by: David S. Miller commit 8540827ebac6b654ab2f69c8fbce9e4fbd6304a0 Author: Guillaume Nault Date: Fri Sep 14 16:28:05 2018 +0200 pppoe: fix reception of frames with no mac header pppoe_rcv() needs to look back at the Ethernet header in order to lookup the PPPoE session. Therefore we need to ensure that the mac header is big enough to contain an Ethernet header. Otherwise eth_hdr(skb)->h_source might access invalid data. ================================================================== BUG: KMSAN: uninit-value in __get_item drivers/net/ppp/pppoe.c:172 [inline] BUG: KMSAN: uninit-value in get_item drivers/net/ppp/pppoe.c:236 [inline] BUG: KMSAN: uninit-value in pppoe_rcv+0xcef/0x10e0 drivers/net/ppp/pppoe.c:450 CPU: 0 PID: 4543 Comm: syz-executor355 Not tainted 4.16.0+ #87 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:683 __get_item drivers/net/ppp/pppoe.c:172 [inline] get_item drivers/net/ppp/pppoe.c:236 [inline] pppoe_rcv+0xcef/0x10e0 drivers/net/ppp/pppoe.c:450 __netif_receive_skb_core+0x47df/0x4a90 net/core/dev.c:4562 __netif_receive_skb net/core/dev.c:4627 [inline] netif_receive_skb_internal+0x49d/0x630 net/core/dev.c:4701 netif_receive_skb+0x230/0x240 net/core/dev.c:4725 tun_rx_batched drivers/net/tun.c:1555 [inline] tun_get_user+0x740f/0x7c60 drivers/net/tun.c:1962 tun_chr_write_iter+0x1d4/0x330 drivers/net/tun.c:1990 call_write_iter include/linux/fs.h:1782 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x7fb/0x9f0 fs/read_write.c:482 vfs_write+0x463/0x8d0 fs/read_write.c:544 SYSC_write+0x172/0x360 fs/read_write.c:589 SyS_write+0x55/0x80 fs/read_write.c:581 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x4447c9 RSP: 002b:00007fff64c8fc28 EFLAGS: 00000297 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004447c9 RDX: 000000000000fd87 RSI: 0000000020000600 RDI: 0000000000000004 RBP: 00000000006cf018 R08: 00007fff64c8fda8 R09: 00007fff00006bda R10: 0000000000005fe7 R11: 0000000000000297 R12: 00000000004020d0 R13: 0000000000402160 R14: 0000000000000000 R15: 0000000000000000 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline] kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:188 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:314 kmsan_slab_alloc+0x11/0x20 mm/kmsan/kmsan.c:321 slab_post_alloc_hook mm/slab.h:445 [inline] slab_alloc_node mm/slub.c:2737 [inline] __kmalloc_node_track_caller+0xaed/0x11c0 mm/slub.c:4369 __kmalloc_reserve net/core/skbuff.c:138 [inline] __alloc_skb+0x2cf/0x9f0 net/core/skbuff.c:206 alloc_skb include/linux/skbuff.h:984 [inline] alloc_skb_with_frags+0x1d4/0xb20 net/core/skbuff.c:5234 sock_alloc_send_pskb+0xb56/0x1190 net/core/sock.c:2085 tun_alloc_skb drivers/net/tun.c:1532 [inline] tun_get_user+0x2242/0x7c60 drivers/net/tun.c:1829 tun_chr_write_iter+0x1d4/0x330 drivers/net/tun.c:1990 call_write_iter include/linux/fs.h:1782 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x7fb/0x9f0 fs/read_write.c:482 vfs_write+0x463/0x8d0 fs/read_write.c:544 SYSC_write+0x172/0x360 fs/read_write.c:589 SyS_write+0x55/0x80 fs/read_write.c:581 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 ================================================================== Fixes: 224cf5ad14c0 ("ppp: Move the PPP drivers") Reported-by: syzbot+f5f6080811c849739212@syzkaller.appspotmail.com Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit f025571e96caa95ffc3c1792f762a584893de582 Author: Corentin Labbe Date: Fri Sep 14 11:20:07 2018 +0000 net: ethernet: ti: add missing GENERIC_ALLOCATOR dependency This patch mades TI_DAVINCI_CPDMA select GENERIC_ALLOCATOR. without that, the following sparc64 build failure happen drivers/net/ethernet/ti/davinci_cpdma.o: In function `cpdma_check_free_tx_desc': (.text+0x278): undefined reference to `gen_pool_avail' drivers/net/ethernet/ti/davinci_cpdma.o: In function `cpdma_chan_submit': (.text+0x340): undefined reference to `gen_pool_alloc' (.text+0x5c4): undefined reference to `gen_pool_free' drivers/net/ethernet/ti/davinci_cpdma.o: In function `__cpdma_chan_free': davinci_cpdma.c:(.text+0x64c): undefined reference to `gen_pool_free' drivers/net/ethernet/ti/davinci_cpdma.o: In function `cpdma_desc_pool_destroy.isra.6': davinci_cpdma.c:(.text+0x17ac): undefined reference to `gen_pool_size' davinci_cpdma.c:(.text+0x17b8): undefined reference to `gen_pool_avail' davinci_cpdma.c:(.text+0x1824): undefined reference to `gen_pool_size' davinci_cpdma.c:(.text+0x1830): undefined reference to `gen_pool_avail' drivers/net/ethernet/ti/davinci_cpdma.o: In function `cpdma_ctlr_create': (.text+0x19f8): undefined reference to `devm_gen_pool_create' (.text+0x1a90): undefined reference to `gen_pool_add_virt' Makefile:1011: recipe for target 'vmlinux' failed Signed-off-by: Corentin Labbe Signed-off-by: David S. Miller commit 85516a9881a31e2c7a8d10f4697f3adcccc7cef1 Author: Miquel Raynal Date: Fri Sep 7 16:35:54 2018 +0200 mtd: partitions: fix unbalanced of_node_get/put() While at first mtd_part_of_parse() would just call of_get_chil_by_name(), it has been patched to deal with sub-partitions and will now directly manipulate the node returned by mtd_get_of_node() if the MTD device is a partition. A of_node_put() was a bit below in the code, to balance the of_get_child_by_name(). However, despite its name, mtd_get_of_node() does not take a reference on the OF node. It is a simple helper hiding some pointer logic to retrieve the OF node related to an MTD device. The direct effect of such unbalanced reference counting is visible by rmmod'ing any module that would have added MTD partitions: OF: ERROR: Bad of_node_put() on As it seems normal to get a reference on the OF node during the of_property_for_each_string() that follows, add a call to of_node_get() when relevant. Fixes: 76a832254ab0 ("mtd: partitions: use DT info for parsing partitions with "compatible" prop") Cc: stable@vger.kernel.org Signed-off-by: Miquel Raynal Signed-off-by: Boris Brezillon commit 3341ba9f0f2637a51738ef5de5114e13a1cd3eca Author: Stanislaw Gruszka Date: Mon Sep 3 12:26:21 2018 +0200 mt76x0: fix remove_interface We wrongly use wcid_mask instead of vif_mask. This creates problems when the interface is removed more than 8 times, for example with iw: iw dev interface add type iw dev del This caused 'ifconfig up' to fail with error: SIOCSIFFLAGS: No space left on device Fixes: 95e444098a7b ("mt76x0: main file") Reported-and-tested-by: Sid Hayn Signed-off-by: Stanislaw Gruszka Signed-off-by: Kalle Valo commit be1277f5eb17a2e5788139eabb0b53dd04c695f3 Author: Hannes Reinecke Date: Mon Jul 16 12:58:33 2018 +0200 nvme: count all ANA groups for ANA Log page When issuing a short read on the ANA log page the number of groups should not change, even though the final returned data might contain less groups than that number. Signed-off-by: Hannes Reinecke [switched to a for loop] Signed-off-by: Christoph Hellwig commit 55066354285b36ee09dc50e2527f43a97c567177 Author: Guenter Roeck Date: Mon Sep 17 05:23:58 2018 -0700 hwmon: (nct6775) Use different register to get fan RPM for fan7 The documented register to retrieve the fan RPM for fan7 is found to be unreliable at least with NCT6796D revision 3. Let's use register 0x4ce instead. This is undocumented for NCT6796D, but documented for NCT6797D and NCT6798D and known to be working. Reported-by: Robert Kern Cc: Robert Kern Fixes: 81820059a428 ("hwmon: (nct6775) Add support for NCT6796D") Signed-off-by: Guenter Roeck commit c3b55e2ec9c76e7a0de2a0b1dc851fdc9440385b Author: Takashi Sakamoto Date: Mon Sep 17 17:26:41 2018 +0900 ALSA: fireworks: fix memory leak of response buffer at error path After allocating memory object for response buffer, ALSA fireworks driver has leak of the memory object at error path. This commit releases the object at the error path. Fixes: 7d3c1d5901aa('ALSA: fireworks: delayed registration of sound card') Cc: # v4.7+ Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai commit 1064bc685d359f549f91c2d5f111965a9284f328 Author: Takashi Sakamoto Date: Mon Sep 17 17:26:20 2018 +0900 ALSA: oxfw: fix memory leak of discovered stream formats at error path After finishing discover of stream formats, ALSA OXFW driver has memory leak of allocated memory object at error path. This commit releases the memory object at the error path. Fixes: 6c29230e2a5f ('ALSA: oxfw: delayed registration of sound card') Cc: # v4.7+ Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai commit ce925f088b979537f22f9e05eb923ef9822ca139 Author: Takashi Sakamoto Date: Mon Sep 17 17:26:08 2018 +0900 ALSA: oxfw: fix memory leak for model-dependent data at error path After allocating model-dependent data, ALSA OXFW driver has memory leak of the data at error path. This commit releases the data at the error path. Fixes: 6c29230e2a5f ('ALSA: oxfw: delayed registration of sound card') Cc: # v4.7+ Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai commit b1fbebd4164b3d170ad916dcd692cf843c9c065d Author: Takashi Sakamoto Date: Mon Sep 17 17:25:24 2018 +0900 ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path After allocating model-dependent data for M-Audio FW1814 and ProjectMix I/O, ALSA bebob driver has memory leak at error path. This commit releases the allocated data at the error path. Fixes: 04a2c73c97eb('ALSA: bebob: delayed registration of sound card') Cc: # v4.7+ Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai commit ad3273d5f1b99d7319a986ab568dcbde2f9e53dd Merge: c0747ad363ff cce6c9f7e602 Author: Greg Kroah-Hartman Date: Mon Sep 17 09:13:47 2018 +0200 Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Ted writes: Various ext4 bug fixes; primarily making ext4 more robust against maliciously crafted file systems, and some DAX fixes. * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4, dax: set ext4_dax_aops for dax files ext4, dax: add ext4_bmap to ext4_dax_aops ext4: don't mark mmp buffer head dirty ext4: show test_dummy_encryption mount option in /proc/mounts ext4: close race between direct IO and ext4_break_layouts() ext4: fix online resizing for bigalloc file systems with a 1k block size ext4: fix online resize's handling of a too-small final block group ext4: recalucate superblock checksum after updating free blocks/inodes ext4: avoid arithemetic overflow that can trigger a BUG ext4: avoid divide by zero fault when deleting corrupted inline directories ext4: check to make sure the rename(2)'s destination is not freed ext4: add nonstring annotations to ext4.h commit 83e32a5910772e1475d3640a429b7686695f04d1 Author: Xuewei Zhang Date: Thu Sep 6 13:37:19 2018 -0700 scsi: sd: Contribute to randomness when running rotational device Currently a scsi device won't contribute to kernel randomness when it uses blk-mq. Since we commonly use scsi on rotational device with blk-mq, it make sense to keep contributing to kernel randomness in these cases. This is especially important for virtual machines. commit b5b6e8c8d3b4 ("scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity") made all virtio-scsi device to use blk-mq, which does not contribute to randomness today. So for a virtual machine only having virtio-scsi disk (which is common), it will simple stop getting randomness from its disks in today's implementation. With this patch, if the above VM has rotational virtio-scsi device, then it can still benefit from the entropy generated from the disk. Reported-by: Xuewei Zhang Signed-off-by: Xuewei Zhang Reviewed-by: Ming Lei Reviewed-by: Maciej Żenczykowski Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit adad633af7b970bfa5dd1b624a4afc83cac9b235 Author: Laura Abbott Date: Tue Sep 11 12:22:26 2018 -0700 scsi: ibmvscsis: Ensure partition name is properly NUL terminated While reviewing another part of the code, Kees noticed that the strncpy of the partition name might not always be NUL terminated. Switch to using strscpy which does this safely. Reported-by: Kees Cook Signed-off-by: Laura Abbott Reviewed-by: Kees Cook Signed-off-by: Martin K. Petersen commit d792d4c4fc866ae224b0b0ca2aabd87d23b4d6cc Author: Laura Abbott Date: Tue Sep 11 12:22:25 2018 -0700 scsi: ibmvscsis: Fix a stringop-overflow warning There's currently a warning about string overflow with strncat: drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c: In function 'ibmvscsis_probe': drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:3479:2: error: 'strncat' specified bound 64 equals destination size [-Werror=stringop-overflow=] strncat(vscsi->eye, vdev->name, MAX_EYE); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Switch to a single snprintf instead of a strcpy + strcat to handle this cleanly. Signed-off-by: Laura Abbott Suggested-by: Kees Cook Signed-off-by: Martin K. Petersen commit f14040bca89258b8a1c71e2112e430462172ce93 Author: Michael Neuling Date: Thu Sep 13 15:33:47 2018 +1000 KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds When we come into the softpatch handler (0x1500), we use r11 to store the HSRR0 for later use by the denorm handler. We also use the softpatch handler for the TM workarounds for POWER9. Unfortunately, in kvmppc_interrupt_hv we later store r11 out to the vcpu assuming it's still what we got from userspace. This causes r11 to be corrupted in the VCPU and hence when we restore the guest, we get a corrupted r11. We've seen this when running TM tests inside guests on P9. This fixes the problem by only touching r11 in the denorm case. Fixes: 4bb3c7a020 ("KVM: PPC: Book3S HV: Work around transactional memory bugs in POWER9") Cc: # 4.17+ Test-by: Suraj Jitindar Singh Reviewed-by: Paul Mackerras Signed-off-by: Michael Neuling Signed-off-by: Michael Ellerman commit c0747ad363fff90c2edf490fc089e3ae0920b410 Merge: 7876320f8880 a987785dcd6c Author: Greg Kroah-Hartman Date: Mon Sep 17 07:24:28 2018 +0200 Merge tag 'linux-kselftest-4.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pulled kselftest fixes from Shuah: "This Kselftest fixes update for 4.9-rc5 consists of: -- fixes to build failures -- fixes to add missing config files to increase test coverage -- fixes to cgroup test and a new cgroup test for memory.oom.group" commit 0376d5dce0aa174e5e4cd8b8644a9ea40b9657f9 Merge: 4bf9ffa0fb57 4c3d795cb012 Author: David S. Miller Date: Sun Sep 16 17:47:03 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Daniel Borkmann says: ==================== pull-request: bpf 2018-09-16 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Fix end boundary calculation in BTF for the type section, from Martin. 2) Fix and revert subtraction of pointers that was accidentally allowed for unprivileged programs, from Alexei. 3) Fix bpf_msg_pull_data() helper by using __GFP_COMP in order to avoid a warning in linearizing sg pages into a single one for large allocs, from Tushar. ==================== Signed-off-by: David S. Miller commit 4bf9ffa0fb5744ed40d7348c24fa9ae398b1d603 Author: Toshiaki Makita Date: Fri Sep 14 13:33:44 2018 +0900 veth: Orphan skb before GRO GRO expects skbs not to be owned by sockets, but when XDP is enabled veth passed skbs owned by sockets. It caused corrupted sk_wmem_alloc. Paolo Abeni reported the following splat: [ 362.098904] refcount_t overflow at skb_set_owner_w+0x5e/0xa0 in iperf3[1644], uid/euid: 0/0 [ 362.108239] WARNING: CPU: 0 PID: 1644 at kernel/panic.c:648 refcount_error_report+0xa0/0xa4 [ 362.117547] Modules linked in: tcp_diag inet_diag veth intel_rapl sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_cstate intel_uncore intel_rapl_perf ipmi_ssif iTCO_wdt sg ipmi_si iTCO_vendor_support ipmi_devintf mxm_wmi ipmi_msghandler pcspkr dcdbas mei_me wmi mei lpc_ich acpi_power_meter pcc_cpufreq xfs libcrc32c sd_mod mgag200 drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ixgbe igb ttm ahci mdio libahci ptp crc32c_intel drm pps_core libata i2c_algo_bit dca dm_mirror dm_region_hash dm_log dm_mod [ 362.176622] CPU: 0 PID: 1644 Comm: iperf3 Not tainted 4.19.0-rc2.vanilla+ #2025 [ 362.184777] Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.1.7 06/16/2016 [ 362.193124] RIP: 0010:refcount_error_report+0xa0/0xa4 [ 362.198758] Code: 08 00 00 48 8b 95 80 00 00 00 49 8d 8c 24 80 0a 00 00 41 89 c1 44 89 2c 24 48 89 de 48 c7 c7 18 4d e7 9d 31 c0 e8 30 fa ff ff <0f> 0b eb 88 0f 1f 44 00 00 55 48 89 e5 41 56 41 55 41 54 49 89 fc [ 362.219711] RSP: 0018:ffff9ee6ff603c20 EFLAGS: 00010282 [ 362.225538] RAX: 0000000000000000 RBX: ffffffff9de83e10 RCX: 0000000000000000 [ 362.233497] RDX: 0000000000000001 RSI: ffff9ee6ff6167d8 RDI: ffff9ee6ff6167d8 [ 362.241457] RBP: ffff9ee6ff603d78 R08: 0000000000000490 R09: 0000000000000004 [ 362.249416] R10: 0000000000000000 R11: ffff9ee6ff603990 R12: ffff9ee664b94500 [ 362.257377] R13: 0000000000000000 R14: 0000000000000004 R15: ffffffff9de615f9 [ 362.265337] FS: 00007f1d22d28740(0000) GS:ffff9ee6ff600000(0000) knlGS:0000000000000000 [ 362.274363] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 362.280773] CR2: 00007f1d222f35d0 CR3: 0000001fddfec003 CR4: 00000000001606f0 [ 362.288733] Call Trace: [ 362.291459] [ 362.293702] ex_handler_refcount+0x4e/0x80 [ 362.298269] fixup_exception+0x35/0x40 [ 362.302451] do_trap+0x109/0x150 [ 362.306048] do_error_trap+0xd5/0x130 [ 362.315766] invalid_op+0x14/0x20 [ 362.319460] RIP: 0010:skb_set_owner_w+0x5e/0xa0 [ 362.324512] Code: ef ff ff 74 49 48 c7 43 60 20 7b 4a 9d 8b 85 f4 01 00 00 85 c0 75 16 8b 83 e0 00 00 00 f0 01 85 44 01 00 00 0f 88 d8 23 16 00 <5b> 5d c3 80 8b 91 00 00 00 01 8b 85 f4 01 00 00 89 83 a4 00 00 00 [ 362.345465] RSP: 0018:ffff9ee6ff603e20 EFLAGS: 00010a86 [ 362.351291] RAX: 0000000000001100 RBX: ffff9ee65deec700 RCX: ffff9ee65e829244 [ 362.359250] RDX: 0000000000000100 RSI: ffff9ee65e829100 RDI: ffff9ee65deec700 [ 362.367210] RBP: ffff9ee65e829100 R08: 000000000002a380 R09: 0000000000000000 [ 362.375169] R10: 0000000000000002 R11: fffff1a4bf77bb00 R12: ffffc0754661d000 [ 362.383130] R13: ffff9ee65deec200 R14: ffff9ee65f597000 R15: 00000000000000aa [ 362.391092] veth_xdp_rcv+0x4e4/0x890 [veth] [ 362.399357] veth_poll+0x4d/0x17a [veth] [ 362.403731] net_rx_action+0x2af/0x3f0 [ 362.407912] __do_softirq+0xdd/0x29e [ 362.411897] do_softirq_own_stack+0x2a/0x40 [ 362.416561] [ 362.418899] do_softirq+0x4b/0x70 [ 362.422594] __local_bh_enable_ip+0x50/0x60 [ 362.427258] ip_finish_output2+0x16a/0x390 [ 362.431824] ip_output+0x71/0xe0 [ 362.440670] __tcp_transmit_skb+0x583/0xab0 [ 362.445333] tcp_write_xmit+0x247/0xfb0 [ 362.449609] __tcp_push_pending_frames+0x2d/0xd0 [ 362.454760] tcp_sendmsg_locked+0x857/0xd30 [ 362.459424] tcp_sendmsg+0x27/0x40 [ 362.463216] sock_sendmsg+0x36/0x50 [ 362.467104] sock_write_iter+0x87/0x100 [ 362.471382] __vfs_write+0x112/0x1a0 [ 362.475369] vfs_write+0xad/0x1a0 [ 362.479062] ksys_write+0x52/0xc0 [ 362.482759] do_syscall_64+0x5b/0x180 [ 362.486841] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 362.492473] RIP: 0033:0x7f1d22293238 [ 362.496458] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 c5 54 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55 [ 362.517409] RSP: 002b:00007ffebaef8008 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 362.525855] RAX: ffffffffffffffda RBX: 0000000000002800 RCX: 00007f1d22293238 [ 362.533816] RDX: 0000000000002800 RSI: 00007f1d22d36000 RDI: 0000000000000005 [ 362.541775] RBP: 00007f1d22d36000 R08: 00000002db777a30 R09: 0000562b70712b20 [ 362.549734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 362.557693] R13: 0000000000002800 R14: 00007ffebaef8060 R15: 0000562b70712260 In order to avoid this, orphan the skb before entering GRO. Fixes: 948d4f214fde ("veth: Add driver XDP") Reported-by: Paolo Abeni Signed-off-by: Toshiaki Makita Tested-by: Paolo Abeni Signed-off-by: David S. Miller commit 978298888e3efb4fd7ff9bf2b9ed6f8de4a1312e Merge: edf2ef724280 eb63f2964dbe Author: David S. Miller Date: Sun Sep 16 15:27:44 2018 -0700 Merge branch 'udp-add-missing-check-on-edumx-rx-path' Paolo Abeni says: ==================== udp: add missing check on edumx rx path The early demux RX path for the UDP protocol is currently missing some checks. Both ipv4 and ipv6 implementations lack checksum conversion and the ipv6 implementation additionally lack the zero checksum validation. The first patch takes care of UDPv4 and the second one of UDPv6 ==================== Signed-off-by: David S. Miller commit eb63f2964dbe36f26deac77d3016791675821ded Author: Paolo Abeni Date: Thu Sep 13 16:27:21 2018 +0200 udp6: add missing checks on edumux packet processing Currently the UDPv6 early demux rx code path lacks some mandatory checks, already implemented into the normal RX code path - namely the checksum conversion and no_check6_rx check. Similar to the previous commit, we move the common processing to an UDPv6 specific helper and call it from both edemux code path and normal code path. In respect to the UDPv4, we need to add an explicit check for non zero csum according to no_check6_rx value. Reported-by: Jianlin Shi Suggested-by: Xin Long Fixes: c9f2c1ae123a ("udp6: fix socket leak on early demux") Fixes: 2abb7cdc0dc8 ("udp: Add support for doing checksum unnecessary conversion") Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller commit 2b5a921740a55c00223a797d075b9c77c42cb171 Author: Paolo Abeni Date: Thu Sep 13 16:27:20 2018 +0200 udp4: fix IP_CMSG_CHECKSUM for connected sockets commit 2abb7cdc0dc8 ("udp: Add support for doing checksum unnecessary conversion") left out the early demux path for connected sockets. As a result IP_CMSG_CHECKSUM gives wrong values for such socket when GRO is not enabled/available. This change addresses the issue by moving the csum conversion to a common helper and using such helper in both the default and the early demux rx path. Fixes: 2abb7cdc0dc8 ("udp: Add support for doing checksum unnecessary conversion") Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller commit edf2ef7242805e53ec2e0841db26e06d8bc7da70 Author: Jongsung Kim Date: Thu Sep 13 18:32:21 2018 +0900 stmmac: fix valid numbers of unicast filter entries Synopsys DWC Ethernet MAC can be configured to have 1..32, 64, or 128 unicast filter entries. (Table 7-8 MAC Address Registers from databook) Fix dwmac1000_validate_ucast_entries() to accept values between 1 and 32 in addition. Signed-off-by: Jongsung Kim Signed-off-by: David S. Miller commit 7876320f88802b22d4e2daf7eb027dd14175a0f8 Author: Linus Torvalds Date: Sun Sep 16 11:52:37 2018 -0700 Linux 4.19-rc4 commit 8a104f8b5867c682d994ffa7a74093c54469c11f Author: Greg Kroah-Hartman Date: Sat Sep 15 20:26:44 2018 +0200 Code of Conduct: Let's revamp it. The Code of Conflict is not achieving its implicit goal of fostering civility and the spirit of 'be excellent to each other'. Explicit guidelines have demonstrated success in other projects and other areas of the kernel. Here is a Code of Conduct statement for the wider kernel. It is based on the Contributor Covenant as described at www.contributor-covenant.org From this point forward, we should abide by these rules in order to help make the kernel community a welcoming environment to participate in. Signed-off-by: Chris Mason Signed-off-by: Dan Williams Signed-off-by: Jonathan Corbet Signed-off-by: Olof Johansson Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Greg Kroah-Hartman Signed-off-by: Linus Torvalds commit cce6c9f7e6029caee45c459db5b3e78fec6973cb Author: Toshi Kani Date: Sat Sep 15 21:37:59 2018 -0400 ext4, dax: set ext4_dax_aops for dax files Sync syscall to DAX file needs to flush processor cache, but it currently does not flush to existing DAX files. This is because 'ext4_da_aops' is set to address_space_operations of existing DAX files, instead of 'ext4_dax_aops', since S_DAX flag is set after ext4_set_aops() in the open path. New file -------- lookup_open ext4_create __ext4_new_inode ext4_set_inode_flags // Set S_DAX flag ext4_set_aops // Set aops to ext4_dax_aops Existing file ------------- lookup_open ext4_lookup ext4_iget ext4_set_aops // Set aops to ext4_da_aops ext4_set_inode_flags // Set S_DAX flag Change ext4_iget() to initialize i_flags before ext4_set_aops(). Fixes: 5f0663bb4a64 ("ext4, dax: introduce ext4_dax_aops") Signed-off-by: Toshi Kani Signed-off-by: Theodore Ts'o Suggested-by: Jan Kara Cc: stable@vger.kernel.org commit 94dbb63117e82253c9592816aa4465f0a9c94850 Author: Toshi Kani Date: Sat Sep 15 21:23:41 2018 -0400 ext4, dax: add ext4_bmap to ext4_dax_aops Ext4 mount path calls .bmap to the journal inode. This currently works for the DAX mount case because ext4_iget() always set 'ext4_da_aops' to any regular files. In preparation to fix ext4_iget() to set 'ext4_dax_aops' for ext4 DAX files, add ext4_bmap() to 'ext4_dax_aops', since bmap works for DAX inodes. Fixes: 5f0663bb4a64 ("ext4, dax: introduce ext4_dax_aops") Signed-off-by: Toshi Kani Signed-off-by: Theodore Ts'o Suggested-by: Jan Kara Cc: stable@vger.kernel.org commit f6de298806d9cbc63a4907bca34a06162b9d7dce Author: Guenter Roeck Date: Thu Sep 13 20:01:12 2018 -0700 hwmon: (nct6775) Fix RPM output for fan7 on NCT6796D fan7 on NCT6796D does not have a fan count register; it only has an RPM register. Switch to using RPM registers to read the fan speed for all chips supporting it to solve the problem for good. Reported-by: Robert Kern Cc: Robert Kern Fixes: 81820059a428 ("hwmon: (nct6775) Add support for NCT6796D") Signed-off-by: Guenter Roeck commit fe18d649891d813964d3aaeebad873f281627fbc Author: Li Dongyang Date: Sat Sep 15 17:11:25 2018 -0400 ext4: don't mark mmp buffer head dirty Marking mmp bh dirty before writing it will make writeback pick up mmp block later and submit a write, we don't want the duplicate write as kmmpd thread should have full control of reading and writing the mmp block. Another reason is we will also have random I/O error on the writeback request when blk integrity is enabled, because kmmpd could modify the content of the mmp block(e.g. setting new seq and time) while the mmp block is under I/O requested by writeback. Signed-off-by: Li Dongyang Signed-off-by: Theodore Ts'o Reviewed-by: Andreas Dilger Cc: stable@vger.kernel.org commit 6a1cac56f41f9ea94e440dfcc1cac44b41a1b194 Author: Brijesh Singh Date: Fri Sep 14 08:45:59 2018 -0500 x86/kvm: Use __bss_decrypted attribute in shared variables The recent removal of the memblock dependency from kvmclock caused a SEV guest regression because the wall_clock and hv_clock_boot variables are no longer mapped decrypted when SEV is active. Use the __bss_decrypted attribute to put the static wall_clock and hv_clock_boot in the .bss..decrypted section so that they are mapped decrypted during boot. In the preparatory stage of CPU hotplug, the per-cpu pvclock data pointer assigns either an element of the static array or dynamically allocated memory for the pvclock data pointer. The static array are now mapped decrypted but the dynamically allocated memory is not mapped decrypted. However, when SEV is active this memory range must be mapped decrypted. Add a function which is called after the page allocator is up, and allocate memory for the pvclock data pointers for the all possible cpus. Map this memory range as decrypted when SEV is active. Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency") Suggested-by: Thomas Gleixner Signed-off-by: Brijesh Singh Signed-off-by: Thomas Gleixner Cc: Tom Lendacky Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: Sean Christopherson Cc: "Radim Krčmář" Cc: kvm@vger.kernel.org Link: https://lkml.kernel.org/r/1536932759-12905-3-git-send-email-brijesh.singh@amd.com commit b3f0907c71e006e12fde74ea9a745b6096b6f90f Author: Brijesh Singh Date: Fri Sep 14 08:45:58 2018 -0500 x86/mm: Add .bss..decrypted section to hold shared variables kvmclock defines few static variables which are shared with the hypervisor during the kvmclock initialization. When SEV is active, memory is encrypted with a guest-specific key, and if the guest OS wants to share the memory region with the hypervisor then it must clear the C-bit before sharing it. Currently, we use kernel_physical_mapping_init() to split large pages before clearing the C-bit on shared pages. But it fails when called from the kvmclock initialization (mainly because the memblock allocator is not ready that early during boot). Add a __bss_decrypted section attribute which can be used when defining such shared variable. The so-defined variables will be placed in the .bss..decrypted section. This section will be mapped with C=0 early during boot. The .bss..decrypted section has a big chunk of memory that may be unused when memory encryption is not active, free it when memory encryption is not active. Suggested-by: Thomas Gleixner Signed-off-by: Brijesh Singh Signed-off-by: Thomas Gleixner Cc: Tom Lendacky Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Radim Krčmář Cc: kvm@vger.kernel.org Link: https://lkml.kernel.org/r/1536932759-12905-2-git-send-email-brijesh.singh@amd.com commit 338affb548c243d2af25b1ca628e67819350de6b Author: Eric Biggers Date: Sat Sep 15 14:28:26 2018 -0400 ext4: show test_dummy_encryption mount option in /proc/mounts When in effect, add "test_dummy_encryption" to _ext4_show_options() so that it is shown in /proc/mounts and other relevant procfs files. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org commit 27c5a778dfe23d1de8d9ebfbc6a54595a79ac709 Merge: 4314daa55b4d 002b87d2aace Author: Linus Torvalds Date: Sat Sep 15 08:02:46 2018 -1000 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingol Molnar: "Misc fixes: - EFI crash fix - Xen PV fixes - do not allow PTI on 2-level 32-bit kernels for now - documentation fix" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/APM: Fix build warning when PROC_FS is not enabled Revert "x86/mm/legacy: Populate the user page-table with user pgd's" x86/efi: Load fixmap GDT in efi_call_phys_epilog() before setting %cr3 x86/xen: Disable CPU0 hotplug for Xen PV x86/EISA: Don't probe EISA bus for Xen PV guests x86/doc: Fix Documentation/x86/earlyprintk.txt commit 4314daa55b4ddc2dc1c28a3835b484de33ffbfdd Merge: c0be92b5b14b 882a78a9f39f Author: Linus Torvalds Date: Sat Sep 15 08:00:37 2018 -1000 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fixes from Ingo Molnar: "Misc fixes: various scheduler metrics corner case fixes, a sched_features deadlock fix, and a topology fix for certain NUMA systems" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/fair: Fix kernel-doc notation warning sched/fair: Fix load_balance redo for !imbalance sched/fair: Fix scale_rt_capacity() for SMT sched/fair: Fix vruntime_normalized() for remote non-migration wakeup sched/pelt: Fix update_blocked_averages() for RT and DL classes sched/topology: Set correct NUMA topology type sched/debug: Fix potential deadlock when writing to sched_features commit c0be92b5b14bc6928363527602dabff57875473a Merge: ca062f8df5d1 cb48b6a26cac Author: Linus Torvalds Date: Sat Sep 15 06:44:32 2018 -1000 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "Mostly tooling fixes, but also breakpoint and x86 PMU driver fixes" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (23 commits) perf tools: Fix maps__find_symbol_by_name() tools headers uapi: Update tools's copy of linux/if_link.h tools headers uapi: Update tools's copy of linux/vhost.h tools headers uapi: Update tools's copies of kvm headers tools headers uapi: Update tools's copy of drm/drm.h tools headers uapi: Update tools's copy of asm-generic/unistd.h tools headers uapi: Update tools's copy of linux/perf_event.h perf/core: Force USER_DS when recording user stack data perf/UAPI: Clearly mark __PERF_SAMPLE_CALLCHAIN_EARLY as internal use perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs perf annotate: Fix parsing aarch64 branch instructions after objdump update perf probe powerpc: Ignore SyS symbols irrespective of endianness perf event-parse: Use fixed size string for comms perf util: Fix bad memory access in trace info. perf tools: Streamline bpf examples and headers installation perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() perf arm64: Fix include path for asm-generic/unistd.h perf/hw_breakpoint: Simplify breakpoint enable in perf_event_modify_breakpoint perf/hw_breakpoint: Enable breakpoint in modify_user_hw_breakpoint perf/hw_breakpoint: Remove superfluous bp->attr.disabled = 0 ... commit ca062f8df5d13e3a5c029449a12c20ac5069c094 Merge: 3a5af36b6d0e 0b405c65ad45 Author: Linus Torvalds Date: Sat Sep 15 06:39:09 2018 -1000 Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull locking fixes from Ingo Molnar: "Misc fixes: liblockdep fixes and ww_mutex fixes" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: locking/ww_mutex: Fix spelling mistake "cylic" -> "cyclic" locking/lockdep: Delete unnecessary #include tools/lib/lockdep: Add dummy task_struct state member tools/lib/lockdep: Add empty nmi.h tools/lib/lockdep: Update Sasha Levin email to MSFT jump_label: Fix typo in warning message locking/mutex: Fix mutex debug call and ww_mutex documentation commit 37196ba4ae95a2077d78715eb12e879e57613d43 Author: Guenter Roeck Date: Thu Sep 13 19:43:58 2018 -0700 hwmon: (nct6775) Fix virtual temperature sources for NCT6796D The following kernel log message is reported for the nct6775 driver on ASUS WS X299 SAGE. nct6775: Found NCT6796D or compatible chip at 0x2e:0x290 nct6775 nct6775.656: Invalid temperature source 11 at index 0, source register 0x100, temp register 0x73 nct6775 nct6775.656: Invalid temperature source 11 at index 2, source register 0x300, temp register 0x77 nct6775 nct6775.656: Invalid temperature source 11 at index 3, source register 0x800, temp register 0x79 nct6775 nct6775.656: Invalid temperature source 11 at index 4, source register 0x900, temp register 0x7b A recent version of the datasheet lists temperature source 11 as reserved. However, an older version of the datasheet lists temperature sources 10 and 11 as supported virtual temperature sources. Apparently the older version of the datasheet is correct, so list those temperature sources as supported. Virtual temperature sources are different than other temperature sources: Values are not read from a temperature sensor, but written either from BIOS or an embedded controller. As such, each virtual temperature has to be reported. Since there is now more than one temperature source, we have to keep virtual temperature sources in a chip-specific mask and can no longer rely on the assumption that there is only one virtual temperature source with a fixed index. This accounts for most of the complexity of this patch. Reported-by: Robert Kern Cc: Robert Kern Fixes: 81820059a428 ("hwmon: (nct6775) Add support for NCT6796D") Signed-off-by: Guenter Roeck commit 002b87d2aace62b4f3841c3aa43309d2380092be Author: Randy Dunlap Date: Fri Sep 14 15:10:29 2018 -0700 x86/APM: Fix build warning when PROC_FS is not enabled Fix build warning in apm_32.c when CONFIG_PROC_FS is not enabled: ../arch/x86/kernel/apm_32.c:1643:12: warning: 'proc_apm_show' defined but not used [-Wunused-function] static int proc_apm_show(struct seq_file *m, void *v) Fixes: 3f3942aca6da ("proc: introduce proc_create_single{,_data}") Signed-off-by: Randy Dunlap Signed-off-by: Thomas Gleixner Reviewed-by: Christoph Hellwig Cc: Jiri Kosina Link: https://lkml.kernel.org/r/be39ac12-44c2-4715-247f-4dcc3c525b8b@infradead.org commit cf51e4b9c34407bf0c3d9b582b7837e047e1df47 Author: Masahiro Yamada Date: Thu Sep 13 14:58:49 2018 +0900 mtd: rawnand: denali: fix a race condition when DMA is kicked I thought the read-back of the DMA_ENABLE register was unnecessary (at least it is working on my boards), then deleted it in commit 586a2c52909d ("mtd: nand: denali: squash denali_enable_dma() helper into caller"). Sorry, I was wrong - it caused a timing issue on Cyclone5 SoCFPGAs. Revive the register read-back, commenting why this is necessary. Fixes: 586a2c52909d ("mtd: nand: denali: squash denali_enable_dma() helper into caller") Cc: Reported-by: Steffen Trumtrar Signed-off-by: Masahiro Yamada Reviewed-by: Miquel Raynal Signed-off-by: Boris Brezillon commit 3a5af36b6d0e4a42ec2a8552ace87edbe2a90ae4 Merge: 589109df3184 097f5863b1a0 Author: Linus Torvalds Date: Fri Sep 14 19:33:42 2018 -1000 Merge tag '4.19-rc3-smb3-cifs' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fixes from Steve French: "Fixes for four CIFS/SMB3 potential pointer overflow issues, one minor build fix, and a build warning cleanup" * tag '4.19-rc3-smb3-cifs' of git://git.samba.org/sfrench/cifs-2.6: cifs: read overflow in is_valid_oplock_break() cifs: integer overflow in in SMB2_ioctl() CIFS: fix wrapping bugs in num_entries() cifs: prevent integer overflow in nxt_dir_entry() fs/cifs: require sha512 fs/cifs: suppress a string overflow warning commit 589109df31843384f410ba09f6b8383464408d1e Merge: 5b945fd2c34c 9f0c5124f4a8 Author: Linus Torvalds Date: Fri Sep 14 19:25:28 2018 -1000 Merge tag 'nfs-for-4.19-2' of git://git.linux-nfs.org/projects/anna/linux-nfs Pull NFS client bugfixes from Anna Schumaker: "These are a handful of fixes for problems that Trond found. Patch #1 and #3 have the same name, a second issue was found after applying the first patch. Stable bugfixes: - v4.17+: Fix tracepoint Oops in initiate_file_draining() - v4.11+: Fix an infinite loop on I/O Other fixes: - Return errors if a waiting layoutget is killed - Don't open code clearing of delegation state" * tag 'nfs-for-4.19-2' of git://git.linux-nfs.org/projects/anna/linux-nfs: NFS: Don't open code clearing of delegation state NFSv4.1 fix infinite loop on I/O. NFSv4: Fix a tracepoint Oops in initiate_file_draining() pNFS: Ensure we return the error if someone kills a waiting layoutget NFSv4: Fix a tracepoint Oops in initiate_file_draining() commit 5b945fd2c34c6324752fc793266b4598a307d765 Merge: 090b75bcba62 b1f4ff74fcb0 Author: Linus Torvalds Date: Fri Sep 14 17:31:02 2018 -1000 Merge tag 'trace-v4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fix from Steven Rostedt: "This fixes an issue with the build system caused by a change that modifies CC_FLAGS_FTRACE. The issue is that it breaks the dependencies and causes "make targz-pkg" to rebuild the entire world" * tag 'trace-v4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing/Makefile: Fix handling redefinition of CC_FLAGS_FTRACE commit 090b75bcba62e8e0e43c8acdbc230d26c5b731dc Merge: d7c0268090e2 e54192b48da7 Author: Linus Torvalds Date: Fri Sep 14 13:03:17 2018 -1000 Merge tag 'devicetree-fixes-for-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux Pull DeviceTree fix from Rob Herring: "One regression for a 20 year old PowerMac: - Fix a regression on systems having a DT without any phandles which happens on a PowerMac G3" * tag 'devicetree-fixes-for-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: of: fix phandle cache creation for DTs with no phandles commit d7c0268090e23f3517c7b7555d3f4f9d73580f96 Merge: eae4f8851f35 58a575699040 Author: Linus Torvalds Date: Fri Sep 14 13:01:06 2018 -1000 Merge tag 'for-linus-4.19c-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fixes from Juergen Gross: "This contains some minor cleanups and fixes: - a new knob for controlling scrubbing of pages returned by the Xen balloon driver to the Xen hypervisor to address a boot performance issue seen in large guests booted pre-ballooned - a fix of a regression in the gntdev driver which made it impossible to use fully virtualized guests (HVM guests) with a 4.19 based dom0 - a fix in Xen cpu hotplug functionality which could be triggered by wrong admin commands (setting number of active vcpus to 0) One further note: the patches have all been under test for several days in another branch. This branch has been rebased in order to avoid merge conflicts" * tag 'for-linus-4.19c-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen/gntdev: fix up blockable calls to mn_invl_range_start xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage xen: avoid crash in disable_hotplug_cpu xen/balloon: add runtime control for scrubbing ballooned out pages xen/manage: don't complain about an empty value in control/sysrq node commit eae4f8851f35ceb75f56a861659800c33603a476 Merge: 3e153256d9f1 4a7f50f78c22 Author: Linus Torvalds Date: Fri Sep 14 12:56:42 2018 -1000 Merge tag 'xtensa-20180914' of git://github.com/jcmvbkbc/linux-xtensa Pull Xtensa fixes and cleanups from Max Filippov: - don't allocate memory in platform_setup as the memory allocator is not initialized at that point yet; - remove unnecessary ifeq KBUILD_SRC from arch/xtensa/Makefile; - enable SG chaining in arch/xtensa/Kconfig. * tag 'xtensa-20180914' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: enable SG chaining in Kconfig xtensa: remove unnecessary KBUILD_SRC ifeq conditional xtensa: ISS: don't allocate memory in platform_setup commit 3e153256d9f18b0568fb568958db2d3f83a5365c Merge: f3c0b8ce4840 500dd232449e Author: Linus Torvalds Date: Fri Sep 14 12:42:02 2018 -1000 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "The trickle of arm64 fixes continues to come in. Nothing that's the end of the world, but we've got a fix for PCI IO port accesses, an accidental naked "asm goto" and a fix to the vmcoreinfo PT_NOTE merged this time around which we'd like to get sorted before it becomes ABI. - Fix ioport_map() mapping the wrong physical address for some I/O BARs - Remove direct use of "asm goto", since some compilers don't like that - Ensure kimage_voffset is always present in vmcoreinfo PT_NOTE" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO arm64: kernel: arch_crash_save_vmcoreinfo() should depend on CONFIG_CRASH_CORE arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" commit 9f0c5124f4a82503ee5d55c60b0b9c6afc3af68b Author: Trond Myklebust Date: Wed Sep 5 14:07:15 2018 -0400 NFS: Don't open code clearing of delegation state Add a helper for the case when the nfs4 open state has been set to use a delegation stateid, and we want to revert to using the open stateid. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 994b15b983a72e1148a173b61e5b279219bb45ae Author: Trond Myklebust Date: Wed Sep 5 14:07:14 2018 -0400 NFSv4.1 fix infinite loop on I/O. The previous fix broke recovery of delegated stateids because it assumes that if we did not mark the delegation as suspect, then the delegation has effectively been revoked, and so it removes that delegation irrespectively of whether or not it is valid and still in use. While this is "mostly harmless" for ordinary I/O, we've seen pNFS fail with LAYOUTGET spinning in an infinite loop while complaining that we're using an invalid stateid (in this case the all-zero stateid). What we rather want to do here is ensure that the delegation is always correctly marked as needing testing when that is the case. So we want to close the loophole offered by nfs4_schedule_stateid_recovery(), which marks the state as needing to be reclaimed, but not the delegation that may be backing it. Fixes: 0e3d3e5df07dc ("NFSv4.1 fix infinite loop on IO BAD_STATEID error") Signed-off-by: Trond Myklebust Cc: stable@vger.kernel.org # v4.11+ Signed-off-by: Anna Schumaker commit 2edaead69e7573f35e8d5dc20938e41eacc21b35 Author: Trond Myklebust Date: Wed Sep 5 14:07:13 2018 -0400 NFSv4: Fix a tracepoint Oops in initiate_file_draining() Now that the value of 'ino' can be NULL or an ERR_PTR(), we need to change the test in the tracepoint. Fixes: ce5624f7e6675 ("NFSv4: Return NFS4ERR_DELAY when a layout fails...") Signed-off-by: Trond Myklebust Cc: stable@vger.kernel.org # v4.17+ Signed-off-by: Anna Schumaker commit d03360aaf5ccac49581960bd736258c62972b88b Author: Trond Myklebust Date: Wed Sep 5 14:07:12 2018 -0400 pNFS: Ensure we return the error if someone kills a waiting layoutget If someone interrupts a wait on one or more outstanding layoutgets in pnfs_update_layout() then return the ERESTARTSYS/EINTR error. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 2a534a7473bf4e7f1c12805113f80c795fc8e89a Author: Trond Myklebust Date: Thu Aug 23 11:02:49 2018 -0400 NFSv4: Fix a tracepoint Oops in initiate_file_draining() Now that the value of 'ino' can be NULL or an ERR_PTR(), we need to change the test in the tracepoint. Fixes: ce5624f7e6675 ("NFSv4: Return NFS4ERR_DELAY when a layout fails...") Signed-off-by: Trond Myklebust Cc: stable@vger.kernel.org # v4.17+ Signed-off-by: Anna Schumaker commit 7c2020c3022dfa6801d420b55ef0c507322d2c60 Author: Colin Ian King Date: Fri Sep 14 12:27:27 2018 +0100 ARC: fix spelling mistake "entires" -> "entries" Trivial fix to spelling mistake in Kconfig Signed-off-by: Colin Ian King Signed-off-by: Vineet Gupta commit 1a866306e0fbf3caab168c1389e4497702749441 Author: Lucas Stach Date: Wed Sep 12 16:34:27 2018 +0200 drm/etnaviv: add DMA configuration for etnaviv platform device The etnaviv device is a virtual device backing the DRM device, which may drive multiple hardware GPU core devices. As most of the dma-mapping handling is done through the virtual device, we need to make sure that a proper DMA setup is in place. The easiest way to get a reasonable configuration is to let the virtual device share the DMA configuration with one of the GPU devices, so call of_dma_configure() with the right parameters manually. This assumes that all etnaviv driven GPU devices in the system share the same DMA configuration. If we ever encounter a SoC where the GPUs are on busses with different offsets or behind different IOMMUs that will require much deeper changes to the driver, as we would need to implement etnaviv specific versions of most of the DRM helper functions. For now we should be fine with this solution. Signed-off-by: Lucas Stach Tested-by: Guido Günther Tested-by: Eugeniy Paltsev commit f3c0b8ce48408b742a9154d53d19e3c7ff97772d Merge: 1abc088afd5b 111b009f7e8b Author: Linus Torvalds Date: Fri Sep 14 06:08:40 2018 -1000 Merge tag 'dmaengine-fix-4.19-rc4' of git://git.infradead.org/users/vkoul/slave-dma Pull dmaengine fix from Vinod Koul: "Fix the mic_x100_dma driver to use devm_kzalloc for driver memory, so that it is freed properly when it unregisters from dmaengine using managed API" * tag 'dmaengine-fix-4.19-rc4' of git://git.infradead.org/users/vkoul/slave-dma: dmaengine: mic_x100_dma: use devm_kzalloc to fix an issue commit 1abc088afd5b8b64582510dd9f801fd215a87feb Merge: c284cf062191 df3aa13c7bbb Author: Linus Torvalds Date: Fri Sep 14 05:59:48 2018 -1000 Merge tag 'usb-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are a number of small USB driver fixes for -rc4. The usual suspects of gadget, xhci, and dwc2/3 are in here, along with some reverts of reported problem changes, and a number of build documentation warning fixes. Full details are in the shortlog. All of these have been in linux-next with no reported issues" * tag 'usb-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (28 commits) Revert "cdc-acm: implement put_char() and flush_chars()" usb: Change usb_of_get_companion_dev() place to usb/common usb: xhci: fix interrupt transfer error happened on MTK platforms usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() usb: misc: uss720: Fix two sleep-in-atomic-context bugs usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() linux/mod_devicetable.h: fix kernel-doc missing notation for typec_device_id usb/typec: fix kernel-doc notation warning for typec_match_altmode usb: Don't die twice if PCI xhci host is not responding in resume usb: mtu3: fix error of xhci port id when enable U3 dual role usb: uas: add support for more quirk flags USB: Add quirk to support DJI CineSSD usb: typec: fix kernel-doc parameter warning usb/dwc3/gadget: fix kernel-doc parameter warning USB: yurex: Check for truncation in yurex_read() USB: yurex: Fix buffer over-read in yurex_write() usb: host: xhci-plat: Iterate over parent nodes for finding quirks xhci: Fix use after free for URB cancellation on a reallocated endpoint USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller ... commit dabeb13eee81329338b1f8f330dfcc37a86714d7 Author: Sven Eckelmann Date: Fri Sep 14 10:47:14 2018 +0200 batman-adv: Increase version number to 2018.3 Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich commit c284cf062191237abfda57dd526cd10afc8abb19 Merge: 45d9ab8a306b 7f2bf7840b74 Author: Linus Torvalds Date: Fri Sep 14 05:58:12 2018 -1000 Merge tag 'tty-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty fixes from Greg KH: "Here are three small HVC tty driver fixes to resolve a reported regression from 4.19-rc1. All of these have been in linux-next for a while with no reported issues" * tag 'tty-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: tty: hvc: hvc_write() fix break condition tty: hvc: hvc_poll() fix read loop batching tty: hvc: hvc_poll() fix read loop hang commit 34043d250f51368f214aed7f54c2dc29c819a8c7 Author: Davide Caratti Date: Fri Sep 14 12:03:18 2018 +0200 net/sched: act_sample: fix NULL dereference in the data path Matteo reported the following splat, testing the datapath of TC 'sample': BUG: KASAN: null-ptr-deref in tcf_sample_act+0xc4/0x310 Read of size 8 at addr 0000000000000000 by task nc/433 CPU: 0 PID: 433 Comm: nc Not tainted 4.19.0-rc3-kvm #17 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS ?-20180531_142017-buildhw-08.phx2.fedoraproject.org-1.fc28 04/01/2014 Call Trace: kasan_report.cold.6+0x6c/0x2fa tcf_sample_act+0xc4/0x310 ? dev_hard_start_xmit+0x117/0x180 tcf_action_exec+0xa3/0x160 tcf_classify+0xdd/0x1d0 htb_enqueue+0x18e/0x6b0 ? deref_stack_reg+0x7a/0xb0 ? htb_delete+0x4b0/0x4b0 ? unwind_next_frame+0x819/0x8f0 ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 __dev_queue_xmit+0x722/0xca0 ? unwind_get_return_address_ptr+0x50/0x50 ? netdev_pick_tx+0xe0/0xe0 ? save_stack+0x8c/0xb0 ? kasan_kmalloc+0xbe/0xd0 ? __kmalloc_track_caller+0xe4/0x1c0 ? __kmalloc_reserve.isra.45+0x24/0x70 ? __alloc_skb+0xdd/0x2e0 ? sk_stream_alloc_skb+0x91/0x3b0 ? tcp_sendmsg_locked+0x71b/0x15a0 ? tcp_sendmsg+0x22/0x40 ? __sys_sendto+0x1b0/0x250 ? __x64_sys_sendto+0x6f/0x80 ? do_syscall_64+0x5d/0x150 ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 ? __sys_sendto+0x1b0/0x250 ? __x64_sys_sendto+0x6f/0x80 ? do_syscall_64+0x5d/0x150 ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 ip_finish_output2+0x495/0x590 ? ip_copy_metadata+0x2e0/0x2e0 ? skb_gso_validate_network_len+0x6f/0x110 ? ip_finish_output+0x174/0x280 __tcp_transmit_skb+0xb17/0x12b0 ? __tcp_select_window+0x380/0x380 tcp_write_xmit+0x913/0x1de0 ? __sk_mem_schedule+0x50/0x80 tcp_sendmsg_locked+0x49d/0x15a0 ? tcp_rcv_established+0x8da/0xa30 ? tcp_set_state+0x220/0x220 ? clear_user+0x1f/0x50 ? iov_iter_zero+0x1ae/0x590 ? __fget_light+0xa0/0xe0 tcp_sendmsg+0x22/0x40 __sys_sendto+0x1b0/0x250 ? __ia32_sys_getpeername+0x40/0x40 ? _copy_to_user+0x58/0x70 ? poll_select_copy_remaining+0x176/0x200 ? __pollwait+0x1c0/0x1c0 ? ktime_get_ts64+0x11f/0x140 ? kern_select+0x108/0x150 ? core_sys_select+0x360/0x360 ? vfs_read+0x127/0x150 ? kernel_write+0x90/0x90 __x64_sys_sendto+0x6f/0x80 do_syscall_64+0x5d/0x150 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fefef2b129d Code: ff ff ff ff eb b6 0f 1f 80 00 00 00 00 48 8d 05 51 37 0c 00 41 89 ca 8b 00 85 c0 75 20 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 6b f3 c3 66 0f 1f 84 00 00 00 00 00 41 56 41 RSP: 002b:00007fff2f5350c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 000056118d60c120 RCX: 00007fefef2b129d RDX: 0000000000002000 RSI: 000056118d629320 RDI: 0000000000000003 RBP: 000056118d530370 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000002000 R13: 000056118d5c2a10 R14: 000056118d5c2a10 R15: 000056118d5303b8 tcf_sample_act() tried to update its per-cpu stats, but tcf_sample_init() forgot to allocate them, because tcf_idr_create() was called with a wrong value of 'cpustats'. Setting it to true proved to fix the reported crash. Reported-by: Matteo Croce Fixes: 65a206c01e8e ("net/sched: Change act_api and act_xxx modules to use IDR") Fixes: 5c5670fae430 ("net/sched: Introduce sample tc action") Tested-by: Matteo Croce Signed-off-by: Davide Caratti Acked-by: Jiri Pirko Signed-off-by: David S. Miller commit 45d9ab8a306bd096faad32cd43a814b40e91870a Merge: 319cbacfc0f2 65aac1742328 Author: Linus Torvalds Date: Fri Sep 14 05:43:43 2018 -1000 Merge tag 'staging-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging/IIO driver fixes from Greg KH: "Here are a few small staging and iio driver fixes for -rc4. Nothing major, just a few small bugfixes for some reported issues, and a MAINTAINERS file update for the fbtft drivers. We also re-enable the building of the erofs filesystem as the XArray patches that were causing it to break never got merged in the -rc1 cycle, so there's no reason it can't be turned back on for now. The problem that was previously there is now being handled in the Xarray tree at the moment, so it will not hit us again in the future. All of these patches have been in linux-next with no reported issues" * tag 'staging-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: vboxvideo: Change address of scanout buffer on page-flip staging: vboxvideo: Fix IRQs no longer working staging: gasket: TODO: re-implement using UIO staging/fbtft: Update TODO and mailing lists staging: erofs: rename superblock flags (MS_xyz -> SB_xyz) iio: imu: st_lsm6dsx: take into account ts samples in wm configuration Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Revert "staging: erofs: disable compiling temporarile" MAINTAINERS: Switch a maintainer for drivers/staging/gasket staging: wilc1000: revert "fix TODO to compile spi and sdio components in single module" commit 319cbacfc0f272297849ce61d36557a408bb3771 Merge: a06b0c82a049 422b3db2a503 Author: Linus Torvalds Date: Fri Sep 14 05:40:13 2018 -1000 Merge tag 'char-misc-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver fixes from Greg KH: "Here are a small handful of char/misc driver fixes for 4.19-rc4. All of them are simple, resolving reported problems in a few drivers. Full details are in the shortlog. All of these have been in linux-next with no reported issues" * tag 'char-misc-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: firmware: Fix security issue with request_firmware_into_buf() vmbus: don't return values for uninitalized channels fpga: dfl: fme: fix return value check in in pr_mgmt_init() misc: hmc6352: fix potential Spectre v1 Tools: hv: Fix a bug in the key delete code misc: ibmvsm: Fix wrong assignment of return code android: binder: fix the race mmap and alloc_new_buf_locked mei: bus: need to unlink client before freeing mei: bus: fix hw module get/put balance mei: fix use-after-free in mei_cl_write mei: ignore not found client in the enumeration commit 61a6bd83abf2f14b2a917b6a0279c88d299267af Author: Joerg Roedel Date: Fri Sep 14 12:59:14 2018 +0200 Revert "x86/mm/legacy: Populate the user page-table with user pgd's" This reverts commit 1f40a46cf47c12d93a5ad9dccd82bd36ff8f956a. It turned out that this patch is not sufficient to enable PTI on 32 bit systems with legacy 2-level page-tables. In this paging mode the huge-page PTEs are in the top-level page-table directory, where also the mirroring to the user-space page-table happens. So every huge PTE exits twice, in the kernel and in the user page-table. That means that accessed/dirty bits need to be fetched from two PTEs in this mode to be safe, but this is not trivial to implement because it needs changes to generic code just for the sake of enabling PTI with 32-bit legacy paging. As all systems that need PTI should support PAE anyway, remove support for PTI when 32-bit legacy paging is used. Fixes: 7757d607c6b3 ('x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32') Reported-by: Meelis Roos Signed-off-by: Joerg Roedel Signed-off-by: Thomas Gleixner Cc: hpa@zytor.com Cc: linux-mm@kvack.org Cc: Linus Torvalds Cc: Andy Lutomirski Cc: Dave Hansen Cc: Borislav Petkov Cc: Andrea Arcangeli Link: https://lkml.kernel.org/r/1536922754-31379-1-git-send-email-joro@8bytes.org commit 58a57569904039d9ac38c0ff2a88396a43899689 Author: Michal Hocko Date: Wed Sep 5 09:21:39 2018 +1000 xen/gntdev: fix up blockable calls to mn_invl_range_start Patch series "mmu_notifiers follow ups". Tetsuo has noticed some fallouts from 93065ac753e4 ("mm, oom: distinguish blockable mode for mmu notifiers"). One of them has been fixed and picked up by AMD/DRM maintainer [1]. XEN issue is fixed by patch 1. I have also clarified expectations about blockable semantic of invalidate_range_end. Finally the last patch removes MMU_INVALIDATE_DOES_NOT_BLOCK which is no longer used nor needed. [1] http://lkml.kernel.org/r/20180824135257.GU29735@dhcp22.suse.cz This patch (of 3): 93065ac753e4 ("mm, oom: distinguish blockable mode for mmu notifiers") has introduced blockable parameter to all mmu_notifiers and the notifier has to back off when called in !blockable case and it could block down the road. The above commit implemented that for mn_invl_range_start but both in_range checks are done unconditionally regardless of the blockable mode and as such they would fail all the time for regular calls. Fix this by checking blockable parameter as well. Once we are there we can remove the stale TODO. The lock has to be sleepable because we wait for completion down in gnttab_unmap_refs_sync. Link: http://lkml.kernel.org/r/20180827112623.8992-2-mhocko@kernel.org Fixes: 93065ac753e4 ("mm, oom: distinguish blockable mode for mmu notifiers") Signed-off-by: Michal Hocko Cc: Boris Ostrovsky Cc: Juergen Gross Cc: David Rientjes Cc: Jerome Glisse Cc: Tetsuo Handa Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky commit 4dca864b59dd150a221730775e2f21f49779c135 Author: Josh Abraham Date: Wed Sep 12 15:13:54 2018 -1000 xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage This patch removes duplicate macro useage in events_base.c. It also fixes gcc warning: variable ‘col’ set but not used [-Wunused-but-set-variable] Signed-off-by: Joshua Abraham Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky commit 3366cdb6d350d95466ee430ac50f3c8415ca8f46 Author: Olaf Hering Date: Fri Sep 7 16:31:35 2018 +0200 xen: avoid crash in disable_hotplug_cpu The command 'xl vcpu-set 0 0', issued in dom0, will crash dom0: BUG: unable to handle kernel NULL pointer dereference at 00000000000002d8 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 7 PID: 65 Comm: xenwatch Not tainted 4.19.0-rc2-1.ga9462db-default #1 openSUSE Tumbleweed (unreleased) Hardware name: Intel Corporation S5520UR/S5520UR, BIOS S5500.86B.01.00.0050.050620101605 05/06/2010 RIP: e030:device_offline+0x9/0xb0 Code: 77 24 00 e9 ce fe ff ff 48 8b 13 e9 68 ff ff ff 48 8b 13 e9 29 ff ff ff 48 8b 13 e9 ea fe ff ff 90 66 66 66 66 90 41 54 55 53 87 d8 02 00 00 01 0f 85 88 00 00 00 48 c7 c2 20 09 60 81 31 f6 RSP: e02b:ffffc90040f27e80 EFLAGS: 00010203 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff8801f3800000 RSI: ffffc90040f27e70 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffff820e47b3 R09: 0000000000000000 R10: 0000000000007ff0 R11: 0000000000000000 R12: ffffffff822e6d30 R13: dead000000000200 R14: dead000000000100 R15: ffffffff8158b4e0 FS: 00007ffa595158c0(0000) GS:ffff8801f39c0000(0000) knlGS:0000000000000000 CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000002d8 CR3: 00000001d9602000 CR4: 0000000000002660 Call Trace: handle_vcpu_hotplug_event+0xb5/0xc0 xenwatch_thread+0x80/0x140 ? wait_woken+0x80/0x80 kthread+0x112/0x130 ? kthread_create_worker_on_cpu+0x40/0x40 ret_from_fork+0x3a/0x50 This happens because handle_vcpu_hotplug_event is called twice. In the first iteration cpu_present is still true, in the second iteration cpu_present is false which causes get_cpu_device to return NULL. In case of cpu#0, cpu_online is apparently always true. Fix this crash by checking if the cpu can be hotplugged, which is false for a cpu that was just removed. Also check if the cpu was actually offlined by device_remove, otherwise leave the cpu_present state as it is. Rearrange to code to do all work with device_hotplug_lock held. Signed-off-by: Olaf Hering Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky commit 197ecb3802c04499d8ff4f8cb28f6efa008067db Author: Marek Marczykowski-Górecki Date: Fri Sep 7 18:49:08 2018 +0200 xen/balloon: add runtime control for scrubbing ballooned out pages Scrubbing pages on initial balloon down can take some time, especially in nested virtualization case (nested EPT is slow). When HVM/PVH guest is started with memory= significantly lower than maxmem=, all the extra pages will be scrubbed before returning to Xen. But since most of them weren't used at all at that point, Xen needs to populate them first (from populate-on-demand pool). In nested virt case (Xen inside KVM) this slows down the guest boot by 15-30s with just 1.5GB needed to be returned to Xen. Add runtime parameter to enable/disable it, to allow initially disabling scrubbing, then enable it back during boot (for example in initramfs). Such usage relies on assumption that a) most pages ballooned out during initial boot weren't used at all, and b) even if they were, very few secrets are in the guest at that time (before any serious userspace kicks in). Convert CONFIG_XEN_SCRUB_PAGES to CONFIG_XEN_SCRUB_PAGES_DEFAULT (also enabled by default), controlling default value for the new runtime switch. Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky commit 87dffe86d406bee8782cac2db035acb9a28620a7 Author: Vitaly Kuznetsov Date: Thu Sep 6 13:26:08 2018 +0200 xen/manage: don't complain about an empty value in control/sysrq node When guest receives a sysrq request from the host it acknowledges it by writing '\0' to control/sysrq xenstore node. This, however, make xenstore watch fire again but xenbus_scanf() fails to parse empty value with "%c" format string: sysrq: SysRq : Emergency Sync Emergency Sync complete xen:manage: Error -34 reading sysrq code in control/sysrq Ignore -ERANGE the same way we already ignore -ENOENT, empty value in control/sysrq is totally legal. Signed-off-by: Vitaly Kuznetsov Reviewed-by: Wei Liu Signed-off-by: Boris Ostrovsky commit 500dd232449e7c07500e713dc6970aa713f8e4f1 Author: Andrew Murray Date: Thu Sep 13 13:48:27 2018 +0100 asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO The !CONFIG_GENERIC_IOMAP version of ioport_map uses MMIO_UPPER_LIMIT to prevent users from making I/O accesses outside the expected I/O range - however it erroneously treats MMIO_UPPER_LIMIT as a mask which is contradictory to its other users. The introduction of CONFIG_INDIRECT_PIO, which subtracts an arbitrary amount from IO_SPACE_LIMIT to form MMIO_UPPER_LIMIT, results in ioport_map mangling the given port rather than capping it. We address this by aligning more closely with the CONFIG_GENERIC_IOMAP implementation of ioport_map by using the comparison operator and returning NULL where the port exceeds MMIO_UPPER_LIMIT. Though note that we preserve the existing behavior of masking with IO_SPACE_LIMIT such that we don't break existing buggy drivers that somehow rely on this masking. Fixes: 5745392e0c2b ("PCI: Apply the new generic I/O management on PCI IO hosts") Reported-by: Will Deacon Reviewed-by: Arnd Bergmann Signed-off-by: Andrew Murray Signed-off-by: Will Deacon commit 35aecc02b5b621782111f64cbb032c7f6a90bb32 Author: Johan Hovold Date: Thu Sep 13 11:21:50 2018 +0200 USB: serial: option: add two-endpoints device-id flag Allow matching on interfaces having two endpoints by adding a new device-id flag. This allows for the handling of devices whose interface numbers can change (e.g. Quectel EP06) to be contained in the device-id table. Tested-by: Kristian Evensen Cc: stable Signed-off-by: Johan Hovold commit 36cae568404a298a19a6e8a3f18641075d4cab04 Author: Kristian Evensen Date: Thu Sep 13 11:21:49 2018 +0200 USB: serial: option: improve Quectel EP06 detection The Quectel EP06 (and EM06/EG06) LTE modem supports updating the USB configuration, without the VID/PID or configuration number changing. When the configuration is updated and interfaces are added/removed, the interface numbers are updated. This causes our current code for matching EP06 not to work as intended, as the assumption about reserved interfaces no longer holds. If for example the diagnostic (first) interface is removed, option will (try to) bind to the QMI interface. This patch improves EP06 detection by replacing the current match with two matches, and those matches check class, subclass and protocol as well as VID and PID. The diag interface exports class, subclass and protocol as 0xff. For the other serial interfaces, class is 0xff and subclass and protocol are both 0x0. The modem can export the following devices and always in this order: diag, nmea, at, ppp. qmi and adb. This means that diag can only ever be interface 0, and interface numbers 1-5 should be marked as reserved. The three other serial devices can have interface numbers 0-3, but I have not marked any interfaces as reserved. The reason is that the serial devices are the only interfaces exported by the device where subclass and protocol is 0x0. QMI exports the same class, subclass and protocol values as the diag interface. However, the two interfaces have different number of endpoints, QMI has three and diag two. I have added a check for number of interfaces if VID/PID matches the EP06, and we ignore the device if number of interfaces equals three (and subclass is set). Signed-off-by: Kristian Evensen Acked-by: Dan Williams [ johan: drop uneeded RSVD(5) for ADB ] Cc: stable Signed-off-by: Johan Hovold commit 807588ac92018bde88a1958f546438e840eb0158 Author: Anisse Astier Date: Wed Sep 12 15:07:05 2018 +0200 HID: i2c-hid: disable runtime PM operations on hantick touchpad This hantick HTIX5288 touchpad can quickly fall in a wrong state if there are too many open/close operations. This will either make it stop reporting any input, or will shift all the input reads by a few bytes, making it impossible to decode. Here, we never release the probed touchpad runtime pm while the driver is loaded, which should disable all runtime pm suspend/resumes. This fast repetition of sleep/wakeup is also more likely to happen when using runtime PM, which is why the quirk is done there, and not for all power downs, which would include suspend or module removal. Signed-off-by: Anisse Astier Cc: stable@vger.kernel.org Acked-by: Benjamin Tissoires Reviewed-by: Hans de Goede Tested-by: Philip Müller Signed-off-by: Jiri Kosina commit 24568b47d48ec8c906fd0f589489a08b17e1edca Author: Ondrej Mosnacek Date: Wed Sep 5 09:26:41 2018 +0200 crypto: x86/aegis,morus - Do not require OSXSAVE for SSE2 It turns out OSXSAVE needs to be checked only for AVX, not for SSE. Without this patch the affected modules refuse to load on CPUs with SSE2 but without AVX support. Fixes: 877ccce7cbe8 ("crypto: x86/aegis,morus - Fix and simplify CPUID checks") Cc: # 4.18 Reported-by: Zdenek Kaspar Signed-off-by: Ondrej Mosnacek Signed-off-by: Herbert Xu commit a06b0c82a049d34d4dc273e8692ed0894458c468 Merge: 48751b562bce a6ae928c2583 Author: Linus Torvalds Date: Thu Sep 13 19:37:08 2018 -1000 Merge tag 'printk-for-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk Pull printk fix from Petr Mladek: "Revert a commit that caused "quiet", "debug", and "loglevel" early parameters to be ignored for early boot messages" * tag 'printk-for-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk: Revert "printk: make sure to print log on console." commit 48751b562bce96c4284885571da1bdda7673f38e Merge: 4d8d9f540b78 8c25741aaad8 Author: Linus Torvalds Date: Thu Sep 13 19:21:40 2018 -1000 Merge tag 'ovl-fixes-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Pull overlayfs fixes from Miklos Szeredi: "This fixes a regression in the recent file stacking update, reported and fixed by Amir Goldstein. The fix is fairly trivial, but involves adding a fadvise() f_op and the associated churn in the vfs. As discussed on -fsdevel, there are other possible uses for this method, than allowing proper stacking for overlays. And there's one other fix for a syzkaller detected oops" * tag 'ovl-fixes-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: ovl: fix oopses in ovl_fill_super() failure paths ovl: add ovl_fadvise() vfs: implement readahead(2) using POSIX_FADV_WILLNEED vfs: add the fadvise() file operation Documentation/filesystems: update documentation of file_operations ovl: fix GPF in swapfile_activate of file from overlayfs over xfs ovl: respect FIEMAP_FLAG_SYNC flag commit 4d8d9f540b780f7a3688a72275aecd8fd99c99e5 Merge: a0efc03b7925 b228ba1cb95a Author: Linus Torvalds Date: Thu Sep 13 19:16:11 2018 -1000 Merge tag 'for-linus-20180913' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "Three fixes that should go into this series. This contains: - Increase number of policies supported by blk-cgroup. With blk-iolatency, we now have four in kernel, but we had a hard limit of three... - Fix regression in null_blk, where the zoned supported broke queue_mode=0 (bio based). - NVMe pull request, with a single fix for an issue in the rdma code" * tag 'for-linus-20180913' of git://git.kernel.dk/linux-block: null_blk: fix zoned support for non-rq based operation blk-cgroup: increase number of supported policies nvmet-rdma: fix possible bogus dereference under heavy load commit a0efc03b7925c4b606b1c49feb394859754e1cc8 Merge: 0f9aeeac1df7 3ab918281668 Author: Linus Torvalds Date: Thu Sep 13 19:12:55 2018 -1000 Merge tag 'for-4.19/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: - DM verity fix for crash due to using vmalloc'd buffers with the asynchronous crypto hadsh API. - Fix to both DM crypt and DM integrity targets to discontinue using CRYPTO_TFM_REQ_MAY_SLEEP because its use of GFP_KERNEL can lead to deadlock by recursing back into a filesystem. - Various DM raid fixes related to reshape and rebuild races. - Fix for DM thin-provisioning to avoid data corruption that was a side-effect of needing to abort DM thin metadata transaction due to running out of metadata space. Fix is to reserve a small amount of metadata space so that once it is used the DM thin-pool can finish its active transaction before switching to read-only mode. * tag 'for-4.19/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm thin metadata: try to avoid ever aborting transactions dm raid: bump target version, update comments and documentation dm raid: fix RAID leg rebuild errors dm raid: fix rebuild of specific devices by updating superblock dm raid: fix stripe adding reshape deadlock dm raid: fix reshape race on small devices dm: disable CRYPTO_TFM_REQ_MAY_SLEEP to fix a GFP_KERNEL recursion deadlock dm verity: fix crash on bufio buffer that was allocated with vmalloc commit 0f9aeeac1df7b7c984dea04384a2b54c343710ab Merge: 145ea6f10d42 2b6318a09fd3 Author: Linus Torvalds Date: Thu Sep 13 18:54:47 2018 -1000 Merge tag 'drm-fixes-2018-09-14' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "This is the general drm fixes pull for rc4. i915: - Two GVT fixes (one for the mm reference issue you pointed out) - Gen 2 video playback fix - IPS timeout error suppression on Broadwell amdgpu: - Small memory leak - SR-IOV reset - locking fix - updated SDMA golden registers nouveau: - Remove some leftover debugging" * tag 'drm-fixes-2018-09-14' of git://anongit.freedesktop.org/drm/drm: drm/nouveau/devinit: fix warning when PMU/PRE_OS is missing drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk drm/i915/overlay: Allocate physical registers from stolen drm/amdgpu: move PSP init prior to IH in gpu reset drm/amdgpu: Fix SDMA hang in prt mode v2 drm/amdgpu: fix amdgpu_mn_unlock() in the CS error path drm/i915/bdw: Increase IPS disable timeout to 100ms drm/i915/gvt: Fix the incorrect length of child_device_config issue drm/i915/gvt: Fix life cycle reference on KVM mm commit 145ea6f10d42dac0a1e8a6dfb83b273c0acabf5b Merge: 4624d6ea1b7f 831b624df1b4 Author: Linus Torvalds Date: Thu Sep 13 18:52:41 2018 -1000 Merge tag 'pstore-v4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull pstore fix from Kees Cook: "This fixes a 6 year old pstore bug that everyone just got lucky in avoiding, likely due only using page-aligned persistent ram regions: - Handle page-vs-byte offset handling between iomap and vmap (Bin Yang)" * tag 'pstore-v4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: pstore: Fix incorrect persistent ram buffer mapping commit 4624d6ea1b7fe83f1e36caf4537600414ca833f6 Merge: bd5bca13819b c483a5cc9d09 Author: Linus Torvalds Date: Thu Sep 13 18:49:23 2018 -1000 Merge tag 'mmc-v4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC host fixes from Ulf Hansson: - meson-mx-sdio: Fix OF child-node lookup - omap_hsmmc: Fix wakeirq handling on removal * tag 'mmc-v4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: meson-mx-sdio: fix OF child-node lookup mmc: omap_hsmmc: fix wakeirq handling on removal commit bd5bca13819b6534b71f45c9dab0e08219929e72 Merge: f1c03a465192 5bc5a671b1f4 Author: Linus Torvalds Date: Thu Sep 13 18:47:45 2018 -1000 Merge tag 'pinctrl-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control fixes from Linus Walleij: - A complicated IRQ fix for the MSM driver (see commit) - Fix the group/function check in the Ingenic driver - Deal with a possible NULL pointer dereference in the Madera driver * tag 'pinctrl-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: madera: Fix possible NULL pointer with pdata config pinctrl: ingenic: Fix group & function error checking pinctrl: msm: Really mask level interrupts to prevent latching commit f1c03a465192fea123789c85e44dc2610730b6cb Merge: 72d4c6e5893a 1194c4154662 Author: Linus Torvalds Date: Thu Sep 13 16:35:25 2018 -1000 Merge branch 'for-4.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu Pull percpu maintainership update from Tejun Heo: "This updates the MAINTAINERS file to transfer the percpu tree maintainership to Dennis Zhou. Dennis rewrote a good portion of the percpu allocator, knows most of percpu related code, is already listed as a co-maintainer, has been reliable, and now sits right behind me. I'll keep reviewing and involved with percpu stuff and am sure that Dennis will soon make a better maintainer than I ever was" * 'for-4.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu: MAINTAINERS: Make Dennis the percpu tree maintainer commit 72d4c6e5893a122c2fd060ded2b490582a5bb377 Merge: 1d176582c795 5c41aaad409c Author: Linus Torvalds Date: Thu Sep 13 16:33:26 2018 -1000 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rkuo/linux-hexagon-kernel Pull hexagon fixes from Richard Kuo: "Some fixes for compile warnings" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rkuo/linux-hexagon-kernel: hexagon: modify ffs() and fls() to return int arch/hexagon: fix kernel/dma.c build warning commit 1d176582c795d05d15245f75407a3e1db62f740a Merge: 7a9cdebdcc17 fa108f95c676 Author: Linus Torvalds Date: Thu Sep 13 16:22:24 2018 -1000 Merge tag 's390-4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Martin Schwidefsky: - One fix for the zcrypt driver to correctly handle incomplete encryption/decryption operations. - A cleanup for the aqmask/apmask parsing to avoid variable length arrays on the stack. * tag 's390-4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/zcrypt: remove VLA usage from the AP bus s390/crypto: Fix return code checking in cbc_paes_crypt() commit 7a9cdebdcc17e426fb5287e4a82db1dfe86339b2 Author: Linus Torvalds Date: Wed Sep 12 23:57:48 2018 -1000 mm: get rid of vmacache_flush_all() entirely Jann Horn points out that the vmacache_flush_all() function is not only potentially expensive, it's buggy too. It also happens to be entirely unnecessary, because the sequence number overflow case can be avoided by simply making the sequence number be 64-bit. That doesn't even grow the data structures in question, because the other adjacent fields are already 64-bit. So simplify the whole thing by just making the sequence number overflow case go away entirely, which gets rid of all the complications and makes the code faster too. Win-win. [ Oleg Nesterov points out that the VMACACHE_FULL_FLUSHES statistics also just goes away entirely with this ] Reported-by: Jann Horn Suggested-by: Will Deacon Acked-by: Davidlohr Bueso Cc: Oleg Nesterov Cc: stable@kernel.org Signed-off-by: Linus Torvalds commit 2b6318a09fd346edea42a60f8d0c07b2eea2d079 Merge: 25824ca38e83 3483f08106fc Author: Dave Airlie Date: Fri Sep 14 09:38:35 2018 +1000 Merge branch 'linux-4.19' of git://github.com/skeggsb/linux into drm-fixes One more nouveau fix to remove some debug warnings. Signed-off-by: Dave Airlie From: Ben Skeggs Link: https://patchwork.freedesktop.org/patch/msgid/CABDvA==GF63dy8a9j611=-0x8G6FRu7uC-ZQypsLO_hqV4OAcA@mail.gmail.com commit 25824ca38e83d02cbc35b50d7f7a79ab5c7998a0 Merge: db7f06d49037 0165de983272 Author: Dave Airlie Date: Fri Sep 14 09:35:55 2018 +1000 Merge branch 'drm-fixes-4.19' of git://people.freedesktop.org/~agd5f/linux into drm-fixes A few fixes for 4.19: - Fix a small memory leak - SR-IOV reset fix - Fix locking in MMU-notifier error path - Updated SDMA golden settings to fix a PRT hang Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20180912154735.2683-1-alexander.deucher@amd.com commit db7f06d49037859febb14c396bdc57ef250bedc1 Merge: 2887e5ce15dd 17dc7af70e89 Author: Dave Airlie Date: Fri Sep 14 09:33:05 2018 +1000 Merge tag 'drm-intel-fixes-2018-09-11' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes This contains a regression fix for video playbacks on gen 2 hardware, a IPS timeout error suppression on Broadwell and GVT bucked with "Most critical one is to fix KVM's mm reference when we access guest memory, issue was raised by Linus [1], and another one with virtual opregion fix." [1] - https://lists.freedesktop.org/archives/intel-gvt-dev/2018-August/004130.html Signed-off-by: Dave Airlie From: Rodrigo Vivi Link: https://patchwork.freedesktop.org/patch/msgid/20180911223229.GA30328@intel.com commit 1cebf8f143c21eb422cd0f4e27ab2ae366eb4d04 Author: Johannes Berg Date: Thu Sep 13 14:40:55 2018 +0200 socket: fix struct ifreq size in compat ioctl As reported by Reobert O'Callahan, since Viro's commit to kill dev_ifsioc() we attempt to copy too much data in compat mode, which may lead to EFAULT when the 32-bit version of struct ifreq sits at/near the end of a page boundary, and the next page isn't mapped. Fix this by passing the approprate compat/non-compat size to copy and using that, as before the dev_ifsioc() removal. This works because only the embedded "struct ifmap" has different size, and this is only used in SIOCGIFMAP/SIOCSIFMAP which has a different handler. All other parts of the union are naturally compatible. This fixes https://bugzilla.kernel.org/show_bug.cgi?id=199469. Fixes: bf4405737f9f ("kill dev_ifsioc()") Reported-by: Robert O'Callahan Signed-off-by: Johannes Berg Signed-off-by: David S. Miller commit 615f64458ad890ef94abc879a66d8b27236e733a Author: Alexey Brodkin Date: Thu Sep 13 23:24:28 2018 +0300 ARC: build: Get rid of toolchain check This check is very naive: we simply test if GCC invoked without "-mcpu=XXX" has ARC700 define set. In that case we think that GCC was built with "--with-cpu=arc700" and has libgcc built for ARC700. Otherwise if ARC700 is not defined we think that everythng was built for ARCv2. But in reality our life is much more interesting. 1. Regardless of GCC configuration (i.e. what we pass in "--with-cpu" it may generate code for any ARC core). 2. libgcc might be built with explicitly specified "--mcpu=YYY" That's exactly what happens in case of multilibbed toolchains: - GCC is configured with default settings - All the libs built for many different CPU flavors I.e. that check gets in the way of usage of multilibbed toolchains. And even non-multilibbed toolchains are affected. OpenEmbedded also builds GCC without "--with-cpu" because each and every target component later is compiled with explicitly set "-mcpu=ZZZ". Acked-by: Rob Herring Signed-off-by: Alexey Brodkin Signed-off-by: Vineet Gupta commit 1194c4154662ac60312c164e9eaab0f8dd0dd36f Author: Tejun Heo Date: Thu Sep 13 12:16:36 2018 -0700 MAINTAINERS: Make Dennis the percpu tree maintainer Dennis rewrote a significant portion of the percpu allocator and has shown that he can respond in a timely and helpful manner when issues are reported against percpu allocator. Let's make Dennis the percpu tree maintainer. Signed-off-by: Tejun Heo Cc: Dennis Zhou Cc: Christoph Lameter commit c56cae23c6b167acc68043c683c4573b80cbcc2c Author: Toke Høiland-Jørgensen Date: Thu Sep 13 16:43:07 2018 +0200 gso_segment: Reset skb->mac_len after modifying network header When splitting a GSO segment that consists of encapsulated packets, the skb->mac_len of the segments can end up being set wrong, causing packet drops in particular when using act_mirred and ifb interfaces in combination with a qdisc that splits GSO packets. This happens because at the time skb_segment() is called, network_header will point to the inner header, throwing off the calculation in skb_reset_mac_len(). The network_header is subsequently adjust by the outer IP gso_segment handlers, but they don't set the mac_len. Fix this by adding skb_reset_mac_len() calls to both the IPv4 and IPv6 gso_segment handlers, after they modify the network_header. Many thanks to Eric Dumazet for his help in identifying the cause of the bug. Acked-by: Dave Taht Reviewed-by: Eric Dumazet Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: David S. Miller commit bffb9b51a230e61cc3870f30cc158a8a003eb55f Merge: 79140335ac12 e6a57d22f787 Author: David S. Miller Date: Thu Sep 13 12:06:12 2018 -0700 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth Johan Hedberg says: ==================== pull request: bluetooth 2018-09-13 A few Bluetooth fixes for the 4.19-rc series: - Fixed rw_semaphore leak in hci_ldisc - Fixed local Out-of-Band pairing data handling Let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller commit 79140335ac12e71d9270dabe030274a297d8a2cf Merge: f0e0d04413fc c844eb46b7d4 Author: David S. Miller Date: Thu Sep 13 12:03:47 2018 -0700 Merge branch 'tls-don-t-leave-keys-in-kernel-memory' Sabrina Dubroca says: ==================== tls: don't leave keys in kernel memory There are a few places where the RX/TX key for a TLS socket is copied to kernel memory. This series clears those memory areas when they're no longer needed. v2: add union tls_crypto_context, following Vakul Garg's comment swap patch 2 and 3, using new union in patch 3 ==================== Signed-off-by: David S. Miller commit c844eb46b7d43c2cf760169df5ae1d5b033af338 Author: Sabrina Dubroca Date: Wed Sep 12 17:44:43 2018 +0200 tls: clear key material from kernel memory when do_tls_setsockopt_conf fails Fixes: 3c4d7559159b ("tls: kernel TLS support") Signed-off-by: Sabrina Dubroca Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller commit 86029d10af18381814881d6cce2dd6872163b59f Author: Sabrina Dubroca Date: Wed Sep 12 17:44:42 2018 +0200 tls: zero the crypto information from tls_context before freeing This contains key material in crypto_send_aes_gcm_128 and crypto_recv_aes_gcm_128. Introduce union tls_crypto_context, and replace the two identical unions directly embedded in struct tls_context with it. We can then use this union to clean up the memory in the new tls_ctx_free() function. Fixes: 3c4d7559159b ("tls: kernel TLS support") Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller commit 7cba09c6d5bc73ebbd25a353742d9ddb7a713b95 Author: Sabrina Dubroca Date: Wed Sep 12 17:44:41 2018 +0200 tls: don't copy the key out of tls12_crypto_info_aes_gcm_128 There's no need to copy the key to an on-stack buffer before calling crypto_aead_setkey(). Fixes: 3c4d7559159b ("tls: kernel TLS support") Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller commit f0e0d04413fcce9bc76388839099aee93cd0d33b Author: Vasily Khoruzhick Date: Thu Sep 13 11:12:03 2018 -0700 neighbour: confirm neigh entries when ARP packet is received Update 'confirmed' timestamp when ARP packet is received. It shouldn't affect locktime logic and anyway entry can be confirmed by any higher-layer protocol. Thus it makes sense to confirm it when ARP packet is received. Fixes: 77d7123342dc ("neighbour: update neigh timestamps iff update is effective") Signed-off-by: Vasily Khoruzhick Signed-off-by: David S. Miller commit 56a49d7048703f5ffdb84d3a0ee034108fba6850 Author: Roopa Prabhu Date: Wed Sep 12 13:21:48 2018 -0700 net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags This fix addresses https://bugzilla.kernel.org/show_bug.cgi?id=201071 Commit 5025f7f7d506 wrongly relied on __dev_change_flags to notify users of dev flag changes in the case when dev->rtnl_link_state = RTNL_LINK_INITIALIZED. Fix it by indicating flag changes explicitly to __dev_notify_flags. Fixes: 5025f7f7d506 ("rtnetlink: add rtnl_link_state check in rtnl_configure_link") Reported-By: Liam mcbirnie Signed-off-by: Roopa Prabhu Signed-off-by: David S. Miller commit 9824dfae5741275473a23a7ed5756c7b6efacc9d Author: Willy Tarreau Date: Wed Sep 12 07:36:35 2018 +0200 net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT Fields ->dev and ->next of struct ipddp_route may be copied to userspace on the SIOCFINDIPDDPRT ioctl. This is only accessible to CAP_NET_ADMIN though. Let's manually copy the relevant fields instead of using memcpy(). BugLink: http://blog.infosectcbr.com.au/2018/09/linux-kernel-infoleaks.html Cc: Jann Horn Signed-off-by: Willy Tarreau Signed-off-by: David S. Miller commit 018349d70f28a78d5343b3660cb66e1667005f8a Author: Stephen Hemminger Date: Thu Sep 13 08:03:43 2018 -0700 hv_netvsc: fix schedule in RCU context When netvsc device is removed it can call reschedule in RCU context. This happens because canceling the subchannel setup work could (in theory) cause a reschedule when manipulating the timer. To reproduce, run with lockdep enabled kernel and unbind a network device from hv_netvsc (via sysfs). [ 160.682011] WARNING: suspicious RCU usage [ 160.707466] 4.19.0-rc3-uio+ #2 Not tainted [ 160.709937] ----------------------------- [ 160.712352] ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! [ 160.723691] [ 160.723691] other info that might help us debug this: [ 160.723691] [ 160.730955] [ 160.730955] rcu_scheduler_active = 2, debug_locks = 1 [ 160.762813] 5 locks held by rebind-eth.sh/1812: [ 160.766851] #0: 000000008befa37a (sb_writers#6){.+.+}, at: vfs_write+0x184/0x1b0 [ 160.773416] #1: 00000000b097f236 (&of->mutex){+.+.}, at: kernfs_fop_write+0xe2/0x1a0 [ 160.783766] #2: 0000000041ee6889 (kn->count#3){++++}, at: kernfs_fop_write+0xeb/0x1a0 [ 160.787465] #3: 0000000056d92a74 (&dev->mutex){....}, at: device_release_driver_internal+0x39/0x250 [ 160.816987] #4: 0000000030f6031e (rcu_read_lock){....}, at: netvsc_remove+0x1e/0x250 [hv_netvsc] [ 160.828629] [ 160.828629] stack backtrace: [ 160.831966] CPU: 1 PID: 1812 Comm: rebind-eth.sh Not tainted 4.19.0-rc3-uio+ #2 [ 160.832952] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v1.0 11/26/2012 [ 160.832952] Call Trace: [ 160.832952] dump_stack+0x85/0xcb [ 160.832952] ___might_sleep+0x1a3/0x240 [ 160.832952] __flush_work+0x57/0x2e0 [ 160.832952] ? __mutex_lock+0x83/0x990 [ 160.832952] ? __kernfs_remove+0x24f/0x2e0 [ 160.832952] ? __kernfs_remove+0x1b2/0x2e0 [ 160.832952] ? mark_held_locks+0x50/0x80 [ 160.832952] ? get_work_pool+0x90/0x90 [ 160.832952] __cancel_work_timer+0x13c/0x1e0 [ 160.832952] ? netvsc_remove+0x1e/0x250 [hv_netvsc] [ 160.832952] ? __lock_is_held+0x55/0x90 [ 160.832952] netvsc_remove+0x9a/0x250 [hv_netvsc] [ 160.832952] vmbus_remove+0x26/0x30 [ 160.832952] device_release_driver_internal+0x18a/0x250 [ 160.832952] unbind_store+0xb4/0x180 [ 160.832952] kernfs_fop_write+0x113/0x1a0 [ 160.832952] __vfs_write+0x36/0x1a0 [ 160.832952] ? rcu_read_lock_sched_held+0x6b/0x80 [ 160.832952] ? rcu_sync_lockdep_assert+0x2e/0x60 [ 160.832952] ? __sb_start_write+0x141/0x1a0 [ 160.832952] ? vfs_write+0x184/0x1b0 [ 160.832952] vfs_write+0xbe/0x1b0 [ 160.832952] ksys_write+0x55/0xc0 [ 160.832952] do_syscall_64+0x60/0x1b0 [ 160.832952] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 160.832952] RIP: 0033:0x7fe48f4c8154 Resolve this by getting RTNL earlier. This is safe because the subchannel work queue does trylock on RTNL and will detect the race. Fixes: 7b2ee50c0cd5 ("hv_netvsc: common detach logic") Signed-off-by: Stephen Hemminger Reviewed-by: Haiyang Zhang Signed-off-by: David S. Miller commit 5fe23f262e0548ca7f19fb79f89059a60d087d22 Author: Cong Wang Date: Wed Sep 12 16:27:44 2018 -0700 ucma: fix a use-after-free in ucma_resolve_ip() There is a race condition between ucma_close() and ucma_resolve_ip(): CPU0 CPU1 ucma_resolve_ip(): ucma_close(): ctx = ucma_get_ctx(file, cmd.id); list_for_each_entry_safe(ctx, tmp, &file->ctx_list, list) { mutex_lock(&mut); idr_remove(&ctx_idr, ctx->id); mutex_unlock(&mut); ... mutex_lock(&mut); if (!ctx->closing) { mutex_unlock(&mut); rdma_destroy_id(ctx->cm_id); ... ucma_free_ctx(ctx); ret = rdma_resolve_addr(); ucma_put_ctx(ctx); Before idr_remove(), ucma_get_ctx() could still find the ctx and after rdma_destroy_id(), rdma_resolve_addr() may still access id_priv pointer. Also, ucma_put_ctx() may use ctx after ucma_free_ctx() too. ucma_close() should call ucma_put_ctx() too which tests the refcnt and waits for the last one releasing it. The similar pattern is already used by ucma_destroy_id(). Reported-and-tested-by: syzbot+da2591e115d57a9cbb8b@syzkaller.appspotmail.com Reported-by: syzbot+cfe3c1e8ef634ba8964b@syzkaller.appspotmail.com Cc: Jason Gunthorpe Cc: Doug Ledford Cc: Leon Romanovsky Signed-off-by: Cong Wang Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford commit 831b624df1b420c8f9281ed1307a8db23afb72df Author: Bin Yang Date: Wed Sep 12 03:36:34 2018 +0000 pstore: Fix incorrect persistent ram buffer mapping persistent_ram_vmap() returns the page start vaddr. persistent_ram_iomap() supports non-page-aligned mapping. persistent_ram_buffer_map() always adds offset-in-page to the vaddr returned from these two functions, which causes incorrect mapping of non-page-aligned persistent ram buffer. By default ftrace_size is 4096 and max_ftrace_cnt is nr_cpu_ids. Without this patch, the zone_sz in ramoops_init_przs() is 4096/nr_cpu_ids which might not be page aligned. If the offset-in-page > 2048, the vaddr will be in next page. If the next page is not mapped, it will cause kernel panic: [ 0.074231] BUG: unable to handle kernel paging request at ffffa19e0081b000 ... [ 0.075000] RIP: 0010:persistent_ram_new+0x1f8/0x39f ... [ 0.075000] Call Trace: [ 0.075000] ramoops_init_przs.part.10.constprop.15+0x105/0x260 [ 0.075000] ramoops_probe+0x232/0x3a0 [ 0.075000] platform_drv_probe+0x3e/0xa0 [ 0.075000] driver_probe_device+0x2cd/0x400 [ 0.075000] __driver_attach+0xe4/0x110 [ 0.075000] ? driver_probe_device+0x400/0x400 [ 0.075000] bus_for_each_dev+0x70/0xa0 [ 0.075000] driver_attach+0x1e/0x20 [ 0.075000] bus_add_driver+0x159/0x230 [ 0.075000] ? do_early_param+0x95/0x95 [ 0.075000] driver_register+0x70/0xc0 [ 0.075000] ? init_pstore_fs+0x4d/0x4d [ 0.075000] __platform_driver_register+0x36/0x40 [ 0.075000] ramoops_init+0x12f/0x131 [ 0.075000] do_one_initcall+0x4d/0x12c [ 0.075000] ? do_early_param+0x95/0x95 [ 0.075000] kernel_init_freeable+0x19b/0x222 [ 0.075000] ? rest_init+0xbb/0xbb [ 0.075000] kernel_init+0xe/0xfc [ 0.075000] ret_from_fork+0x3a/0x50 Signed-off-by: Bin Yang [kees: add comments describing the mapping differences, updated commit log] Fixes: 24c3d2f342ed ("staging: android: persistent_ram: Make it possible to use memory outside of bootmem") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook commit f5b9bac7451cfc962970cb3fa3a7027ffa69e369 Author: Cong Wang Date: Tue Sep 11 14:22:23 2018 -0700 net_sched: notify filter deletion when deleting a chain When we delete a chain of filters, we need to notify user-space we are deleting each filters in this chain too. Fixes: 32a4f5ecd738 ("net: sched: introduce chain object to uapi") Cc: Jiri Pirko Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 37a3a98ef601f89100e3bb657fb0e190b857028c Author: Takashi Iwai Date: Mon Sep 10 16:20:25 2018 +0200 ALSA: hda - Enable runtime PM only for discrete GPU The recent change of vga_switcheroo allowed the runtime PM for HD-audio on AMD GPUs, but this also resulted in a regression. When the HD-audio controller driver gets runtime-suspended, HD-audio link is turned off, and the hotplug notification is ignored. This leads to the inconsistent audio state (the connection isn't notified and ELD is ignored). The best fix would be to implement the proper ELD notification via the audio component, but it's still not ready. As a quick workaround, this patch adds the check of runtime_idle and allows the runtime suspend only when the vga_switcheroo is bound with discrete GPU. That is, a system with a single GPU and APU would be again without runtime PM to keep the HD-audio link for the hotplug notification and ELD read out. Also, the codec->auto_runtime_pm flag is set only for the discrete GPU at the time GPU gets bound via vga_switcheroo (i.e. only dGPU is forcibly runtime-PM enabled), so that APU can still get the ELD notification. For identifying which GPU is bound, a new vga_switcheroo client callback, gpu_bound, is implemented. The vga_switcheroo simply calls this when GPU is bound, and tells whether it's dGPU or APU. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200945 Fixes: 07f4f97d7b4b ("vga_switcheroo: Use device link for HDA controller") Reported-by: Jian-Hong Pan Tested-by: Jian-Hong Pan Acked-by: Lukas Wunner Signed-off-by: Takashi Iwai commit ad4f15dc2c70b1de5e0a64d27335962fbc9cf71c Author: Juergen Gross Date: Tue Sep 11 09:04:48 2018 +0200 xen/netfront: don't bug in case of too many frags Commit 57f230ab04d291 ("xen/netfront: raise max number of slots in xennet_get_responses()") raised the max number of allowed slots by one. This seems to be problematic in some configurations with netback using a larger MAX_SKB_FRAGS value (e.g. old Linux kernel with MAX_SKB_FRAGS defined as 18 instead of nowadays 17). Instead of BUG_ON() in this case just fall back to retransmission. Fixes: 57f230ab04d291 ("xen/netfront: raise max number of slots in xennet_get_responses()") Cc: stable@vger.kernel.org Signed-off-by: Juergen Gross Signed-off-by: David S. Miller commit 22d0bd82cc7cec7d9ed4bd5913f3ab65643364be Author: Xin Long Date: Tue Sep 11 14:33:58 2018 +0800 ipv6: use rt6_info members when dst is set in rt6_fill_node In inet6_rtm_getroute, since Commit 93531c674315 ("net/ipv6: separate handling of FIB entries from dst based routes"), it has used rt->from to dump route info instead of rt. However for some route like cache, some of its information like flags or gateway is not the same as that of the 'from' one. It caused 'ip route get' to dump the wrong route information. In Jianlin's testing, the output information even lost the expiration time for a pmtu route cache due to the wrong fib6_flags. So change to use rt6_info members for dst addr, src addr, flags and gateway when it tries to dump a route entry without fibmatch set. v1->v2: - not use rt6i_prefsrc. - also fix the gw dump issue. Fixes: 93531c674315 ("net/ipv6: separate handling of FIB entries from dst based routes") Reported-by: Jianlin Shi Signed-off-by: Xin Long Signed-off-by: David S. Miller commit 3b7d96a0dbb6b630878597a1838fc39f808b761b Author: Keerthy Date: Wed Aug 8 18:44:59 2018 +0530 clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs The 32k clocksource is NONSTOP for non-am43 SoCs. Hence add the flag for all the other SoCs. Reported-by: Tony Lindgren Signed-off-by: Keerthy Acked-by: Tony Lindgren Signed-off-by: Daniel Lezcano commit 498fe23aad8e3b5a9554f55719c537603b4476ea Author: Takashi Sakamoto Date: Thu Sep 13 21:31:18 2018 +0900 ALSA: oxfw: fix memory leak of private data Although private data of sound card instance is usually allocated in the tail of the instance, drivers in ALSA firewire stack allocate the private data before allocating the instance. In this case, the private data should be released explicitly at .private_free callback of the instance. This commit fixes memory leak following to the above design. Fixes: 6c29230e2a5f ('ALSA: oxfw: delayed registration of sound card') Cc: # v4.7+ Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai commit 8d28277c065a974873c6781d44b7bcdcd8fb4e8a Author: Takashi Sakamoto Date: Thu Sep 13 21:31:05 2018 +0900 ALSA: firewire-tascam: fix memory leak of private data Although private data of sound card instance is usually allocated in the tail of the instance, drivers in ALSA firewire stack allocate the private data before allocating the instance. In this case, the private data should be released explicitly at .private_free callback of the instance. This commit fixes memory leak following to the above design. Fixes: b610386c8afb ('ALSA: firewire-tascam: deleyed registration of sound card') Cc: # v4.7+ Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai commit a49a83ab05e34edd6c71a4fbd062c9a7ba6d18aa Author: Takashi Sakamoto Date: Thu Sep 13 21:30:34 2018 +0900 ALSA: firewire-digi00x: fix memory leak of private data Although private data of sound card instance is usually allocated in the tail of the instance, drivers in ALSA firewire stack allocate the private data before allocating the instance. In this case, the private data should be released explicitly at .private_free callback of the instance. This commit fixes memory leak following to the above design. Fixes: 86c8dd7f4da3 ('ALSA: firewire-digi00x: delayed registration of sound card') Cc: # v4.7+ Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai commit 54eda9df17f3215b9ed16629ee71ea07413efdaf Merge: d3bd5973c72e 9d27e39d309c Author: Linus Torvalds Date: Wed Sep 12 19:39:56 2018 -1000 Merge tag 'pci-v4.19-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fixes from Bjorn Helgaas: - Add Tyrel Datwyler as maintainer for PPC64 RPA hotplug (Tyrel Datwyler) - Add Gustavo Pimentel as DesignWare PCI maintainer (Joao Pinto) - Fix a Switchtec Spectre v1 vulnerability (Gustavo A. R. Silva) - Revert an unnecessary Intel 300 ACS quirk (Mika Westerberg) - Fix pciehp hot-add/powerfault detection that left indicators in wrong state (Keith Busch) - Fix pci_reset_bus() logic error (Dennis Dalessandro) - Revert IB/hfi1 PCI reset change that caused a deadlock (Dennis Dalessandro) - Allow enabling PASID on Root Complex Integrated Endpoints (Felix Kuehling) * tag 'pci-v4.19-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: Fix enabling of PASID on RC integrated endpoints IB/hfi1,PCI: Allow bus reset while probing PCI: Fix faulty logic in pci_reset_bus() PCI: pciehp: Fix hot-add vs powerfault detection order switchtec: Fix Spectre v1 vulnerability Revert "PCI: Add ACS quirk for Intel 300 series" MAINTAINERS: Add Gustavo Pimentel as DesignWare PCI maintainer MAINTAINERS: Add entries for PPC64 RPA PCI hotplug drivers commit d3bd5973c72e04f03539858b9149e6b604bfb51d Merge: 7428b2e5d0b1 a8627cda7cff Author: Linus Torvalds Date: Wed Sep 12 19:33:56 2018 -1000 Merge tag 'for-linus-4.19' of git://github.com/cminyard/linux-ipmi Pull IPMI bugfixes from Corey Minyard: "A few fixes that came around or after the merge window, except for commit cd2315d471f4 ("ipmi: kcs_bmc: don't change device name") which is for a driver that very few people use, and those people need the change" * tag 'for-linus-4.19' of git://github.com/cminyard/linux-ipmi: ipmi: Fix NULL pointer dereference in ssif_probe ipmi: Fix I2C client removal in the SSIF driver ipmi: Move BT capabilities detection to the detect call ipmi: Rework SMI registration failure ipmi: kcs_bmc: don't change device name commit 3702a0585e64d70d5bf73bf3e943b8d6005b72c1 Author: Brijesh Singh Date: Wed Aug 15 16:11:25 2018 -0500 crypto: ccp - add timeout support in the SEV command Currently, the CCP driver assumes that the SEV command issued to the PSP will always return (i.e. it will never hang). But recently, firmware bugs have shown that a command can hang. Since of the SEV commands are used in probe routines, this can cause boot hangs and/or loss of virtualization capabilities. To protect against firmware bugs, add a timeout in the SEV command execution flow. If a command does not complete within the specified timeout then return -ETIMEOUT and stop the driver from executing any further commands since the state of the SEV firmware is unknown. Cc: Tom Lendacky Cc: Gary Hook Cc: Herbert Xu Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Herbert Xu commit 7428b2e5d0b195f2a5e40f91d2b41a8503fcfe68 Merge: 67b076095dd7 2887e5ce15dd Author: Linus Torvalds Date: Wed Sep 12 17:36:47 2018 -1000 Merge tag 'drm-fixes-2018-09-12' of git://anongit.freedesktop.org/drm/drm Pull drm nouveau fixes from Dave Airlie: "I'm sending this separately as it's a bit larger than I generally like for one driver, but it does contain a bunch of make my nvidia laptop not die (runpm) and a bunch to make my docking station and monitor display stuff (mst) fixes. Lyude has spent a lot of time on these, and we are putting the fixes into distro kernels as well asap, as it helps a bunch of standard Lenovo laptops, so I'm fairly happy things are better than they were before these patches, but I decided to split them out just for clarification" * tag 'drm-fixes-2018-09-12' of git://anongit.freedesktop.org/drm/drm: drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels drm/nouveau/disp: fix DP disable race drm/nouveau/disp: move eDP panel power handling drm/nouveau/disp: remove unused struct member drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer drm/nouveau: fix oops in client init failure path drm/nouveau: Fix nouveau_connector_ddc_detect() drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early drm/nouveau: Reset MST branching unit before enabling drm/nouveau: Only write DP_MSTM_CTRL when needed drm/nouveau: Remove useless poll_enable() call in drm_load() drm/nouveau: Remove useless poll_disable() call in switcheroo_set_state() drm/nouveau: Remove useless poll_enable() call in switcheroo_set_state() drm/nouveau: Fix deadlocks in nouveau_connector_detect() drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() drm/nouveau/drm/nouveau: Fix deadlock with fb_helper with async RPM requests drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend() drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement commit 67b076095dd7a13ff24e9b5f830fcb1291ae0678 Merge: 96eddb810b14 4851bfd64d42 Author: Linus Torvalds Date: Wed Sep 12 17:32:50 2018 -1000 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Fix up several Kconfig dependencies in netfilter, from Martin Willi and Florian Westphal. 2) Memory leak in be2net driver, from Petr Oros. 3) Memory leak in E-Switch handling of mlx5 driver, from Raed Salem. 4) mlx5_attach_interface needs to check for errors, from Huy Nguyen. 5) tipc_release() needs to orphan the sock, from Cong Wang. 6) Need to program TxConfig register after TX/RX is enabled in r8169 driver, not beforehand, from Maciej S. Szmigiero. 7) Handle 64K PAGE_SIZE properly in ena driver, from Netanel Belgazal. 8) Fix crash regression in ip_do_fragment(), from Taehee Yoo. 9) syzbot can create conditions where kernel log is flooded with synflood warnings due to creation of many listening sockets, fix that. From Willem de Bruijn. 10) Fix RCU issues in rds socket layer, from Cong Wang. 11) Fix vlan matching in nfp driver, from Pieter Jansen van Vuuren. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (59 commits) nfp: flower: reject tunnel encap with ipv6 outer headers for offloading nfp: flower: fix vlan match by checking both vlan id and vlan pcp tipc: check return value of __tipc_dump_start() s390/qeth: don't dump past end of unknown HW header s390/qeth: use vzalloc for QUERY OAT buffer s390/qeth: switch on SG by default for IQD devices s390/qeth: indicate error when netdev allocation fails rds: fix two RCU related problems r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED erspan: fix error handling for erspan tunnel erspan: return PACKET_REJECT when the appropriate tunnel is not found tcp: rate limit synflood warnings further MIPS: lantiq: dma: add dev pointer netfilter: xt_hashlimit: use s->file instead of s->private netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT netfilter: cttimeout: ctnl_timeout_find_get() returns incorrect pointer to type netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT netfilter: conntrack: reset tcp maxwin on re-register qmi_wwan: Support dynamic config on Quectel EP06 ethernet: renesas: convert to SPDX identifiers ... commit 3483f08106fcd0e8edad2b9f2fc4726d25177799 Author: Ben Skeggs Date: Thu Sep 13 10:56:38 2018 +1000 drm/nouveau/devinit: fix warning when PMU/PRE_OS is missing Messed up when sending pull request and sent an outdated version of previous patch, this fixes it up to remove warnings. Signed-off-by: Ben Skeggs commit b228ba1cb95afbaeeb86cf06cd9fd6f6369c3b14 Author: Jens Axboe Date: Wed Sep 12 18:21:11 2018 -0600 null_blk: fix zoned support for non-rq based operation The supported added for zones in null_blk seem to assume that only rq based operation is possible. But this depends on the queue_mode setting, if this is set to 0, then cmd->bio is what we need to be operating on. Right now any attempt to load null_blk with queue_mode=0 will insta-crash, since cmd->rq is NULL and null_handle_cmd() assumes it to always be set. Make the zoned code deal with bio's instead, or pass in the appropriate sector/nr_sectors instead. Fixes: ca4b2a011948 ("null_blk: add zone support") Tested-by: Omar Sandoval Signed-off-by: Jens Axboe commit 097f5863b1a0c9901f180bbd56ae7d630655faaa Author: Dan Carpenter Date: Thu Sep 6 12:47:01 2018 +0300 cifs: read overflow in is_valid_oplock_break() We need to verify that the "data_offset" is within bounds. Reported-by: Dr Silvio Cesare of InfoSect Signed-off-by: Dan Carpenter Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit dfb06cba8c73c0704710b2e3fbe2c35ac66a01b4 Author: Dave Jiang Date: Wed Sep 5 13:31:40 2018 -0700 uaccess: Fix is_source param for check_copy_size() in copy_to_iter_mcsafe() copy_to_iter_mcsafe() is passing in the is_source parameter as "false" to check_copy_size(). This is different than what copy_to_iter() does. Also, the addr parameter passed to check_copy_size() is the source so therefore we should be passing in "true" instead. Fixes: 8780356ef630 ("x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe()") Cc: Reported-by: Fan Du Signed-off-by: Dave Jiang Reviewed-by: Vishal Verma Reported-by: Wenwei Tao Signed-off-by: Dan Williams commit 4c3d795cb012a378855543a775408fba1ccff6f2 Author: Tushar Dave Date: Wed Sep 12 22:15:29 2018 +0200 bpf: use __GFP_COMP while allocating page Helper bpg_msg_pull_data() can allocate multiple pages while linearizing multiple scatterlist elements into one shared page. However, if the shared page has size > PAGE_SIZE, using copy_page_to_iter() causes below warning. e.g. [ 6367.019832] WARNING: CPU: 2 PID: 7410 at lib/iov_iter.c:825 page_copy_sane.part.8+0x0/0x8 To avoid above warning, use __GFP_COMP while allocating multiple contiguous pages. Fixes: 015632bb30da ("bpf: sk_msg program helper bpf_sk_msg_pull_data") Signed-off-by: Tushar Dave Signed-off-by: Daniel Borkmann commit 67e3816842fe6414d629c7515b955952ec40c7d7 Author: Steve Wise Date: Fri Aug 31 07:16:03 2018 -0700 RDMA/uverbs: Atomically flush and mark closed the comp event queue Currently a uverbs completion event queue is flushed of events in ib_uverbs_comp_event_close() with the queue spinlock held and then released. Yet setting ev_queue->is_closed is not set until later in uverbs_hot_unplug_completion_event_file(). In between the time ib_uverbs_comp_event_close() releases the lock and uverbs_hot_unplug_completion_event_file() acquires the lock, a completion event can arrive and be inserted into the event queue by ib_uverbs_comp_handler(). This can cause a "double add" list_add warning or crash depending on the kernel configuration, or a memory leak because the event is never dequeued since the queue is already closed down. So add setting ev_queue->is_closed = 1 to ib_uverbs_comp_event_close(). Cc: stable@vger.kernel.org Fixes: 1e7710f3f656 ("IB/core: Change completion channel to use the reworked objects schema") Signed-off-by: Steve Wise Signed-off-by: Jason Gunthorpe commit dd066823db2ac4e22f721ec85190817b58059a54 Author: Alexei Starovoitov Date: Wed Sep 12 14:06:10 2018 -0700 bpf/verifier: disallow pointer subtraction Subtraction of pointers was accidentally allowed for unpriv programs by commit 82abbf8d2fc4. Revert that part of commit. Fixes: 82abbf8d2fc4 ("bpf: do not allow root to mangle valid pointers") Reported-by: Jann Horn Acked-by: Daniel Borkmann Signed-off-by: Alexei Starovoitov Signed-off-by: Daniel Borkmann commit 4851bfd64d42d9fb6d2d30a41c8523614b412a7a Merge: 12a78b026f87 224de549f0be Author: David S. Miller Date: Wed Sep 12 13:18:30 2018 -0700 Merge branch 'nfp-flower-fixes' Jakub Kicinski says: ==================== nfp: flower: fixes for flower offload Two fixes for flower matching and tunnel encap. Pieter fixes VLAN matching if the entire VLAN id is masked out and match is only performed on the PCP field. Louis adds validation of tunnel flags for encap, most importantly we should not offload actions on IPv6 tunnels if it's not supported. ==================== Signed-off-by: David S. Miller commit 224de549f0beca58fb95c0b8da9cb2bfa8c6cc12 Author: Louis Peens Date: Tue Sep 11 06:38:45 2018 -0700 nfp: flower: reject tunnel encap with ipv6 outer headers for offloading This fixes a bug where ipv6 tunnels would report that it is getting offloaded to hardware but would actually be rejected by hardware. Fixes: b27d6a95a70d ("nfp: compile flower vxlan tunnel set actions") Signed-off-by: Louis Peens Reviewed-by: John Hurley Reviewed-by: Simon Horman Reviewed-by: Jakub Kicinski Signed-off-by: David S. Miller commit db191db813722297be36ffce2862e0f2b0e54d82 Author: Pieter Jansen van Vuuren Date: Tue Sep 11 06:38:44 2018 -0700 nfp: flower: fix vlan match by checking both vlan id and vlan pcp Previously we only checked if the vlan id field is present when trying to match a vlan tag. The vlan id and vlan pcp field should be treated independently. Fixes: 5571e8c9f241 ("nfp: extend flower matching capabilities") Signed-off-by: Pieter Jansen van Vuuren Reviewed-by: Jakub Kicinski Signed-off-by: David S. Miller commit 12a78b026f870c575d3a98998b25084aac5b3c61 Author: Cong Wang Date: Tue Sep 11 15:12:17 2018 -0700 tipc: check return value of __tipc_dump_start() When __tipc_dump_start() fails with running out of memory, we have no reason to continue, especially we should avoid calling tipc_dump_done(). Fixes: 8f5c5fcf3533 ("tipc: call start and done ops directly in __tipc_nl_compat_dumpit()") Reported-and-tested-by: syzbot+3f8324abccfbf8c74a9f@syzkaller.appspotmail.com Cc: Jon Maloy Cc: Ying Xue Signed-off-by: Cong Wang Acked-by: Ying Xue Signed-off-by: David S. Miller commit 6b4d24de299be72d96c1f3b318905ccaaf47b904 Merge: cc4dfb7f70a3 0ac1487c4b2d Author: David S. Miller Date: Wed Sep 12 13:12:52 2018 -0700 Merge branch 'qeth-fixes' Julian Wiedmann says: ==================== s390/qeth: fixes 2018-09-12 please apply the following qeth fixes for -net. Patch 1 resolves a regression in an error path, while patch 2 enables the SG support by default that was newly introduced with 4.19. Patch 3 takes care of a longstanding problem with large-order allocations, and patch 4 fixes a potential out-of-bounds access. ==================== Signed-off-by: David S. Miller commit 0ac1487c4b2de383b91ecad1be561b8f7a2c15f4 Author: Julian Wiedmann Date: Wed Sep 12 15:31:35 2018 +0200 s390/qeth: don't dump past end of unknown HW header For inbound data with an unsupported HW header format, only dump the actual HW header. We have no idea how much payload follows it, and what it contains. Worst case, we dump past the end of the Inbound Buffer and access whatever is located next in memory. Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit aec45e857c5538664edb76a60dd452e3265f37d1 Author: Wenjia Zhang Date: Wed Sep 12 15:31:34 2018 +0200 s390/qeth: use vzalloc for QUERY OAT buffer qeth_query_oat_command() currently allocates the kernel buffer for the SIOC_QETH_QUERY_OAT ioctl with kzalloc. So on systems with fragmented memory, large allocations may fail (eg. the qethqoat tool by default uses 132KB). Solve this issue by using vzalloc, backing the allocation with non-contiguous memory. Signed-off-by: Wenjia Zhang Reviewed-by: Julian Wiedmann Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit 04db741d0df02fdb9ea4ddca32615153407dcf7f Author: Julian Wiedmann Date: Wed Sep 12 15:31:33 2018 +0200 s390/qeth: switch on SG by default for IQD devices Scatter-gather transmit brings a nice performance boost. Considering the rather large MTU sizes at play, it's also totally the Right Thing To Do. Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit 778b1ac737494cec156f17c80da44664c1f77cf6 Author: Julian Wiedmann Date: Wed Sep 12 15:31:32 2018 +0200 s390/qeth: indicate error when netdev allocation fails Bailing out on allocation error is nice, but we also need to tell the ccwgroup core that creating the qeth groupdev failed. Fixes: d3d1b205e89f ("s390/qeth: allocate netdevice early") Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit 4b1c5d917d34f705096bb7dd8a2bd19b0881970e Author: Martin KaFai Lau Date: Wed Sep 12 10:29:11 2018 -0700 bpf: btf: Fix end boundary calculation for type section The end boundary math for type section is incorrect in btf_check_all_metas(). It just happens that hdr->type_off is always 0 for now because there are only two sections (type and string) and string section must be at the end (ensured in btf_parse_str_sec). However, type_off may not be 0 if a new section would be added later. This patch fixes it. Fixes: f80442a4cd18 ("bpf: btf: Change how section is supported in btf_header") Reported-by: Dmitry Vyukov Signed-off-by: Martin KaFai Lau Acked-by: Yonghong Song Signed-off-by: Daniel Borkmann commit cf40361ede6cf9dc09349e4c049dc0d166ca2d8b Author: Guenter Roeck Date: Tue Sep 11 11:18:12 2018 -0700 x86/efi: Load fixmap GDT in efi_call_phys_epilog() before setting %cr3 Commit eeb89e2bb1ac ("x86/efi: Load fixmap GDT in efi_call_phys_epilog()") moved loading the fixmap in efi_call_phys_epilog() after load_cr3() since it was assumed to be more logical. Turns out this is incorrect: In efi_call_phys_prolog(), the gdt with its physical address is loaded first, and when the %cr3 is reloaded in _epilog from initial_page_table to swapper_pg_dir again the gdt is no longer mapped. This results in a triple fault if an interrupt occurs after load_cr3() and before load_fixmap_gdt(0). Calling load_fixmap_gdt(0) first restores the execution order prior to commit eeb89e2bb1ac and fixes the problem. Fixes: eeb89e2bb1ac ("x86/efi: Load fixmap GDT in efi_call_phys_epilog()") Signed-off-by: Guenter Roeck Signed-off-by: Thomas Gleixner Acked-by: Linus Torvalds Cc: Ard Biesheuvel Cc: linux-efi@vger.kernel.org Cc: Andy Lutomirski Cc: Joerg Roedel Link: https://lkml.kernel.org/r/1536689892-21538-1-git-send-email-linux@roeck-us.net commit 999696752db1099aba595aac4f8d881f8c7cf4e6 Author: Juergen Gross Date: Wed Sep 12 19:41:22 2018 +0200 x86/xen: Disable CPU0 hotplug for Xen PV Xen PV guests don't allow CPU0 hotplug, so disable it. Signed-off-by: Juergen Gross Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: boris.ostrovsky@oracle.com Cc: xen-devel@lists.xenproject.org Link: http://lkml.kernel.org/r/20180912174122.24282-1-jgross@suse.com Signed-off-by: Ingo Molnar commit cb48b6a26cace226d8b299a48c73e808eb0c4f61 Merge: 02e184476eff 03db8b583d1c Author: Ingo Molnar Date: Wed Sep 12 21:10:05 2018 +0200 Merge tag 'perf-urgent-for-mingo-4.19-20180912' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/urgent fixes from Arnaldo Carvalho de Melo: - Fix finding a symbol by name when multiple maps use the same backing DSO, so we must first see if that symbol name is in the DSO, then see if it is inside the range of addresses for that specific map (Adrian Hunter) - Update the tools copies of UAPI headers, which silences the warnings emitted when building the tools and in some cases, like for the new KVM ioctls, results in 'perf trace' being able to translate that ioctl number to a string (Arnaldo Carvalho de Melo) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit b1f4ff74fcb0e82664e8633cc225c2ad4234878a Author: Paulo Zanoni Date: Mon Sep 10 10:59:56 2018 -0700 tracing/Makefile: Fix handling redefinition of CC_FLAGS_FTRACE As a Kernel developer, I make heavy use of "make targz-pkg" in order to locally compile and remotely install my development Kernels. The nice feature I rely on is that after a normal "make", "make targz-pkg" only generates the tarball without having to recompile everything. That was true until commit f28bc3c32c05 ("tracing: Handle CC_FLAGS_FTRACE more accurately"). After it, running "make targz-pkg" after "make" will recompile the whole Kernel tree, making my development workflow much slower. The Kernel is choosing to recompile everything because it claims the command line has changed. A diff of the .cmd files show a repeated -mfentry in one of the files. That is because "make targz-pkg" calls "make modules_install" and the environment is already populated with the exported variables, CC_FLAGS_FTRACE being one of them. Then, -mfentry gets duplicated because it is not protected behind an ifndef block, like -pg. To complicate the problem a little bit more, architectures can define their own version CC_FLAGS_FTRACE, so our code not only has to consider recursive Makefiles, but also architecture overrides. So in this patch we move CC_FLAGS_FTRACE up and unconditionally define it to -pg. Then we let the architecture Makefiles possibly override it, and finally append the extra options later. This ensures the variable is always fully redefined at each invocation so recursive Makefiles don't keep appending, and hopefully it maintains the intended behavior on how architectures can override the defaults.. Thanks Steven Rostedt and Vasily Gorbik for the help on this regression. Cc: Michal Marek Cc: Ingo Molnar Cc: Tvrtko Ursulin Cc: linux-kbuild@vger.kernel.org Fixes: commit f28bc3c32c05 ("tracing: Handle CC_FLAGS_FTRACE more accurately") Acked-by: Vasily Gorbik Signed-off-by: Paulo Zanoni Signed-off-by: Steven Rostedt (VMware) commit 96eddb810b146e4d364e35f38dc11d16680c66eb Merge: aeb5427218a7 e866d3e84eb7 Author: Linus Torvalds Date: Wed Sep 12 06:51:27 2018 -1000 Merge tag 'riscv-for-linus-4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux Pull RISC-V fix from Palmer Dabbelt: "This contains what I hope to be the last RISC-V patch for 4.19. It fixes a bug in our initramfs support by removing some broken and obselete code" * tag 'riscv-for-linus-4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux: riscv: Do not overwrite initrd_start and initrd_end commit aeb5427218a72ead8be673c0fba21839d2a3bb70 Merge: 5e335542de83 c77a2fa3ff8f Author: Linus Torvalds Date: Wed Sep 12 06:44:03 2018 -1000 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Three fixes, all in drivers (qedi and iscsi target) so no wider impact even if the code changes are a bit extensive" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: qedi: Add the CRC size within iSCSI NVM image scsi: iscsi: target: Fix conn_ops double free scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails commit d310959365942b100f79b56bcce859968fe7ca9c Author: Scott Branden Date: Tue Sep 11 13:26:38 2018 -0700 efi/libstub/arm: default EFI_ARMSTUB_DTB_LOADER to y Default EFI_ARMSTUB_DTB_LOADER to y to allow the dtb= command line parameter to function with efi loader. Required for development purposes and to boot on existing bootloaders that do not support devicetree provided by the firmware or by the bootloader. Fixes: 3d7ee348aa41 ("efi/libstub/arm: Add opt-in Kconfig option ...") Signed-off-by: Scott Branden Signed-off-by: Ard Biesheuvel commit 2d204ee9d671327915260071c19350d84344e096 Author: Dan Carpenter Date: Mon Sep 10 14:12:07 2018 +0300 cifs: integer overflow in in SMB2_ioctl() The "le32_to_cpu(rsp->OutputOffset) + *plen" addition can overflow and wrap around to a smaller value which looks like it would lead to an information leak. Fixes: 4a72dafa19ba ("SMB2 FSCTL and IOCTL worker function") Signed-off-by: Dan Carpenter Signed-off-by: Steve French Reviewed-by: Aurelien Aptel CC: Stable commit 56446f218af1133c802dad8e9e116f07f381846c Author: Dan Carpenter Date: Thu Sep 6 12:48:22 2018 +0300 CIFS: fix wrapping bugs in num_entries() The problem is that "entryptr + next_offset" and "entryptr + len + size" can wrap. I ended up changing the type of "entryptr" because it makes the math easier when we don't have to do so much casting. Signed-off-by: Dan Carpenter Signed-off-by: Steve French Reviewed-by: Aurelien Aptel Reviewed-by: Pavel Shilovsky CC: Stable commit 8ad8aa353524d89fa2e09522f3078166ff78ec42 Author: Dan Carpenter Date: Thu Sep 6 12:47:51 2018 +0300 cifs: prevent integer overflow in nxt_dir_entry() The "old_entry + le32_to_cpu(pDirInfo->NextEntryOffset)" can wrap around so I have added a check for integer overflow. Reported-by: Dr Silvio Cesare of InfoSect Reviewed-by: Ronnie Sahlberg Reviewed-by: Aurelien Aptel Signed-off-by: Dan Carpenter Signed-off-by: Steve French CC: Stable commit 6ee67e351cdae68b4c9c7df74124b9f9fb81e966 Author: YueHaibing Date: Wed Sep 12 03:15:30 2018 +0000 drm/fb-helper: Remove set but not used variable 'connector_funcs' Fixes gcc '-Wunused-but-set-variable' warning: drivers/gpu/drm/drm_fb_helper.c: In function 'drm_pick_crtcs': drivers/gpu/drm/drm_fb_helper.c:2373:43: warning: variable 'connector_funcs' set but not used [-Wunused-but-set-variable] Signed-off-by: YueHaibing Signed-off-by: Sean Paul Link: https://patchwork.freedesktop.org/patch/msgid/1536722130-108819-1-git-send-email-yuehaibing@huawei.com commit 40ebdb8e59df36e2cc71810bd021a0808b16c956 Author: Janosch Frank Date: Wed Aug 1 11:48:28 2018 +0100 KVM: s390: Make huge pages unavailable in ucontrol VMs We currently do not notify all gmaps when using gmap_pmdp_xchg(), due to locking constraints. This makes ucontrol VMs, which is the only VM type that creates multiple gmaps, incompatible with huge pages. Also we would need to hold the guest_table_lock of all gmaps that have this vmaddr maped to synchronize access to the pmd. ucontrol VMs are rather exotic and creating a new locking concept is no easy task. Hence we return EINVAL when trying to active KVM_CAP_S390_HPAGE_1M and report it as being not available when checking for it. Fixes: a4499382 ("KVM: s390: Add huge page enablement control") Signed-off-by: Janosch Frank Reviewed-by: David Hildenbrand Reviewed-by: Claudio Imbrenda Message-Id: <20180801112508.138159-1-frankja@linux.ibm.com> Signed-off-by: Janosch Frank commit 1843abd03250115af6cec0892683e70cf2297c25 Author: Janosch Frank Date: Thu Aug 16 09:02:31 2018 +0100 s390/mm: Check for valid vma before zapping in gmap_discard Userspace could have munmapped the area before doing unmapping from the gmap. This would leave us with a valid vmaddr, but an invalid vma from which we would try to zap memory. Let's check before using the vma. Fixes: 1e133ab296f3 ("s390/mm: split arch/s390/mm/pgtable.c") Signed-off-by: Janosch Frank Reviewed-by: David Hildenbrand Reported-by: Dan Carpenter Message-Id: <20180816082432.78828-1-frankja@linux.ibm.com> Signed-off-by: Janosch Frank commit dab99a0f77e9764a00b0203d0155ca134247f461 Author: Hans Verkuil Date: Thu Aug 30 06:18:22 2018 -0400 media: staging/media/mt9t031/Kconfig: remove bogus entry The 'config SOC_CAMERA_IMX074' is a copy-and-paste error and should be removed. This Kconfig is for mt9t031 only. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab commit 9d2ac5f4bec00a0697ab77c999ef38753b3cb900 Author: Jacopo Mondi Date: Fri Aug 3 12:40:58 2018 +0200 media: i2c: mt9v111: Fix v4l2-ctrl error handling Fix error handling of v4l2_ctrl creation by inspecting the ctrl.error flag instead of testing for each returned value correctness. As reported by Dan Carpenter returning PTR_ERR() on the v4l2_ctrl_new_std() return value is also wrong, as that function return NULL on error. While at there re-order the cleanup path to respect the operation inverse order. Fixes: aab7ed1c "media: i2c: Add driver for Aptina MT9V111" Reported-by: Dan Carpenter Signed-off-by: Jacopo Mondi Signed-off-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit 379e36d3f591cb62e781907edafea17d75e8c1fa Author: Ludovic Desroches Date: Fri Sep 7 10:18:51 2018 +0200 ARM: dts: at91: sama5d2_ptc_ek: fix nand pinctrl The drive strength has to be set to medium otherwise some data corruption may happen. Signed-off-by: Ludovic Desroches Acked-by: Nicolas Ferre Signed-off-by: Alexandre Belloni commit 75383f8d39d4c0fb96083dd460b7b139fbdac492 Author: Yu Zhao Date: Tue Sep 11 15:15:16 2018 -0600 sound: don't call skl_init_chip() to reset intel skl soc Internally, skl_init_chip() calls snd_hdac_bus_init_chip() which 1) sets bus->chip_init to prevent multiple entrances before device is stopped; 2) enables interrupt. We shouldn't use it for the purpose of resetting device only because 1) when we really want to initialize device, we won't be able to do so; 2) we are ready to handle interrupt yet, and kernel crashes when interrupt comes in. Rename azx_reset() to snd_hdac_bus_reset_link(), and use it to reset device properly. Fixes: 60767abcea3d ("ASoC: Intel: Skylake: Reset the controller in probe") Reviewed-by: Takashi Iwai Signed-off-by: Yu Zhao Signed-off-by: Mark Brown commit b61749a89f826eb61fc59794d9e4697bd246eb61 Author: Yu Zhao Date: Tue Sep 11 15:14:04 2018 -0600 sound: enable interrupt after dma buffer initialization In snd_hdac_bus_init_chip(), we enable interrupt before snd_hdac_bus_init_cmd_io() initializing dma buffers. If irq has been acquired and irq handler uses the dma buffer, kernel may crash when interrupt comes in. Fix the problem by postponing enabling irq after dma buffer initialization. And warn once on null dma buffer pointer during the initialization. Reviewed-by: Takashi Iwai Signed-off-by: Yu Zhao Signed-off-by: Mark Brown commit 542cedec53c9e8b73f3f05bf8468823598c50489 Author: Yu Zhao Date: Tue Sep 11 15:12:46 2018 -0600 Revert "ASoC: Intel: Skylake: Acquire irq after RIRB allocation" This reverts commit 12eeeb4f4733bbc4481d01df35933fc15beb8b19. The patch doesn't fix accessing memory with null pointer in skl_interrupt(). There are two problems: 1) skl_init_chip() is called twice, before and after dma buffer is allocate. The first call sets bus->chip_init which prevents the second from initializing bus->corb.buf and rirb.buf from bus->rb.area. 2) snd_hdac_bus_init_chip() enables interrupt before snd_hdac_bus_init_cmd_io() initializing dma buffers. There is a small window which skl_interrupt() can be called if irq has been acquired. If so, it crashes when using null dma buffer pointers. Will fix the problems in the following patches. Also attaching the crash for future reference. [ 16.949148] general protection fault: 0000 [#1] PREEMPT SMP KASAN PTI [ 16.950903] Call Trace: [ 16.950906] [ 16.950918] skl_interrupt+0x19e/0x2d6 [snd_soc_skl] [ 16.950926] ? dma_supported+0xb5/0xb5 [snd_soc_skl] [ 16.950933] __handle_irq_event_percpu+0x27a/0x6c8 [ 16.950937] ? __irq_wake_thread+0x1d1/0x1d1 [ 16.950942] ? __do_softirq+0x57a/0x69e [ 16.950944] handle_irq_event_percpu+0x95/0x1ba [ 16.950948] ? _raw_spin_unlock+0x65/0xdc [ 16.950951] ? __handle_irq_event_percpu+0x6c8/0x6c8 [ 16.950953] ? _raw_spin_unlock+0x65/0xdc [ 16.950957] ? time_cpufreq_notifier+0x483/0x483 [ 16.950959] handle_irq_event+0x89/0x123 [ 16.950962] handle_fasteoi_irq+0x16f/0x425 [ 16.950965] handle_irq+0x1fe/0x28e [ 16.950969] do_IRQ+0x6e/0x12e [ 16.950972] common_interrupt+0x7a/0x7a [ 16.950974] [ 16.951031] RIP: snd_hdac_bus_update_rirb+0x19b/0x4cf [snd_hda_core] RSP: ffff88015c807c08 [ 16.951036] ---[ end trace 58bf9ece1775bc92 ]--- Fixes: 2eeeb4f4733b ("ASoC: Intel: Skylake: Acquire irq after RIRB allocation") Signed-off-by: Yu Zhao Signed-off-by: Mark Brown commit fa108f95c6769ec15ea59b7db00454b82afc6121 Author: Martin Schwidefsky Date: Wed Sep 5 07:45:11 2018 +0200 s390/zcrypt: remove VLA usage from the AP bus The use of variable length arrays on the stack is deprecated. git commit 3d8f60d38e249f989a7fca9c2370c31c3d5487e1 "s390/zcrypt: hex string mask improvements for apmask and aqmask." added three new VLA arrays. Remove them again. Reviewed-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky commit 422b3db2a5036add39a82425b1dd9fb6c96481e8 Author: Rishabh Bhatnagar Date: Fri Aug 31 08:43:31 2018 -0700 firmware: Fix security issue with request_firmware_into_buf() When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag it is expected that firmware is loaded into buffer from memory. But inside alloc_lookup_fw_priv every new firmware that is loaded is added to the firmware cache (fwc) list head. So if any driver requests a firmware that is already loaded the code iterates over the above mentioned list and it can end up giving a pointer to other device driver's firmware buffer. Also the existing copy may either be modified by drivers, remote processors or even freed. This causes a potential security issue with batched requests when using request_firmware_into_buf. Fix alloc_lookup_fw_priv to not add to the fwc head list if FW_OPT_NOCACHE is set, and also don't do the lookup in the list. Fixes: 0e742e9275 ("firmware: provide infrastructure to make fw caching optional") [mcgrof: broken since feature introduction on v4.8] Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Vikram Mulukutla Signed-off-by: Rishabh Bhatnagar Signed-off-by: Luis Chamberlain Signed-off-by: Greg Kroah-Hartman commit 6712cc9c22117a8af9f3df272b4a44fd2e4201cd Author: Stephen Hemminger Date: Mon Aug 20 21:16:40 2018 +0000 vmbus: don't return values for uninitalized channels For unsupported device types, the vmbus channel ringbuffer is never initialized, and therefore reading the sysfs files will return garbage or cause a kernel OOPS. Fixes: c2e5df616e1a ("vmbus: add per-channel sysfs info") Signed-off-by: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Cc: # 4.15 Signed-off-by: Greg Kroah-Hartman commit 029d727b4f5d7c82f78e0395a0d220271c2f92b8 Author: Wei Yongjun Date: Thu Aug 16 14:42:13 2018 -0500 fpga: dfl: fme: fix return value check in in pr_mgmt_init() In case of error, the function dfl_fme_create_region() returns ERR_PTR() and never returns NULL. The NULL test in the return value check should be replaced with IS_ERR(). Fixes: 29de76240e86 ("fpga: dfl: fme: add partial reconfiguration sub feature support") Signed-off-by: Wei Yongjun Acked-by: Moritz Fischer Acked-by: Alan Tull Signed-off-by: Greg Kroah-Hartman commit de916736aaaadddbd6061472969f667b14204aa9 Author: Gustavo A. R. Silva Date: Wed Aug 15 10:50:41 2018 -0500 misc: hmc6352: fix potential Spectre v1 val is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: drivers/misc/hmc6352.c:54 compass_store() warn: potential spectre issue 'map' [r] Fix this by sanitizing val before using it to index map Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva Signed-off-by: Greg Kroah-Hartman commit 86503bd35dec0ce363e9fdbf5299927422ed3899 Author: K. Y. Srinivasan Date: Fri Aug 10 23:06:07 2018 +0000 Tools: hv: Fix a bug in the key delete code Fix a bug in the key delete code - the num_records range from 0 to num_records-1. Signed-off-by: K. Y. Srinivasan Reported-by: David Binderman Cc: Reviewed-by: Michael Kelley Signed-off-by: Greg Kroah-Hartman commit c55e9318871cd06e4aa10f5023cc2dcdfbb08577 Author: Bryant G. Ly Date: Mon Aug 6 08:31:00 2018 -0500 misc: ibmvsm: Fix wrong assignment of return code Currently the assignment is flipped and rc is always 0. Signed-off-by: Bryant G. Ly Fixes: 0eca353e7ae7 ("misc: IBM Virtual Management Channel Driver (VMC)") Reviewed-by: Bradley Warrum Cc: stable Signed-off-by: Greg Kroah-Hartman commit da1b9564e85b1d7baf66cbfabcab27e183a1db63 Author: Minchan Kim Date: Thu Aug 23 14:29:56 2018 +0900 android: binder: fix the race mmap and alloc_new_buf_locked There is RaceFuzzer report like below because we have no lock to close below the race between binder_mmap and binder_alloc_new_buf_locked. To close the race, let's use memory barrier so that if someone see alloc->vma is not NULL, alloc->vma_vm_mm should be never NULL. (I didn't add stable mark intentionallybecause standard android userspace libraries that interact with binder (libbinder & libhwbinder) prevent the mmap/ioctl race. - from Todd) " Thread interleaving: CPU0 (binder_alloc_mmap_handler) CPU1 (binder_alloc_new_buf_locked) ===== ===== // drivers/android/binder_alloc.c // #L718 (v4.18-rc3) alloc->vma = vma; // drivers/android/binder_alloc.c // #L346 (v4.18-rc3) if (alloc->vma == NULL) { ... // alloc->vma is not NULL at this point return ERR_PTR(-ESRCH); } ... // #L438 binder_update_page_range(alloc, 0, (void *)PAGE_ALIGN((uintptr_t)buffer->data), end_page_addr); // In binder_update_page_range() #L218 // But still alloc->vma_vm_mm is NULL here if (need_mm && mmget_not_zero(alloc->vma_vm_mm)) alloc->vma_vm_mm = vma->vm_mm; Crash Log: ================================================================== BUG: KASAN: null-ptr-deref in __atomic_add_unless include/asm-generic/atomic-instrumented.h:89 [inline] BUG: KASAN: null-ptr-deref in atomic_add_unless include/linux/atomic.h:533 [inline] BUG: KASAN: null-ptr-deref in mmget_not_zero include/linux/sched/mm.h:75 [inline] BUG: KASAN: null-ptr-deref in binder_update_page_range+0xece/0x18e0 drivers/android/binder_alloc.c:218 Write of size 4 at addr 0000000000000058 by task syz-executor0/11184 CPU: 1 PID: 11184 Comm: syz-executor0 Not tainted 4.18.0-rc3 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x16e/0x22c lib/dump_stack.c:113 kasan_report_error mm/kasan/report.c:352 [inline] kasan_report+0x163/0x380 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x140/0x1a0 mm/kasan/kasan.c:267 kasan_check_write+0x14/0x20 mm/kasan/kasan.c:278 __atomic_add_unless include/asm-generic/atomic-instrumented.h:89 [inline] atomic_add_unless include/linux/atomic.h:533 [inline] mmget_not_zero include/linux/sched/mm.h:75 [inline] binder_update_page_range+0xece/0x18e0 drivers/android/binder_alloc.c:218 binder_alloc_new_buf_locked drivers/android/binder_alloc.c:443 [inline] binder_alloc_new_buf+0x467/0xc30 drivers/android/binder_alloc.c:513 binder_transaction+0x125b/0x4fb0 drivers/android/binder.c:2957 binder_thread_write+0xc08/0x2770 drivers/android/binder.c:3528 binder_ioctl_write_read.isra.39+0x24f/0x8e0 drivers/android/binder.c:4456 binder_ioctl+0xa86/0xf34 drivers/android/binder.c:4596 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x154/0xd40 fs/ioctl.c:686 ksys_ioctl+0x94/0xb0 fs/ioctl.c:701 __do_sys_ioctl fs/ioctl.c:708 [inline] __se_sys_ioctl fs/ioctl.c:706 [inline] __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:706 do_syscall_64+0x167/0x4b0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe " Signed-off-by: Todd Kjos Signed-off-by: Minchan Kim Reviewed-by: Martijn Coenen Cc: stable Signed-off-by: Greg Kroah-Hartman commit 34f1166afd67f9f48a08c52f36180048908506a4 Author: Tomas Winkler Date: Mon Aug 27 22:40:16 2018 +0300 mei: bus: need to unlink client before freeing In case a client fails to connect in mei_cldev_enable(), the caller won't call the mei_cldev_disable leaving the client in a linked stated. Upon driver unload the client structure will be freed in mei_cl_bus_dev_release(), leaving a stale pointer on a fail_list. This will eventually end up in crash during power down flow in mei_cl_set_disonnected(). RIP: mei_cl_set_disconnected+0x5/0x260[mei] Call trace: mei_cl_all_disconnect+0x22/0x30 mei_reset+0x194/0x250 __synchronize_hardirq+0x43/0x50 _cond_resched+0x15/0x30 mei_me_intr_clear+0x20/0x100 mei_stop+0x76/0xb0 mei_me_shutdown+0x3f/0x80 pci_device_shutdown+0x34/0x60 kernel_restart+0x0e/0x30 Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200455 Fixes: 'c110cdb17148 ("mei: bus: make a client pointer always available")' Cc: 4.10+ Tested-by: Georg Müller Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman commit 69bf5313035926b0b6a6578de4f3168a8f5c19b8 Author: Tomas Winkler Date: Mon Aug 27 22:40:15 2018 +0300 mei: bus: fix hw module get/put balance In case the device is not connected it doesn't 'get' hw module and hence should not 'put' it on disable. Cc: 4.16+ Fixes:'commit 257355a44b99 ("mei: make module referencing local to the bus.c")' Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200455 Tested-by: Georg Müller Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman commit c1a214ad82d7ac6f19fe48f90b13403b40ead9dc Author: John Hubbard Date: Thu Aug 23 09:16:58 2018 +0300 mei: fix use-after-free in mei_cl_write KASAN reports a use-after-free during startup, in mei_cl_write: BUG: KASAN: use-after-free in mei_cl_write+0x601/0x870 [mei] (drivers/misc/mei/client.c:1770) This is caused by commit 98e70866aacb ("mei: add support for variable length mei headers."), which changed the return value from len, to buf->size. That ends up using a stale buf pointer, because blocking call, the cb (callback) is deleted in me_cl_complete() function. However, fortunately, len remains unchanged throughout the function (and I don't see anything else that would require re-reading buf->size either), so the fix is to simply revert the change, and return len, as before. Fixes: 98e70866aacb ("mei: add support for variable length mei headers.") CC: Arnd Bergmann CC: Greg Kroah-Hartman Signed-off-by: John Hubbard Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman commit 8d2d8935d30cc2acc57a3196dc10dfa8d5cbcdab Author: Alexander Usyskin Date: Mon Aug 6 17:47:33 2018 +0300 mei: ignore not found client in the enumeration Some of the ME clients are available only for BIOS operation and are removed during hand off to an OS. However the removal is not instant. A client may be visible on the client list when the mei driver requests for enumeration, while the subsequent request for properties will be answered with client not found error value. The default behavior for an error is to perform client reset while this error is harmless and the link reset should be prevented. This issue started to be visible due to suspend/resume timing changes. Currently reported only on the Haswell based system. Fixes: [33.564957] mei_me 0000:00:16.0: hbm: properties response: wrong status = 1 CLIENT_NOT_FOUND [33.564978] mei_me 0000:00:16.0: mei_irq_read_handler ret = -71. [33.565270] mei_me 0000:00:16.0: unexpected reset: dev_state = INIT_CLIENTS fw status = 1E000255 60002306 00000200 00004401 00000000 00000010 Cc: Reported-by: Heiner Kallweit Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman commit cc4dfb7f70a344f24c1c71e298deea0771dadcb2 Author: Cong Wang Date: Mon Sep 10 18:27:26 2018 -0700 rds: fix two RCU related problems When a rds sock is bound, it is inserted into the bind_hash_table which is protected by RCU. But when releasing rds sock, after it is removed from this hash table, it is freed immediately without respecting RCU grace period. This could cause some use-after-free as reported by syzbot. Mark the rds sock with SOCK_RCU_FREE before inserting it into the bind_hash_table, so that it would be always freed after a RCU grace period. The other problem is in rds_find_bound(), the rds sock could be freed in between rhashtable_lookup_fast() and rds_sock_addref(), so we need to extend RCU read lock protection in rds_find_bound() to close this race condition. Reported-and-tested-by: syzbot+8967084bcac563795dc6@syzkaller.appspotmail.com Reported-by: syzbot+93a5839deb355537440f@syzkaller.appspotmail.com Cc: Sowmini Varadhan Cc: Santosh Shilimkar Cc: rds-devel@oss.oracle.com Signed-off-by: Cong Wang Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller commit 6ad569019999300afd8e614d296fdc356550b77f Author: Kai-Heng Feng Date: Tue Sep 11 01:51:43 2018 +0800 r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED After system suspend, sometimes the r8169 doesn't work when ethernet cable gets pluggued. This issue happens because rtl_reset_work() doesn't get called from rtl8169_runtime_resume(), after system suspend. In rtl_task(), RTL_FLAG_TASK_* only gets cleared if this condition is met: if (!netif_running(dev) || !test_bit(RTL_FLAG_TASK_ENABLED, tp->wk.flags)) ... If RTL_FLAG_TASK_ENABLED was cleared during system suspend while RTL_FLAG_TASK_RESET_PENDING was set, the next rtl_schedule_task() won't schedule task as the flag is still there. So in addition to clearing RTL_FLAG_TASK_ENABLED, also clears other flags. Cc: Heiner Kallweit Signed-off-by: Kai-Heng Feng Signed-off-by: David S. Miller commit 51dc63e3911fbb1f0a7a32da2fe56253e2040ea4 Author: Haishuang Yan Date: Mon Sep 10 22:19:48 2018 +0800 erspan: fix error handling for erspan tunnel When processing icmp unreachable message for erspan tunnel, tunnel id should be erspan_net_id instead of ipgre_net_id. Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN") Cc: William Tu Signed-off-by: Haishuang Yan Acked-by: William Tu Signed-off-by: David S. Miller commit 5a64506b5c2c3cdb29d817723205330378075448 Author: Haishuang Yan Date: Mon Sep 10 22:19:47 2018 +0800 erspan: return PACKET_REJECT when the appropriate tunnel is not found If erspan tunnel hasn't been established, we'd better send icmp port unreachable message after receive erspan packets. Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN") Cc: William Tu Signed-off-by: Haishuang Yan Acked-by: William Tu Signed-off-by: David S. Miller commit eea96566c189c77e5272585984eb2729881a2f1d Author: Sascha Hauer Date: Wed Sep 12 08:23:01 2018 +0200 ARM: dts: imx53-qsb: disable 1.2GHz OPP The maximum CPU frequency for the i.MX53 QSB is 1GHz, so disable the 1.2GHz OPP. This makes the board work again with configs that have cpufreq enabled like imx_v6_v7_defconfig on which the board stopped working with the addition of cpufreq-dt support. Fixes: 791f416608 ("ARM: dts: imx53: add cpufreq-dt support") Signed-off-by: Sascha Hauer Signed-off-by: Shawn Guo commit 0297c1c2eadb5bd996a873b87597af3b91c0d4ba Author: Willem de Bruijn Date: Sun Sep 9 19:12:12 2018 -0400 tcp: rate limit synflood warnings further Convert pr_info to net_info_ratelimited to limit the total number of synflood warnings. Commit 946cedccbd73 ("tcp: Change possible SYN flooding messages") rate limits synflood warnings to one per listener. Workloads that open many listener sockets can still see a high rate of log messages. Syzkaller is one frequent example. Signed-off-by: Willem de Bruijn Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller commit 2d946e5bcdabc1deef72d01bc92a2801c71d6d8d Author: Hauke Mehrtens Date: Sun Sep 9 21:26:23 2018 +0200 MIPS: lantiq: dma: add dev pointer dma_zalloc_coherent() now crashes if no dev pointer is given. Add a dev pointer to the ltq_dma_channel structure and fill it in the driver using it. This fixes a bug introduced in kernel 4.19. Signed-off-by: Hauke Mehrtens Signed-off-by: David S. Miller commit 4a7f50f78c221aac7253ea7059e1986eb622b0e5 Author: Max Filippov Date: Tue Sep 11 22:12:59 2018 -0700 xtensa: enable SG chaining in Kconfig Signed-off-by: Max Filippov commit 8e966fab8eeb45db9f5a570ac4521f684d9696e1 Author: Masahiro Yamada Date: Wed Sep 12 13:25:19 2018 +0900 xtensa: remove unnecessary KBUILD_SRC ifeq conditional You can always prefix variant/platform header search paths with $(srctree)/ because $(srctree) is '.' for in-tree building. Signed-off-by: Masahiro Yamada Signed-off-by: Max Filippov commit b90ca5cc32f59bb214847c6855959702f00c6801 Author: Matthew Wilcox Date: Tue Sep 11 21:27:44 2018 -0700 filesystem-dax: Fix use of zero page Use my_zero_pfn instead of ZERO_PAGE(), and pass the vaddr to it instead of zero so it works on MIPS and s390 who reference the vaddr to select a zero page. Cc: Fixes: 91d25ba8a6b0 ("dax: use common 4k zero page for dax mmap reads") Signed-off-by: Matthew Wilcox Reviewed-by: Ross Zwisler Signed-off-by: Dan Williams commit 4ecdf770914392eb654d24f00e301d3e6afd1cfc Merge: 7c5cca358854 1286df269f49 Author: David S. Miller Date: Tue Sep 11 21:17:30 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for you net tree: 1) Remove duplicated include at the end of UDP conntrack, from Yue Haibing. 2) Restore conntrack dependency on xt_cluster, from Martin Willi. 3) Fix splat with GSO skbs from the checksum target, from Florian Westphal. 4) Rework ct timeout support, the template strategy to attach custom timeouts is not correct since it will not work in conjunction with conntrack zones and we have a possible free after use when removing the rule due to missing refcounting. To fix these problems, do not use conntrack template at all and set custom timeout on the already valid conntrack object. This fix comes with a preparation patch to simplify timeout adjustment by initializating the first position of the timeout array for all of the existing trackers. Patchset from Florian Westphal. 5) Fix missing dependency on from IPv4 chain NAT type, from Florian. 6) Release chain reference counter from the flush path, from Taehee Yoo. 7) After flushing an iptables ruleset, conntrack hooks are unregistered and entries are left stale to be cleaned up by the timeout garbage collector. No TCP tracking is done on established flows by this time. If ruleset is reloaded, then hooks are registered again and TCP tracking is restored, which considers packets to be invalid. Clear window tracking to exercise TCP flow pickup from the middle given that history is lost for us. Again from Florian. 8) Fix crash from netlink interface with CONFIG_NF_CONNTRACK_TIMEOUT=y and CONFIG_NF_CT_NETLINK_TIMEOUT=n. 9) Broken CT target due to returning incorrect type from ctnl_timeout_find_get(). 10) Solve conntrack clash on NF_REPEAT verdicts too, from Michal Vaner. 11) Missing conversion of hashlimit sysctl interface to new API, from Cong Wang. ==================== Signed-off-by: David S. Miller commit 9d27e39d309c93025ae6aa97236af15bef2a5f1f Author: Felix Kuehling Date: Mon Sep 10 15:27:42 2018 -0400 PCI: Fix enabling of PASID on RC integrated endpoints Set the eetlp_prefix_path on PCIE_EXP_TYPE_RC_END devices to allow PASID to be enabled on them. This fixes IOMMUv2 initialization on AMD Carrizo APUs. Link: https://bugzilla.kernel.org/show_bug.cgi?id=201079 Fixes: 7ce3f912ae ("PCI: Enable PASID only if entire path supports End-End TLP prefixes") Signed-off-by: Felix Kuehling Signed-off-by: Bjorn Helgaas commit bfc456060d0cbcf6902a436d358b60cb1534668c Author: Dennis Dalessandro Date: Fri Aug 31 10:34:14 2018 -0700 IB/hfi1,PCI: Allow bus reset while probing Calling into the new API to reset the secondary bus results in a deadlock. This occurs because the device/bus is already locked at probe time. Reverting back to the old behavior while the API is improved. Link: https://bugzilla.kernel.org/show_bug.cgi?id=200985 Fixes: c6a44ba950d1 ("PCI: Rename pci_try_reset_bus() to pci_reset_bus()") Fixes: 409888e0966e ("IB/hfi1: Use pci_try_reset_bus() for initiating PCI Secondary Bus Reset") Signed-off-by: Dennis Dalessandro Signed-off-by: Bjorn Helgaas Reviewed-by: Michael J. Ruhl Cc: Sinan Kaya commit d8a5281035895cdb5ff77756eff72966ec76edd0 Author: Dennis Dalessandro Date: Wed Sep 5 16:08:03 2018 +0000 PCI: Fix faulty logic in pci_reset_bus() The pci_reset_bus() function calls pci_probe_reset_slot() to determine whether to call the slot or bus reset. The check has faulty logic in that it does not account for pci_probe_reset_slot() being able to return an errno. Fix by only calling the slot reset when the function returns 0. Fixes: 811c5cb37df4 ("PCI: Unify try slot and bus reset API") Signed-off-by: Dennis Dalessandro Signed-off-by: Bjorn Helgaas Reviewed-by: Michael J. Ruhl Cc: Sinan Kaya commit 5e335542de83558e46d28de1008a1c37d5d6679a Merge: 28a0ea77ba50 52cf93e63ee6 Author: Linus Torvalds Date: Tue Sep 11 16:23:21 2018 -1000 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID fixes from Jiri Kosina: - functional regression fix for sensor-hub driver from Hans de Goede - stop doing device reset for i2c-hid devices, which unbreaks some of them (and is in line with the specification), from Kai-Heng Feng - error handling fix for hid-core from Gustavo A. R. Silva - functional regression fix for some Elan panels from Benjamin Tissoires - a few new device ID additions and misc small fixes * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: i2c-hid: Don't reset device upon system resume HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report HID: core: fix NULL pointer dereference HID: core: fix grouping by application HID: multitouch: fix Elan panels with 2 input modes declaration HID: hid-saitek: Add device ID for RAT 7 Contagion HID: core: fix memory leak on probe HID: input: fix leaking custom input node name HID: add support for Apple Magic Keyboards HID: i2c-hid: Fix flooded incomplete report after S3 on Rayd touchscreen HID: intel-ish-hid: Enable Sunrise Point-H ish driver commit cbe3fd39d223f14b1c60c80fe9347a3dd08c2edb Author: Dan Carpenter Date: Sat Sep 8 11:42:27 2018 +0300 scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() We should first do the le16_to_cpu endian conversion and then apply the FCP_CMD_LENGTH_MASK mask. Fixes: 5f35509db179 ("qla2xxx: Terminate exchange if corrupted") Signed-off-by: Dan Carpenter Acked-by: Quinn Tran Acked-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 679fcae46c8b2352bba3485d521da070cfbe68e6 Author: Laura Abbott Date: Tue Sep 4 11:47:40 2018 -0700 scsi: iscsi: target: Don't use stack buffer for scatterlist Fedora got a bug report of a crash with iSCSI: kernel BUG at include/linux/scatterlist.h:143! ... RIP: 0010:iscsit_do_crypto_hash_buf+0x154/0x180 [iscsi_target_mod] ... Call Trace: ? iscsi_target_tx_thread+0x200/0x200 [iscsi_target_mod] iscsit_get_rx_pdu+0x4cd/0xa90 [iscsi_target_mod] ? native_sched_clock+0x3e/0xa0 ? iscsi_target_tx_thread+0x200/0x200 [iscsi_target_mod] iscsi_target_rx_thread+0x81/0xf0 [iscsi_target_mod] kthread+0x120/0x140 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x3a/0x50 This is a BUG_ON for using a stack buffer with a scatterlist. There are two cases that trigger this bug. Switch to using a dynamically allocated buffer for one case and do not assign a NULL buffer in another case. Signed-off-by: Laura Abbott Reviewed-by: Mike Christie Signed-off-by: Martin K. Petersen commit 71d29f43b6332badc5598c656616a62575e83342 Author: Nicholas Piggin Date: Tue Sep 11 20:48:34 2018 +1000 KVM: PPC: Book3S HV: Don't use compound_order to determine host mapping size THP paths can defer splitting compound pages until after the actual remap and TLB flushes to split a huge PMD/PUD. This causes radix partition scope page table mappings to get out of synch with the host qemu page table mappings. This results in random memory corruption in the guest when running with THP. The easiest way to reproduce is use KVM balloon to free up a lot of memory in the guest and then shrink the balloon to give the memory back, while some work is being done in the guest. Cc: David Gibson Cc: "Aneesh Kumar K.V" Cc: kvm-ppc@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Signed-off-by: Nicholas Piggin Signed-off-by: Paul Mackerras commit 425333bf3a7743715c17e503049d0837d6c4a603 Author: Alexey Kardashevskiy Date: Mon Sep 10 18:29:07 2018 +1000 KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode At the moment the real mode handler of H_PUT_TCE calls iommu_tce_xchg_rm() which in turn reads the old TCE and if it was a valid entry, marks the physical page dirty if it was mapped for writing. Since it is in real mode, realmode_pfn_to_page() is used instead of pfn_to_page() to get the page struct. However SetPageDirty() itself reads the compound page head and returns a virtual address for the head page struct and setting dirty bit for that kills the system. This adds additional dirty bit tracking into the MM/IOMMU API for use in the real mode. Note that this does not change how VFIO and KVM (in virtual mode) set this bit. The KVM (real mode) changes include: - use the lowest bit of the cached host phys address to carry the dirty bit; - mark pages dirty when they are unpinned which happens when the preregistered memory is released which always happens in virtual mode; - add mm_iommu_ua_mark_dirty_rm() helper to set delayed dirty bit; - change iommu_tce_xchg_rm() to take the kvm struct for the mm to use in the new mm_iommu_ua_mark_dirty_rm() helper; - move iommu_tce_xchg_rm() to book3s_64_vio_hv.c (which is the only caller anyway) to reduce the real mode KVM and IOMMU knowledge across different subsystems. This removes realmode_pfn_to_page() as it is not used anymore. While we at it, remove some EXPORT_SYMBOL_GPL() as that code is for the real mode only and modules cannot call it anyway. Signed-off-by: Alexey Kardashevskiy Reviewed-by: David Gibson Signed-off-by: Paul Mackerras commit 6a92b11169a65b3f8cc512c75a252cbd0d096ba0 Author: Boris Ostrovsky Date: Tue Sep 11 15:55:38 2018 -0400 x86/EISA: Don't probe EISA bus for Xen PV guests For unprivileged Xen PV guests this is normal memory and ioremap will not be able to properly map it. While at it, since ioremap may return NULL, add a test for pointer's validity. Reported-by: Andy Smith Signed-off-by: Boris Ostrovsky Signed-off-by: Thomas Gleixner Cc: hpa@zytor.com Cc: xen-devel@lists.xenproject.org Cc: jgross@suse.com Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180911195538.23289-1-boris.ostrovsky@oracle.com commit 0165de983272d1fae0809ed9db47c46a412279bc Author: Christian König Date: Mon Sep 10 15:52:55 2018 +0200 drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Slowly leaking memory one page at a time :) Signed-off-by: Christian König Reviewed-by: Andrey Grodzovsky Signed-off-by: Alex Deucher commit 28a0ea77ba50fc8a9684b7af96ece05dfeb6f64b Merge: 11da3a7f84f1 8f28b178f71c Author: Linus Torvalds Date: Tue Sep 11 08:46:11 2018 -1000 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Pull rdma fixes from Jason Gunthorpe: "This fixes one major regression with NFS and mlx4 due to the max_sg rework in this merge window, tidies a few minor error_path regressions, and various small fixes. The HFI1 driver is broken this cycle due to a regression caused by a PCI change, it is looking like Bjorn will merge a fix for this. Also, the lingering ipoib issue I mentioned earlier still remains unfixed. Summary: - Fix possible FD type confusion crash - Fix a user trigger-able crash in cxgb4 - Fix bad handling of IOMMU resources causing user controlled leaking in bnxt - Add missing locking in ipoib to fix a rare 'stuck tx' situation - Add missing locking in cma - Add two missing missing uverbs cleanups on failure paths, regressions from this merge window - Fix a regression from this merge window that caused RDMA NFS to not work with the mlx4 driver due to the max_sg changes" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: RDMA/mlx4: Ensure that maximal send/receive SGE less than supported by HW RDMA/cma: Protect cma dev list with lock RDMA/uverbs: Fix error cleanup path of ib_uverbs_add_one() bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler iw_cxgb4: only allow 1 flush on user qps IB/core: Release object lock if destroy failed RDMA/ucma: check fd type in ucma_migrate_id() commit b1f382178d150f256c1cf95b9341fda6eb764459 Author: Ross Zwisler Date: Tue Sep 11 13:31:16 2018 -0400 ext4: close race between direct IO and ext4_break_layouts() If the refcount of a page is lowered between the time that it is returned by dax_busy_page() and when the refcount is again checked in ext4_break_layouts() => ___wait_var_event(), the waiting function ext4_wait_dax_page() will never be called. This means that ext4_break_layouts() will still have 'retry' set to false, so we'll stop looping and never check the refcount of other pages in this inode. Instead, always continue looping as long as dax_layout_busy_page() gives us a page which it found with an elevated refcount. Signed-off-by: Ross Zwisler Reviewed-by: Jan Kara Signed-off-by: Jan Kara Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org commit 03db8b583d1c3c84963e08e2abf6c79081da5c31 Author: Adrian Hunter Date: Fri Sep 7 11:51:16 2018 +0300 perf tools: Fix maps__find_symbol_by_name() Commit 1c5aae7710bb ("perf machine: Create maps for x86 PTI entry trampolines") revealed a problem with maps__find_symbol_by_name() that resulted in probes not being found e.g. $ sudo perf probe xsk_mmap xsk_mmap is out of .text, skip it. Probe point 'xsk_mmap' not found. Error: Failed to add events. maps__find_symbol_by_name() can optionally return the map of the found symbol. It can get the map wrong because, in fact, the symbol is found on the map's dso, not allowing for the possibility that the dso has more than one map. Fix by always checking the map contains the symbol. Reported-by: Björn Töpel Signed-off-by: Adrian Hunter Tested-by: Björn Töpel Cc: Jiri Olsa Cc: stable@vger.kernel.org Fixes: 1c5aae7710bb ("perf machine: Create maps for x86 PTI entry trampolines") Link: http://lkml.kernel.org/r/20180907085116.25782-1-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit 5db48a8d01319620d390bf6d9da5410be14f98e3 Author: Arnaldo Carvalho de Melo Date: Tue Sep 11 14:10:52 2018 -0300 tools headers uapi: Update tools's copy of linux/if_link.h To get the changes in: 3e7a50ceb11e ("net: report min and max mtu network device settings") 2756f68c3149 ("net: bridge: add support for backup port") a25717d2b604 ("xdp: support simultaneous driver and hw XDP attachment") 4f91da26c811 ("xdp: add per mode attributes for attached programs") f203b76d7809 ("xfrm: Add virtual xfrm interfaces") Silencing this libbpf build warning: Warning: Kernel ABI header at 'tools/include/uapi/linux/if_link.h' differs from latest version at 'include/uapi/linux/if_link.h' Cc: Adrian Hunter Cc: Daniel Borkmann Cc: David Ahern Cc: David S. Miller Cc: Jakub Kicinski Cc: Jiri Olsa Cc: Namhyung Kim Cc: Nikolay Aleksandrov Cc: Steffen Klassert Cc: Stephen Hemminger Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-xd9ztioa894zemv8ag8kg64u@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 01c5f85aebaaddfd7e6051fb2ec80c1d4b463554 Author: Jens Axboe Date: Tue Sep 11 10:59:53 2018 -0600 blk-cgroup: increase number of supported policies After merging the iolatency policy, we potentially now have 4 policies being registered, but only support 3. This causes one of them to fail loading. Takashi reports that BFQ no longer works for him, because it fails to load due to policy registration failure. Bump to 5 policies, and also add a warning for when we have exceeded the global amount. If we have to touch this again, we should switch to a dynamic scheme instead. Reported-by: Takashi Iwai Reviewed-by: Jeff Moyer Tested-by: Takashi Iwai Signed-off-by: Jens Axboe commit 65aac17423284634169489f298169c3e3f099cc7 Author: Hans de Goede Date: Mon Sep 10 20:30:39 2018 +0200 staging: vboxvideo: Change address of scanout buffer on page-flip Commit 2408898e3b6c ("staging: vboxvideo: Add page-flip support") only calls vbox_crtc_do_set_base() on page-flips, but despite that function's name it only pins the new fb, unpins the old fb and sets vbox_crtc->fb_offset. It does not program the hardware to scan out at the new vbox_crtc->fb_offset value. This was causing only every other frame (assuming page-flipping between 2 buffers) to be shown since we kept scanning out of the old (now unpinned!) buffer. This commit fixes this by adding code to vbox_crtc_page_flip() to tell the hardware to scanout from the new fb_offset. Fixes: 2408898e3b6c ("staging: vboxvideo: Add page-flip support") Cc: Steve Longerbeam Signed-off-by: Hans de Goede Signed-off-by: Greg Kroah-Hartman commit 1ebafd1561a05ea7868f46d88420fe9323f981f6 Author: Hans de Goede Date: Mon Sep 10 20:30:38 2018 +0200 staging: vboxvideo: Fix IRQs no longer working Commit 1daddbc8dec5 ("staging: vboxvideo: Update driver to use drm_dev_register.") replaced the obsolere drm_get_pci_dev() with normal pci probe and remove functions. But the new vbox_pci_probe() is missing a pci_enable_device() call, causing interrupts to not be delivered. This causes resizes of the vm window to not get seen by the drm/kms code. This commit adds the missing pci_enable_device() call, fixing this. Fixes: 1daddbc8dec5 ("staging: vboxvideo: Update driver to use ...") Cc: Fabio Rafael da Rosa Signed-off-by: Hans de Goede Reviewed-by: Nicholas Mc Guire Signed-off-by: Greg Kroah-Hartman commit e54192b48da75f025ae4b277925eaf6aca1d13bd Author: Rob Herring Date: Tue Sep 11 09:28:14 2018 -0500 of: fix phandle cache creation for DTs with no phandles With commit 0b3ce78e90fc ("of: cache phandle nodes to reduce cost of of_find_node_by_phandle()"), a G3 PowerMac fails to boot. The root cause is the DT for this system has no phandle properties when booted with BootX. of_populate_phandle_cache() does not handle the case of no phandles correctly. The problem is roundup_pow_of_two() for 0 is undefined. The implementation subtracts 1 underflowing and then things are in the weeds. Fixes: 0b3ce78e90fc ("of: cache phandle nodes to reduce cost of of_find_node_by_phandle()") Cc: stable@vger.kernel.org # 4.17+ Reported-by: Finn Thain Tested-by: Stan Johnson Reviewed-by: Frank Rowand Cc: Benjamin Herrenschmidt Signed-off-by: Rob Herring commit 7f28785c41f4d5635e69c183b3de8ea19093ccef Author: Arnaldo Carvalho de Melo Date: Tue Sep 11 13:12:40 2018 -0300 tools headers uapi: Update tools's copy of linux/vhost.h To get the changes in: c48300c92ad9 ("vhost: fix VHOST_GET_BACKEND_FEATURES ioctl request definition") This makes 'perf trace' and other tools in the future using its beautifiers in a libbeauty.so library be able to translate these new ioctl to strings: $ tools/perf/trace/beauty/vhost_virtio_ioctl.sh > /tmp/after $ diff -u /tmp/before /tmp/after --- /tmp/before 2018-09-11 13:10:57.923038244 -0300 +++ /tmp/after 2018-09-11 13:11:20.329012685 -0300 @@ -15,6 +15,7 @@ [0x22] = "SET_VRING_ERR", [0x23] = "SET_VRING_BUSYLOOP_TIMEOUT", [0x24] = "GET_VRING_BUSYLOOP_TIMEOUT", + [0x25] = "SET_BACKEND_FEATURES", [0x30] = "NET_SET_BACKEND", [0x40] = "SCSI_SET_ENDPOINT", [0x41] = "SCSI_CLEAR_ENDPOINT", @@ -27,4 +28,5 @@ static const char *vhost_virtio_ioctl_read_cmds[] = { [0x00] = "GET_FEATURES", [0x12] = "GET_VRING_BASE", + [0x26] = "GET_BACKEND_FEATURES", }; $ We'll also use this to be able to express syscall filters using symbolic these symbolic names, something like: # perf trace --all-cpus -e ioctl(cmd=*GET_FEATURES) This silences the following warning during perf's build: Warning: Kernel ABI header at 'tools/include/uapi/linux/vhost.h' differs from latest version at 'include/uapi/linux/vhost.h' diff -u tools/include/uapi/linux/vhost.h include/uapi/linux/vhost.h Cc: Adrian Hunter Cc: David Ahern Cc: David S. Miller Cc: Gleb Fotengauer-Malinovskiy Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-35x71oei2hdui9u0tarpimbq@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Arnaldo Carvalho de Melo commit 0210c156d7fd330bce1c2c842bee9d27f1c5dfeb Author: Arnaldo Carvalho de Melo Date: Tue Sep 11 11:18:58 2018 -0300 tools headers uapi: Update tools's copies of kvm headers To get the changes in: a449938297e5 ("KVM: s390: Add huge page enablement control") 8fcc4b5923af ("kvm: nVMX: Introduce KVM_CAP_NESTED_STATE") be26b3a73413 ("arm64: KVM: export the capability to set guest SError syndrome") b7b27facc7b5 ("arm/arm64: KVM: Add KVM_GET/SET_VCPU_EVENTS") b0960b9569db ("KVM: arm: Add 32bit get/set events support") a3da7b4a3be5 ("KVM: s390: add etoken support for guests") This makes 'perf trace' automagically get aware of these new ioctls: $ cp include/uapi/linux/kvm.h tools/include/uapi/linux/kvm.h $ tools/perf/trace/beauty/kvm_ioctl.sh > /tmp/after $ diff -u /tmp/before /tmp/after --- /tmp/before 2018-09-11 11:18:29.173207586 -0300 +++ /tmp/after 2018-09-11 11:18:38.488200446 -0300 @@ -84,6 +84,8 @@ [0xbb] = "MEMORY_ENCRYPT_REG_REGION", [0xbc] = "MEMORY_ENCRYPT_UNREG_REGION", [0xbd] = "HYPERV_EVENTFD", + [0xbe] = "GET_NESTED_STATE", + [0xbf] = "SET_NESTED_STATE", [0xe0] = "CREATE_DEVICE", [0xe1] = "SET_DEVICE_ATTR", [0xe2] = "G And cures the following warning during perf's build: Warning: Kernel ABI header at 'tools/include/uapi/linux/kvm.h' differs from latest version at 'include/uapi/linux/kvm.h' diff -u tools/include/uapi/linux/kvm.h include/uapi/linux/kvm.h Cc: Adrian Hunter Cc: Christian Borntraeger Cc: Cornelia Huck Cc: David Ahern Cc: David Hildenbrand Cc: Dongjiu Geng Cc: Eduardo Habkost Cc: James Morse Cc: Janosch Frank Cc: Jim Mattson Cc: Jiri Olsa Cc: Marc Zyngier Cc: Namhyung Kim Cc: Paolo Bonzini Cc: Peter Zijlstra Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-2vvwh2o19orn56di0ksrtgzr@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Arnaldo Carvalho de Melo commit 10492ee8ed9188d6d420e1f79b2b9bdbc0624e65 Author: Tony Lindgren Date: Wed Apr 25 07:29:22 2018 -0700 mfd: omap-usb-host: Fix dts probe of children It currently only works if the parent bus uses "simple-bus". We currently try to probe children with non-existing compatible values. And we're missing .probe. I noticed this while testing devices configured to probe using ti-sysc interconnect target module driver. For that we also may want to rebind the driver, so let's remove __init and __exit. Signed-off-by: Tony Lindgren Acked-by: Roger Quadros Signed-off-by: Lee Jones commit 17dc7af70e89db773a7213f0b4270c69236a63ab Author: Chris Wilson Date: Thu Sep 6 20:01:43 2018 +0100 drm/i915/overlay: Allocate physical registers from stolen Given that we are now reasonably confident in our ability to detect and reserve the stolen memory (physical memory reserved for graphics by the BIOS) for ourselves on most machines, we can put it to use. In this case, we need a page to hold the overlay registers. On an i915g running MythTv, H Buus noticed that commit 6a2c4232ece145d8b5a8f95f767bd6d0d2d2f2bb Author: Chris Wilson Date: Tue Nov 4 04:51:40 2014 -0800 drm/i915: Make the physical object coherent with GTT introduced stuttering into his video playback. After discarding the likely suspect of it being the physical cursor updates, we were left with the use of the phys object for the overlay. And lo, if we completely avoid using the phys object (allocated just once on module load!) by switching to stolen memory, the stuttering goes away. For lack of a better explanation, claim victory and kill two birds with one stone. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107600 Fixes: 6a2c4232ece1 ("drm/i915: Make the physical object coherent with GTT") Signed-off-by: Chris Wilson Cc: Ville Syrjälä Reviewed-by: Ville Syrjälä Link: https://patchwork.freedesktop.org/patch/msgid/20180906190144.1272-1-chris@chris-wilson.co.uk (cherry picked from commit c8124d399224d626728e2ffb95a1d564a7c06968) Signed-off-by: Rodrigo Vivi commit 9f34519a82356f6cf0ccb8480ee0ed99b3d0af75 Author: Steve Wise Date: Fri Aug 31 11:52:00 2018 -0700 cxgb4: fix abort_req_rss6 struct Remove the incorrect WR_HDR field which can cause a misinterpretation of ABORT CPL by ULDs, such as iw_cxgb4. Fixes: a3cdaa69e4ae ("cxgb4: Adds CPL support for Shared Receive Queues") Signed-off-by: Steve Wise Signed-off-by: Jason Gunthorpe commit 434ea1bfbfc707f5fed9292df6a9b91dfb8e41f2 Author: Arnaldo Carvalho de Melo Date: Tue Sep 11 11:07:56 2018 -0300 tools headers uapi: Update tools's copy of drm/drm.h To get the changes in: d67b6a206507 ("drm: writeback: Add client capability for exposing writeback connectors") This is for an argument to a DRM ioctl, which is not being prettyfied in the 'perf trace' DRM ioctl beautifier, but will now that syscalls are starting to have pointer arguments augmented via BPF. This time around this just cures the following warning during perf's build: Warning: Kernel ABI header at 'tools/include/uapi/drm/drm.h' differs from latest version at 'include/uapi/drm/drm.h' diff -u tools/include/uapi/drm/drm.h include/uapi/drm/drm.h Cc: Adrian Hunter Cc: Brian Starkey Cc: David Ahern Cc: Eric Anholt Cc: Jiri Olsa Cc: Liviu Dudau Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Sean Paul Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-n7qib1bac6mc6w9oke7r4qdc@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Arnaldo Carvalho de Melo commit f9e6e4351e0bb0811a8b3696679cc6050e4f5947 Author: Arnaldo Carvalho de Melo Date: Tue Sep 11 11:00:54 2018 -0300 tools headers uapi: Update tools's copy of asm-generic/unistd.h To get the changes in: db7a2d1809a5 ("asm-generic: unistd.h: Wire up sys_rseq") That wires up the new 'rsec' system call, which will automagically support that syscall in the syscall table used by 'perf trace' on arm/arm64. This cures the following warning during perf's build: Warning: Kernel ABI header at 'tools/include/uapi/asm-generic/unistd.h' differs from latest version at 'include/uapi/asm-generic/unistd.h' diff -u tools/include/uapi/asm-generic/unistd.h include/uapi/asm-generic/unistd.h Cc: Adrian Hunter Cc: Alexander Shishkin Cc: Arnd Bergmann Cc: David Ahern Cc: Hendrik Brueckner Cc: Jiri Olsa Cc: Kim Phillips Cc: Mathieu Desnoyers Cc: Michael Ellerman Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Ravi Bangoria Cc: Thomas Richter Cc: Wang Nan Cc: Will Deacon Link: https://lkml.kernel.org/n/tip-vt7k2itnitp1t9p3dp7qeb08@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 0ee03d936cbb300309ed6154ac1cc12b63e9785f Author: Arnaldo Carvalho de Melo Date: Tue Sep 11 10:57:13 2018 -0300 tools headers uapi: Update tools's copy of linux/perf_event.h To get the changes in: 09121255c784 ("perf/UAPI: Clearly mark __PERF_SAMPLE_CALLCHAIN_EARLY as internal use") This cures the following warning during perf's build: Warning: Kernel ABI header at 'tools/include/uapi/linux/perf_event.h' differs from latest version at 'include/uapi/linux/perf_event.h' diff -u tools/include/uapi/linux/perf_event.h include/uapi/linux/perf_event.h Cc: Peter Zijlstra Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-2vvwh2o19orn56di0ksrtgzr@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 34fb6bf9b13aef4ca14224f2175ecd189e98160b Author: Keith Busch Date: Wed Sep 5 14:35:41 2018 -0600 PCI: pciehp: Fix hot-add vs powerfault detection order If both hot-add and power fault were observed in a single interrupt, we handled the hot-add first, then the power fault, in this path: pciehp_ist if (events & (PDC | DLLSC)) pciehp_handle_presence_or_link_change case OFF_STATE: pciehp_enable_slot __pciehp_enable_slot board_added pciehp_power_on_slot ctrl->power_fault_detected = 0 pcie_write_cmd(ctrl, PCI_EXP_SLTCTL_PWR_ON, PCI_EXP_SLTCTL_PCC) pciehp_green_led_on(p_slot) # power LED on pciehp_set_attention_status(p_slot, 0) # attention LED off if ((events & PFD) && !ctrl->power_fault_detected) ctrl->power_fault_detected = 1 pciehp_set_attention_status(1) # attention LED on pciehp_green_led_off(slot) # power LED off This left the attention indicator on (even though the hot-add succeeded) and the power indicator off (even though the slot power was on). Fix this by checking for power faults before checking for new devices. Prior to 0e94916e6091, this was successful because everything was chained through work queues and the order was: INT_PRESENCE_ON -> INT_POWER_FAULT -> ENABLE_REQ The ENABLE_REQ cleared the power fault at the end, but now everything is handled inline with the interrupt thread, such that the work ENABLE_REQ was doing happens before power fault handling now. Fixes: 0e94916e6091 ("PCI: pciehp: Handle events synchronously") Signed-off-by: Keith Busch [bhelgaas: changelog] Signed-off-by: Bjorn Helgaas Reviewed-by: Lukas Wunner commit 46feb6b495f7628a6dbf36c4e6d80faf378372d4 Author: Gustavo A. R. Silva Date: Thu Aug 16 14:06:46 2018 -0500 switchtec: Fix Spectre v1 vulnerability p.port can is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: drivers/pci/switch/switchtec.c:912 ioctl_port_to_pff() warn: potential spectre issue 'pcfg->dsp_pff_inst_id' [r] Fix this by sanitizing p.port before using it to index pcfg->dsp_pff_inst_id Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Signed-off-by: Gustavo A. R. Silva Signed-off-by: Bjorn Helgaas Acked-by: Logan Gunthorpe Cc: stable@vger.kernel.org commit 50ca031b51106b1b46162d4e9ecccb7edc95682f Author: Mika Westerberg Date: Wed Sep 5 14:09:54 2018 +0300 Revert "PCI: Add ACS quirk for Intel 300 series" This reverts f154a718e6cc ("PCI: Add ACS quirk for Intel 300 series"). It turns out that erratum "PCH PCIe* Controller Root Port (ACSCTLR) Appear As Read Only" has been fixed in 300 series chipsets, even though the datasheet [1] claims otherwise. To make ACS work properly on 300 series root ports, revert the faulty commit. [1] https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/300-series-c240-series-chipset-pch-spec-update.pdf Fixes: f154a718e6cc ("PCI: Add ACS quirk for Intel 300 series") Signed-off-by: Mika Westerberg Signed-off-by: Bjorn Helgaas Cc: stable@vger.kernel.org # v4.18+ commit f30cf498b4277dcb20514f3f1daa89c2281f3395 Author: Joao Pinto Date: Tue Sep 11 13:06:30 2018 +0100 MAINTAINERS: Add Gustavo Pimentel as DesignWare PCI maintainer Currently I am managing the Synopsys drivers & tools team (full-time) and so I am passing the pcie-designware maintenance to Gustavo. Signed-off-by: Joao Pinto Signed-off-by: Bjorn Helgaas CC: Gustavo Pimentel CC: Jingoo Han commit c3f00182a83b590655cb68b43b9dcc6cdd05316a Author: Tyrel Datwyler Date: Thu Sep 6 14:16:53 2018 -0500 MAINTAINERS: Add entries for PPC64 RPA PCI hotplug drivers Add myself as maintainer of the IBM RPA hotplug modules in the drivers/pci/hotplug directory. These modules provide kernel interfaces for support of Dynamic Logical Partitioning (DLPAR) of Logical and Physical IO slots, and hotplug of physical PCI slots of a PHB on RPA-compliant ppc64 platforms (pseries). Signed-off-by: Tyrel Datwyler Signed-off-by: Bjorn Helgaas commit e6a57d22f787e73635ce0d29eef0abb77928b3e9 Author: Hermes Zhang Date: Tue Aug 28 09:48:30 2018 +0800 Bluetooth: hci_ldisc: Free rw_semaphore on close The percpu_rw_semaphore is not currently freed, and this leads to a crash when the stale rcu callback is invoked. DEBUG_OBJECTS detects this. ODEBUG: free active (active state 1) object type: rcu_head hint: (null) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 2024 at debug_print_object+0xac/0xc8 PC is at debug_print_object+0xac/0xc8 LR is at debug_print_object+0xac/0xc8 Call trace: [] debug_print_object+0xac/0xc8 [] debug_check_no_obj_freed+0x1e8/0x228 [] kfree+0x1cc/0x250 [] hci_uart_tty_close+0x54/0x108 [] tty_ldisc_close.isra.1+0x40/0x58 [] tty_ldisc_kill+0x1c/0x40 [] tty_ldisc_release+0x94/0x170 [] tty_release_struct+0x1c/0x58 [] tty_release+0x3b0/0x490 [] __fput+0x88/0x1d0 [] ____fput+0xc/0x18 [] task_work_run+0x9c/0xc0 [] do_exit+0x24c/0x8a0 [] do_group_exit+0x38/0xa0 [] __wake_up_parent+0x0/0x28 [] el0_svc_naked+0x34/0x38 ---[ end trace bfe08cbd89098cdf ]--- Signed-off-by: Hermes Zhang Signed-off-by: Marcel Holtmann commit 4ba5175f2c10affd412fa41855cecda02b66cd71 Author: Matias Karhumaa Date: Tue Sep 11 14:10:13 2018 +0300 Bluetooth: Use correct tfm to generate OOB data In case local OOB data was generated and other device initiated pairing claiming that it has got OOB data, following crash occurred: [ 222.847853] general protection fault: 0000 [#1] SMP PTI [ 222.848025] CPU: 1 PID: 42 Comm: kworker/u5:0 Tainted: G C 4.18.0-custom #4 [ 222.848158] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 222.848307] Workqueue: hci0 hci_rx_work [bluetooth] [ 222.848416] RIP: 0010:compute_ecdh_secret+0x5a/0x270 [bluetooth] [ 222.848540] Code: 0c af f5 48 8b 3d 46 de f0 f6 ba 40 00 00 00 be c0 00 60 00 e8 b7 7b c5 f5 48 85 c0 0f 84 ea 01 00 00 48 89 c3 e8 16 0c af f5 <49> 8b 47 38 be c0 00 60 00 8b 78 f8 48 83 c7 48 e8 51 84 c5 f5 48 [ 222.848914] RSP: 0018:ffffb1664087fbc0 EFLAGS: 00010293 [ 222.849021] RAX: ffff8a5750d7dc00 RBX: ffff8a5671096780 RCX: ffffffffc08bc32a [ 222.849111] RDX: 0000000000000000 RSI: 00000000006000c0 RDI: ffff8a5752003800 [ 222.849192] RBP: ffffb1664087fc60 R08: ffff8a57525280a0 R09: ffff8a5752003800 [ 222.849269] R10: ffffb1664087fc70 R11: 0000000000000093 R12: ffff8a5674396e00 [ 222.849350] R13: ffff8a574c2e79aa R14: ffff8a574c2e796a R15: 020e0e100d010101 [ 222.849429] FS: 0000000000000000(0000) GS:ffff8a5752500000(0000) knlGS:0000000000000000 [ 222.849518] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 222.849586] CR2: 000055856016a038 CR3: 0000000110d2c005 CR4: 00000000000606e0 [ 222.849671] Call Trace: [ 222.849745] ? sc_send_public_key+0x110/0x2a0 [bluetooth] [ 222.849825] ? sc_send_public_key+0x115/0x2a0 [bluetooth] [ 222.849925] smp_recv_cb+0x959/0x2490 [bluetooth] [ 222.850023] ? _cond_resched+0x19/0x40 [ 222.850105] ? mutex_lock+0x12/0x40 [ 222.850202] l2cap_recv_frame+0x109d/0x3420 [bluetooth] [ 222.850315] ? l2cap_recv_frame+0x109d/0x3420 [bluetooth] [ 222.850426] ? __switch_to_asm+0x34/0x70 [ 222.850515] ? __switch_to_asm+0x40/0x70 [ 222.850625] ? __switch_to_asm+0x34/0x70 [ 222.850724] ? __switch_to_asm+0x40/0x70 [ 222.850786] ? __switch_to_asm+0x34/0x70 [ 222.850846] ? __switch_to_asm+0x40/0x70 [ 222.852581] ? __switch_to_asm+0x34/0x70 [ 222.854976] ? __switch_to_asm+0x40/0x70 [ 222.857475] ? __switch_to_asm+0x40/0x70 [ 222.859775] ? __switch_to_asm+0x34/0x70 [ 222.861218] ? __switch_to_asm+0x40/0x70 [ 222.862327] ? __switch_to_asm+0x34/0x70 [ 222.863758] l2cap_recv_acldata+0x266/0x3c0 [bluetooth] [ 222.865122] hci_rx_work+0x1c9/0x430 [bluetooth] [ 222.867144] process_one_work+0x210/0x4c0 [ 222.868248] worker_thread+0x41/0x4d0 [ 222.869420] kthread+0x141/0x160 [ 222.870694] ? process_one_work+0x4c0/0x4c0 [ 222.871668] ? kthread_create_worker_on_cpu+0x90/0x90 [ 222.872896] ret_from_fork+0x35/0x40 [ 222.874132] Modules linked in: algif_hash algif_skcipher af_alg rfcomm bnep btusb btrtl btbcm btintel snd_intel8x0 cmac intel_rapl_perf vboxvideo(C) snd_ac97_codec bluetooth ac97_bus joydev ttm snd_pcm ecdh_generic drm_kms_helper snd_timer snd input_leds drm serio_raw fb_sys_fops soundcore syscopyarea sysfillrect sysimgblt mac_hid sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd cryptd glue_helper ahci psmouse libahci i2c_piix4 video e1000 pata_acpi [ 222.883153] fbcon_switch: detected unhandled fb_set_par error, error code -16 [ 222.886774] fbcon_switch: detected unhandled fb_set_par error, error code -16 [ 222.890503] ---[ end trace 6504aa7a777b5316 ]--- [ 222.890541] RIP: 0010:compute_ecdh_secret+0x5a/0x270 [bluetooth] [ 222.890551] Code: 0c af f5 48 8b 3d 46 de f0 f6 ba 40 00 00 00 be c0 00 60 00 e8 b7 7b c5 f5 48 85 c0 0f 84 ea 01 00 00 48 89 c3 e8 16 0c af f5 <49> 8b 47 38 be c0 00 60 00 8b 78 f8 48 83 c7 48 e8 51 84 c5 f5 48 [ 222.890555] RSP: 0018:ffffb1664087fbc0 EFLAGS: 00010293 [ 222.890561] RAX: ffff8a5750d7dc00 RBX: ffff8a5671096780 RCX: ffffffffc08bc32a [ 222.890565] RDX: 0000000000000000 RSI: 00000000006000c0 RDI: ffff8a5752003800 [ 222.890571] RBP: ffffb1664087fc60 R08: ffff8a57525280a0 R09: ffff8a5752003800 [ 222.890576] R10: ffffb1664087fc70 R11: 0000000000000093 R12: ffff8a5674396e00 [ 222.890581] R13: ffff8a574c2e79aa R14: ffff8a574c2e796a R15: 020e0e100d010101 [ 222.890586] FS: 0000000000000000(0000) GS:ffff8a5752500000(0000) knlGS:0000000000000000 [ 222.890591] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 222.890594] CR2: 000055856016a038 CR3: 0000000110d2c005 CR4: 00000000000606e0 This commit fixes a bug where invalid pointer to crypto tfm was used for SMP SC ECDH calculation when OOB was in use. Solution is to use same crypto tfm than when generating OOB material on generate_oob() function. This bug was introduced in commit c0153b0b901a ("Bluetooth: let the crypto subsystem generate the ecc privkey"). Bug was found by fuzzing kernel SMP implementation using Synopsys Defensics. Signed-off-by: Matias Karhumaa Signed-off-by: Johan Hedberg Signed-off-by: Marcel Holtmann commit 94f14e4728125f979629b2b020d31cd718191626 Author: Johan Hedberg Date: Tue Sep 11 14:10:12 2018 +0300 Bluetooth: SMP: Fix trying to use non-existent local OOB data A remote device may claim that it has received our OOB data, even though we never geneated it. Add a new flag to track whether we actually have OOB data, and ignore the remote peer's flag if haven't generated OOB data. Signed-off-by: Johan Hedberg Signed-off-by: Marcel Holtmann commit 84c57dbd3c480fb2730c393a2cef994ddb4f42cc Author: James Morse Date: Mon Sep 10 15:20:54 2018 +0100 arm64: kernel: arch_crash_save_vmcoreinfo() should depend on CONFIG_CRASH_CORE Since commit 23c85094fe18 ("proc/kcore: add vmcoreinfo note to /proc/kcore") the kernel has exported the vmcoreinfo PT_NOTE on /proc/kcore as well as /proc/vmcore. arm64 only exposes it's additional arch information via arch_crash_save_vmcoreinfo() if built with CONFIG_KEXEC, as kdump was previously the only user of vmcoreinfo. Move this weak function to a separate file that is built at the same time as its caller in kernel/crash_core.c. This ensures values like 'kimage_voffset' are always present in the vmcoreinfo PT_NOTE. CC: AKASHI Takahiro Reviewed-by: Bhupesh Sharma Signed-off-by: James Morse Signed-off-by: Will Deacon commit 13aceef06adfaf93d52e01e28a8bc8a0ad471d83 Author: Miguel Ojeda Date: Sun Sep 9 17:47:31 2018 +0200 arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" All other uses of "asm goto" go through asm_volatile_goto, which avoids a miscompile when using GCC < 4.8.2. Replace our open-coded "asm goto" statements with the asm_volatile_goto macro to avoid issues with older toolchains. Cc: Catalin Marinas Reviewed-by: Nick Desaulniers Signed-off-by: Miguel Ojeda Signed-off-by: Will Deacon commit 9e1437937807b0122e8da1ca8765be2adca9aee6 Author: Steffen Klassert Date: Tue Sep 11 10:31:15 2018 +0200 xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry. Since commit 222d7dbd258d ("net: prevent dst uses after free") skb_dst_force() might clear the dst_entry attached to the skb. The xfrm code don't expect this to happen, so we crash with a NULL pointer dereference in this case. Fix it by checking skb_dst(skb) for NULL after skb_dst_force() and drop the packet in cast the dst_entry was cleared. Fixes: 222d7dbd258d ("net: prevent dst uses after free") Reported-by: Tobias Hommel Reported-by: Kristian Evensen Reported-by: Wolfgang Walter Signed-off-by: Steffen Klassert commit a6ae928c25835ca18deb4a527079f169b68ed292 Author: Petr Mladek Date: Mon Sep 10 15:52:06 2018 +0200 Revert "printk: make sure to print log on console." This reverts commit 375899cddcbb26881b03cb3fbdcfd600e4e67f4a. The visibility of early messages did not longer take into account "quiet", "debug", and "loglevel" early parameters. It would be possible to invalidate and recompute LOG_NOCONS flag for the affected messages. But it would be hairy. Instead this patch just reverts the problematic commit. We could come up with a better solution for the original problem. For example, we could simplify the logic and just mark messages that should always be visible or always invisible on the console. Also this patch reverts the related build fix commit ffaa619af1b06 ("printk: Fix warning about unused suppress_message_printing"). Finally, this patch does not put back the unused LOG_NOCONS flag. Link: http://lkml.kernel.org/r/20180910145747.emvfzv4mzlk5dfqk@pathway.suse.cz Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H . Peter Anvin" Cc: x86@kernel.org Cc: linux-kernel@vger.kernel.org Cc: Steven Rostedt Cc: Maninder Singh Reported-by: Hans de Goede Acked-by: Hans de Goede Acked-by: Sergey Senozhatsky Signed-off-by: Petr Mladek commit 2887e5ce15ddaa2f9a19e66f7462bbf0fe6867e0 Merge: 11da3a7f84f1 53b0cc46f27c Author: Dave Airlie Date: Tue Sep 11 16:54:40 2018 +1000 Merge branch 'linux-4.19' of git://github.com/skeggsb/linux into drm-fixes A bunch of fixes for MST/runpm problems and races, as well as fixes for issues that prevent more recent laptops from booting. Signed-off-by: Dave Airlie From: Ben Skeggs Link: https://patchwork.freedesktop.org/patch/msgid/CABDvA==GF63dy8a9j611=-0x8G6FRu7uC-ZQypsLO_hqV4OAcA@mail.gmail.com commit 3a74987b24279d242d17f522f8435f1942a3c948 Author: Emily Deng Date: Mon Sep 10 17:51:31 2018 +0800 drm/amdgpu: move PSP init prior to IH in gpu reset since we use PSP to program IH regs now Signed-off-by: Monk Liu Acked-by: Christian König Reviewed-by: Huang Rui Signed-off-by: Emily Deng Signed-off-by: Alex Deucher commit 68ebc13ea40656fddd3803735d621921a2d74a5e Author: Tao Zhou Date: Fri Sep 7 13:50:31 2018 +0800 drm/amdgpu: Fix SDMA hang in prt mode v2 Fix SDMA hang in prt mode, clear XNACK_WATERMARK in reg SDMA0_UTCL1_WATERMK to avoid the issue Affected ASICs: VEGA10 VEGA12 RV1 RV2 v2: add reg clear for SDMA1 Signed-off-by: Tao Zhou Tested-by: Yukun Li Reviewed-by: Hawking Zhang Acked-by: Christian König Signed-off-by: Alex Deucher commit b463d4e53ca9bdbf227e19b477fbfcdedaa14c84 Author: Christian König Date: Mon Sep 3 10:51:51 2018 +0200 drm/amdgpu: fix amdgpu_mn_unlock() in the CS error path Avoid unlocking a lock we never locked. Signed-off-by: Christian König Reviewed-by: Junwei Zhang Signed-off-by: Alex Deucher commit 5c41aaad409c097cf1ef74f2c649fed994744ef5 Author: Randy Dunlap Date: Sun Jul 22 16:03:58 2018 -0700 hexagon: modify ffs() and fls() to return int Building drivers/mtd/nand/raw/nandsim.c on arch/hexagon/ produces a printk format build warning. This is due to hexagon's ffs() being coded as returning long instead of int. Fix the printk format warning by changing all of hexagon's ffs() and fls() functions to return int instead of long. The variables that they return are already int instead of long. This return type matches the return type in . ../drivers/mtd/nand/raw/nandsim.c: In function 'init_nandsim': ../drivers/mtd/nand/raw/nandsim.c:760:2: warning: format '%u' expects argument of type 'unsigned int', but argument 2 has type 'long int' [-Wformat] There are no ffs() or fls() allmodconfig build errors after making this change. Signed-off-by: Randy Dunlap Cc: Richard Kuo Cc: linux-hexagon@vger.kernel.org Cc: Geert Uytterhoeven Patch-mainline: linux-kernel @ 07/22/2018, 16:03 Signed-off-by: Richard Kuo commit 200f351e27f014fcbf69b544b0b4b72aeaf45fd3 Author: Randy Dunlap Date: Fri Jul 20 20:17:35 2018 -0700 arch/hexagon: fix kernel/dma.c build warning Fix build warning in arch/hexagon/kernel/dma.c by casting a void * to unsigned long to match the function parameter type. ../arch/hexagon/kernel/dma.c: In function 'arch_dma_alloc': ../arch/hexagon/kernel/dma.c:51:5: warning: passing argument 2 of 'gen_pool_add' makes integer from pointer without a cast [enabled by default] ../include/linux/genalloc.h:112:19: note: expected 'long unsigned int' but argument is of type 'void *' Signed-off-by: Randy Dunlap Cc: Yoshinori Sato Cc: Rich Felker Cc: linux-sh@vger.kernel.org Patch-mainline: linux-kernel @ 07/20/2018, 20:17 [rkuo@codeaurora.org: fixed architecture name] Signed-off-by: Richard Kuo commit 1286df269f498165061e0cf8092ca212545dbb5a Author: Cong Wang Date: Wed Sep 5 11:41:31 2018 -0700 netfilter: xt_hashlimit: use s->file instead of s->private After switching to the new procfs API, it is supposed to retrieve the private pointer from PDE_DATA(file_inode(s->file)), s->private is no longer referred. Fixes: 1cd671827290 ("netfilter/x_tables: switch to proc_create_seq_private") Reported-by: Sami Farin Signed-off-by: Cong Wang Acked-by: Christoph Hellwig Tested-by: Sami Farin Signed-off-by: Pablo Neira Ayuso commit ad18d7bf68a3da860ebb62a59c449804a6d237b4 Author: Michal 'vorner' Vaner Date: Tue Sep 4 13:25:44 2018 +0200 netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT NF_REPEAT places the packet at the beginning of the iptables chain instead of accepting or rejecting it right away. The packet however will reach the end of the chain and continue to the end of iptables eventually, so it needs the same handling as NF_ACCEPT and NF_DROP. Fixes: 368982cd7d1b ("netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks") Signed-off-by: Michal 'vorner' Vaner Signed-off-by: Pablo Neira Ayuso commit 99e25d071fca91eb90ffa2f51240547a69137bde Author: Pablo Neira Ayuso Date: Mon Sep 3 13:53:22 2018 +0200 netfilter: cttimeout: ctnl_timeout_find_get() returns incorrect pointer to type Compiler did not catch incorrect typing in the rcu hook assignment. % nfct add timeout test-tcp inet tcp established 100 close 10 close_wait 10 % iptables -I OUTPUT -t raw -p tcp -j CT --timeout test-tcp dmesg - xt_CT: Timeout policy `test-tcp' can only be used by L3 protocol number 25000 The CT target bails out with incorrect layer 3 protocol number. Fixes: 6c1fd7dc489d ("netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object") Reported-by: Harsha Sharma Signed-off-by: Pablo Neira Ayuso commit a874752a10da113f513980e28f562d946d3f829d Author: Pablo Neira Ayuso Date: Fri Aug 31 12:36:01 2018 +0200 netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Now that cttimeout support for nft_ct is in place, these should depend on CONFIG_NF_CONNTRACK_TIMEOUT otherwise we can crash when dumping the policy if this option is not enabled. [ 71.600121] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 [...] [ 71.600141] CPU: 3 PID: 7612 Comm: nft Not tainted 4.18.0+ #246 [...] [ 71.600188] Call Trace: [ 71.600201] ? nft_ct_timeout_obj_dump+0xc6/0xf0 [nft_ct] Signed-off-by: Pablo Neira Ayuso commit f94e63801ab2791ed64c409d0f751f6a0c953ead Author: Florian Westphal Date: Fri Aug 24 23:22:08 2018 +0200 netfilter: conntrack: reset tcp maxwin on re-register Doug Smythies says: Sometimes it is desirable to temporarily disable, or clear, the iptables rule set on a computer being controlled via a secure shell session (SSH). While unwise on an internet facing computer, I also do it often on non-internet accessible computers while testing. Recently, this has become problematic, with the SSH session being dropped upon re-load of the rule set. The problem is that when all rules are deleted, conntrack hooks get unregistered. In case the rules are re-added later, its possible that tcp window has moved far enough so that all packets are considered invalid (out of window) until entry expires (which can take forever, default established timeout is 5 days). Fix this by clearing maxwin of existing tcp connections on register. v2: don't touch entries on hook removal. v3: remove obsolete expiry check. Reported-by: Doug Smythies Fixes: 4d3a57f23dec59 ("netfilter: conntrack: do not enable connection tracking unless needed") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit 3ab91828166895600efd9cdc3a0eb32001f7204a Author: Joe Thornber Date: Mon Sep 10 16:50:09 2018 +0100 dm thin metadata: try to avoid ever aborting transactions Committing a transaction can consume some metadata of it's own, we now reserve a small amount of metadata to cover this. Free metadata reported by the kernel will not include this reserve. If any of the reserve has been used after a commit we enter a new internal state PM_OUT_OF_METADATA_SPACE. This is reported as PM_READ_ONLY, so no userland changes are needed. If the metadata device is resized the pool will move back to PM_WRITE. These changes mean we never need to abort and rollback a transaction due to running out of metadata space. This is particularly important because there have been a handful of reports of data corruption against DM thin-provisioning that can all be attributed to the thin-pool having ran out of metadata space. Signed-off-by: Joe Thornber Signed-off-by: Mike Snitzer commit ff0e9f26288d2daee4950f42b37a3d3d30d36ec1 Author: Mario Limonciello Date: Mon Sep 10 13:01:53 2018 -0500 platform/x86: alienware-wmi: Correct a memory leak An ACPI buffer that was allocated was not being freed after use. Signed-off-by: Mario Limonciello Cc: stable@vger.kernel.org Signed-off-by: Darren Hart (VMware) commit affab51082174f60ef71ced8ab5fbe71f00e9ae3 Author: Mario Limonciello Date: Mon Sep 10 13:01:52 2018 -0500 platform/x86: dell-smbios-wmi: Correct a memory leak ACPI buffers were being allocated but never freed. Reported-by: Pinzhen Xu Signed-off-by: Mario Limonciello Cc: stable@vger.kernel.org Signed-off-by: Darren Hart (VMware) commit fcb74da1eb8edd3a4ef9b9724f88ed709d684227 Author: Emil Lundmark Date: Mon May 28 16:27:11 2018 +0200 drm: udl: Destroy framebuffer only if it was initialized This fixes a NULL pointer dereference that can happen if the UDL driver is unloaded before the framebuffer is initialized. This can happen e.g. if the USB device is unplugged right after it was plugged in. As explained by Stéphane Marchesin: It happens when fbdev is disabled (which is the case for Chrome OS). Even though intialization of the fbdev part is optional (it's done in udlfb_create which is the callback for fb_probe()), the teardown isn't optional (udl_driver_unload -> udl_fbdev_cleanup -> udl_fbdev_destroy). Note that udl_fbdev_cleanup *tries* to be conditional (you can see it does if (!udl->fbdev)) but that doesn't work, because udl->fbdev is always set during udl_fbdev_init. Cc: stable@vger.kernel.org Suggested-by: Sean Paul Reviewed-by: Sean Paul Acked-by: Daniel Vetter Signed-off-by: Emil Lundmark Signed-off-by: Sean Paul Link: https://patchwork.freedesktop.org/patch/msgid/20180528142711.142466-1-lndmrk@chromium.org Signed-off-by: Sean Paul commit 3510e7a7f91088159bfc67e8abdc9f9e77d28870 Author: Chen-Yu Tsai Date: Mon Aug 27 16:39:50 2018 +0800 drm/sun4i: Remove R40 display pipeline compatibles Two patches from the R40 display pipeline support series weren't applied with the rest of the series. When they did get applied, the -rc6 deadline for drm-misc-next had past, so they didn't get into 4.19-rc1 with the rest of the series. However, the two patches are crucial in the parsing of the R40's display pipeline graph in the device tree. Without them, the driver crashes because it can't follow the odd graph structure. This patch removes the R40 compatibles from the sun4i-drm driver, effectively disabling DRM support for the R40 for one release cycle. This will prevent the driver from crashing upon probing. The compatibles should be reinstated for the next release. Signed-off-by: Chen-Yu Tsai Signed-off-by: Maxime Ripard Link: https://patchwork.freedesktop.org/patch/msgid/20180827083950.602-1-wens@csie.org Signed-off-by: Sean Paul commit 7eb33224572636248d5b6cfa1a6b2472207be5c4 Author: zhong jiang Date: Sat Aug 4 18:49:27 2018 +0800 drm/pl111: Make sure of_device_id tables are NULL terminated We prefer to of_device_id tables are NULL terminated. So make vexpress_muxfpga_match is NULL terminated. Signed-off-by: zhong jiang Signed-off-by: Linus Walleij Link: https://patchwork.freedesktop.org/patch/msgid/1533379767-15629-1-git-send-email-zhongjiang@huawei.com Signed-off-by: Sean Paul commit 658d8cbd07dae22ccecf49399e18c609c4e85c53 Author: Boris Brezillon Date: Wed Jul 25 14:29:07 2018 +0200 drm/vc4: Fix the "no scaling" case on multi-planar YUV formats When there's no scaling requested ->is_unity should be true no matter the format. Also, when no scaling is requested and we have a multi-planar YUV format, we should leave ->y_scaling[0] to VC4_SCALING_NONE and only set ->x_scaling[0] to VC4_SCALING_PPF. Doing this fixes an hardly visible artifact (seen when using modetest and a rather big overlay plane in YUV420). Fixes: fc04023fafec ("drm/vc4: Add support for YUV planes.") Cc: Signed-off-by: Boris Brezillon Reviewed-by: Eric Anholt Link: https://patchwork.freedesktop.org/patch/msgid/20180725122907.13702-1-boris.brezillon@bootlin.com Signed-off-by: Sean Paul commit 50cbc03e509676a558cc9ac1c448d5c17beee2c2 Merge: 92a680314946 792fab2c0d45 Author: Rodrigo Vivi Date: Mon Sep 10 12:37:34 2018 -0700 Merge tag 'gvt-fixes-2018-09-10' of https://github.com/intel/gvt-linux into drm-intel-fixes gvt-fixes-2018-09-10 - KVM mm access reference fix (Zhenyu) - Fix child device config length for virtual opregion (Weinan) Signed-off-by: Rodrigo Vivi From: Zhenyu Wang Link: https://patchwork.freedesktop.org/patch/msgid/20180910092212.GZ20737@zhen-hp.sh.intel.com commit df3aa13c7bbb307e172c37f193f9a7aa058d4739 Author: Oliver Neukum Date: Wed Sep 5 17:56:46 2018 +0200 Revert "cdc-acm: implement put_char() and flush_chars()" This reverts commit a81cf9799ad7299b03a4dff020d9685f9ac5f3e0. The patch causes a regression, which I cannot find the reason for. So let's revert for now, as a revert hurts only performance. Original report: I was trying to resolve the problem with Oliver but we don't get any conclusion for 5 months, so I am now sending this to mail list and cdc_acm authors. I am using simple request-response protocol to obtain the boiller parameters in constant intervals. A simple one transaction is: 1. opening the /dev/ttyACM0 2. sending the following 10-bytes request to the device: unsigned char req[] = {0x02, 0xfe, 0x01, 0x05, 0x08, 0x02, 0x01, 0x69, 0xab, 0x03}; 3. reading response (frame of 74 bytes length). 4. closing the descriptor I am doing this transaction with 5 seconds intervals. Before the bad commit everything was working correctly: I've got a requests and a responses in a timely manner. After the bad commit more time I am using the kernel module, more problems I have. The graph [2] is showing the problem. As you can see after module load all seems fine but after about 30 minutes I've got a plenty of EAGAINs when doing read()'s and trying to read back the data. When I rmmod and insmod the cdc_acm module again, then the situation is starting over again: running ok shortly after load, and more time it is running, more EAGAINs I have when calling read(). As a bonus I can see the problem on the device itself: The device is configured as you can see here on this screen [3]. It has two transmision LEDs: TX and RX. Blink duration is set for 100ms. This is a recording before the bad commit when all is working fine: [4] And this is with the bad commit: [5] As you can see the TX led is blinking wrongly long (indicating transmission?) and I have problems doing read() calls (EAGAIN). Reported-by: Mariusz Bialonczyk Signed-off-by: Oliver Neukum Fixes: a81cf9799ad7 ("cdc-acm: implement put_char() and flush_chars()") Cc: stable Signed-off-by: Greg Kroah-Hartman commit fa827966090e2a6fc07b437d0d2ffae748ec6e28 Author: Yoshihiro Shimoda Date: Mon Aug 20 12:10:26 2018 +0900 usb: Change usb_of_get_companion_dev() place to usb/common Since renesas_usb3 udc driver calls usb_of_get_companion_dev() which is on usb/core/of.c, build error like below happens if we disable CONFIG_USB because the usb/core/ needs CONFIG_USB: ERROR: "usb_of_get_companion_dev" [drivers/usb/gadget/udc/renesas_usb3.ko] undefined! According to the usb/gadget/Kconfig, "NOTE: Gadget support ** DOES NOT ** depend on host-side CONFIG_USB !!". So, to fix the issue, this patch changes the usb_of_get_companion_dev() place from usb/core/of.c to usb/common/common.c to be called by both host and gadget. Reported-by: John Garry Fixes: 39facfa01c9f ("usb: gadget: udc: renesas_usb3: Add register of usb role switch") Signed-off-by: Yoshihiro Shimoda Acked-by: Arnd Bergmann Signed-off-by: Greg Kroah-Hartman commit 0a3b53305c8ff427bbc1d9d5bd78524007f19600 Author: Chunfeng Yun Date: Fri Sep 7 15:29:12 2018 +0800 usb: xhci: fix interrupt transfer error happened on MTK platforms The MTK xHCI controller use some reserved bytes in endpoint context for bandwidth scheduling, so need keep them in xhci_endpoint_copy(); The issue is introduced by: commit f5249461b504 ("xhci: Clear the host side toggle manually when endpoint is soft reset") It resets endpoints and will drop bandwidth scheduling parameters used by interrupt or isochronous endpoints on MTK xHCI controller. Fixes: f5249461b504 ("xhci: Clear the host side toggle manually when endpoint is soft reset") Cc: stable@vger.kernel.org Signed-off-by: Chunfeng Yun Tested-by: Sean Wang Signed-off-by: Greg Kroah-Hartman commit 7c5cca3588545e7f255171e28e0dd6e384ebb91d Author: Kristian Evensen Date: Sat Sep 8 13:50:48 2018 +0200 qmi_wwan: Support dynamic config on Quectel EP06 Quectel EP06 (and EM06/EG06) supports dynamic configuration of USB interfaces, without the device changing VID/PID or configuration number. When the configuration is updated and interfaces are added/removed, the interface numbers change. This means that the current code for matching EP06 does not work. This patch removes the current EP06 interface number match, and replaces it with a match on class, subclass and protocol. Unfortunately, matching on those three alone is not enough, as the diag interface exports the same values as QMI. The other serial interfaces + adb export different values and do not match. The diag interface only has two endpoints, while the QMI interface has three. I have therefore added a check for number of interfaces, and we ignore the interface if the number of endpoints equals two. Signed-off-by: Kristian Evensen Acked-by: Bjørn Mork Acked-by: Dan Williams Signed-off-by: David S. Miller commit 92a6803149465e2339f8f7f8f6415d75be80073d Author: Imre Deak Date: Wed Sep 5 13:00:05 2018 +0300 drm/i915/bdw: Increase IPS disable timeout to 100ms During IPS disabling the current 42ms timeout value leads to occasional timeouts, increase it to 100ms which seems to get rid of the problem. References: https://bugs.freedesktop.org/show_bug.cgi?id=107494 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107562 Reported-by: Diego Viola Tested-by: Diego Viola Cc: Diego Viola Cc: Signed-off-by: Imre Deak Reviewed-by: Ville Syrjälä Link: https://patchwork.freedesktop.org/patch/msgid/20180905100005.7663-1-imre.deak@intel.com (cherry picked from commit acb3ef0ee40ea657280a4a11d9f60eb2937c0dca) Signed-off-by: Rodrigo Vivi commit 3ebb17446b954b7d39264564ec3f7522d502e785 Author: Kuninori Morimoto Date: Fri Sep 7 02:02:45 2018 +0000 ethernet: renesas: convert to SPDX identifiers This patch updates license to use SPDX-License-Identifier instead of verbose license text. Signed-off-by: Kuninori Morimoto Signed-off-by: David S. Miller commit 00a99339f0a30b593d06f31499c4bbd965979567 Author: Vineet Gupta Date: Fri Sep 7 15:13:10 2018 -0700 ARCv2: build: use mcpu=hs38 iso generic mcpu=archs helps gcc with better instruction selections such as 64-bit multiply MPYD before ------ 82c34b58 : 82c34b58: ld r2,[0x83068d00] 82c34b60: add_s r2,r2,0x7530 82c34b66: mov_s r0,0x989680 82c34b6c: mpymu r5,r2,r0 82c34b70: mpy r4,r2,r0 82c34b74: mov_s r0,r4 82c34b76: j_s.d [blink] 82c34b78: mov_s r1,r5 82c34b7a: nop_s after ------ 82c34b7c : 82c34b7c: ld r0,[0x83064d00] 82c34b84: add_s r0,r0,0x7530 82c34b8a: mpydu r0,r0,0x989680 82c34b92: j_s [blink] Signed-off-by: Vineet Gupta commit 383584157786e09fed6d9e87b2cd8784b6709216 Author: Ahmed S. Darwish Date: Mon Sep 10 15:28:37 2018 +0000 staging: gasket: TODO: re-implement using UIO The gasket in-kernel framework, recently introduced under staging, re-implements what is already long-time provided by the UIO subsystem, with extra PCI BAR remapping and MSI conveniences. Before moving it out of staging, make sure we add the new bits to the UIO framework instead, then transform its signle client, the Apex driver, to a proper UIO driver (uio_driver.h). Link: https://lkml.kernel.org/r/20180828103817.GB1397@do-kernel Signed-off-by: Ahmed S. Darwish Signed-off-by: Greg Kroah-Hartman commit 7f2bf7840b74a160f908db83bc8829f8de10629b Author: Nicholas Piggin Date: Sun Sep 9 15:39:16 2018 +1000 tty: hvc: hvc_write() fix break condition Commit 550ddadcc758 ("tty: hvc: hvc_write() may sleep") broke the termination condition in case the driver stops accepting characters. This can result in unnecessary polling of the busy driver. Restore it by testing the hvc_push return code. Tested-by: Matteo Croce Tested-by: Jason Gunthorpe Tested-by: Leon Romanovsky Signed-off-by: Nicholas Piggin Signed-off-by: Greg Kroah-Hartman commit 68b2fc714fb1e08385f9c810d84f06affd007350 Author: Nicholas Piggin Date: Sun Sep 9 15:39:15 2018 +1000 tty: hvc: hvc_poll() fix read loop batching Commit ec97eaad1383 ("tty: hvc: hvc_poll() break hv read loop") removes get_chars batching entirely, which slows down large console operations like paste -- virtio console "feels worse than a 9600 baud serial line," reports Matteo. This adds back batching in a more latency friendly way. If the caller can sleep then we try to fill the entire flip buffer, releasing the lock and scheduling between each iteration. If it can not sleep, then batches are limited to 128 bytes. Matteo confirms this fixes the performance problem. Latency testing the powerpc OPAL console with OpenBMC UART with a large paste shows about 0.25ms latency, which seems reasonable. 10ms latencies were typical for this case before the latency breaking work, so we still see most of the benefit. kopald-1204 0d.h. 5us : hvc_poll <-hvc_handle_interrupt kopald-1204 0d.h. 5us : __hvc_poll <-hvc_handle_interrupt kopald-1204 0d.h. 5us : _raw_spin_lock_irqsave <-__hvc_poll kopald-1204 0d.h. 5us : tty_port_tty_get <-__hvc_poll kopald-1204 0d.h. 6us : _raw_spin_lock_irqsave <-tty_port_tty_get kopald-1204 0d.h. 6us : _raw_spin_unlock_irqrestore <-tty_port_tty_get kopald-1204 0d.h. 6us : tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 7us : __tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 7us+: opal_get_chars <-__hvc_poll kopald-1204 0d.h. 36us : tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 36us : __tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 36us+: opal_get_chars <-__hvc_poll kopald-1204 0d.h. 65us : tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 65us : __tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 66us+: opal_get_chars <-__hvc_poll kopald-1204 0d.h. 94us : tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 95us : __tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 95us+: opal_get_chars <-__hvc_poll kopald-1204 0d.h. 124us : tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 124us : __tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 125us+: opal_get_chars <-__hvc_poll kopald-1204 0d.h. 154us : tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 154us : __tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 154us+: opal_get_chars <-__hvc_poll kopald-1204 0d.h. 183us : tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 184us : __tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 184us+: opal_get_chars <-__hvc_poll kopald-1204 0d.h. 213us : tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 213us : __tty_buffer_request_room <-__hvc_poll kopald-1204 0d.h. 213us+: opal_get_chars <-__hvc_poll kopald-1204 0d.h. 242us : _raw_spin_unlock_irqrestore <-__hvc_poll kopald-1204 0d.h. 242us : tty_flip_buffer_push <-__hvc_poll kopald-1204 0d.h. 243us : queue_work_on <-tty_flip_buffer_push kopald-1204 0d.h. 243us : tty_kref_put <-__hvc_poll kopald-1204 0d.h. 243us : hvc_kick <-hvc_handle_interrupt kopald-1204 0d.h. 243us : wake_up_process <-hvc_kick kopald-1204 0d.h. 244us : try_to_wake_up <-hvc_kick kopald-1204 0d.h. 244us : _raw_spin_lock_irqsave <-try_to_wake_up kopald-1204 0d.h. 244us : _raw_spin_unlock_irqrestore <-try_to_wake_up Reported-by: Matteo Croce Tested-by: Matteo Croce Tested-by: Jason Gunthorpe Tested-by: Leon Romanovsky Signed-off-by: Nicholas Piggin Signed-off-by: Greg Kroah-Hartman commit 6e7f6b82c60afb46ff71c2127421c66207966d6d Author: Nicholas Piggin Date: Sun Sep 9 15:39:14 2018 +1000 tty: hvc: hvc_poll() fix read loop hang Commit ec97eaad1383 ("tty: hvc: hvc_poll() break hv read loop") causes the virtio console to hang at times (e.g., if you paste a bunch of characters to it. The reason is that get_chars must return 0 before we can be sure the driver will kick or poll input again, but this change only scheduled a poll if get_chars had returned a full count. Change this to poll on any > 0 count. Reported-by: Matteo Croce Reported-by: Jason Gunthorpe Tested-by: Matteo Croce Tested-by: Jason Gunthorpe Tested-by: Leon Romanovsky Signed-off-by: Nicholas Piggin Signed-off-by: Greg Kroah-Hartman commit a318c2432218d3cd189ec8228b8a795666899c2a Author: Philipp Zabel Date: Fri Aug 31 14:34:02 2018 +0200 mfd: da9063: Fix DT probing with constraints Commit 1c892e38ce59 ("regulator: da9063: Handle less LDOs on DA9063L") reordered the da9063_regulator_info[] array, but not the DA9063_ID_* regulator ids and not the da9063_matches[] array, because ids are used as indices in the array initializer. This mismatch between regulator id and da9063_regulator_info[] array index causes the driver probe to fail because constraints from DT are not applied to the correct regulator: da9063 0-0058: Device detected (chip-ID: 0x61, var-ID: 0x50) DA9063_BMEM: Bringing 900000uV into 3300000-3300000uV DA9063_LDO9: Bringing 3300000uV into 2500000-2500000uV DA9063_LDO1: Bringing 900000uV into 3300000-3300000uV DA9063_LDO1: failed to apply 3300000-3300000uV constraint(-22) This patch reorders the DA9063_ID_* as apparently intended, and with them the entries in the da90630_matches[] array. Fixes: 1c892e38ce59 ("regulator: da9063: Handle less LDOs on DA9063L") Signed-off-by: Philipp Zabel Reviewed-by: Marek Vasut Reviewed-by: Geert Uytterhoeven Signed-off-by: Lee Jones commit 49434c6c575d2008c0abbc93e615019f39e01252 Author: Willy Tarreau Date: Sat Sep 8 08:12:21 2018 +0200 ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO snd_emu10k1_fx8010_ioctl(SNDRV_EMU10K1_IOCTL_INFO) allocates memory using kmalloc() and partially fills it by calling snd_emu10k1_fx8010_info() before returning the resulting structure to userspace, leaving uninitialized holes. Let's just use kzalloc() here. BugLink: http://blog.infosectcbr.com.au/2018/09/linux-kernel-infoleaks.html Signed-off-by: Willy Tarreau Cc: Jann Horn Cc: Signed-off-by: Takashi Iwai commit 90a3b7f8aba3011badacd6d8121e03aa24ac79d1 Author: Sébastien Szymanski Date: Thu Sep 6 11:16:00 2018 +0200 ASoC: cs4265: fix MMTLR Data switch control The MMTLR bit is in the CS4265_SPDIF_CTL2 register at address 0x12 bit 0 and not at address 0x0 bit 1. Fix this. Signed-off-by: Sébastien Szymanski Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit bf93585ee1e25461426c61e5ff64a3acd9e30e88 Merge: d5274b3cd6a8 8407879c4e0d Author: Jens Axboe Date: Mon Sep 10 08:16:56 2018 -0600 Merge branch 'nvme-4.19' of git://git.infradead.org/nvme into for-linus Pull single NVMe fix from Christoph. * 'nvme-4.19' of git://git.infradead.org/nvme: nvmet-rdma: fix possible bogus dereference under heavy load commit 21a268069203cc72d1b2990bc68386516fabc274 Author: Miquel Raynal Date: Fri Sep 7 16:29:54 2018 +0200 mtd: rawnand: marvell: prevent harmless warnings Since the addition of WARN_ON() in nand_subop_get_data/addr_len() helpers, this driver will produce harmless warnings (mostly at probe) just because it always calls the nand_subop_get_data_len() helper in the parsing function (even on non-data instructions, where this value is meaningless and unneeded). Fix these warnings by deriving the length only when it is relevant. Fixes: 760c435e0f85 ("mtd: rawnand: make subop helpers return unsigned values") Signed-off-by: Miquel Raynal Signed-off-by: Boris Brezillon commit 07e846bace717729fd20b5d99521a5f8c7d7a9cb Author: Randy Dunlap Date: Sun Aug 5 20:34:05 2018 -0700 x86/doc: Fix Documentation/x86/earlyprintk.txt Fix a few issues in Documentation/x86/earlyprintk.txt: - correct typos, punctuation, missing word, wrong word - change product name from Netchip to NetChip - expand where to add "earlyprintk=dbg" Signed-off-by: Randy Dunlap Cc: Eric W. Biederman Cc: Jason Wessel Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Yinghai Lu Cc: linux-doc@vger.kernel.org Cc: linux-usb@vger.kernel.org Link: http://lkml.kernel.org/r/d0c40ac3-7659-6374-dbda-23d3d2577f30@infradead.org Signed-off-by: Ingo Molnar commit 02e184476eff848273826c1d6617bb37e5bcc7ad Author: Yabin Cui Date: Thu Aug 23 15:59:35 2018 -0700 perf/core: Force USER_DS when recording user stack data Perf can record user stack data in response to a synchronous request, such as a tracepoint firing. If this happens under set_fs(KERNEL_DS), then we end up reading user stack data using __copy_from_user_inatomic() under set_fs(KERNEL_DS). I think this conflicts with the intention of using set_fs(KERNEL_DS). And it is explicitly forbidden by hardware on ARM64 when both CONFIG_ARM64_UAO and CONFIG_ARM64_PAN are used. So fix this by forcing USER_DS when recording user stack data. Signed-off-by: Yabin Cui Acked-by: Peter Zijlstra (Intel) Cc: Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: 88b0193d9418 ("perf/callchain: Force USER_DS when invoking perf_callchain_user()") Link: http://lkml.kernel.org/r/20180823225935.27035-1-yabinc@google.com Signed-off-by: Ingo Molnar commit 0b405c65ad459f5f4d3db1672246172bd19d946d Author: Colin Ian King Date: Fri Aug 24 12:22:35 2018 +0100 locking/ww_mutex: Fix spelling mistake "cylic" -> "cyclic" Trivial fix to spelling mistake in pr_err() error message Signed-off-by: Colin Ian King Acked-by: Will Deacon Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: kernel-janitors@vger.kernel.org Link: http://lkml.kernel.org/r/20180824112235.8842-1-colin.king@canonical.com Signed-off-by: Ingo Molnar commit dc5591a03f1d6dae6b11cdf1d74b023f7ac0fdbf Author: Ben Hutchings Date: Tue Aug 28 21:33:15 2018 +0100 locking/lockdep: Delete unnecessary #include Commit: c3bc8fd637a9 ("tracing: Centralize preemptirq tracepoints and unify their usage") added the inclusion of . liblockdep doesn't have a stub version of that header so now fails to build. However, commit: bff1b208a5d1 ("tracing: Partial revert of "tracing: Centralize preemptirq tracepoints and unify their usage"") removed the use of functions declared in that header. So delete the #include. Signed-off-by: Ben Hutchings Cc: Joel Fernandes Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Sasha Levin Cc: Steven Rostedt Cc: Thomas Gleixner Cc: Will Deacon Fixes: bff1b208a5d1 ("tracing: Partial revert of "tracing: Centralize ...") Fixes: c3bc8fd637a9 ("tracing: Centralize preemptirq tracepoints ...") Link: http://lkml.kernel.org/r/20180828203315.GD18030@decadent.org.uk Signed-off-by: Ingo Molnar commit 16214312df6d5aaa5324864d032ce565e97f8890 Author: Sasha Levin Date: Mon Aug 13 19:05:39 2018 +0000 tools/lib/lockdep: Add dummy task_struct state member Commit: 8cc05c71ba5f ("locking/lockdep: Move sanity check to inside lockdep_print_held_locks()") added accesses to the task_struct's state member. Add dummy userspace declaration. Signed-off-by: Sasha Levin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Sasha Levin Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20180813190527.16853-4-alexander.levin@microsoft.com Signed-off-by: Ingo Molnar commit 1064ea494bb00519c6e34f791dcf17436f70592d Author: Sasha Levin Date: Mon Aug 13 19:05:38 2018 +0000 tools/lib/lockdep: Add empty nmi.h Required since: 88f1c87de11a8 ("locking/lockdep: Avoid triggering hardlockup from debug_show_all_locks()") Signed-off-by: Sasha Levin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Sasha Levin Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20180813190527.16853-3-alexander.levin@microsoft.com Signed-off-by: Ingo Molnar commit 83e01228cb35823f7bd0e5a0584e24ed72a8af2b Author: Sasha Levin Date: Mon Aug 13 19:05:37 2018 +0000 tools/lib/lockdep: Update Sasha Levin email to MSFT Signed-off-by: Sasha Levin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Sasha Levin Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20180813190527.16853-2-alexander.levin@microsoft.com Signed-off-by: Ingo Molnar commit 2a665dba016d5493c7d826fec82b0cb643b30d42 Author: Akshu Agrawal Date: Mon Sep 10 13:36:30 2018 +0530 ASoC: AMD: Ensure reset bit is cleared before configuring HW register descriptions says: "DMA Channel Reset...Software must confirm that this bit is cleared before reprogramming any of the channel configuration registers." There could be cases where dma stop errored out leaving dma channel in reset state. We need to ensure that before the start of another dma, channel is out of the reset state. Signed-off-by: Akshu Agrawal Signed-off-by: Mark Brown commit 8c25741aaad8be6fbe51510e917c740e0059cf83 Author: Miklos Szeredi Date: Mon Sep 10 11:43:29 2018 +0200 ovl: fix oopses in ovl_fill_super() failure paths ovl_free_fs() dereferences ofs->workbasedir and ofs->upper_mnt in cases when those might not have been initialized yet. Fix the initialization order for these fields. Reported-by: syzbot+c75f181dc8429d2eb887@syzkaller.appspotmail.com Signed-off-by: Miklos Szeredi Cc: # v4.15 Fixes: 95e6d4177cb7 ("ovl: grab reference to workbasedir early") Fixes: a9075cdb467d ("ovl: factor out ovl_free_fs() helper") commit f8ff6b2d4a51f08ff53360aab633ba6d4f2d54b6 Author: Daniel Vetter Date: Wed Sep 5 17:40:09 2018 +0200 staging/fbtft: Update TODO and mailing lists Motivated by the ksummit-discuss discussion. Cc: Shuah Khan Cc: Thomas Petazzoni Cc: Mauro Carvalho Chehab Cc: linux-fbdev@vger.kernel.org Signed-off-by: Daniel Vetter Signed-off-by: Greg Kroah-Hartman commit 882a78a9f39f5535b209b4aa0a1741e35b8c67fb Author: Randy Dunlap Date: Mon Sep 3 12:53:17 2018 -0700 sched/fair: Fix kernel-doc notation warning Fix kernel-doc warning for missing 'flags' parameter description: ../kernel/sched/fair.c:3371: warning: Function parameter or member 'flags' not described in 'attach_entity_load_avg' Signed-off-by: Randy Dunlap Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: ea14b57e8a18 ("sched/cpufreq: Provide migration hint") Link: http://lkml.kernel.org/r/cdda0d42-880d-4229-a9f7-5899c977a063@infradead.org Signed-off-by: Ingo Molnar commit da260fe12330be8b003c2ab07a112704163ea675 Author: Borislav Petkov Date: Fri Sep 7 12:35:21 2018 +0200 jump_label: Fix typo in warning message There's no 'allocatote' - use the next best thing: 'allocate' :-) Signed-off-by: Borislav Petkov Signed-off-by: Peter Zijlstra (Intel) Cc: Jason Baron Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Steven Rostedt (VMware) Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20180907103521.31344-1-bp@alien8.de Signed-off-by: Ingo Molnar commit bb3485c8ace6475c269b1aa2da674490f455f412 Author: Vincent Guittot Date: Fri Sep 7 09:51:04 2018 +0200 sched/fair: Fix load_balance redo for !imbalance It can happen that load_balance() finds a busiest group and then a busiest rq but the calculated imbalance is in fact 0. In such situation, detach_tasks() returns immediately and lets the flag LBF_ALL_PINNED set. The busiest CPU is then wrongly assumed to have pinned tasks and removed from the load balance mask. then, we redo a load balance without the busiest CPU. This creates wrong load balance situation and generates wrong task migration. If the calculated imbalance is 0, it's useless to try to find a busiest rq as no task will be migrated and we can return immediately. This situation can happen with heterogeneous system or smp system when RT tasks are decreasing the capacity of some CPUs. Signed-off-by: Vincent Guittot Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: dietmar.eggemann@arm.com Cc: jhugo@codeaurora.org Link: http://lkml.kernel.org/r/1536306664-29827-1-git-send-email-vincent.guittot@linaro.org Signed-off-by: Ingo Molnar commit 287cdaac5700c5b8970d739f73d742d863d3e2ca Author: Vincent Guittot Date: Tue Sep 4 11:36:26 2018 +0200 sched/fair: Fix scale_rt_capacity() for SMT Since commit: 523e979d3164 ("sched/core: Use PELT for scale_rt_capacity()") scale_rt_capacity() returns the remaining capacity and not a scale factor to apply on cpu_capacity_orig. arch_scale_cpu() is directly called by scale_rt_capacity() so we must take the sched_domain argument. Reported-by: Srikar Dronamraju Signed-off-by: Vincent Guittot Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Srikar Dronamraju Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: 523e979d3164 ("sched/core: Use PELT for scale_rt_capacity()") Link: http://lkml.kernel.org/r/20180904093626.GA23936@linaro.org Signed-off-by: Ingo Molnar commit d0cdb3ce8834332d918fc9c8ff74f8a169ec9abe Author: Steve Muckle Date: Fri Aug 31 15:42:17 2018 -0700 sched/fair: Fix vruntime_normalized() for remote non-migration wakeup When a task which previously ran on a given CPU is remotely queued to wake up on that same CPU, there is a period where the task's state is TASK_WAKING and its vruntime is not normalized. This is not accounted for in vruntime_normalized() which will cause an error in the task's vruntime if it is switched from the fair class during this time. For example if it is boosted to RT priority via rt_mutex_setprio(), rq->min_vruntime will not be subtracted from the task's vruntime but it will be added again when the task returns to the fair class. The task's vruntime will have been erroneously doubled and the effective priority of the task will be reduced. Note this will also lead to inflation of all vruntimes since the doubled vruntime value will become the rq's min_vruntime when other tasks leave the rq. This leads to repeated doubling of the vruntime and priority penalty. Fix this by recognizing a WAKING task's vruntime as normalized only if sched_remote_wakeup is true. This indicates a migration, in which case the vruntime would have been normalized in migrate_task_rq_fair(). Based on a similar patch from John Dias . Suggested-by: Peter Zijlstra Tested-by: Dietmar Eggemann Signed-off-by: Steve Muckle Signed-off-by: Peter Zijlstra (Intel) Cc: Chris Redpath Cc: John Dias Cc: Linus Torvalds Cc: Miguel de Dios Cc: Morten Rasmussen Cc: Patrick Bellasi Cc: Paul Turner Cc: Quentin Perret Cc: Thomas Gleixner Cc: Todd Kjos Cc: kernel-team@android.com Fixes: b5179ac70de8 ("sched/fair: Prepare to fix fairness problems on migration") Link: http://lkml.kernel.org/r/20180831224217.169476-1-smuckle@google.com Signed-off-by: Ingo Molnar commit 12b04875d666e83d27511df25580de84505bc758 Author: Vincent Guittot Date: Fri Aug 31 17:22:55 2018 +0200 sched/pelt: Fix update_blocked_averages() for RT and DL classes update_blocked_averages() is called to periodiccally decay the stalled load of idle CPUs and to sync all loads before running load balance. When cfs rq is idle, it trigs a load balance during pick_next_task_fair() in order to potentially pull tasks and to use this newly idle CPU. This load balance happens whereas prev task from another class has not been put and its utilization updated yet. This may lead to wrongly account running time as idle time for RT or DL classes. Test that no RT or DL task is running when updating their utilization in update_blocked_averages(). We still update RT and DL utilization instead of simply skipping them to make sure that all metrics are synced when used during load balance. Signed-off-by: Vincent Guittot Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: 371bf4273269 ("sched/rt: Add rt_rq utilization tracking") Fixes: 3727e0e16340 ("sched/dl: Add dl_rq utilization tracking") Link: http://lkml.kernel.org/r/1535728975-22799-1-git-send-email-vincent.guittot@linaro.org Signed-off-by: Ingo Molnar commit e5e96fafd9028b1478b165db78c52d981c14f471 Author: Srikar Dronamraju Date: Fri Aug 10 22:30:18 2018 +0530 sched/topology: Set correct NUMA topology type With the following commit: 051f3ca02e46 ("sched/topology: Introduce NUMA identity node sched domain") the scheduler introduced a new NUMA level. However this leads to the NUMA topology on 2 node systems to not be marked as NUMA_DIRECT anymore. After this commit, it gets reported as NUMA_BACKPLANE, because sched_domains_numa_level is now 2 on 2 node systems. Fix this by allowing setting systems that have up to 2 NUMA levels as NUMA_DIRECT. While here remove code that assumes that level can be 0. Signed-off-by: Srikar Dronamraju Signed-off-by: Peter Zijlstra (Intel) Cc: Andre Wild Cc: Heiko Carstens Cc: Linus Torvalds Cc: Mel Gorman Cc: Michael Ellerman Cc: Peter Zijlstra Cc: Rik van Riel Cc: Suravee Suthikulpanit Cc: Thomas Gleixner Cc: linuxppc-dev Fixes: 051f3ca02e46 "Introduce NUMA identity node sched domain" Link: http://lkml.kernel.org/r/1533920419-17410-1-git-send-email-srikar@linux.vnet.ibm.com Signed-off-by: Ingo Molnar commit e73e81975f2447e6f556100cada64a18ec631cbb Author: Jiada Wang Date: Tue Jul 31 21:12:22 2018 +0900 sched/debug: Fix potential deadlock when writing to sched_features The following lockdep report can be triggered by writing to /sys/kernel/debug/sched_features: ====================================================== WARNING: possible circular locking dependency detected 4.18.0-rc6-00152-gcd3f77d74ac3-dirty #18 Not tainted ------------------------------------------------------ sh/3358 is trying to acquire lock: 000000004ad3989d (cpu_hotplug_lock.rw_sem){++++}, at: static_key_enable+0x14/0x30 but task is already holding lock: 00000000c1b31a88 (&sb->s_type->i_mutex_key#3){+.+.}, at: sched_feat_write+0x160/0x428 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&sb->s_type->i_mutex_key#3){+.+.}: lock_acquire+0xb8/0x148 down_write+0xac/0x140 start_creating+0x5c/0x168 debugfs_create_dir+0x18/0x220 opp_debug_register+0x8c/0x120 _add_opp_dev+0x104/0x1f8 dev_pm_opp_get_opp_table+0x174/0x340 _of_add_opp_table_v2+0x110/0x760 dev_pm_opp_of_add_table+0x5c/0x240 dev_pm_opp_of_cpumask_add_table+0x5c/0x100 cpufreq_init+0x160/0x430 cpufreq_online+0x1cc/0xe30 cpufreq_add_dev+0x78/0x198 subsys_interface_register+0x168/0x270 cpufreq_register_driver+0x1c8/0x278 dt_cpufreq_probe+0xdc/0x1b8 platform_drv_probe+0xb4/0x168 driver_probe_device+0x318/0x4b0 __device_attach_driver+0xfc/0x1f0 bus_for_each_drv+0xf8/0x180 __device_attach+0x164/0x200 device_initial_probe+0x10/0x18 bus_probe_device+0x110/0x178 device_add+0x6d8/0x908 platform_device_add+0x138/0x3d8 platform_device_register_full+0x1cc/0x1f8 cpufreq_dt_platdev_init+0x174/0x1bc do_one_initcall+0xb8/0x310 kernel_init_freeable+0x4b8/0x56c kernel_init+0x10/0x138 ret_from_fork+0x10/0x18 -> #2 (opp_table_lock){+.+.}: lock_acquire+0xb8/0x148 __mutex_lock+0x104/0xf50 mutex_lock_nested+0x1c/0x28 _of_add_opp_table_v2+0xb4/0x760 dev_pm_opp_of_add_table+0x5c/0x240 dev_pm_opp_of_cpumask_add_table+0x5c/0x100 cpufreq_init+0x160/0x430 cpufreq_online+0x1cc/0xe30 cpufreq_add_dev+0x78/0x198 subsys_interface_register+0x168/0x270 cpufreq_register_driver+0x1c8/0x278 dt_cpufreq_probe+0xdc/0x1b8 platform_drv_probe+0xb4/0x168 driver_probe_device+0x318/0x4b0 __device_attach_driver+0xfc/0x1f0 bus_for_each_drv+0xf8/0x180 __device_attach+0x164/0x200 device_initial_probe+0x10/0x18 bus_probe_device+0x110/0x178 device_add+0x6d8/0x908 platform_device_add+0x138/0x3d8 platform_device_register_full+0x1cc/0x1f8 cpufreq_dt_platdev_init+0x174/0x1bc do_one_initcall+0xb8/0x310 kernel_init_freeable+0x4b8/0x56c kernel_init+0x10/0x138 ret_from_fork+0x10/0x18 -> #1 (subsys mutex#6){+.+.}: lock_acquire+0xb8/0x148 __mutex_lock+0x104/0xf50 mutex_lock_nested+0x1c/0x28 subsys_interface_register+0xd8/0x270 cpufreq_register_driver+0x1c8/0x278 dt_cpufreq_probe+0xdc/0x1b8 platform_drv_probe+0xb4/0x168 driver_probe_device+0x318/0x4b0 __device_attach_driver+0xfc/0x1f0 bus_for_each_drv+0xf8/0x180 __device_attach+0x164/0x200 device_initial_probe+0x10/0x18 bus_probe_device+0x110/0x178 device_add+0x6d8/0x908 platform_device_add+0x138/0x3d8 platform_device_register_full+0x1cc/0x1f8 cpufreq_dt_platdev_init+0x174/0x1bc do_one_initcall+0xb8/0x310 kernel_init_freeable+0x4b8/0x56c kernel_init+0x10/0x138 ret_from_fork+0x10/0x18 -> #0 (cpu_hotplug_lock.rw_sem){++++}: __lock_acquire+0x203c/0x21d0 lock_acquire+0xb8/0x148 cpus_read_lock+0x58/0x1c8 static_key_enable+0x14/0x30 sched_feat_write+0x314/0x428 full_proxy_write+0xa0/0x138 __vfs_write+0xd8/0x388 vfs_write+0xdc/0x318 ksys_write+0xb4/0x138 sys_write+0xc/0x18 __sys_trace_return+0x0/0x4 other info that might help us debug this: Chain exists of: cpu_hotplug_lock.rw_sem --> opp_table_lock --> &sb->s_type->i_mutex_key#3 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sb->s_type->i_mutex_key#3); lock(opp_table_lock); lock(&sb->s_type->i_mutex_key#3); lock(cpu_hotplug_lock.rw_sem); *** DEADLOCK *** 2 locks held by sh/3358: #0: 00000000a8c4b363 (sb_writers#10){.+.+}, at: vfs_write+0x238/0x318 #1: 00000000c1b31a88 (&sb->s_type->i_mutex_key#3){+.+.}, at: sched_feat_write+0x160/0x428 stack backtrace: CPU: 5 PID: 3358 Comm: sh Not tainted 4.18.0-rc6-00152-gcd3f77d74ac3-dirty #18 Hardware name: Renesas H3ULCB Kingfisher board based on r8a7795 ES2.0+ (DT) Call trace: dump_backtrace+0x0/0x288 show_stack+0x14/0x20 dump_stack+0x13c/0x1ac print_circular_bug.isra.10+0x270/0x438 check_prev_add.constprop.16+0x4dc/0xb98 __lock_acquire+0x203c/0x21d0 lock_acquire+0xb8/0x148 cpus_read_lock+0x58/0x1c8 static_key_enable+0x14/0x30 sched_feat_write+0x314/0x428 full_proxy_write+0xa0/0x138 __vfs_write+0xd8/0x388 vfs_write+0xdc/0x318 ksys_write+0xb4/0x138 sys_write+0xc/0x18 __sys_trace_return+0x0/0x4 This is because when loading the cpufreq_dt module we first acquire cpu_hotplug_lock.rw_sem lock, then in cpufreq_init(), we are taking the &sb->s_type->i_mutex_key lock. But when writing to /sys/kernel/debug/sched_features, the cpu_hotplug_lock.rw_sem lock depends on the &sb->s_type->i_mutex_key lock. To fix this bug, reverse the lock acquisition order when writing to sched_features, this way cpu_hotplug_lock.rw_sem no longer depends on &sb->s_type->i_mutex_key. Tested-by: Dietmar Eggemann Signed-off-by: Jiada Wang Signed-off-by: Peter Zijlstra (Intel) Cc: Eugeniu Rosca Cc: George G. Davis Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20180731121222.26195-1-jiada_wang@mentor.com Signed-off-by: Ingo Molnar commit 5f0abea6ab6dd3104fc00c64a86d58b5d59a3818 Author: Gao Xiang Date: Thu Sep 6 17:01:47 2018 +0800 staging: erofs: rename superblock flags (MS_xyz -> SB_xyz) This patch follows commit 1751e8a6cb93 ("Rename superblock flags (MS_xyz -> SB_xyz)") and after commit ("vfs: Suppress MS_* flag defs within the kernel unless explicitly enabled"), there is no MS_RDONLY and MS_NOATIME at all. Reported-by: Stephen Rothwell Reviewed-by: Chao Yu Signed-off-by: Gao Xiang Reviewed-by: David Howells Signed-off-by: Greg Kroah-Hartman commit e13e2366d8415e029fe96a62502955083e272cef Author: Thomas Hellstrom Date: Mon Sep 3 16:07:08 2018 +0200 locking/mutex: Fix mutex debug call and ww_mutex documentation The following commit: 08295b3b5bee ("Implement an algorithm choice for Wound-Wait mutexes") introduced a reference in the documentation to a function that was removed in an earlier commit. It also forgot to remove a call to debug_mutex_add_waiter() which is now unconditionally called by __mutex_add_waiter(). Fix those bugs. Signed-off-by: Thomas Hellstrom Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: dri-devel@lists.freedesktop.org Fixes: 08295b3b5bee ("Implement an algorithm choice for Wound-Wait mutexes") Link: http://lkml.kernel.org/r/20180903140708.2401-1-thellstrom@vmware.com Signed-off-by: Ingo Molnar commit 09121255c784fd36ad6237a4e239c634b0209de0 Author: Peter Zijlstra Date: Wed Aug 29 14:13:13 2018 +0200 perf/UAPI: Clearly mark __PERF_SAMPLE_CALLCHAIN_EARLY as internal use Vince noted that commit: 6cbc304f2f36 ("perf/x86/intel: Fix unwind errors from PEBS entries (mk-II)") 'leaked' __PERF_SAMPLE_CALLCHAIN_EARLY into the UAPI namespace. And while sys_perf_event_open() will error out if you try to use it, it is exposed. Clearly mark it for internal use only to avoid any confusion. Requested-by: Vince Weaver Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar commit 16160c1946b702dcfa95ef63389a56deb2f1c7cb Author: Jacek Tomaka Date: Thu Aug 2 09:38:30 2018 +0800 perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Problem: perf did not show branch predicted/mispredicted bit in brstack. Output of perf -F brstack for profile collected Before: 0x4fdbcd/0x4fdc03/-/-/-/0 0x45f4c1/0x4fdba0/-/-/-/0 0x45f544/0x45f4bb/-/-/-/0 0x45f555/0x45f53c/-/-/-/0 0x7f66901cc24b/0x45f555/-/-/-/0 0x7f66901cc22e/0x7f66901cc23d/-/-/-/0 0x7f66901cc1ff/0x7f66901cc20f/-/-/-/0 0x7f66901cc1e8/0x7f66901cc1fc/-/-/-/0 After: 0x4fdbcd/0x4fdc03/P/-/-/0 0x45f4c1/0x4fdba0/P/-/-/0 0x45f544/0x45f4bb/P/-/-/0 0x45f555/0x45f53c/P/-/-/0 0x7f66901cc24b/0x45f555/P/-/-/0 0x7f66901cc22e/0x7f66901cc23d/P/-/-/0 0x7f66901cc1ff/0x7f66901cc20f/P/-/-/0 0x7f66901cc1e8/0x7f66901cc1fc/P/-/-/0 Cause: As mentioned in Software Development Manual vol 3, 17.4.8.1, IA32_PERF_CAPABILITIES[5:0] indicates the format of the address that is stored in the LBR stack. Knights Landing reports 1 (LBR_FORMAT_LIP) as its format. Despite that, registers containing FROM address of the branch, do have MISPREDICT bit but because of the format indicated in IA32_PERF_CAPABILITIES[5:0], LBR did not read MISPREDICT bit. Solution: Teach LBR about above Knights Landing quirk and make it read MISPREDICT bit. Signed-off-by: Jacek Tomaka Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20180802013830.10600-1-jacekt@dugeo.com Signed-off-by: Ingo Molnar commit c42055105785580563535e6d3143cad95c7ac7ee Author: Yuan-Chi Pang Date: Thu Sep 6 16:57:48 2018 +0800 mac80211: fix TX status reporting for ieee80211s TX status reporting to ieee80211s is through ieee80211s_update_metric. There are two problems about ieee80211s_update_metric: 1. The purpose is to estimate the fail probability to a specific link. No need to restrict to data frame. 2. Current implementation does not work if wireless driver does not pass tx_status with skb. Fix this by removing ieee80211_is_data condition, passing ieee80211_tx_status directly to ieee80211s_update_metric, and putting it in both __ieee80211_tx_status and ieee80211_tx_status_ext. Signed-off-by: Yuan-Chi Pang Signed-off-by: Johannes Berg commit cb59bc14e830028d2244861216df038165d7625d Author: Johannes Berg Date: Wed Sep 5 13:34:02 2018 +0200 mac80211: TDLS: fix skb queue/priority assignment If the TDLS setup happens over a connection to an AP that doesn't have QoS, we nevertheless assign a non-zero TID (skb->priority) and queue mapping, which may confuse us or drivers later. Fix it by just assigning the special skb->priority and then using ieee80211_select_queue() just like other data frames would go through. Signed-off-by: Johannes Berg commit 119f94a6fefcc76d47075b83d2b73d04c895df78 Author: Jouni Malinen Date: Wed Sep 5 18:52:22 2018 +0300 cfg80211: Address some corner cases in scan result channel updating cfg80211_get_bss_channel() is used to update the RX channel based on the available frame payload information (channel number from DSSS Parameter Set element or HT Operation element). This is needed on 2.4 GHz channels where frames may be received on neighboring channels due to overlapping frequency range. This might of some use on the 5 GHz band in some corner cases, but things are more complex there since there is no n:1 or 1:n mapping between channel numbers and frequencies due to multiple different starting frequencies in different operating classes. This could result in ieee80211_channel_to_frequency() returning incorrect frequency and ieee80211_get_channel() returning incorrect channel information (or indication of no match). In the previous implementation, this could result in some scan results being dropped completely, e.g., for the 4.9 GHz channels. That prevented connection to such BSSs. Fix this by using the driver-provided channel pointer if ieee80211_get_channel() does not find matching channel data for the channel number in the frame payload and if the scan is done with 5 MHz or 10 MHz channel bandwidth. While doing this, also add comments describing what the function is trying to achieve to make it easier to understand what happens here and why. Signed-off-by: Jouni Malinen Signed-off-by: Johannes Berg commit 36f3a6e02c143a7e9e4e143e416371f67bc1fae6 Author: Takashi Sakamoto Date: Sun Sep 9 22:25:52 2018 +0900 ALSA: fireface: fix memory leak in ff400_switch_fetching_mode() An allocated memory forgets to be released. Fixes: 76fdb3a9e13 ('ALSA: fireface: add support for Fireface 400') Cc: # 4.12+ Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai commit 493626f2d87a74e6dbea1686499ed6e7e600484e Author: Takashi Sakamoto Date: Sun Sep 9 22:25:12 2018 +0900 ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping When executing 'fw_run_transaction()' with 'TCODE_WRITE_BLOCK_REQUEST', an address of 'payload' argument is used for streaming DMA mapping by 'firewire_ohci' module if 'size' argument is larger than 8 byte. Although in this case the address should not be on kernel stack, current implementation of ALSA bebob driver uses data in kernel stack for a cue to boot M-Audio devices. This often brings unexpected result, especially for a case of CONFIG_VMAP_STACK=y. This commit fixes the bug. Reference: https://bugzilla.kernel.org/show_bug.cgi?id=201021 Reference: https://forum.manjaro.org/t/firewire-m-audio-410-driver-wont-load-firmware/51165 Fixes: a2b2a7798fb6('ALSA: bebob: Send a cue to load firmware for M-Audio Firewire series') Cc: # v3.16+ Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai commit 11da3a7f84f19c26da6f86af878298694ede0804 Author: Linus Torvalds Date: Sun Sep 9 17:26:43 2018 -0700 Linux 4.19-rc3 commit 5d407b071dc369c26a38398326ee2be53651cfe4 Author: Taehee Yoo Date: Mon Sep 10 02:47:05 2018 +0900 ip: frags: fix crash in ip_do_fragment() A kernel crash occurrs when defragmented packet is fragmented in ip_do_fragment(). In defragment routine, skb_orphan() is called and skb->ip_defrag_offset is set. but skb->sk and skb->ip_defrag_offset are same union member. so that frag->sk is not NULL. Hence crash occurrs in skb->sk check routine in ip_do_fragment() when defragmented packet is fragmented. test commands: %iptables -t nat -I POSTROUTING -j MASQUERADE %hping3 192.168.4.2 -s 1000 -p 2000 -d 60000 splat looks like: [ 261.069429] kernel BUG at net/ipv4/ip_output.c:636! [ 261.075753] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI [ 261.083854] CPU: 1 PID: 1349 Comm: hping3 Not tainted 4.19.0-rc2+ #3 [ 261.100977] RIP: 0010:ip_do_fragment+0x1613/0x2600 [ 261.106945] Code: e8 e2 38 e3 fe 4c 8b 44 24 18 48 8b 74 24 08 e9 92 f6 ff ff 80 3c 02 00 0f 85 da 07 00 00 48 8b b5 d0 00 00 00 e9 25 f6 ff ff <0f> 0b 0f 0b 44 8b 54 24 58 4c 8b 4c 24 18 4c 8b 5c 24 60 4c 8b 6c [ 261.127015] RSP: 0018:ffff8801031cf2c0 EFLAGS: 00010202 [ 261.134156] RAX: 1ffff1002297537b RBX: ffffed0020639e6e RCX: 0000000000000004 [ 261.142156] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880114ba9bd8 [ 261.150157] RBP: ffff880114ba8a40 R08: ffffed0022975395 R09: ffffed0022975395 [ 261.158157] R10: 0000000000000001 R11: ffffed0022975394 R12: ffff880114ba9ca4 [ 261.166159] R13: 0000000000000010 R14: ffff880114ba9bc0 R15: dffffc0000000000 [ 261.174169] FS: 00007fbae2199700(0000) GS:ffff88011b400000(0000) knlGS:0000000000000000 [ 261.183012] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 261.189013] CR2: 00005579244fe000 CR3: 0000000119bf4000 CR4: 00000000001006e0 [ 261.198158] Call Trace: [ 261.199018] ? dst_output+0x180/0x180 [ 261.205011] ? save_trace+0x300/0x300 [ 261.209018] ? ip_copy_metadata+0xb00/0xb00 [ 261.213034] ? sched_clock_local+0xd4/0x140 [ 261.218158] ? kill_l4proto+0x120/0x120 [nf_conntrack] [ 261.223014] ? rt_cpu_seq_stop+0x10/0x10 [ 261.227014] ? find_held_lock+0x39/0x1c0 [ 261.233008] ip_finish_output+0x51d/0xb50 [ 261.237006] ? ip_fragment.constprop.56+0x220/0x220 [ 261.243011] ? nf_ct_l4proto_register_one+0x5b0/0x5b0 [nf_conntrack] [ 261.250152] ? rcu_is_watching+0x77/0x120 [ 261.255010] ? nf_nat_ipv4_out+0x1e/0x2b0 [nf_nat_ipv4] [ 261.261033] ? nf_hook_slow+0xb1/0x160 [ 261.265007] ip_output+0x1c7/0x710 [ 261.269005] ? ip_mc_output+0x13f0/0x13f0 [ 261.273002] ? __local_bh_enable_ip+0xe9/0x1b0 [ 261.278152] ? ip_fragment.constprop.56+0x220/0x220 [ 261.282996] ? nf_hook_slow+0xb1/0x160 [ 261.287007] raw_sendmsg+0x21f9/0x4420 [ 261.291008] ? dst_output+0x180/0x180 [ 261.297003] ? sched_clock_cpu+0x126/0x170 [ 261.301003] ? find_held_lock+0x39/0x1c0 [ 261.306155] ? stop_critical_timings+0x420/0x420 [ 261.311004] ? check_flags.part.36+0x450/0x450 [ 261.315005] ? _raw_spin_unlock_irq+0x29/0x40 [ 261.320995] ? _raw_spin_unlock_irq+0x29/0x40 [ 261.326142] ? cyc2ns_read_end+0x10/0x10 [ 261.330139] ? raw_bind+0x280/0x280 [ 261.334138] ? sched_clock_cpu+0x126/0x170 [ 261.338995] ? check_flags.part.36+0x450/0x450 [ 261.342991] ? __lock_acquire+0x4500/0x4500 [ 261.348994] ? inet_sendmsg+0x11c/0x500 [ 261.352989] ? dst_output+0x180/0x180 [ 261.357012] inet_sendmsg+0x11c/0x500 [ ... ] v2: - clear skb->sk at reassembly routine.(Eric Dumarzet) Fixes: fa0f527358bd ("ip: use rb trees for IP frag queue.") Suggested-by: Eric Dumazet Signed-off-by: Taehee Yoo Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller commit fa94351b56d64208ce45c19ec0d4dc711074e607 Merge: 9a5682765a2e 4e67b2a5df5d Author: Ingo Molnar Date: Sun Sep 9 21:36:31 2018 +0200 Merge tag 'perf-urgent-for-mingo-4.19-20180903' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/urgent fixes from Arnaldo Carvalho de Melo: Kernel: - Modify breakpoint fixes (Jiri Olsa) perf annotate: - Fix parsing aarch64 branch instructions after objdump update (Kim Phillips) - Fix parsing indirect calls in 'perf annotate' (Martin Liška) perf probe: - Ignore SyS symbols irrespective of endianness on PowerPC (Sandipan Das) perf trace: - Fix include path for asm-generic/unistd.h on arm64 (Kim Phillips) Core libraries: - Fix potential null pointer dereference in perf_evsel__new_idx() (Hisao Tanabe) - Use fixed size string for comms instead of scanf("%m"), that is not present in the bionic libc and leads to a crash (Chris Phlipot) - Fix bad memory access in trace info on 32-bit systems, we were reading 8 bytes from a 4-byte long variable when saving the command line in the perf.data file. (Chris Phlipot) Build system: - Streamline bpf examples and headers installation, clarifying some install messages. (Arnaldo Carvalho de Melo) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit 52ea992cfac357b73180d5c051dca43bc8d20c2a Author: Vakul Garg Date: Thu Sep 6 21:41:40 2018 +0530 net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC tls_sw_sendmsg() allocates plaintext and encrypted SG entries using function sk_alloc_sg(). In case the number of SG entries hit MAX_SKB_FRAGS, sk_alloc_sg() returns -ENOSPC and sets the variable for current SG index to '0'. This leads to calling of function tls_push_record() with 'sg_encrypted_num_elem = 0' and later causes kernel crash. To fix this, set the number of SG elements to the number of elements in plaintext/encrypted SG arrays in case sk_alloc_sg() returns -ENOSPC. Fixes: 3c4d7559159b ("tls: kernel TLS support") Signed-off-by: Vakul Garg Signed-off-by: David S. Miller commit 0e1f4c76be241377d282e34ebea6d16ff7829747 Merge: 5cf4a8532c99 37dff155dcf5 Author: David S. Miller Date: Sun Sep 9 07:59:56 2018 -0700 Merge branch 'ena-fixes' Netanel Belgazal says: ==================== bug fixes for ENA Ethernet driver ==================== Signed-off-by: David S. Miller commit 37dff155dcf57f6c08bf1641c5ddf9abd45f2b1f Author: Netanel Belgazal Date: Sun Sep 9 08:15:26 2018 +0000 net: ena: fix incorrect usage of memory barriers Added memory barriers where they were missing to support multiple architectures, and removed redundant ones. As part of removing the redundant memory barriers and improving performance, we moved to more relaxed versions of memory barriers, as well as to the more relaxed version of writel - writel_relaxed, while maintaining correctness. Signed-off-by: Netanel Belgazal Signed-off-by: David S. Miller commit 28abf4e9c9201eda5c4d29ea609d07e877b464b8 Author: Netanel Belgazal Date: Sun Sep 9 08:15:25 2018 +0000 net: ena: fix missing calls to READ_ONCE Add READ_ONCE calls where necessary (for example when iterating over a memory field that gets updated by the hardware). Signed-off-by: Netanel Belgazal Signed-off-by: David S. Miller commit 944b28aa2982b4590d4d4dfc777cf85135dca2c0 Author: Netanel Belgazal Date: Sun Sep 9 08:15:24 2018 +0000 net: ena: fix missing lock during device destruction acquire the rtnl_lock during device destruction to avoid using partially destroyed device. ena_remove() shares almost the same logic as ena_destroy_device(), so use ena_destroy_device() and avoid duplications. Signed-off-by: Netanel Belgazal Signed-off-by: David S. Miller commit fe870c77efdf8682252545cbd3d29800d8379efc Author: Netanel Belgazal Date: Sun Sep 9 08:15:23 2018 +0000 net: ena: fix potential double ena_destroy_device() ena_destroy_device() can potentially be called twice. To avoid this, check that the device is running and only then proceed destroying it. Signed-off-by: Netanel Belgazal Signed-off-by: David S. Miller commit cfa324a514233b28a6934de619183eee941f02d7 Author: Netanel Belgazal Date: Sun Sep 9 08:15:22 2018 +0000 net: ena: fix device destruction to gracefully free resources When ena_destroy_device() is called from ena_suspend(), the device is still reachable from the driver. Therefore, the driver can send a command to the device to free all resources. However, in all other cases of calling ena_destroy_device(), the device is potentially in an error state and unreachable from the driver. In these cases the driver must not send commands to the device. The current implementation does not request resource freeing from the device even when possible. We add the graceful parameter to ena_destroy_device() to enable resource freeing when possible, and use it in ena_suspend(). Signed-off-by: Netanel Belgazal Signed-off-by: David S. Miller commit ef5b0771d247379c90c8bf1332ff32f7f74bff7f Author: Netanel Belgazal Date: Sun Sep 9 08:15:21 2018 +0000 net: ena: fix driver when PAGE_SIZE == 64kB The buffer length field in the ena rx descriptor is 16 bit, and the current driver passes a full page in each ena rx descriptor. When PAGE_SIZE equals 64kB or more, the buffer length field becomes zero. To solve this issue, limit the ena Rx descriptor to use 16kB even when allocating 64kB kernel pages. This change would not impact ena device functionality, as 16kB is still larger than maximum MTU. Signed-off-by: Netanel Belgazal Signed-off-by: David S. Miller commit 772ed869f535b4ec2b134645c951ff22de4d3f79 Author: Netanel Belgazal Date: Sun Sep 9 08:15:20 2018 +0000 net: ena: fix surprise unplug NULL dereference kernel crash Starting with driver version 1.5.0, in case of a surprise device unplug, there is a race caused by invoking ena_destroy_device() from two different places. As a result, the readless register might be accessed after it was destroyed. Signed-off-by: Netanel Belgazal Signed-off-by: David S. Miller commit 9a5682765a2e5f93cf2fe7b612b8072b18f0c68a Merge: 3567994a05ba 9bc4f28af75a Author: Linus Torvalds Date: Sun Sep 9 07:05:15 2018 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Thomas Gleixner: "A set of fixes for x86: - Prevent multiplication result truncation on 32bit. Introduced with the early timestamp reworrk. - Ensure microcode revision storage to be consistent under all circumstances - Prevent write tearing of PTEs - Prevent confusion of user and kernel reegisters when dumping fatal signals verbosely - Make an error return value in a failure path of the vector allocation negative. Returning EINVAL might the caller assume success and causes further wreckage. - A trivial kernel doc warning fix" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mm: Use WRITE_ONCE() when setting PTEs x86/apic/vector: Make error return value negative x86/process: Don't mix user/kernel regs in 64bit __show_regs() x86/tsc: Prevent result truncation on 32bit x86: Fix kernel-doc atomic.h warnings x86/microcode: Update the new microcode revision unconditionally x86/microcode: Make sure boot_cpu_data.microcode is up-to-date commit 3567994a05ba6490f6055650fbb892c926ae7fca Merge: 225ad3cfec4c e2c631ba75a7 Author: Linus Torvalds Date: Sun Sep 9 06:55:27 2018 -0700 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timekeeping fixes from Thomas Gleixner: "Two fixes for timekeeping: - Revert to the previous kthread based update, which is unfortunately required due to lock ordering issues. The removal caused boot failures on old Core2 machines. Add a proper comment why the thread needs to stay to prevent accidental removal in the future. - Fix a silly typo in a function declaration" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: clocksource: Revert "Remove kthread" timekeeping: Fix declaration of read_persistent_wall_and_boot_offset() commit 225ad3cfec4c0ad1971b3c00f379986a3eb6ab07 Merge: e0a0d0584840 4cb205c0c50f Author: Linus Torvalds Date: Sun Sep 9 06:49:29 2018 -0700 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irqchip fix from Thomas Gleixner: "A single fix to prevent allocating excessive memory in the GIC/ITS driver. While the subject of the patch might suggest otherwise this is a real fix as some SoCs exceed the memory allocation limits and fail to boot" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/gic-v3-its: Cap lpi_id_bits to reduce memory footprint commit e0a0d05848401df48b10f3defce14a5670a0f9f6 Merge: 3243a89dcbd8 69fa6eb7d6a6 Author: Linus Torvalds Date: Sun Sep 9 06:48:06 2018 -0700 Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull cpu hotplug fixes from Thomas Gleixner: "Two fixes for the hotplug state machine code: - Move the misplaces smb() in the hotplug thread function to the proper place, otherwise a half update control struct could be observed - Prevent state corruption on error rollback, which causes the state to advance by one and as a consequence skip it in the bringup sequence" * 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: cpu/hotplug: Prevent state corruption on error rollback cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun() commit 3243a89dcbd8f5810b72ee0903d349bd000c4c9d Merge: 1d22577703b3 9b25436662d5 Author: Linus Torvalds Date: Sun Sep 9 05:54:05 2018 -0700 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random Pull random driver fix from Ted Ts'o: "Fix things so the choice of whether or not to trust RDRAND to initialize the CRNG is configurable via the boot option random.trust_cpu={on,off}" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random: random: make CPU trust a boot parameter commit 1d22577703b32f15d189466bd9c7f1973a295529 Merge: f8f65382c98a f0b0d88a8251 Author: Linus Torvalds Date: Sun Sep 9 05:42:11 2018 -0700 Merge tag 'kbuild-fixes-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild fixes from Masahiro Yamada: - make setlocalversion more robust about -dirty check - loosen the pkg-config requirement for Kconfig - change missing depmod to a warning from an error - warn modules_install when System.map is missing * tag 'kbuild-fixes-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kbuild: modules_install: warn when missing System.map file kbuild: make missing $DEPMOD a Warning instead of an Error kconfig: do not require pkg-config on make {menu,n}config kconfig: remove a spurious self-assignment scripts/setlocalversion: git: Make -dirty check more robust commit eca743dc37e1018decfb307d564387477c1ac4fd Merge: f86cf25a6091 a13bf65f3f2e Author: Greg Kroah-Hartman Date: Sun Sep 9 09:33:29 2018 +0200 Merge tag 'iio-fixes-4.19a' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus Jonathan writes: First set of IIO fixes for the 4.19 cycle. * ad9523 - sysfs write should return the number of characters used or an error, not 0 which could result in an infinite loop in userspace. * lsm6dsx - Fix computation of length when updating the watermark to include timestamps avoiding the watermark being set earlier than intended. * maxim_thermocouple - Revert a patch adding the max31856 as it's not actually compatible with the register set that this driver supports. * si1133 - Fix an impossible value check so we don't always error out whether the passed in value is good or bad. commit 5890184d2b506f88886b7322d7d44464453bd3a6 Author: Stefan Metzmacher Date: Fri Sep 7 18:24:17 2018 +0200 fs/cifs: require sha512 This got lost in commit 0fdfef9aa7ee68ddd508aef7c98630cfc054f8d6, which removed CONFIG_CIFS_SMB311. Signed-off-by: Stefan Metzmacher Fixes: 0fdfef9aa7ee68ddd ("smb3: simplify code by removing CONFIG_CIFS_SMB311") CC: Stable CC: linux-cifs@vger.kernel.org Signed-off-by: Steve French commit bcfb84a996f6fa90b5e6e2954b2accb7a4711097 Author: Stephen Rothwell Date: Mon Sep 3 13:15:58 2018 +1000 fs/cifs: suppress a string overflow warning A powerpc build of cifs with gcc v8.2.0 produces this warning: fs/cifs/cifssmb.c: In function ‘CIFSSMBNegotiate’: fs/cifs/cifssmb.c:605:3: warning: ‘strncpy’ writing 16 bytes into a region of size 1 overflows the destination [-Wstringop-overflow=] strncpy(pSMB->DialectsArray+count, protocols[i].name, 16); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Since we are already doing a strlen() on the source, change the strncpy to a memcpy(). Signed-off-by: Stephen Rothwell Signed-off-by: Steve French commit f0b0d88a825149ef3b06656886bc211c71dcb852 Author: Randy Dunlap Date: Thu Sep 6 16:37:24 2018 -0700 kbuild: modules_install: warn when missing System.map file If there is no System.map file for "make modules_install", scripts/depmod.sh will silently exit with success, having done nothing. Since this is an unexpected situation, change it to report a Warning for the missing file. The behavior is not changed except for the Warning message. The (previous) silent success and new Warning can be reproduced by: $ make mrproper; make defconfig $ make modules; make modules_install and since System.map is produced by "make vmlinux", the steps above omit producing the System.map file. Reported-by: Masahiro Yamada Signed-off-by: Randy Dunlap Signed-off-by: Masahiro Yamada commit f8f65382c98a28e3c2b20df9dd4231dca5a11682 Merge: 0f3aa48ad4c3 bdf7ffc89922 Author: Linus Torvalds Date: Sat Sep 8 15:52:45 2018 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Radim Krčmář: "ARM: - Fix a VFP corruption in 32-bit guest - Add missing cache invalidation for CoW pages - Two small cleanups s390: - Fallout from the hugetlbfs support: pfmf interpretion and locking - VSIE: fix keywrapping for nested guests PPC: - Fix a bug where pages might not get marked dirty, causing guest memory corruption on migration - Fix a bug causing reads from guest memory to use the wrong guest real address for very large HPT guests (>256G of memory), leading to failures in instruction emulation. x86: - Fix out of bound access from malicious pv ipi hypercalls (introduced in rc1) - Fix delivery of pending interrupts when entering a nested guest, preventing arbitrarily late injection - Sanitize kvm_stat output after destroying a guest - Fix infinite loop when emulating a nested guest page fault and improve the surrounding emulation code - Two minor cleanups" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (28 commits) KVM: LAPIC: Fix pv ipis out-of-bounds access KVM: nVMX: Fix loss of pending IRQ/NMI before entering L2 arm64: KVM: Remove pgd_lock KVM: Remove obsolete kvm_unmap_hva notifier backend arm64: KVM: Only force FPEXC32_EL2.EN if trapping FPSIMD KVM: arm/arm64: Clean dcache to PoC when changing PTE due to CoW KVM: s390: Properly lock mm context allow_gmap_hpage_1m setting KVM: s390: vsie: copy wrapping keys to right place KVM: s390: Fix pfmf and conditional skey emulation tools/kvm_stat: re-animate display of dead guests tools/kvm_stat: indicate dead guests as such tools/kvm_stat: handle guest removals more gracefully tools/kvm_stat: don't reset stats when setting PID filter for debugfs tools/kvm_stat: fix updates for dead guests tools/kvm_stat: fix handling of invalid paths in debugfs provider tools/kvm_stat: fix python3 issues KVM: x86: Unexport x86_emulate_instruction() KVM: x86: Rename emulate_instruction() to kvm_emulate_instruction() KVM: x86: Do not re-{try,execute} after failed emulation in L2 KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault ... commit 0f3aa48ad4c307fb72b8eb43add26c8f314d396a Merge: d7b686ebf704 a132bb90414b Author: Linus Torvalds Date: Sat Sep 8 15:38:57 2018 -0700 Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Olof Johansson: "A few more fixes who have trickled in: - MMC bus width fixup for some Allwinner platforms - Fix for NULL deref in ti-aemif when no platform data is passed in - Fix div by 0 in SCMI code - Add a missing module alias in a new RPi driver" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: memory: ti-aemif: fix a potential NULL-pointer dereference firmware: arm_scmi: fix divide by zero when sustained_perf_level is zero hwmon: rpi: add module alias to raspberrypi-hwmon arm64: allwinner: dts: h6: fix Pine H64 MMC bus width commit a132bb90414bfad4f8ee23cb45fe6946a89b167d Merge: 6b45a2b1c0bc d177c8b61d6b Author: Olof Johansson Date: Sat Sep 8 10:04:37 2018 -0700 Merge tag 'sunxi-fixes-for-4.19' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux into fixes Allwinner fixes for 4.19 Just one fix for H6 mmc on the Pine H64: the mmc bus width was missing from the device tree. This was added in 4.19-rc1. * tag 'sunxi-fixes-for-4.19' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux: arm64: allwinner: dts: h6: fix Pine H64 MMC bus width Signed-off-by: Olof Johansson commit 9bc4f28af75a91aea0ae383f50b0a430c4509303 Author: Nadav Amit Date: Sun Sep 2 11:14:50 2018 -0700 x86/mm: Use WRITE_ONCE() when setting PTEs When page-table entries are set, the compiler might optimize their assignment by using multiple instructions to set the PTE. This might turn into a security hazard if the user somehow manages to use the interim PTE. L1TF does not make our lives easier, making even an interim non-present PTE a security hazard. Using WRITE_ONCE() to set PTEs and friends should prevent this potential security hazard. I skimmed the differences in the binary with and without this patch. The differences are (obviously) greater when CONFIG_PARAVIRT=n as more code optimizations are possible. For better and worse, the impact on the binary with this patch is pretty small. Skimming the code did not cause anything to jump out as a security hazard, but it seems that at least move_soft_dirty_pte() caused set_pte_at() to use multiple writes. Signed-off-by: Nadav Amit Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Cc: Dave Hansen Cc: Andi Kleen Cc: Josh Poimboeuf Cc: Michal Hocko Cc: Vlastimil Babka Cc: Sean Christopherson Cc: Andy Lutomirski Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180902181451.80520-1-namit@vmware.com commit 47b7360ce563e18c524ce92b55fb4da72b3b3578 Author: Thomas Gleixner Date: Sat Sep 8 12:07:26 2018 +0200 x86/apic/vector: Make error return value negative activate_managed() returns EINVAL instead of -EINVAL in case of error. While this is unlikely to happen, the positive return value would cause further malfunction at the call site. Fixes: 2db1f959d9dc ("x86/vector: Handle managed interrupts proper") Signed-off-by: Thomas Gleixner Cc: stable@vger.kernel.org commit 5cf4a8532c992bb22a9ecd5f6d93f873f4eaccc2 Author: Vincent Whitchurch Date: Thu Sep 6 15:54:59 2018 +0200 tcp: really ignore MSG_ZEROCOPY if no SO_ZEROCOPY According to the documentation in msg_zerocopy.rst, the SO_ZEROCOPY flag was introduced because send(2) ignores unknown message flags and any legacy application which was accidentally passing the equivalent of MSG_ZEROCOPY earlier should not see any new behaviour. Before commit f214f915e7db ("tcp: enable MSG_ZEROCOPY"), a send(2) call which passed the equivalent of MSG_ZEROCOPY without setting SO_ZEROCOPY would succeed. However, after that commit, it fails with -ENOBUFS. So it appears that the SO_ZEROCOPY flag fails to fulfill its intended purpose. Fix it. Fixes: f214f915e7db ("tcp: enable MSG_ZEROCOPY") Signed-off-by: Vincent Whitchurch Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit a162c3511410b50f09c002fea56fea2153b679d0 Author: Cong Wang Date: Thu Sep 6 14:50:16 2018 -0700 net_sched: properly cancel netlink dump on failure When nla_put*() fails after nla_nest_start(), we need to call nla_nest_cancel() to cancel the message, otherwise we end up calling nla_nest_end() like a success. Fixes: 0ed5269f9e41 ("net/sched: add tunnel option support to act_tunnel_key") Cc: Davide Caratti Cc: Simon Horman Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 8edfe2e992b75aee3da9316e9697c531194c2f53 Author: Juergen Gross Date: Fri Sep 7 14:21:30 2018 +0200 xen/netfront: fix waiting for xenbus state change Commit 822fb18a82aba ("xen-netfront: wait xenbus state change when load module manually") added a new wait queue to wait on for a state change when the module is loaded manually. Unfortunately there is no wakeup anywhere to stop that waiting. Instead of introducing a new wait queue rename the existing module_unload_q to module_wq and use it for both purposes (loading and unloading). As any state change of the backend might be intended to stop waiting do the wake_up_all() in any case when netback_changed() is called. Fixes: 822fb18a82aba ("xen-netfront: wait xenbus state change when load module manually") Cc: #4.18 Signed-off-by: Juergen Gross Reviewed-by: Boris Ostrovsky Signed-off-by: David S. Miller commit d7b686ebf704e3d91925a535a0905ba6be23757c Merge: 2c34a0e041a7 da4dfaf8428d Author: Linus Torvalds Date: Fri Sep 7 17:30:40 2018 -0700 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: - bugfixes for uniphier, i801, and xiic drivers - ID removal (never produced) for imx - one MAINTAINER addition * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: xiic: Record xilinx i2c with Zynq fragment i2c: xiic: Make the start and the byte count write atomic i2c: i801: fix DNV's SMBCTRL register offset i2c: imx-lpi2c: Remove mx8dv compatible entry dt-bindings: imx-lpi2c: Remove mx8dv compatible entry i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP i2c: uniphier: issue STOP only for last message or I2C_M_STOP commit 2c34a0e041a7063e6e3b3be8866a88975f3342d4 Merge: ecfe951f0c1b dd45210b6dd4 Author: Linus Torvalds Date: Fri Sep 7 16:45:32 2018 -0700 Merge tag 'arc-4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC updates from Vineet Gupta: - Fix for atomic_fetch_#op [Will Deacon] - Enable per device IOC [Eugeniy Paltsev] - Remove redundant gcc version checks [Masahiro Yamada] - Miscll platform config/DT updates [Alexey Brodkin] * tag 'arc-4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: don't check for HIGHMEM pages in arch_dma_alloc ARC: IOC: panic if both IOC and ZONE_HIGHMEM enabled ARC: dma [IOC] Enable per device io coherency ARC: dma [IOC]: mark DMA devices connected as dma-coherent ARC: atomics: unbork atomic_fetch_##op() arc: remove redundant GCC version checks ARC: sort Kconfig ARC: cleanup show_faulting_vma() ARC: [plat-axs*]: Enable SWAP ARC: [plat-axs*/plat-hsdk]: Allow U-Boot to pass MAC-address to the kernel ARC: configs: cleanup commit ecfe951f0c1b169ea4b7dd6f3a404dfedd795bc2 Author: David Howells Date: Fri Sep 7 23:55:17 2018 +0100 afs: Fix cell specification to permit an empty address list Fix the cell specification mechanism to allow cells to be pre-created without having to specify at least one address (the addresses will be upcalled for). This allows the cell information preload service to avoid the need to issue loads of DNS lookups during boot to get the addresses for each cell (500+ lookups for the 'standard' cell list[*]). The lookups can be done later as each cell is accessed through the filesystem. Also remove the print statement that prints a line every time a new cell is added. [*] There are 144 cells in the list. Each cell is first looked up for an SRV record, and if that fails, for an AFSDB record. These get a list of server names, each of which then has to be looked up to get the addresses for that server. E.g.: dig srv _afs3-vlserver._udp.grand.central.org Signed-off-by: David Howells Signed-off-by: Linus Torvalds commit a987785dcd6c8ae2915460582aebd6481c81eb67 Author: Jay Kamat Date: Fri Sep 7 14:34:05 2018 -0700 Add tests for memory.oom.group Add tests for memory.oom.group for the following cases: - Killing all processes in a leaf cgroup, but leaving the parent untouched - Killing all processes in a parent and leaf cgroup - Keeping processes marked by OOM_SCORE_ADJ_MIN alive when considered for being killed by the group oom killer. Signed-off-by: Jay Kamat Acked-by: Roman Gushchin Signed-off-by: Shuah Khan (Samsung OSG) commit 48c2bb0b9cf863e0ed78e269f188ce65b73e0fd1 Author: Jay Kamat Date: Fri Sep 7 14:34:04 2018 -0700 Fix cg_read_strcmp() Fix a couple issues with cg_read_strcmp(), to improve correctness of cgroup tests - Fix cg_read_strcmp() always returning 0 for empty "needle" strings. Previously, this function read to a size = 1 buffer when comparing against empty strings, which would lead to cg_read_strcmp() comparing two empty strings. - Fix a memory leak in cg_read_strcmp() Fixes: 84092dbcf901 ("selftests: cgroup: add memory controller self-tests") Signed-off-by: Jay Kamat Acked-by: Roman Gushchin Signed-off-by: Shuah Khan (Samsung OSG) commit f74dd480cf4e31e12971c58a1d832044db945670 Author: Maciej S. Szmigiero Date: Fri Sep 7 20:15:22 2018 +0200 r8169: set TxConfig register after TX / RX is enabled, just like RxConfig Commit 3559d81e76bf ("r8169: simplify rtl_hw_start_8169") changed order of two register writes: 1) Caused RxConfig to be written before TX / RX is enabled, 2) Caused TxConfig to be written before TX / RX is enabled. At least on XIDs 10000000 ("RTL8169sb/8110sb") and 18000000 ("RTL8169sc/8110sc") such writes are ignored by the chip, leaving values in these registers intact. Change 1) was reverted by commit 05212ba8132b42 ("r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices"), however change 2) wasn't. In practice, this caused TxConfig's "InterFrameGap time" and "Max DMA Burst Size per Tx DMA Burst" bits to be zero dramatically reducing TX performance (in my tests it dropped from around 500Mbps to around 50Mbps). This patch fixes the issue by moving TxConfig register write a bit later in the code so it happens after TX / RX is already enabled. Fixes: 05212ba8132b42 ("r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices") Signed-off-by: Maciej S. Szmigiero Signed-off-by: David S. Miller commit 3d0e7a9e00fd8f0de499ac3f57331d0d378304c4 Merge: a12ed06ba2d3 41a950411265 Author: Linus Torvalds Date: Fri Sep 7 12:15:37 2018 -0700 Merge tag 'md/4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md Pull MD fixes from Shaohua Li: - Fix a locking issue for md-cluster (Guoqing) - Fix a sync crash for raid10 (Ni) - Fix a reshape bug with raid5 cache enabled (me) * tag 'md/4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md: md-cluster: release RESYNC lock after the last resync message RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 md/raid5-cache: disable reshape completely commit a12ed06ba2d3fa60e08e7449fe0c1715de401395 Merge: d042a240a823 e92c0eaf7543 Author: Linus Torvalds Date: Fri Sep 7 10:57:59 2018 -0700 Merge tag 'ceph-for-4.19-rc3' of https://github.com/ceph/ceph-client Pull ceph fixes from Ilya Dryomov: "Two rbd patches to complete support for images within namespaces that went into -rc1 and a use-after-free fix. The rbd changes have been sitting in a branch for quite a while but couldn't be included into the -rc1 pull request because of a pending wire protocol backwards compatibility fixup that only got committed early this week" * tag 'ceph-for-4.19-rc3' of https://github.com/ceph/ceph-client: rbd: support cloning across namespaces rbd: factor out get_parent_info() ceph: avoid a use-after-free in ceph_destroy_options() commit d042a240a823d4c048c4b0a5c19c65ac75b7addb Merge: 4ff8a142bdb3 9bdda4e9cf2d Author: Linus Torvalds Date: Fri Sep 7 10:54:46 2018 -0700 Merge tag 'for_v4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull fsnotify fix from Jan Kara: "A small fsnotify fix from Amir" * tag 'for_v4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: fsnotify: fix ignore mask logic in fsnotify() commit 4ff8a142bdb395482dd8744ed5ec2994dc3b81a3 Merge: 539373401411 fac880c7d074 Author: Linus Torvalds Date: Fri Sep 7 10:37:23 2018 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fix from Will Deacon: "Just one small fix here, preventing a VM_WARN_ON when a !present PMD/PUD is "freed" as part of a huge ioremap() operation. The correct behaviour is to skip the free silently in this case, which is a little weird (the function is a bit of a misnomer), but it follows the x86 implementation" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: fix erroneous warnings in page freeing functions commit 539373401411bdc9c9bdedb9908196c8dcccfc43 Merge: 69ddce94e368 a6b7eb3b4176 Author: Linus Torvalds Date: Fri Sep 7 10:25:26 2018 -0700 Merge tag 'acpi-4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "These fix a regression from the 4.18 cycle in the ACPI driver for Intel SoCs (LPSS) and prevent dmi_check_system() from being called on non-x86 systems in the ACPI core. Specifics: - Fix a power management regression in the ACPI driver for Intel SoCs (LPSS) introduced by a system-wide suspend/resume fix during the 4.18 cycle (Zhang Rui). - Prevent dmi_check_system() from being called on non-x86 systems in the ACPI core (Jean Delvare)" * tag 'acpi-4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI / LPSS: Force LPSS quirks on boot ACPI / bus: Only call dmi_check_system() on X86 commit 69ddce94e3681e63595690eba2310440f8349c4a Merge: a49a9dcce802 f7c50fa636f7 Author: Linus Torvalds Date: Fri Sep 7 10:20:31 2018 -0700 Merge tag 'sound-4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Just a few small fixes: - a fix for the recursive work cancellation in a specific HD-audio operation mode - a fix for potentially uninitialized memory access via rawmidi - the register bit access fixes for ASoC HD-audio" * tag 'sound-4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda: Fix several mismatch for register mask and value ALSA: rawmidi: Initialize allocated buffers ALSA: hda - Fix cancel_work_sync() stall from jackpoll work commit bdf7ffc89922a52a4f08a12f7421ea24bb7626a0 Author: Wanpeng Li Date: Thu Aug 30 10:03:30 2018 +0800 KVM: LAPIC: Fix pv ipis out-of-bounds access Dan Carpenter reported that the untrusted data returns from kvm_register_read() results in the following static checker warning: arch/x86/kvm/lapic.c:576 kvm_pv_send_ipi() error: buffer underflow 'map->phys_map' 's32min-s32max' KVM guest can easily trigger this by executing the following assembly sequence in Ring0: mov $10, %rax mov $0xFFFFFFFF, %rbx mov $0xFFFFFFFF, %rdx mov $0, %rsi vmcall As this will cause KVM to execute the following code-path: vmx_handle_exit() -> handle_vmcall() -> kvm_emulate_hypercall() -> kvm_pv_send_ipi() which will reach out-of-bounds access. This patch fixes it by adding a check to kvm_pv_send_ipi() against map->max_apic_id, ignoring destinations that are not present and delivering the rest. We also check whether or not map->phys_map[min + i] is NULL since the max_apic_id is set to the max apic id, some phys_map maybe NULL when apic id is sparse, especially kvm unconditionally set max_apic_id to 255 to reserve enough space for any xAPIC ID. Reported-by: Dan Carpenter Reviewed-by: Liran Alon Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Liran Alon Cc: Dan Carpenter Signed-off-by: Wanpeng Li [Add second "if (min > map->max_apic_id)" to complete the fix. -Radim] Signed-off-by: Radim Krčmář commit b5861e5cf2fcf83031ea3e26b0a69d887adf7d21 Author: Liran Alon Date: Mon Sep 3 15:20:22 2018 +0300 KVM: nVMX: Fix loss of pending IRQ/NMI before entering L2 Consider the case L1 had a IRQ/NMI event until it executed VMLAUNCH/VMRESUME which wasn't delivered because it was disallowed (e.g. interrupts disabled). When L1 executes VMLAUNCH/VMRESUME, L0 needs to evaluate if this pending event should cause an exit from L2 to L1 or delivered directly to L2 (e.g. In case L1 don't intercept EXTERNAL_INTERRUPT). Usually this would be handled by L0 requesting a IRQ/NMI window by setting VMCS accordingly. However, this setting was done on VMCS01 and now VMCS02 is active instead. Thus, when L1 executes VMLAUNCH/VMRESUME we force L0 to perform pending event evaluation by requesting a KVM_REQ_EVENT. Note that above scenario exists when L1 KVM is about to enter L2 but requests an "immediate-exit". As in this case, L1 will disable-interrupts and then send a self-IPI before entering L2. Reviewed-by: Nikita Leshchenko Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Liran Alon Signed-off-by: Radim Krčmář commit 564ad0aa85b3202311c4c8744fd1fdab4568d529 Merge: ed2ef2910064 df3190e22016 Author: Radim Krčmář Date: Fri Sep 7 18:38:25 2018 +0200 Merge tag 'kvm-arm-fixes-for-v4.19-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm Fixes for KVM/ARM for Linux v4.19 v2: - Fix a VFP corruption in 32-bit guest - Add missing cache invalidation for CoW pages - Two small cleanups commit c793279c77035053e67937f5743c6ebfc303e7c5 Author: Guenter Roeck Date: Thu Sep 6 09:47:51 2018 -0700 hwmon: (nct6775) Fix access to fan pulse registers Not all fans have a fan pulse register. This can result in reading beyond the end of REG_FAN_PULSES and FAN_PULSE_SHIFT arrays, and was reported by smatch as possible error. 1672 for (i = 0; i < ARRAY_SIZE(data->rpm); i++) { ^^^^^^^^^^^^^^^^^^^^^^^^ This is a 7 element array. ... 1685 data->fan_pulses[i] = 1686 (nct6775_read_value(data, data->REG_FAN_PULSES[i]) 1687 >> data->FAN_PULSE_SHIFT[i]) & 0x03; ^^^^^^^^^^^^^^^^^^^^^^^^ FAN_PULSE_SHIFT is either 5 or 6 elements. To fix the problem, we have to ensure that all REG_FAN_PULSES and FAN_PULSE_SHIFT have the appropriate length, and that REG_FAN_PULSES is only read if the register actually exists. Fixes: 6c009501ff200 ("hwmon: (nct6775) Add support for NCT6102D/6106D") Reported-by: Dan Carpenter Signed-off-by: Guenter Roeck commit ed2ef29100644eabc6099cbf1a3aa9d938555ab8 Merge: 732b53146ac8 df88f3181f10 Author: Radim Krčmář Date: Fri Sep 7 18:30:47 2018 +0200 Merge tag 'kvm-s390-master-4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux KVM: s390: Fixes for 4.19 - Fallout from the hugetlbfs support: pfmf interpretion and locking - VSIE: fix keywrapping for nested guests commit df3190e22016abf74ef67c9691e9fa1012a66bd5 Author: Steven Price Date: Mon Aug 13 17:04:53 2018 +0100 arm64: KVM: Remove pgd_lock The lock has never been used and the page tables are protected by mmu_lock in struct kvm. Reviewed-by: Suzuki K Poulose Signed-off-by: Steven Price Signed-off-by: Marc Zyngier Signed-off-by: Christoffer Dall commit a35381e10dc46dd75e65e4b3832d9a0005d48d44 Author: Marc Zyngier Date: Thu Aug 23 10:18:14 2018 +0100 KVM: Remove obsolete kvm_unmap_hva notifier backend kvm_unmap_hva is long gone, and we only have kvm_unmap_hva_range to deal with. Drop the now obsolete code. Fixes: fb1522e099f0 ("KVM: update to new mmu_notifier semantic v2") Cc: James Hogan Reviewed-by: Paolo Bonzini Signed-off-by: Marc Zyngier Signed-off-by: Christoffer Dall commit 7d14919c0d475a795c0127631ac8ecb2b0f31831 Author: Marc Zyngier Date: Thu Aug 23 11:51:43 2018 +0100 arm64: KVM: Only force FPEXC32_EL2.EN if trapping FPSIMD If trapping FPSIMD in the context of an AArch32 guest, it is critical to set FPEXC32_EL2.EN to 1 so that the trapping is taken to EL2 and not EL1. Conversely, it is just as critical *not* to set FPEXC32_EL2.EN to 1 if we're not going to trap FPSIMD, as we then corrupt the existing VFP state. Moving the call to __activate_traps_fpsimd32 to the point where we know for sure that we are going to trap ensures that we don't set that bit spuriously. Fixes: e6b673b741ea ("KVM: arm64: Optimise FPSIMD handling to reduce guest/host thrashing") Cc: stable@vger.kernel.org # v4.18 Cc: Dave Martin Reported-by: Alexander Graf Tested-by: Alexander Graf Signed-off-by: Marc Zyngier Signed-off-by: Christoffer Dall commit 694556d54f354d3fe43bb2e61fd6103cca2638a4 Author: Marc Zyngier Date: Thu Aug 23 09:58:27 2018 +0100 KVM: arm/arm64: Clean dcache to PoC when changing PTE due to CoW When triggering a CoW, we unmap the RO page via an MMU notifier (invalidate_range_start), and then populate the new PTE using another one (change_pte). In the meantime, we'll have copied the old page into the new one. The problem is that the data for the new page is sitting in the cache, and should the guest have an uncached mapping to that page (or its MMU off), following accesses will bypass the cache. In a way, this is similar to what happens on a translation fault: We need to clean the page to the PoC before mapping it. So let's just do that. This fixes a KVM unit test regression observed on a HiSilicon platform, and subsequently reproduced on Seattle. Fixes: a9c0e12ebee5 ("KVM: arm/arm64: Only clean the dcache on translation fault") Cc: stable@vger.kernel.org # v4.16+ Reported-by: Mike Galbraith Signed-off-by: Marc Zyngier Signed-off-by: Christoffer Dall commit da4dfaf8428d9f71e2ac4f736bacb81adab36504 Author: Michal Simek Date: Fri Sep 7 08:02:05 2018 +0200 i2c: xiic: Record xilinx i2c with Zynq fragment Include xilinx soft i2c controller to Zynq fragment to make clear who is responsible for it. Signed-off-by: Michal Simek Signed-off-by: Wolfram Sang commit 80a6ec7d5e1653208eb53f6738620dab98f6f50e Author: Chen-Yu Tsai Date: Thu Sep 6 21:25:37 2018 +0800 clk: sunxi-ng: sun4i: Set VCO and PLL bias current to lowest setting The default mid-level PLL bias current setting interferes with sigma delta modulation. This manifests as decreased audio quality at lower sampling rates, which sounds like radio broadcast quality, and distortion noises at sampling rates at 48 kHz or above. Changing the bias current settings to the lowest gets rid of the noise. Fixes: de3448519194 ("clk: sunxi-ng: sun4i: Use sigma-delta modulation for audio PLL") Cc: # 4.15.x Signed-off-by: Chen-Yu Tsai Signed-off-by: Maxime Ripard commit a6b7eb3b4176d9732d74d214b349932faa5524b4 Merge: f11fc4bc669b 5d128fbd8b20 Author: Rafael J. Wysocki Date: Fri Sep 7 10:05:20 2018 +0200 Merge branch 'acpi-bus' Merge ACPI core fix to avoid calling dmi_check_system() on non-x86. * acpi-bus: ACPI / bus: Only call dmi_check_system() on X86 commit 4c4af6900844ab04c9434c972021d7b48610e06a Author: Marek Lindner Date: Fri Sep 7 05:45:55 2018 +0800 batman-adv: fix hardif_neigh refcount on queue_work() failure The hardif_neigh refcounter is to be decreased by the queued work and currently is never decreased if the queue_work() call fails. Fix by checking the queue_work() return value and decrease refcount if necessary. Signed-off-by: Marek Lindner Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich commit 5af96b9c59c72fb2af2d19c5cc2f3cdcee391dff Author: Marek Lindner Date: Fri Sep 7 05:45:54 2018 +0800 batman-adv: fix backbone_gw refcount on queue_work() failure The backbone_gw refcounter is to be decreased by the queued work and currently is never decreased if the queue_work() call fails. Fix by checking the queue_work() return value and decrease refcount if necessary. Signed-off-by: Marek Lindner Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich commit 8f5c5fcf353302374b36232d6885c1a3b579e5ca Author: Cong Wang Date: Tue Sep 4 14:54:55 2018 -0700 tipc: call start and done ops directly in __tipc_nl_compat_dumpit() __tipc_nl_compat_dumpit() uses a netlink_callback on stack, so the only way to align it with other ->dumpit() call path is calling tipc_dump_start() and tipc_dump_done() directly inside it. Otherwise ->dumpit() would always get NULL from cb->args[]. But tipc_dump_start() uses sock_net(cb->skb->sk) to retrieve net pointer, the cb->skb here doesn't set skb->sk, the net pointer is saved in msg->net instead, so introduce a helper function __tipc_dump_start() to pass in msg->net. Ying pointed out cb->args[0...3] are already used by other callbacks on this call path, so we can't use cb->args[0] any more, use cb->args[4] instead. Fixes: 9a07efa9aea2 ("tipc: switch to rhashtable iterator") Reported-and-tested-by: syzbot+e93a2c41f91b8e2c7d9b@syzkaller.appspotmail.com Cc: Jon Maloy Cc: Ying Xue Signed-off-by: Cong Wang Acked-by: Ying Xue Signed-off-by: David S. Miller commit a49a9dcce802b3651013f659813df1361d306172 Merge: 631267f6adcc 67c6ed7cf9eb Author: Linus Torvalds Date: Thu Sep 6 20:19:57 2018 -0700 Merge tag 'drm-fixes-2018-09-07' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "Seems to have been overly quiet this week so I expect next week will be more stuff, just one pull from Rodrigo with i915 fixes in it. Quoting Rodrigo: 'The critical fix here on display side is the DP MST regression one. But this pull also include fixes for DP SST, small VDSC register fix and GVT's bucked with "BXT fixes, two guest warning fixes, dmabuf format mod fix and one for recent multiple VM timeout failure'." * tag 'drm-fixes-2018-09-07' of git://anongit.freedesktop.org/drm/drm: drm/i915/dp_mst: Fix enabling pipe clock for all streams drm/i915/dsc: Fix PPS register definition macros for 2nd VDSC engine drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse" drm/i915/gvt: Give new born vGPU higher scheduling chance drm/i915/gvt: Fix drm_format_mod value for vGPU plane drm/i915/gvt: move intel_runtime_pm_get out of spin_lock in stop_schedule drm/i915/gvt: Handle GEN9_WM_CHICKEN3 with F_CMD_ACCESS. drm/i915/gvt: Make correct handling to vreg BXT_PHY_CTL_FAMILY drm/i915/gvt: emulate gen9 dbuf ctl register access commit 631267f6adcc8d760d145dbd33d83d133d2733d7 Merge: 2601dd392dd1 c90bbce9eedd Author: Linus Torvalds Date: Thu Sep 6 19:35:30 2018 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu Pull m68knommu fix from Greg Ungerer: "A single change to fix booting on ColdFire platforms that have RAM starting at a non-0 address" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu: m68k: fix early memory reservation for ColdFire MMU systems commit 67c6ed7cf9ebe53815f15bfdeb49ad91801c2235 Merge: 57361846b52b 2b82435cb90b Author: Dave Airlie Date: Fri Sep 7 11:06:58 2018 +1000 Merge tag 'drm-intel-fixes-2018-09-05' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes The critical fix here on display side is the DP MST regression one. But this pull also include fixes for DP SST, small VDSC register fix and GVT's bucked with "BXT fixes, two guest warning fixes, dmabuf format mod fix and one for recent multiple VM timeout failure." Signed-off-by: Dave Airlie From: Rodrigo Vivi Link: https://patchwork.freedesktop.org/patch/msgid/20180905183000.GA2151@intel.com commit 2601dd392dd1cabd11935448c0afe3293feb27a3 Merge: c6ff25ce3564 0f02cfbc3d9e Author: Linus Torvalds Date: Thu Sep 6 15:42:10 2018 -0700 Merge tag 'mips_fixes_4.19_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux Pull MIPS fix from Paul Burton: "A single fix for v4.19-rc3, resolving a problem with our VDSO data page for systems with dcache aliasing. Those systems could previously observe stale data, causing clock_gettime() & gettimeofday() to return incorrect values" * tag 'mips_fixes_4.19_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: MIPS: VDSO: Match data page cache colouring when D$ aliases commit c6ff25ce3564ac3a61f2f0a45d5d9c3af423359e Merge: ca16eb342ebe 395a2076b406 Author: Linus Torvalds Date: Thu Sep 6 15:39:11 2018 -0700 Merge tag '4.19-rc2-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fixes from Steve French: "Four small SMB3 fixes, three for stable, and one minor debug clarification" * tag '4.19-rc2-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: connect to servername instead of IP for IPC$ share smb3: check for and properly advertise directory lease support smb3: minor debugging clarifications in rfc1001 len processing SMB3: Backup intent flag missing for directory opens with backupuid mounts fs/cifs: don't translate SFM_SLASH (U+F026) to backslash commit e2c631ba75a7e727e8db0a9d30a06bfd434adb3a Author: Peter Zijlstra Date: Wed Sep 5 10:41:58 2018 +0200 clocksource: Revert "Remove kthread" I turns out that the silly spawn kthread from worker was actually needed. clocksource_watchdog_kthread() cannot be called directly from clocksource_watchdog_work(), because clocksource_select() calls timekeeping_notify() which uses stop_machine(). One cannot use stop_machine() from a workqueue() due lock inversions wrt CPU hotplug. Revert the patch but add a comment that explain why we jump through such apparently silly hoops. Fixes: 7197e77abcb6 ("clocksource: Remove kthread") Reported-by: Siegfried Metz Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Tested-by: Niklas Cassel Tested-by: Kevin Shanahan Tested-by: viktor_jaegerskuepper@freenet.de Tested-by: Siegfried Metz Cc: rafael.j.wysocki@intel.com Cc: len.brown@intel.com Cc: diego.viola@gmail.com Cc: rui.zhang@intel.com Cc: bjorn.andersson@linaro.org Link: https://lkml.kernel.org/r/20180905084158.GR24124@hirez.programming.kicks-ass.net commit 5380c05b682991a6818c3755d450a3e87eeac0e5 Author: Heinz Mauelshagen Date: Thu Sep 6 14:02:54 2018 -0400 dm raid: bump target version, update comments and documentation Bump target version to reflect the documented fixes are available. Also fix some code comments (typos and clarity). Signed-off-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer commit 36a240a706d43383bbdd377522501ddd2e5771f6 Author: Heinz Mauelshagen Date: Thu Sep 6 22:54:29 2018 +0200 dm raid: fix RAID leg rebuild errors On fast devices such as NVMe, a flaw in rs_get_progress() results in false target status output when userspace lvm2 requests leg rebuilds (symptom of the failure is device health chars 'aaaaaaaa' instead of expected 'aAaAAAAA' causing lvm2 to fail). The correct sync action state definitions already exist in decipher_sync_action() so fix rs_get_progress() to use it. Change decipher_sync_action() to return an enum rather than a string for the sync states and call it from rs_get_progress(). Introduce sync_str() to translate from enum to the string that is needed by raid_status(). Signed-off-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer commit c44a5ee803d2b7ed8c2e6ce24a5c4dd60778886e Author: Heinz Mauelshagen Date: Thu Sep 6 18:33:40 2018 +0200 dm raid: fix rebuild of specific devices by updating superblock Update superblock when particular devices are requested via rebuild (e.g. lvconvert --replace ...) to avoid spurious failure with the "New device injected into existing raid set without 'delta_disks' or 'rebuild' parameter specified" error message. Signed-off-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer commit 644e2537fdc77baeeefc829524937bca64329f82 Author: Heinz Mauelshagen Date: Thu Sep 6 18:33:39 2018 +0200 dm raid: fix stripe adding reshape deadlock When initiating a stripe adding reshape, a deadlock between md_stop_writes() waiting for the sync thread to stop and the running sync thread waiting for inactive stripes occurs (this frequently happens on single-core but rarely on multi-core systems). Fix this deadlock by setting MD_RECOVERY_WAIT to have the main MD resynchronization thread worker (md_do_sync()) bail out when initiating the reshape via constructor arguments. Signed-off-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer commit ca16eb342ebedbf3bb1d8450048fe428895b0b65 Merge: db44bf4b4768 d5274b3cd6a8 Author: Linus Torvalds Date: Thu Sep 6 14:01:15 2018 -0700 Merge tag 'for-linus-20180906' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "Small collection of fixes that should go into this release. This contains: - Small series that fixes a race between blkcg teardown and writeback (Dennis Zhou) - Fix disallowing invalid block size settings from the nbd ioctl (me) - BFQ fix for a use-after-free on last release of a bfqg (Konstantin Khlebnikov) - Fix for the "don't warn for flush" fix (Mikulas)" * tag 'for-linus-20180906' of git://git.kernel.dk/linux-block: block: bfq: swap puts in bfqg_and_blkg_put block: don't warn when doing fsync on read-only devices nbd: don't allow invalid blocksize settings blkcg: use tryget logic when associating a blkg with a bio blkcg: delay blkg destruction until after writeback has finished Revert "blk-throttle: fix race between blkcg_bio_issue_check() and cgroup_rmdir()" commit 53b0cc46f27cfc2cadca609b503a7d92b5185a47 Author: Ben Skeggs Date: Tue Sep 4 15:57:11 2018 +1000 drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels Fixes eDP backlight issues on more recent laptops. Signed-off-by: Ben Skeggs commit e04cfdc9b7398c60dbc70212415ea63b6c6a93ae Author: Ben Skeggs Date: Tue Sep 4 15:57:09 2018 +1000 drm/nouveau/disp: fix DP disable race If a HPD pulse signalling the need to retrain the link occurs between the KMS driver releasing the output and the supervisor interrupt that finishes the teardown, it was possible get a NULL-ptr deref. Avoid this by marking the link as inactive earlier. Signed-off-by: Ben Skeggs commit f6d52b2172b1adfde010df34730290c282ee641b Author: Ben Skeggs Date: Tue Sep 4 15:57:07 2018 +1000 drm/nouveau/disp: move eDP panel power handling We need to do this earlier to prevent aux channel timeouts in resume paths on certain systems. Signed-off-by: Ben Skeggs commit 606557708fa06ebf21372d8fabf6f97529ab2349 Author: Ben Skeggs Date: Tue Sep 4 15:57:04 2018 +1000 drm/nouveau/disp: remove unused struct member Signed-off-by: Ben Skeggs commit 0a6986c6595e9afd20ff7280dab36431c1e467f8 Author: Ben Skeggs Date: Tue Sep 4 15:56:57 2018 +1000 drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS This Falcon application doesn't appear to be present on some newer systems, so let's not fail init if we can't find it. TBD: is there a way to determine whether it *should* be there? Signed-off-by: Ben Skeggs commit 51ed833c881b9d96557c773f6a37018d79e29a46 Author: Ben Skeggs Date: Tue Aug 28 14:10:42 2018 +1000 drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer Fixes oopses in certain failure paths. Signed-off-by: Ben Skeggs commit a43b16dda2d7485f5c5aed075c1dc9785e339515 Author: Ben Skeggs Date: Tue Aug 28 14:10:34 2018 +1000 drm/nouveau: fix oops in client init failure path The NV_ERROR macro requires drm->client to be initialised, which it may not be at this stage of the init process. Signed-off-by: Ben Skeggs commit d5986a1c4dcd00cb8b9eee4a56ee93868222a9a2 Author: Lyude Paul Date: Thu Aug 30 13:16:28 2018 -0400 drm/nouveau: Fix nouveau_connector_ddc_detect() It looks like that when we moved over to using drm_connector_for_each_possible_encoder() in nouveau, that one rather important part of this function got dropped by accident: /* Right v here */ for (i = 0; nv_encoder = NULL, i < DRM_CONNECTOR_MAX_ENCODER; i++) { int id = connector->encoder_ids[i]; if (id == 0) break; Since it's rather difficult to notice: the conditional in this loop is actually: nv_encoder = NULL, i < DRM_CONNECTOR_MAX_ENCODER Meaning that all early breaks result in nv_encoder keeping it's value, otherwise nv_encoder = NULL. Ugh. Since this got dropped, nouveau_connector_ddc_detect() now returns an encoder for every single connector, regardless of whether or not it's detected: [ 1780.056185] nouveau 0000:01:00.0: DRM: DDC responded, but no EDID for DP-2 So: fix this to ensure we only return an encoder if we actually found one, and clean up the rest of the function while we're at it since it's nearly impossible to read properly. Changes since v1: - Don't skip ddc probing for LVDS if we can't switch DDC through vga-switcheroo, just do the DDC probing without calling vga_switcheroo_lock_ddc() - skeggsb Signed-off-by: Lyude Paul Cc: Ville Syrjälä Fixes: ddba766dd07e ("drm/nouveau: Use drm_connector_for_each_possible_encoder()") Reviewed-by: Ville Syrjälä Signed-off-by: Ben Skeggs commit 2f7ca781fd382cf8dde73ed36dfdd93fd05b3332 Author: Lyude Paul Date: Tue Aug 7 17:32:48 2018 -0400 drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload Currently, there's nothing in nouveau that actually cancels this work struct. So, cancel it on suspend/unload. Otherwise, if we're unlucky enough hpd_work might try to keep running up until the system is suspended. Signed-off-by: Lyude Paul Cc: stable@vger.kernel.org Signed-off-by: Ben Skeggs commit 79e765ad665da4b8aa7e9c878bd2fef837f6fea5 Author: Lyude Paul Date: Thu Aug 16 16:13:13 2018 -0400 drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early On most systems with ACPI hotplugging support, it seems that we always receive a hotplug event once we re-enable EC interrupts even if the GPU hasn't even been resumed yet. This can cause problems since even though we schedule hpd_work to handle connector reprobing for us, hpd_work synchronizes on pm_runtime_get_sync() to wait until the device is ready to perform reprobing. Since runtime suspend/resume callbacks are disabled before the PM core calls ->suspend(), any calls to pm_runtime_get_sync() during this period will grab a runtime PM ref and return immediately with -EACCES. Because we schedule hpd_work from our ACPI HPD handler, and hpd_work synchronizes on pm_runtime_get_sync(), this causes us to launch a connector reprobe immediately even if the GPU isn't actually resumed just yet. This causes various warnings in dmesg and occasionally, also prevents some displays connected to the dedicated GPU from coming back up after suspend. Example: usb 1-4: USB disconnect, device number 14 usb 1-4.1: USB disconnect, device number 15 WARNING: CPU: 0 PID: 838 at drivers/gpu/drm/nouveau/include/nvkm/subdev/i2c.h:170 nouveau_dp_detect+0x17e/0x370 [nouveau] CPU: 0 PID: 838 Comm: kworker/0:6 Not tainted 4.17.14-201.Lyude.bz1477182.V3.fc28.x86_64 #1 Hardware name: LENOVO 20EQS64N00/20EQS64N00, BIOS N1EET77W (1.50 ) 03/28/2018 Workqueue: events nouveau_display_hpd_work [nouveau] RIP: 0010:nouveau_dp_detect+0x17e/0x370 [nouveau] RSP: 0018:ffffa15143933cf0 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8cb4f656c400 RCX: 0000000000000000 RDX: ffffa1514500e4e4 RSI: ffffa1514500e4e4 RDI: 0000000001009002 RBP: ffff8cb4f4a8a800 R08: ffffa15143933cfd R09: ffffa15143933cfc R10: 0000000000000000 R11: 0000000000000000 R12: ffff8cb4fb57a000 R13: ffff8cb4fb57a000 R14: ffff8cb4f4a8f800 R15: ffff8cb4f656c418 FS: 0000000000000000(0000) GS:ffff8cb51f400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f78ec938000 CR3: 000000073720a003 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? _cond_resched+0x15/0x30 nouveau_connector_detect+0x2ce/0x520 [nouveau] ? _cond_resched+0x15/0x30 ? ww_mutex_lock+0x12/0x40 drm_helper_probe_detect_ctx+0x8b/0xe0 [drm_kms_helper] drm_helper_hpd_irq_event+0xa8/0x120 [drm_kms_helper] nouveau_display_hpd_work+0x2a/0x60 [nouveau] process_one_work+0x187/0x340 worker_thread+0x2e/0x380 ? pwq_unbound_release_workfn+0xd0/0xd0 kthread+0x112/0x130 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x35/0x40 Code: 4c 8d 44 24 0d b9 00 05 00 00 48 89 ef ba 09 00 00 00 be 01 00 00 00 e8 e1 09 f8 ff 85 c0 0f 85 b2 01 00 00 80 7c 24 0c 03 74 02 <0f> 0b 48 89 ef e8 b8 07 f8 ff f6 05 51 1b c8 ff 02 0f 84 72 ff ---[ end trace 55d811b38fc8e71a ]--- So, to fix this we attempt to grab a runtime PM reference in the ACPI handler itself asynchronously. If the GPU is already awake (it will have normal hotplugging at this point) or runtime PM callbacks are currently disabled on the device, we drop our reference without updating the autosuspend delay. We only schedule connector reprobes when we successfully managed to queue up a resume request with our asynchronous PM ref. This also has the added benefit of preventing redundant connector reprobes from ACPI while the GPU is runtime resumed! Signed-off-by: Lyude Paul Cc: stable@vger.kernel.org Cc: Karol Herbst Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1477182#c41 Signed-off-by: Lyude Paul Signed-off-by: Ben Skeggs commit fa3cdf8d0b092c4561f9f017dfac409eb7644737 Author: Lyude Paul Date: Thu Aug 9 18:22:06 2018 -0400 drm/nouveau: Reset MST branching unit before enabling When probing a new MST device, it's not safe to make any assumptions about it's current state. While most well mannered MST hubs will just disable the branching unit on hotplug disconnects, this isn't enough to save us from various other scenarios that might have resulted in something writing to the MST branching unit before we got control of it. This could happen if a previous probe we tried failed, if we're booting in kexec context and the hub is still in the state the last kernel put it in, etc. Luckily; there is no reason we can't just reset the branching unit every time we enable a new topology. So, fix this by resetting it on enabling new topologies to ensure that we always start off with a clean, unmodified topology state on MST sinks. This fixes occasional hard-lockups on my P50's laptop dock (e.g. AUX times out all DPCD trasactions) observed after multiple docks, undocks, and module reloads. Signed-off-by: Lyude Paul Cc: stable@vger.kernel.org Cc: Karol Herbst Signed-off-by: Ben Skeggs commit b26b4590dd53e012526342e749c423e6c0e73437 Author: Lyude Paul Date: Thu Aug 9 18:22:05 2018 -0400 drm/nouveau: Only write DP_MSTM_CTRL when needed Currently, nouveau will re-write the DP_MSTM_CTRL register for an MST hub every time it receives a long HPD pulse on DP. This isn't actually necessary and additionally, has some unintended side effects. With the P50 I've got here, rewriting DP_MSTM_CTRL constantly seems to make it rather likely (1 out of 5 times usually) that bringing up MST with it's ThinkPad dock will fail and result in sideband messages timing out in the middle. Afterwards, successive probes don't manage to get the dock to communicate properly over MST sideband properly. Many times sideband message timeouts from MST hubs are indicative of either the source or the sink dropping an ESI event, which can cause DRM's perspective of the topology's current state to go out of sync with reality. While it's tough to really know for sure what's happening to the dock, using userspace tools to write to DP_MSTM_CTRL in the middle of the MST link probing process does appear to make things flaky. It's possible that when we write to DP_MSTM_CTRL, the function that gets triggered to respond in the dock's firmware temporarily puts it in a state where it might end up not reporting an ESI to the source, or ends up dropping a sideband message we sent it. So, to fix this we make it so that when probing an MST topology, we respect it's current state. If the dock's already enabled, we simply read DP_MSTM_CTRL and disable the topology if it's value is not what we expected. Otherwise, we perform the normal MST probing dance. We avoid taking any action except if the state of the MST topology actually changes. This fixes MST sideband message timeouts and detection failures on my P50 with its ThinkPad dock. Signed-off-by: Lyude Paul Cc: stable@vger.kernel.org Cc: Karol Herbst Signed-off-by: Ben Skeggs commit 7326ead9828e5eb5c6030d80310241c404e919f9 Author: Lyude Paul Date: Wed Aug 15 15:15:13 2018 -0400 drm/nouveau: Remove useless poll_enable() call in drm_load() Again, this doesn't do anything. drm_kms_helper_poll_enable() will have already been called in nouveau_display_init() Signed-off-by: Lyude Paul Reviewed-by: Karol Herbst Acked-by: Daniel Vetter Cc: Lukas Wunner Signed-off-by: Ben Skeggs commit 0d7b2d4def679cae3bf2728fc31be7f8a48ceab3 Author: Lyude Paul Date: Wed Aug 15 15:15:12 2018 -0400 drm/nouveau: Remove useless poll_disable() call in switcheroo_set_state() This won't do anything but potentially make us miss hotplugs. We already call drm_kms_helper_poll_disable() in nouveau_pmops_suspend()->nouveau_display_suspend()->nouveau_display_fini() Signed-off-by: Lyude Paul Reviewed-by: Karol Herbst Acked-by: Daniel Vetter Cc: Lukas Wunner Signed-off-by: Ben Skeggs commit 0445f7537d0742e4f8bcf594a8d81fb901fd131e Author: Lyude Paul Date: Wed Aug 15 15:15:11 2018 -0400 drm/nouveau: Remove useless poll_enable() call in switcheroo_set_state() This doesn't do anything, drm_kms_helper_poll_enable() gets called in nouveau_pmops_resume()->nouveau_display_resume()->nouveau_display_init() already. Signed-off-by: Lyude Paul Reviewed-by: Karol Herbst Acked-by: Daniel Vetter Cc: Lukas Wunner Signed-off-by: Ben Skeggs commit 3e1a12754d4df5804bfca5dedf09d2ba291bdc2a Author: Lyude Paul Date: Wed Aug 15 15:00:15 2018 -0400 drm/nouveau: Fix deadlocks in nouveau_connector_detect() When we disable hotplugging on the GPU, we need to be able to synchronize with each connector's hotplug interrupt handler before the interrupt is finally disabled. This can be a problem however, since nouveau_connector_detect() currently grabs a runtime power reference when handling connector probing. This will deadlock the runtime suspend handler like so: [ 861.480896] INFO: task kworker/0:2:61 blocked for more than 120 seconds. [ 861.483290] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.485158] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.486332] kworker/0:2 D 0 61 2 0x80000000 [ 861.487044] Workqueue: events nouveau_display_hpd_work [nouveau] [ 861.487737] Call Trace: [ 861.488394] __schedule+0x322/0xaf0 [ 861.489070] schedule+0x33/0x90 [ 861.489744] rpm_resume+0x19c/0x850 [ 861.490392] ? finish_wait+0x90/0x90 [ 861.491068] __pm_runtime_resume+0x4e/0x90 [ 861.491753] nouveau_display_hpd_work+0x22/0x60 [nouveau] [ 861.492416] process_one_work+0x231/0x620 [ 861.493068] worker_thread+0x44/0x3a0 [ 861.493722] kthread+0x12b/0x150 [ 861.494342] ? wq_pool_ids_show+0x140/0x140 [ 861.494991] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.495648] ret_from_fork+0x3a/0x50 [ 861.496304] INFO: task kworker/6:2:320 blocked for more than 120 seconds. [ 861.496968] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.497654] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.498341] kworker/6:2 D 0 320 2 0x80000080 [ 861.499045] Workqueue: pm pm_runtime_work [ 861.499739] Call Trace: [ 861.500428] __schedule+0x322/0xaf0 [ 861.501134] ? wait_for_completion+0x104/0x190 [ 861.501851] schedule+0x33/0x90 [ 861.502564] schedule_timeout+0x3a5/0x590 [ 861.503284] ? mark_held_locks+0x58/0x80 [ 861.503988] ? _raw_spin_unlock_irq+0x2c/0x40 [ 861.504710] ? wait_for_completion+0x104/0x190 [ 861.505417] ? trace_hardirqs_on_caller+0xf4/0x190 [ 861.506136] ? wait_for_completion+0x104/0x190 [ 861.506845] wait_for_completion+0x12c/0x190 [ 861.507555] ? wake_up_q+0x80/0x80 [ 861.508268] flush_work+0x1c9/0x280 [ 861.508990] ? flush_workqueue_prep_pwqs+0x1b0/0x1b0 [ 861.509735] nvif_notify_put+0xb1/0xc0 [nouveau] [ 861.510482] nouveau_display_fini+0xbd/0x170 [nouveau] [ 861.511241] nouveau_display_suspend+0x67/0x120 [nouveau] [ 861.511969] nouveau_do_suspend+0x5e/0x2d0 [nouveau] [ 861.512715] nouveau_pmops_runtime_suspend+0x47/0xb0 [nouveau] [ 861.513435] pci_pm_runtime_suspend+0x6b/0x180 [ 861.514165] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.514897] __rpm_callback+0x7a/0x1d0 [ 861.515618] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.516313] rpm_callback+0x24/0x80 [ 861.517027] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.517741] rpm_suspend+0x142/0x6b0 [ 861.518449] pm_runtime_work+0x97/0xc0 [ 861.519144] process_one_work+0x231/0x620 [ 861.519831] worker_thread+0x44/0x3a0 [ 861.520522] kthread+0x12b/0x150 [ 861.521220] ? wq_pool_ids_show+0x140/0x140 [ 861.521925] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.522622] ret_from_fork+0x3a/0x50 [ 861.523299] INFO: task kworker/6:0:1329 blocked for more than 120 seconds. [ 861.523977] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.524644] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.525349] kworker/6:0 D 0 1329 2 0x80000000 [ 861.526073] Workqueue: events nvif_notify_work [nouveau] [ 861.526751] Call Trace: [ 861.527411] __schedule+0x322/0xaf0 [ 861.528089] schedule+0x33/0x90 [ 861.528758] rpm_resume+0x19c/0x850 [ 861.529399] ? finish_wait+0x90/0x90 [ 861.530073] __pm_runtime_resume+0x4e/0x90 [ 861.530798] nouveau_connector_detect+0x7e/0x510 [nouveau] [ 861.531459] ? ww_mutex_lock+0x47/0x80 [ 861.532097] ? ww_mutex_lock+0x47/0x80 [ 861.532819] ? drm_modeset_lock+0x88/0x130 [drm] [ 861.533481] drm_helper_probe_detect_ctx+0xa0/0x100 [drm_kms_helper] [ 861.534127] drm_helper_hpd_irq_event+0xa4/0x120 [drm_kms_helper] [ 861.534940] nouveau_connector_hotplug+0x98/0x120 [nouveau] [ 861.535556] nvif_notify_work+0x2d/0xb0 [nouveau] [ 861.536221] process_one_work+0x231/0x620 [ 861.536994] worker_thread+0x44/0x3a0 [ 861.537757] kthread+0x12b/0x150 [ 861.538463] ? wq_pool_ids_show+0x140/0x140 [ 861.539102] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.539815] ret_from_fork+0x3a/0x50 [ 861.540521] Showing all locks held in the system: [ 861.541696] 2 locks held by kworker/0:2/61: [ 861.542406] #0: 000000002dbf8af5 ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.543071] #1: 0000000076868126 ((work_completion)(&drm->hpd_work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.543814] 1 lock held by khungtaskd/64: [ 861.544535] #0: 0000000059db4b53 (rcu_read_lock){....}, at: debug_show_all_locks+0x23/0x185 [ 861.545160] 3 locks held by kworker/6:2/320: [ 861.545896] #0: 00000000d9e1bc59 ((wq_completion)"pm"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.546702] #1: 00000000c9f92d84 ((work_completion)(&dev->power.work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.547443] #2: 000000004afc5de1 (drm_connector_list_iter){.+.+}, at: nouveau_display_fini+0x96/0x170 [nouveau] [ 861.548146] 1 lock held by dmesg/983: [ 861.548889] 2 locks held by zsh/1250: [ 861.549605] #0: 00000000348e3cf6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 861.550393] #1: 000000007009a7a8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0xc1/0x870 [ 861.551122] 6 locks held by kworker/6:0/1329: [ 861.551957] #0: 000000002dbf8af5 ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.552765] #1: 00000000ddb499ad ((work_completion)(¬ify->work)#2){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.553582] #2: 000000006e013cbe (&dev->mode_config.mutex){+.+.}, at: drm_helper_hpd_irq_event+0x6c/0x120 [drm_kms_helper] [ 861.554357] #3: 000000004afc5de1 (drm_connector_list_iter){.+.+}, at: drm_helper_hpd_irq_event+0x78/0x120 [drm_kms_helper] [ 861.555227] #4: 0000000044f294d9 (crtc_ww_class_acquire){+.+.}, at: drm_helper_probe_detect_ctx+0x3d/0x100 [drm_kms_helper] [ 861.556133] #5: 00000000db193642 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_lock+0x4b/0x130 [drm] [ 861.557864] ============================================= [ 861.559507] NMI backtrace for cpu 2 [ 861.560363] CPU: 2 PID: 64 Comm: khungtaskd Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.561197] Hardware name: LENOVO 20EQS64N0B/20EQS64N0B, BIOS N1EET78W (1.51 ) 05/18/2018 [ 861.561948] Call Trace: [ 861.562757] dump_stack+0x8e/0xd3 [ 861.563516] nmi_cpu_backtrace.cold.3+0x14/0x5a [ 861.564269] ? lapic_can_unplug_cpu.cold.27+0x42/0x42 [ 861.565029] nmi_trigger_cpumask_backtrace+0xa1/0xae [ 861.565789] arch_trigger_cpumask_backtrace+0x19/0x20 [ 861.566558] watchdog+0x316/0x580 [ 861.567355] kthread+0x12b/0x150 [ 861.568114] ? reset_hung_task_detector+0x20/0x20 [ 861.568863] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.569598] ret_from_fork+0x3a/0x50 [ 861.570370] Sending NMI from CPU 2 to CPUs 0-1,3-7: [ 861.571426] NMI backtrace for cpu 6 skipped: idling at intel_idle+0x7f/0x120 [ 861.571429] NMI backtrace for cpu 7 skipped: idling at intel_idle+0x7f/0x120 [ 861.571432] NMI backtrace for cpu 3 skipped: idling at intel_idle+0x7f/0x120 [ 861.571464] NMI backtrace for cpu 5 skipped: idling at intel_idle+0x7f/0x120 [ 861.571467] NMI backtrace for cpu 0 skipped: idling at intel_idle+0x7f/0x120 [ 861.571469] NMI backtrace for cpu 4 skipped: idling at intel_idle+0x7f/0x120 [ 861.571472] NMI backtrace for cpu 1 skipped: idling at intel_idle+0x7f/0x120 [ 861.572428] Kernel panic - not syncing: hung_task: blocked tasks So: fix this by making it so that normal hotplug handling /only/ happens so long as the GPU is currently awake without any pending runtime PM requests. In the event that a hotplug occurs while the device is suspending or resuming, we can simply defer our response until the GPU is fully runtime resumed again. Changes since v4: - Use a new trick I came up with using pm_runtime_get() instead of the hackish junk we had before Signed-off-by: Lyude Paul Reviewed-by: Karol Herbst Acked-by: Daniel Vetter Cc: stable@vger.kernel.org Cc: Lukas Wunner Signed-off-by: Ben Skeggs commit 6833fb1ec120bf078e1a527c573a09d4de286224 Author: Lyude Paul Date: Wed Aug 15 15:00:14 2018 -0400 drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() It's true we can't resume the device from poll workers in nouveau_connector_detect(). We can however, prevent the autosuspend timer from elapsing immediately if it hasn't already without risking any sort of deadlock with the runtime suspend/resume operations. So do that instead of entirely avoiding grabbing a power reference. Signed-off-by: Lyude Paul Reviewed-by: Karol Herbst Acked-by: Daniel Vetter Cc: stable@vger.kernel.org Cc: Lukas Wunner Signed-off-by: Ben Skeggs commit 7fec8f5379fb6eddabc0aaef6d2304c366808f97 Author: Lyude Paul Date: Wed Aug 15 15:00:13 2018 -0400 drm/nouveau/drm/nouveau: Fix deadlock with fb_helper with async RPM requests Currently, nouveau uses the generic drm_fb_helper_output_poll_changed() function provided by DRM as it's output_poll_changed callback. Unfortunately however, this function doesn't grab runtime PM references early enough and even if it did-we can't block waiting for the device to resume in output_poll_changed() since it's very likely that we'll need to grab the fb_helper lock at some point during the runtime resume process. This currently results in deadlocking like so: [ 246.669625] INFO: task kworker/4:0:37 blocked for more than 120 seconds. [ 246.673398] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.675271] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.676527] kworker/4:0 D 0 37 2 0x80000000 [ 246.677580] Workqueue: events output_poll_execute [drm_kms_helper] [ 246.678704] Call Trace: [ 246.679753] __schedule+0x322/0xaf0 [ 246.680916] schedule+0x33/0x90 [ 246.681924] schedule_preempt_disabled+0x15/0x20 [ 246.683023] __mutex_lock+0x569/0x9a0 [ 246.684035] ? kobject_uevent_env+0x117/0x7b0 [ 246.685132] ? drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.686179] mutex_lock_nested+0x1b/0x20 [ 246.687278] ? mutex_lock_nested+0x1b/0x20 [ 246.688307] drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.689420] drm_fb_helper_output_poll_changed+0x23/0x30 [drm_kms_helper] [ 246.690462] drm_kms_helper_hotplug_event+0x2a/0x30 [drm_kms_helper] [ 246.691570] output_poll_execute+0x198/0x1c0 [drm_kms_helper] [ 246.692611] process_one_work+0x231/0x620 [ 246.693725] worker_thread+0x214/0x3a0 [ 246.694756] kthread+0x12b/0x150 [ 246.695856] ? wq_pool_ids_show+0x140/0x140 [ 246.696888] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.697998] ret_from_fork+0x3a/0x50 [ 246.699034] INFO: task kworker/0:1:60 blocked for more than 120 seconds. [ 246.700153] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.701182] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.702278] kworker/0:1 D 0 60 2 0x80000000 [ 246.703293] Workqueue: pm pm_runtime_work [ 246.704393] Call Trace: [ 246.705403] __schedule+0x322/0xaf0 [ 246.706439] ? wait_for_completion+0x104/0x190 [ 246.707393] schedule+0x33/0x90 [ 246.708375] schedule_timeout+0x3a5/0x590 [ 246.709289] ? mark_held_locks+0x58/0x80 [ 246.710208] ? _raw_spin_unlock_irq+0x2c/0x40 [ 246.711222] ? wait_for_completion+0x104/0x190 [ 246.712134] ? trace_hardirqs_on_caller+0xf4/0x190 [ 246.713094] ? wait_for_completion+0x104/0x190 [ 246.713964] wait_for_completion+0x12c/0x190 [ 246.714895] ? wake_up_q+0x80/0x80 [ 246.715727] ? get_work_pool+0x90/0x90 [ 246.716649] flush_work+0x1c9/0x280 [ 246.717483] ? flush_workqueue_prep_pwqs+0x1b0/0x1b0 [ 246.718442] __cancel_work_timer+0x146/0x1d0 [ 246.719247] cancel_delayed_work_sync+0x13/0x20 [ 246.720043] drm_kms_helper_poll_disable+0x1f/0x30 [drm_kms_helper] [ 246.721123] nouveau_pmops_runtime_suspend+0x3d/0xb0 [nouveau] [ 246.721897] pci_pm_runtime_suspend+0x6b/0x190 [ 246.722825] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.723737] __rpm_callback+0x7a/0x1d0 [ 246.724721] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.725607] rpm_callback+0x24/0x80 [ 246.726553] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.727376] rpm_suspend+0x142/0x6b0 [ 246.728185] pm_runtime_work+0x97/0xc0 [ 246.728938] process_one_work+0x231/0x620 [ 246.729796] worker_thread+0x44/0x3a0 [ 246.730614] kthread+0x12b/0x150 [ 246.731395] ? wq_pool_ids_show+0x140/0x140 [ 246.732202] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.732878] ret_from_fork+0x3a/0x50 [ 246.733768] INFO: task kworker/4:2:422 blocked for more than 120 seconds. [ 246.734587] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.735393] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.736113] kworker/4:2 D 0 422 2 0x80000080 [ 246.736789] Workqueue: events_long drm_dp_mst_link_probe_work [drm_kms_helper] [ 246.737665] Call Trace: [ 246.738490] __schedule+0x322/0xaf0 [ 246.739250] schedule+0x33/0x90 [ 246.739908] rpm_resume+0x19c/0x850 [ 246.740750] ? finish_wait+0x90/0x90 [ 246.741541] __pm_runtime_resume+0x4e/0x90 [ 246.742370] nv50_disp_atomic_commit+0x31/0x210 [nouveau] [ 246.743124] drm_atomic_commit+0x4a/0x50 [drm] [ 246.743775] restore_fbdev_mode_atomic+0x1c8/0x240 [drm_kms_helper] [ 246.744603] restore_fbdev_mode+0x31/0x140 [drm_kms_helper] [ 246.745373] drm_fb_helper_restore_fbdev_mode_unlocked+0x54/0xb0 [drm_kms_helper] [ 246.746220] drm_fb_helper_set_par+0x2d/0x50 [drm_kms_helper] [ 246.746884] drm_fb_helper_hotplug_event.part.28+0x96/0xb0 [drm_kms_helper] [ 246.747675] drm_fb_helper_output_poll_changed+0x23/0x30 [drm_kms_helper] [ 246.748544] drm_kms_helper_hotplug_event+0x2a/0x30 [drm_kms_helper] [ 246.749439] nv50_mstm_hotplug+0x15/0x20 [nouveau] [ 246.750111] drm_dp_send_link_address+0x177/0x1c0 [drm_kms_helper] [ 246.750764] drm_dp_check_and_send_link_address+0xa8/0xd0 [drm_kms_helper] [ 246.751602] drm_dp_mst_link_probe_work+0x51/0x90 [drm_kms_helper] [ 246.752314] process_one_work+0x231/0x620 [ 246.752979] worker_thread+0x44/0x3a0 [ 246.753838] kthread+0x12b/0x150 [ 246.754619] ? wq_pool_ids_show+0x140/0x140 [ 246.755386] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.756162] ret_from_fork+0x3a/0x50 [ 246.756847] Showing all locks held in the system: [ 246.758261] 3 locks held by kworker/4:0/37: [ 246.759016] #0: 00000000f8df4d2d ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.759856] #1: 00000000e6065461 ((work_completion)(&(&dev->mode_config.output_poll_work)->work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.760670] #2: 00000000cb66735f (&helper->lock){+.+.}, at: drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.761516] 2 locks held by kworker/0:1/60: [ 246.762274] #0: 00000000fff6be0f ((wq_completion)"pm"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.762982] #1: 000000005ab44fb4 ((work_completion)(&dev->power.work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.763890] 1 lock held by khungtaskd/64: [ 246.764664] #0: 000000008cb8b5c3 (rcu_read_lock){....}, at: debug_show_all_locks+0x23/0x185 [ 246.765588] 5 locks held by kworker/4:2/422: [ 246.766440] #0: 00000000232f0959 ((wq_completion)"events_long"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.767390] #1: 00000000bb59b134 ((work_completion)(&mgr->work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.768154] #2: 00000000cb66735f (&helper->lock){+.+.}, at: drm_fb_helper_restore_fbdev_mode_unlocked+0x4c/0xb0 [drm_kms_helper] [ 246.768966] #3: 000000004c8f0b6b (crtc_ww_class_acquire){+.+.}, at: restore_fbdev_mode_atomic+0x4b/0x240 [drm_kms_helper] [ 246.769921] #4: 000000004c34a296 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_backoff+0x8a/0x1b0 [drm] [ 246.770839] 1 lock held by dmesg/1038: [ 246.771739] 2 locks held by zsh/1172: [ 246.772650] #0: 00000000836d0438 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 246.773680] #1: 000000001f4f4d48 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0xc1/0x870 [ 246.775522] ============================================= After trying dozens of different solutions, I found one very simple one that should also have the benefit of preventing us from having to fight locking for the rest of our lives. So, we work around these deadlocks by deferring all fbcon hotplug events that happen after the runtime suspend process starts until after the device is resumed again. Changes since v7: - Fixup commit message - Daniel Vetter Changes since v6: - Remove unused nouveau_fbcon_hotplugged_in_suspend() - Ilia Changes since v5: - Come up with the (hopefully final) solution for solving this dumb problem, one that is a lot less likely to cause issues with locking in the future. This should work around all deadlock conditions with fbcon brought up thus far. Changes since v4: - Add nouveau_fbcon_hotplugged_in_suspend() to workaround deadlock condition that Lukas described - Just move all of this out of drm_fb_helper. It seems that other DRM drivers have already figured out other workarounds for this. If other drivers do end up needing this in the future, we can just move this back into drm_fb_helper again. Changes since v3: - Actually check if fb_helper is NULL in both new helpers - Actually check drm_fbdev_emulation in both new helpers - Don't fire off a fb_helper hotplug unconditionally; only do it if the following conditions are true (as otherwise, calling this in the wrong spot will cause Bad Things to happen): - fb_helper hotplug handling was actually inhibited previously - fb_helper actually has a delayed hotplug pending - fb_helper is actually bound - fb_helper is actually initialized - Add __must_check to drm_fb_helper_suspend_hotplug(). There's no situation where a driver would actually want to use this without checking the return value, so enforce that - Rewrite and clarify the documentation for both helpers. - Make sure to return true in the drm_fb_helper_suspend_hotplug() stub that's provided in drm_fb_helper.h when CONFIG_DRM_FBDEV_EMULATION isn't enabled - Actually grab the toplevel fb_helper lock in drm_fb_helper_resume_hotplug(), since it's possible other activity (such as a hotplug) could be going on at the same time the driver calls drm_fb_helper_resume_hotplug(). We need this to check whether or not drm_fb_helper_hotplug_event() needs to be called anyway Signed-off-by: Lyude Paul Reviewed-by: Karol Herbst Acked-by: Daniel Vetter Cc: stable@vger.kernel.org Cc: Lukas Wunner Signed-off-by: Ben Skeggs commit 611ce855420a6e8b9ff47af5f47431d52c7709f8 Author: Lyude Paul Date: Wed Aug 15 15:00:12 2018 -0400 drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend() Since actual hotplug notifications don't get disabled until nouveau_display_fini() is called, all this will do is cause any hotplugs that happen between this drm_kms_helper_poll_disable() call and the actual hotplug disablement to potentially be dropped if ACPI isn't around to help us. Signed-off-by: Lyude Paul Acked-by: Karol Herbst Acked-by: Daniel Vetter Cc: stable@vger.kernel.org Cc: Lukas Wunner Signed-off-by: Ben Skeggs commit d77ef138ff572409ab93d492e5e6c826ee6fb21d Author: Lyude Paul Date: Wed Aug 15 15:00:11 2018 -0400 drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement Turns out this part is my fault for not noticing when reviewing 9a2eba337cace ("drm/nouveau: Fix drm poll_helper handling"). Currently we call drm_kms_helper_poll_enable() from nouveau_display_hpd_work(). This makes basically no sense however, because that means we're calling drm_kms_helper_poll_enable() every time we schedule the hotplug detection work. This is also against the advice mentioned in drm_kms_helper_poll_enable()'s documentation: Note that calls to enable and disable polling must be strictly ordered, which is automatically the case when they're only call from suspend/resume callbacks. Of course, hotplugs can't really be ordered. They could even happen immediately after we called drm_kms_helper_poll_disable() in nouveau_display_fini(), which can lead to all sorts of issues. Additionally; enabling polling /after/ we call drm_helper_hpd_irq_event() could also mean that we'd miss a hotplug event anyway, since drm_helper_hpd_irq_event() wouldn't bother trying to probe connectors so long as polling is disabled. So; simply move this back into nouveau_display_init() again. The race condition that both of these patches attempted to work around has already been fixed properly in d61a5c106351 ("drm/nouveau: Fix deadlock on runtime suspend") Fixes: 9a2eba337cace ("drm/nouveau: Fix drm poll_helper handling") Signed-off-by: Lyude Paul Acked-by: Karol Herbst Acked-by: Daniel Vetter Cc: Lukas Wunner Cc: Peter Ujfalusi Cc: stable@vger.kernel.org Signed-off-by: Ben Skeggs commit 8f28b178f71cc56eccf2a6e2c0ace17c82f900d7 Author: Leon Romanovsky Date: Mon Sep 3 09:11:14 2018 +0300 RDMA/mlx4: Ensure that maximal send/receive SGE less than supported by HW In calculating the global maximum number of the Scatter/Gather elements supported, the following four maximum parameters must be taken into consideration: max_sg_rq, max_sg_sq, max_desc_sz_rq and max_desc_sz_sq. However instead of bringing this complexity to query_device, which still won't be sufficient anyway (the calculations are dependent on QP type), the safer approach will be to restore old code, which will give us 32 SGEs. Fixes: 33023fb85a42 ("IB/core: add max_send_sge and max_recv_sge attributes") Reported-by: Chuck Lever Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 954a8e3aea87e896e320cf648c1a5bbe47de443e Author: Parav Pandit Date: Thu Aug 30 08:35:19 2018 +0300 RDMA/cma: Protect cma dev list with lock When AF_IB addresses are used during rdma_resolve_addr() a lock is not held. A cma device can get removed while list traversal is in progress which may lead to crash. ie CPU0 CPU1 ==== ==== rdma_resolve_addr() cma_resolve_ib_dev() list_for_each() cma_remove_one() cur_dev->device mutex_lock(&lock) list_del(); mutex_unlock(&lock); cma_process_remove(); Therefore, hold a lock while traversing the list which avoids such situation. Cc: # 3.10 Fixes: f17df3b0dede ("RDMA/cma: Add support for AF_IB to rdma_resolve_addr()") Signed-off-by: Parav Pandit Reviewed-by: Daniel Jurgens Signed-off-by: Leon Romanovsky Reviewed-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit ae7304c3ea28a3ba47a7a8312c76c654ef24967e Author: Shubhrajyoti Datta Date: Mon Sep 3 15:11:11 2018 +0530 i2c: xiic: Make the start and the byte count write atomic Disable interrupts while configuring the transfer and enable them back. We have below as the programming sequence 1. start and slave address 2. byte count and stop In some customer platform there was a lot of interrupts between 1 and 2 and after slave address (around 7 clock cyles) if 2 is not executed then the transaction is nacked. To fix this case make the 2 writes atomic. Signed-off-by: Shubhrajyoti Datta Signed-off-by: Michal Simek [wsa: added a newline for better readability] Signed-off-by: Wolfram Sang Cc: stable@kernel.org commit 4cb205c0c50f613e2de91f0eb19d5247ed003e89 Author: Jia He Date: Tue Aug 28 12:53:26 2018 +0800 irqchip/gic-v3-its: Cap lpi_id_bits to reduce memory footprint Commit fe8e93504ce8 ("irqchip/gic-v3-its: Use full range of LPIs"), removes the cap for lpi_id_bits, which causes the following warning to trigger on a QDF2400 server: WARNING: CPU: 0 PID: 0 at mm/page_alloc.c:4066 __alloc_pages_nodemask ... Call trace: __alloc_pages_nodemask+0x2d8/0x1188 alloc_pages_current+0x8c/0xd8 its_allocate_prop_table+0x5c/0xb8 its_init+0x220/0x3c0 gic_init_bases+0x250/0x380 gic_acpi_init+0x16c/0x2a4 In its_alloc_lpi_tables(), lpi_id_bits is 24 in QDF2400. The allocation in allocate_prop_table() tries therefore to allocate 16M (order 12 if pagesize=4k), which triggers the warning. As said by MarcL Capping lpi_id_bits at 16 (which is what we had before) is plenty, will save a some memory, and gives some margin before we need to push it up again. Bring the upper limit of lpi_id_bits back to prevent Fixes: fe8e93504ce8 ("irqchip/gic-v3-its: Use full range of LPIs") Suggested-by: Marc Zyngier Signed-off-by: Jia He Signed-off-by: Thomas Gleixner Acked-by: Marc Zyngier Tested-by: Olof Johansson Cc: Jason Cooper Cc: linux-arm-kernel@lists.infradead.org Link: https://lkml.kernel.org/r/1535432006-2304-1-git-send-email-jia.he@hxt-semitech.com commit ef439d49e0bfb26cd5f03c88b4cb7cc9073ed30c Author: Max Filippov Date: Thu Sep 6 11:19:20 2018 -0700 xtensa: ISS: don't allocate memory in platform_setup Memory allocator is not initialized at that point yet, use static array instead. Cc: stable@vger.kernel.org Signed-off-by: Max Filippov commit 7035c568999d6774ff35459a0280eb33e0207168 Author: Lei Yang Date: Thu Sep 6 13:47:23 2018 +0800 cgroup: kselftests: add test_core to .gitignore Update .gitignore file. Signed-off-by: Lei Yang Signed-off-by: Shuah Khan (Samsung OSG) commit 38b0bd0cda07d34ad6f145fce675ead74739c44e Author: Heinz Mauelshagen Date: Thu Sep 6 18:33:38 2018 +0200 dm raid: fix reshape race on small devices Loading a new mapping table, the dm-raid target's constructor retrieves the volatile reshaping state from the raid superblocks. When the new table is activated in a following resume, the actual reshape position is retrieved. The reshape driven by the previous mapping can already have finished on small and/or fast devices thus updating raid superblocks about the new raid layout. This causes the actual array state (e.g. stripe size reshape finished) to be inconsistent with the one in the new mapping, causing hangs with left behind devices. This race does not occur with usual raid device sizes but with small ones (e.g. those created by the lvm2 test suite). Fix by no longer transferring stale/inconsistent raid_set state during preresume. Signed-off-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer commit d5274b3cd6a814ccb2f56d81ee87cbbf51bd4cf7 Author: Konstantin Khlebnikov Date: Thu Sep 6 11:05:44 2018 +0300 block: bfq: swap puts in bfqg_and_blkg_put Fix trivial use-after-free. This could be last reference to bfqg. Fixes: 8f9bebc33dd7 ("block, bfq: access and cache blkg data only when safe") Acked-by: Paolo Valente Signed-off-by: Konstantin Khlebnikov Signed-off-by: Jens Axboe commit 432061b3da64e488be3403124a72a9250bbe96d4 Author: Mikulas Patocka Date: Wed Sep 5 09:17:45 2018 -0400 dm: disable CRYPTO_TFM_REQ_MAY_SLEEP to fix a GFP_KERNEL recursion deadlock There's a XFS on dm-crypt deadlock, recursing back to itself due to the crypto subsystems use of GFP_KERNEL, reported here: https://bugzilla.kernel.org/show_bug.cgi?id=200835 * dm-crypt calls crypt_convert in xts mode * init_crypt from xts.c calls kmalloc(GFP_KERNEL) * kmalloc(GFP_KERNEL) recurses into the XFS filesystem, the filesystem tries to submit some bios and wait for them, causing a deadlock Fix this by updating both the DM crypt and integrity targets to no longer use the CRYPTO_TFM_REQ_MAY_SLEEP flag, which will change the crypto allocations from GFP_KERNEL to GFP_ATOMIC, therefore they can't recurse into a filesystem. A GFP_ATOMIC allocation can fail, but init_crypt() in xts.c handles the allocation failure gracefully - it will fall back to preallocated buffer if the allocation fails. The crypto API maintainer says that the crypto API only needs to allocate memory when dealing with unaligned buffers and therefore turning CRYPTO_TFM_REQ_MAY_SLEEP off is safe (see this discussion: https://www.redhat.com/archives/dm-devel/2018-August/msg00195.html ) Cc: stable@vger.kernel.org Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer commit 6b45a2b1c0bc2aec84d1c56a1976ca9c8a621ecb Author: Bartosz Golaszewski Date: Thu Sep 6 14:12:19 2018 +0200 memory: ti-aemif: fix a potential NULL-pointer dereference Platform data pointer may be NULL. We check it everywhere but in one place. Fix it. Fixes: 8af70cd2ca50 ("memory: aemif: add support for board files") Reported-by: Dan Carpenter Signed-off-by: Bartosz Golaszewski Cc: stable@vger.kernel.org Signed-off-by: Olof Johansson commit fac880c7d074fdfca874114b5c47b36aa034e4ee Author: Mark Rutland Date: Wed Sep 5 17:38:57 2018 +0100 arm64: fix erroneous warnings in page freeing functions In pmd_free_pte_page() and pud_free_pmd_page() we try to warn if they hit a present non-table entry. In both cases we'll warn for non-present entries, as the VM_WARN_ON() only checks the entry is not a table entry. This has been observed to result in warnings when booting a v4.19-rc2 kernel under qemu. Fix this by bailing out earlier for non-present entries. Fixes: ec28bb9c9b0826d7 ("arm64: Implement page table free interfaces") Signed-off-by: Mark Rutland Cc: Will Deacon Cc: Catalin Marinas Signed-off-by: Will Deacon commit e312b6dcbb633bc87414f1143e0015adbbf87ae0 Merge: 96d529bac562 d07f05fb8643 Author: Olof Johansson Date: Thu Sep 6 10:00:03 2018 -0700 Merge tag 'arm-soc/for-4.19/drivers-fixes' of https://github.com/Broadcom/stblinux into fixes This pull request contains Broadcom ARM/ARM64 SoCs drivers fixes for 4.19, please pull the following: - Peter adds an alias to the Raspberry Pi HWMON driver that was just merged as part of the 4.19 merge window * tag 'arm-soc/for-4.19/drivers-fixes' of https://github.com/Broadcom/stblinux: hwmon: rpi: add module alias to raspberrypi-hwmon Signed-off-by: Olof Johansson commit 96d529bac562574600eda85726fcfa3eef6dde8e Author: Sudeep Holla Date: Thu Sep 6 16:10:39 2018 +0100 firmware: arm_scmi: fix divide by zero when sustained_perf_level is zero Firmware can provide zero as values for sustained performance level and corresponding sustained frequency in kHz in order to hide the actual frequencies and provide only abstract values. It may endup with divide by zero scenario resulting in kernel panic. Let's set the multiplication factor to one if either one or both of them (sustained_perf_level and sustained_freq) are set to zero. Fixes: a9e3fbfaa0ff ("firmware: arm_scmi: add initial support for performance protocol") Reported-by: Ionela Voinescu Signed-off-by: Sudeep Holla Signed-off-by: Olof Johansson commit db44bf4b4768a0664d3c9d9000ecb747de31ded8 Merge: be65e2595b4c edf4e7b7b910 Author: Linus Torvalds Date: Thu Sep 6 09:42:14 2018 -0700 Merge tag 'apparmor-pr-2018-09-06' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor Pull apparmor fix from John Johansen: "A fix for an issue syzbot discovered last week: - Fix for bad debug check when converting secids to secctx" * tag 'apparmor-pr-2018-09-06' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: apparmor: fix bad debug check in apparmor_secid_to_secctx() commit be65e2595b4c1fbeceba336d8ee83406726b1d8d Merge: 5404525b98c2 d1c392c9e2a3 Author: Linus Torvalds Date: Thu Sep 6 09:06:49 2018 -0700 Merge tag 'trace-v4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fixes from Steven Rostedt: "This fixes two annoying bugs: - The first one is a side effect caused by using SRCU for rcuidle tracepoints. It seems that the perf was depending on the rcuidle tracepoints to make RCU watch when it wasn't. The real fix will be to have perf use SRCU instead of depending on RCU watching, but that can't be done until SRCU is safe to use in NMI context (Paul's working on that). - The second bug fix is for a bug that's been periodically making my tests fail randomly for some time. I haven't had time to track it down, but finally have. It has to do with stressing NMIs (via perf) while enabling or disabling ftrace function handling with lockdep enabled. If an interrupt happens and just as it returns, it sets lockdep back to "interrupts enabled" but before it returns an NMI is triggered, and if this happens while printk_nmi_enter has a breakpoint attached to it (because ftrace is converting it to or from nop to call fentry), the breakpoint trap also calls into lockdep, and since returning from the NMI to a interrupt handler, interrupts were disabled when the NMI went off, lockdep keeps its state as interrupts disabled when it returns back from the interrupt handler where interrupts are enabled. This causes lockdep_assert_irqs_enabled() to trigger a false positive" * tag 'trace-v4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: printk/tracing: Do not trace printk_nmi_enter() tracing: Add back in rcu_irq_enter/exit_irqson() for rcuidle tracepoints commit 5404525b98c2fa18b8bd47047f9bf2e67825c857 Merge: b36fdc6853a3 b6fdfbff0789 Author: Linus Torvalds Date: Thu Sep 6 09:04:45 2018 -0700 Merge tag 'for-4.19-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux Pull btrfs fixes from David Sterba: - fix for improper fsync after hardlink - fix for a corruption during file deduplication - use after free fixes - RCU warning fix - fix for buffered write to nodatacow file * tag 'for-4.19-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: Fix suspicious RCU usage warning in btrfs_debug_in_rcu btrfs: use after free in btrfs_quota_enable btrfs: btrfs_shrink_device should call commit transaction at the end btrfs: fix qgroup_free wrong num_bytes in btrfs_subvolume_reserve_metadata Btrfs: fix data corruption when deduplicating between different files Btrfs: sync log after logging new name Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space commit d1c392c9e2a301f38998a353f467f76414e38725 Author: Steven Rostedt (VMware) Date: Wed Sep 5 16:29:49 2018 -0400 printk/tracing: Do not trace printk_nmi_enter() I hit the following splat in my tests: ------------[ cut here ]------------ IRQs not enabled as expected WARNING: CPU: 3 PID: 0 at kernel/time/tick-sched.c:982 tick_nohz_idle_enter+0x44/0x8c Modules linked in: ip6t_REJECT nf_reject_ipv6 ip6table_filter ip6_tables ipv6 CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.19.0-rc2-test+ #2 Hardware name: MSI MS-7823/CSM-H87M-G43 (MS-7823), BIOS V1.6 02/22/2014 EIP: tick_nohz_idle_enter+0x44/0x8c Code: ec 05 00 00 00 75 26 83 b8 c0 05 00 00 00 75 1d 80 3d d0 36 3e c1 00 75 14 68 94 63 12 c1 c6 05 d0 36 3e c1 01 e8 04 ee f8 ff <0f> 0b 58 fa bb a0 e5 66 c1 e8 25 0f 04 00 64 03 1d 28 31 52 c1 8b EAX: 0000001c EBX: f26e7f8c ECX: 00000006 EDX: 00000007 ESI: f26dd1c0 EDI: 00000000 EBP: f26e7f40 ESP: f26e7f38 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010296 CR0: 80050033 CR2: 0813c6b0 CR3: 2f342000 CR4: 001406f0 Call Trace: do_idle+0x33/0x202 cpu_startup_entry+0x61/0x63 start_secondary+0x18e/0x1ed startup_32_smp+0x164/0x168 irq event stamp: 18773830 hardirqs last enabled at (18773829): [] trace_hardirqs_on_thunk+0xc/0x10 hardirqs last disabled at (18773830): [] trace_hardirqs_off_thunk+0xc/0x10 softirqs last enabled at (18773824): [] __do_softirq+0x25f/0x2bf softirqs last disabled at (18773767): [] call_on_stack+0x45/0x4b ---[ end trace b7c64aa79e17954a ]--- After a bit of debugging, I found what was happening. This would trigger when performing "perf" with a high NMI interrupt rate, while enabling and disabling function tracer. Ftrace uses breakpoints to convert the nops at the start of functions to calls to the function trampolines. The breakpoint traps disable interrupts and this makes calls into lockdep via the trace_hardirqs_off_thunk in the entry.S code. What happens is the following: do_idle { [interrupts enabled] [interrupts disabled] TRACE_IRQS_OFF [lockdep says irqs off] [...] TRACE_IRQS_IRET test if pt_regs say return to interrupts enabled [yes] TRACE_IRQS_ON [lockdep says irqs are on] nmi_enter() { printk_nmi_enter() [traced by ftrace] [ hit ftrace breakpoint ] TRACE_IRQS_OFF [lockdep says irqs off] [...] TRACE_IRQS_IRET [return from breakpoint] test if pt_regs say interrupts enabled [no] [iret back to interrupt] [iret back to code] tick_nohz_idle_enter() { lockdep_assert_irqs_enabled() [lockdep say no!] Although interrupts are indeed enabled, lockdep thinks it is not, and since we now do asserts via lockdep, it gives a false warning. The issue here is that printk_nmi_enter() is called before lockdep_off(), which disables lockdep (for this reason) in NMIs. By simply not allowing ftrace to see printk_nmi_enter() (via notrace annotation) we keep lockdep from getting confused. Cc: stable@vger.kernel.org Fixes: 42a0bb3f71383 ("printk/nmi: generic solution for safe printk in NMI") Acked-by: Sergey Senozhatsky Acked-by: Petr Mladek Signed-off-by: Steven Rostedt (VMware) commit 6da410d97ffa486eb0379236d5444e5f4527c07a Merge: fce471e3c119 ad9421e36a77 Author: David S. Miller Date: Thu Sep 6 07:56:04 2018 -0700 Merge tag 'mlx5e-fixes-2018-09-05' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux Saeed Mahameed says: ==================== Mellanox, mlx5 fixes 2018-09-05 This pull request contains some fixes for mlx5 etherent netdevice and core driver. Please pull and let me know if there's any problem. For -stable v4.9: ('net/mlx5: Fix debugfs cleanup in the device init/remove flow') For -stable v4.12: ("net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables") For -stable v4.13: ("net/mlx5: Fix use-after-free in self-healing flow") For -stable v4.14: ("net/mlx5: Check for error in mlx5_attach_interface") For -stable v4.15: ("net/mlx5: Fix not releasing read lock when adding flow rules") For -stable v4.17: ("net/mlx5: Fix possible deadlock from lockdep when adding fte to fg") For -stable v4.18: ("net/mlx5: Use u16 for Work Queue buffer fragment size") ==================== Signed-off-by: David S. Miller commit 52cf93e63ee672a92f349edc6ddad86ec8808fd8 Author: Kai-Heng Feng Date: Thu Sep 6 10:55:18 2018 +0800 HID: i2c-hid: Don't reset device upon system resume Raydium touchscreen triggers interrupt storm after system-wide suspend: [ 179.085033] i2c_hid i2c-CUST0000:00: i2c_hid_get_input: incomplete report (58/65535) According to Raydium, Windows driver does not reset the device after system resume. The HID over I2C spec does specify a reset should be used at intialization, but it doesn't specify if reset is required for system suspend. Tested this patch on other i2c-hid touchpanels I have and those touchpanels do work after S3 without doing reset. If any regression happens to other touchpanel vendors, we can use quirk for Raydium devices. There's still one device uses I2C_HID_QUIRK_RESEND_REPORT_DESCR so keep it there. Cc: Aaron Ma Cc: AceLan Kao Signed-off-by: Kai-Heng Feng Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina commit e92c0eaf754310f9f31e9229a3f7274a67478f82 Author: Ilya Dryomov Date: Wed Aug 22 17:26:10 2018 +0200 rbd: support cloning across namespaces If parent_get class method is not supported by the OSDs, fall back to the legacy class method and assume that the parent is in the default (i.e. "") namespace. The "use the child's image namespace" workaround is no longer needed because creating images within namespaces will require parent_get aware OSDs. Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman commit eb3b2d6be4b5e1612827b986cca241c5d104fc41 Author: Ilya Dryomov Date: Wed Aug 22 17:11:27 2018 +0200 rbd: factor out get_parent_info() In preparation for the new parent_get and parent_overlap_get class methods, factor out the fetching and decoding of parent data. As a side effect, we now decode all four fields in the "no parent" case. Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman commit 8aaff15168cfbc7c8980fdb0e8a585f1afe56ec0 Author: Ilya Dryomov Date: Fri Aug 24 15:32:43 2018 +0200 ceph: avoid a use-after-free in ceph_destroy_options() syzbot reported a use-after-free in ceph_destroy_options(), called from ceph_mount(). The problem was that create_fs_client() consumed the opt pointer on some errors, but not on all of them. Make sure it always consumes both libceph and ceph options. Reported-by: syzbot+8ab6f1042021b4eed062@syzkaller.appspotmail.com Signed-off-by: Ilya Dryomov Reviewed-by: "Yan, Zheng" commit 69fa6eb7d6a64801ea261025cce9723d9442d773 Author: Thomas Gleixner Date: Thu Sep 6 15:21:38 2018 +0200 cpu/hotplug: Prevent state corruption on error rollback When a teardown callback fails, the CPU hotplug code brings the CPU back to the previous state. The previous state becomes the new target state. The rollback happens in undo_cpu_down() which increments the state unconditionally even if the state is already the same as the target. As a consequence the next CPU hotplug operation will start at the wrong state. This is easily to observe when __cpu_disable() fails. Prevent the unconditional undo by checking the state vs. target before incrementing state and fix up the consequently wrong conditional in the unplug code which handles the failure of the final CPU take down on the control CPU side. Fixes: 4dddfb5faa61 ("smp/hotplug: Rewrite AP state machine core") Reported-by: Neeraj Upadhyay Signed-off-by: Thomas Gleixner Tested-by: Geert Uytterhoeven Tested-by: Sudeep Holla Tested-by: Neeraj Upadhyay Cc: josh@joshtriplett.org Cc: peterz@infradead.org Cc: jiangshanlai@gmail.com Cc: dzickus@redhat.com Cc: brendan.jackman@arm.com Cc: malat@debian.org Cc: sramana@codeaurora.org Cc: linux-arm-msm@vger.kernel.org Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1809051419580.1416@nanos.tec.linutronix.de ---- commit f8b7530aa0a1def79c93101216b5b17cf408a70a Author: Neeraj Upadhyay Date: Wed Sep 5 11:22:07 2018 +0530 cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun() The smp_mb() in cpuhp_thread_fun() is misplaced. It needs to be after the load of st->should_run to prevent reordering of the later load/stores w.r.t. the load of st->should_run. Fixes: 4dddfb5faa61 ("smp/hotplug: Rewrite AP state machine core") Signed-off-by: Neeraj Upadhyay Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Cc: josh@joshtriplett.org Cc: peterz@infradead.org Cc: jiangshanlai@gmail.com Cc: dzickus@redhat.com Cc: brendan.jackman@arm.com Cc: malat@debian.org Cc: mojha@codeaurora.org Cc: sramana@codeaurora.org Cc: linux-arm-msm@vger.kernel.org Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/1536126727-11629-1-git-send-email-neeraju@codeaurora.org commit ae3cdc97dc10c7a3b31f297dab429bfb774c9ccb Author: Sven Eckelmann Date: Sun Aug 12 21:04:45 2018 +0200 batman-adv: Prevent duplicated tvlv handler The function batadv_tvlv_handler_register is responsible for adding new tvlv_handler to the handler_list. It first checks whether the entry already is in the list or not. If it is, then the creation of a new entry is aborted. But the lock for the list is only held when the list is really modified. This could lead to duplicated entries because another context could create an entry with the same key between the check and the list manipulation. The check and the manipulation of the list must therefore be in the same locked code section. Fixes: ef26157747d4 ("batman-adv: tvlv - basic infrastructure") Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich commit e7136e48ffdfb9f37b0820f619380485eb407361 Author: Sven Eckelmann Date: Sun Aug 12 21:04:44 2018 +0200 batman-adv: Prevent duplicated global TT entry The function batadv_tt_global_orig_entry_add is responsible for adding new tt_orig_list_entry to the orig_list. It first checks whether the entry already is in the list or not. If it is, then the creation of a new entry is aborted. But the lock for the list is only held when the list is really modified. This could lead to duplicated entries because another context could create an entry with the same key between the check and the list manipulation. The check and the manipulation of the list must therefore be in the same locked code section. Fixes: d657e621a0f5 ("batman-adv: add reference counting for type batadv_tt_orig_list_entry") Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich commit 94cb82f594ed86be303398d6dfc7640a6f1d45d4 Author: Sven Eckelmann Date: Sun Aug 12 21:04:43 2018 +0200 batman-adv: Prevent duplicated softif_vlan entry The function batadv_softif_vlan_get is responsible for adding new softif_vlan to the softif_vlan_list. It first checks whether the entry already is in the list or not. If it is, then the creation of a new entry is aborted. But the lock for the list is only held when the list is really modified. This could lead to duplicated entries because another context could create an entry with the same key between the check and the list manipulation. The check and the manipulation of the list must therefore be in the same locked code section. Fixes: 5d2c05b21337 ("batman-adv: add per VLAN interface attribute framework") Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich commit 9fe6299dde587788f245e9f7a5a1b296fad4e8c7 Author: Jann Horn Date: Fri Aug 31 21:41:51 2018 +0200 x86/process: Don't mix user/kernel regs in 64bit __show_regs() When the kernel.print-fatal-signals sysctl has been enabled, a simple userspace crash will cause the kernel to write a crash dump that contains, among other things, the kernel gsbase into dmesg. As suggested by Andy, limit output to pt_regs, FS_BASE and KERNEL_GS_BASE in this case. This also moves the bitness-specific logic from show_regs() into process_{32,64}.c. Fixes: 45807a1df9f5 ("vdso: print fatal signals") Signed-off-by: Jann Horn Signed-off-by: Thomas Gleixner Cc: "H. Peter Anvin" Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Greg Kroah-Hartman Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180831194151.123586-1-jannh@google.com commit 17f6bac2249356c795339e03a0742cd79be3cab8 Author: Chuanhua Lei Date: Thu Sep 6 18:03:23 2018 +0800 x86/tsc: Prevent result truncation on 32bit Loops per jiffy is calculated by multiplying tsc_khz with 1e3 and then dividing it by HZ. Both tsc_khz and the temporary variable holding the multiplication result are of type unsigned long, so on 32bit the result is truncated to the lower 32bit. Use u64 as type for the temporary variable and cast tsc_khz to it before multiplying. [ tglx: Massaged changelog and removed pointless braces ] Fixes: cf7a63ef4e02 ("x86/tsc: Calibrate tsc only once") Signed-off-by: Chuanhua Lei Signed-off-by: Thomas Gleixner Cc: yixin.zhu@linux.intel.com Cc: "H. Peter Anvin" Cc: Peter Zijlstra Cc: Len Brown Cc: Pavel Tatashin Cc: Rajvi Jingar Cc: Dou Liyang Link: https://lkml.kernel.org/r/1536228203-18701-1-git-send-email-chuanhua.lei@linux.intel.com commit fa122fec8640eb7186ce5a41b83a4c1744ceef8f Author: Sven Eckelmann Date: Sun Aug 12 21:04:42 2018 +0200 batman-adv: Prevent duplicated nc_node entry The function batadv_nc_get_nc_node is responsible for adding new nc_nodes to the in_coding_list and out_coding_list. It first checks whether the entry already is in the list or not. If it is, then the creation of a new entry is aborted. But the lock for the list is only held when the list is really modified. This could lead to duplicated entries because another context could create an entry with the same key between the check and the list manipulation. The check and the manipulation of the list must therefore be in the same locked code section. Fixes: d56b1705e28c ("batman-adv: network coding - detect coding nodes and remove these after timeout") Signed-off-by: Sven Eckelmann Acked-by: Marek Lindner Signed-off-by: Simon Wunderlich commit dff9bc42ab0b2d38c5e90ddd79b238fed5b4c7ad Author: Sven Eckelmann Date: Sun Aug 12 21:04:41 2018 +0200 batman-adv: Prevent duplicated gateway_node entry The function batadv_gw_node_add is responsible for adding new gw_node to the gateway_list. It is expecting that the caller already checked that there is not already an entry with the same key or not. But the lock for the list is only held when the list is really modified. This could lead to duplicated entries because another context could create an entry with the same key between the check and the list manipulation. The check and the manipulation of the list must therefore be in the same locked code section. Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol") Signed-off-by: Sven Eckelmann Acked-by: Marek Lindner Signed-off-by: Simon Wunderlich commit a25bab9d723a08bd0bdafb1529faf9094c690b70 Author: Sven Eckelmann Date: Fri Aug 31 16:56:29 2018 +0200 batman-adv: Fix segfault when writing to sysfs elp_interval The per hardif sysfs file "batman_adv/elp_interval" is using the generic functions to store/show uint values. The helper __batadv_store_uint_attr requires the softif net_device as parameter to print the resulting change as info text when the users writes to this file. It uses the helper function batadv_info to add it at the same time to the kernel ring buffer and to the batman-adv debug log (when CONFIG_BATMAN_ADV_DEBUG is enabled). The function batadv_info requires as first parameter the batman-adv softif net_device. This parameter is then used to find the private buffer which contains the debug log for this batman-adv interface. But batadv_store_throughput_override used as first argument the slave net_device. This slave device doesn't have the batadv_priv private data which is access by batadv_info. Writing to this file with CONFIG_BATMAN_ADV_DEBUG enabled can either lead to a segfault or to memory corruption. Fixes: 0744ff8fa8fa ("batman-adv: Add hard_iface specific sysfs wrapper macros for UINT") Signed-off-by: Sven Eckelmann Acked-by: Marek Lindner Signed-off-by: Simon Wunderlich commit b9fd14c20871e6189f635e49b32d7789e430b3c8 Author: Sven Eckelmann Date: Fri Aug 31 16:46:47 2018 +0200 batman-adv: Fix segfault when writing to throughput_override The per hardif sysfs file "batman_adv/throughput_override" prints the resulting change as info text when the users writes to this file. It uses the helper function batadv_info to add it at the same time to the kernel ring buffer and to the batman-adv debug log (when CONFIG_BATMAN_ADV_DEBUG is enabled). The function batadv_info requires as first parameter the batman-adv softif net_device. This parameter is then used to find the private buffer which contains the debug log for this batman-adv interface. But batadv_store_throughput_override used as first argument the slave net_device. This slave device doesn't have the batadv_priv private data which is access by batadv_info. Writing to this file with CONFIG_BATMAN_ADV_DEBUG enabled can either lead to a segfault or to memory corruption. Fixes: 0b5ecc6811bd ("batman-adv: add throughput override attribute to hard_ifaces") Signed-off-by: Sven Eckelmann Acked-by: Marek Lindner Signed-off-by: Simon Wunderlich commit 88d0895d0ea9d4431507d576c963f2ff9918144d Author: Sven Eckelmann Date: Fri Aug 31 15:08:44 2018 +0200 batman-adv: Avoid probe ELP information leak The probe ELPs for WiFi interfaces are expanded to contain at least BATADV_ELP_MIN_PROBE_SIZE bytes. This is usually a lot more than the number of bytes which the template ELP packet requires. These extra padding bytes were not initialized and thus could contain data which were previously stored at the same location. It is therefore required to set it to some predefined or random values to avoid leaking private information from the system transmitting these kind of packets. Fixes: e4623c913508 ("batman-adv: Avoid probe ELP information leak") Signed-off-by: Sven Eckelmann Acked-by: Antonio Quartulli Signed-off-by: Simon Wunderlich commit f11fc4bc669b8622510c1039499f5a9d24248fec Author: Zhang Rui Date: Mon Sep 3 10:00:07 2018 +0800 ACPI / LPSS: Force LPSS quirks on boot Commit 12864ff8545f (ACPI / LPSS: Avoid PM quirks on suspend and resume from hibernation) bypasses lpss quirks for S3 and S4, by setting a flag for S3/S4 in acpi_lpss_suspend(), and check that flag in acpi_lpss_resume(). But this overlooks the boot case where acpi_lpss_resume() may get called without a corresponding acpi_lpss_suspend() having been called. Thus force setting the flag during boot. Fixes: 12864ff8545f (ACPI / LPSS: Avoid PM quirks on suspend and resume from hibernation) Link: https://bugzilla.kernel.org/show_bug.cgi?id=200989 Reported-and-tested-by: William Lieurance Signed-off-by: Zhang Rui Cc: 4.15+ # 4.15+: 12864ff8545f (ACPI / LPSS: Avoid ...) Signed-off-by: Rafael J. Wysocki commit 5d128fbd8b20f8a48cb13c3eced789d1f9573ecd Author: Jean Delvare Date: Tue Sep 4 14:55:26 2018 +0200 ACPI / bus: Only call dmi_check_system() on X86 Calling dmi_check_system() early only works on X86. Other architectures initialize the DMI subsystem later so it's not ready yet when ACPI itself gets initialized. In the best case it results in a useless call to a function which will do nothing. But depending on the dmi implementation, it could also result in warnings. Best is to not call the function when it can't work and isn't needed. Additionally, if anyone ever needs to add non-x86 quirks, it would surprisingly not work, so document the limitation to avoid confusion. Signed-off-by: Jean Delvare Fixes: cce4f632db20 (ACPI: fix early DSDT dmi check warnings on ia64) Signed-off-by: Rafael J. Wysocki commit 6c92d5a2744e27619a8fcc9d74b91ee9f1cdebd1 Author: Kuninori Morimoto Date: Thu Sep 6 03:21:47 2018 +0000 ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Current rsnd driver will fallback to PIO mode if it can't get DMA handler. But, DMA might return -EPROBE_DEFER when probe timing. This driver always fallback to PIO mode especially from commit ac6bbf0cdf4206c ("iommu: Remove IOMMU_OF_DECLARE") because of this reason. The DMA driver will be probed later, but sound driver might be probed as PIO mode in such case. This patch fixup this issue. Then, -EPROBE_DEFER is not error. Thus, let's don't indicate error message in such case. And it needs to call rsnd_adg_remove() individually if probe failed, because it registers clk which should be unregister. Maybe PIO fallback feature itself is not needed, but let's keep it so far. Signed-off-by: Kuninori Morimoto Signed-off-by: Mark Brown commit 69235ccf491d2e26aefd465c0d3ccd1e3b2a9a9c Author: Kuninori Morimoto Date: Thu Sep 6 03:21:33 2018 +0000 ASoC: rsnd: adg: care clock-frequency size ADG has buffer over flow bug if DT has more than 3 clock-frequency. This patch fixup this issue, and uses first 2 values. clock-frequency = ; /* this is OK */ clock-frequency = ; /* this is NG */ Signed-off-by: Kuninori Morimoto Tested-by: Hiroyuki Yokoyama Signed-off-by: Mark Brown commit bfa150f37f80fc65ac23dc457faf8eb2cd6232d0 Merge: d8c3916023d4 d9707490077b Author: Greg Kroah-Hartman Date: Thu Sep 6 11:21:54 2018 +0200 Merge tag 'fixes-for-v4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus Felipe writes: usb: fixes for v4.19-rc2 NET2280 got a fix to an old patch attempting to fix locking for gadget framework callbacks. DWC2 fixed a bug where driver was attempting to access registers before clocks were enabled. DWC3 got a fix for ULPI clock configuration on Baytrail devices. FOTG210 plugged a memory leak and Renesas USB3 fixed ep0 maxpacket size. commit fce471e3c119895842c2b1a3ff51f3c1d108c656 Merge: ee28bb56ac5b b7f41565546d Author: David S. Miller Date: Wed Sep 5 22:32:22 2018 -0700 Merge branch 'iucv-fixes' Julian Wiedmann says: ==================== net/iucv: fixes 2018-09-05 please apply three straight-forward fixes for iucv. One that prevents leaking the skb on malformed inbound packets, one to fix the error handling on transmit error, and one to get rid of a compile warning. ==================== Signed-off-by: David S. Miller commit b7f41565546d393747fd554f9526c1187c6bf652 Author: Julian Wiedmann Date: Wed Sep 5 16:55:12 2018 +0200 net/iucv: declare iucv_path_table_empty() as static Fixes a compile warning. Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit b2f543949acd1ba64313fdad9e672ef47550d773 Author: Julian Wiedmann Date: Wed Sep 5 16:55:11 2018 +0200 net/af_iucv: fix skb handling on HiperTransport xmit error When sending an skb, afiucv_hs_send() bails out on various error conditions. But currently the caller has no way of telling whether the skb was freed or not - resulting in potentially either a) leaked skbs from iucv_send_ctrl(), or b) double-free's from iucv_sock_sendmsg(). As dev_queue_xmit() will always consume the skb (even on error), be consistent and also free the skb from all other error paths. This way callers no longer need to care about managing the skb. Signed-off-by: Julian Wiedmann Reviewed-by: Ursula Braun Signed-off-by: David S. Miller commit 222440996d6daf635bed6cb35041be22ede3e8a0 Author: Julian Wiedmann Date: Wed Sep 5 16:55:10 2018 +0200 net/af_iucv: drop inbound packets with invalid flags Inbound packets may have any combination of flag bits set in their iucv header. If we don't know how to handle a specific combination, drop the skb instead of leaking it. To clarify what error is returned in this case, replace the hard-coded 0 with the corresponding macro. Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit ee28bb56ac5b4c0c08ef10d33cc7adb749bbf4c6 Author: Davide Caratti Date: Tue Sep 4 19:00:19 2018 +0200 net/sched: fix memory leak in act_tunnel_key_init() If users try to install act_tunnel_key 'set' rules with duplicate values of 'index', the tunnel metadata are allocated, but never released. Then, kmemleak complains as follows: # tc a a a tunnel_key set src_ip 1.1.1.1 dst_ip 2.2.2.2 id 42 index 111 # echo clear > /sys/kernel/debug/kmemleak # tc a a a tunnel_key set src_ip 1.1.1.1 dst_ip 2.2.2.2 id 42 index 111 Error: TC IDR already exists. We have an error talking to the kernel # echo scan > /sys/kernel/debug/kmemleak # cat /sys/kernel/debug/kmemleak unreferenced object 0xffff8800574e6c80 (size 256): comm "tc", pid 5617, jiffies 4298118009 (age 57.990s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 1c e8 b0 ff ff ff ff ................ 81 24 c2 ad ff ff ff ff 00 00 00 00 00 00 00 00 .$.............. backtrace: [<00000000b7afbf4e>] tunnel_key_init+0x8a5/0x1800 [act_tunnel_key] [<000000007d98fccd>] tcf_action_init_1+0x698/0xac0 [<0000000099b8f7cc>] tcf_action_init+0x15c/0x590 [<00000000dc60eebe>] tc_ctl_action+0x336/0x5c2 [<000000002f5a2f7d>] rtnetlink_rcv_msg+0x357/0x8e0 [<000000000bfe7575>] netlink_rcv_skb+0x124/0x350 [<00000000edab656f>] netlink_unicast+0x40f/0x5d0 [<00000000b322cdcb>] netlink_sendmsg+0x6e8/0xba0 [<0000000063d9d490>] sock_sendmsg+0xb3/0xf0 [<00000000f0d3315a>] ___sys_sendmsg+0x654/0x960 [<00000000c06cbd42>] __sys_sendmsg+0xd3/0x170 [<00000000ce72e4b0>] do_syscall_64+0xa5/0x470 [<000000005caa2d97>] entry_SYSCALL_64_after_hwframe+0x49/0xbe [<00000000fac1b476>] 0xffffffffffffffff This problem theoretically happens also in case users attempt to setup a geneve rule having wrong configuration data, or when the kernel fails to allocate 'params_new'. Ensure that tunnel_key_init() releases the tunnel metadata also in the above conditions. Addresses-Coverity-ID: 1373974 ("Resource leak") Fixes: d0f6dd8a914f4 ("net/sched: Introduce act_tunnel_key") Fixes: 0ed5269f9e41f ("net/sched: add tunnel option support to act_tunnel_key") Signed-off-by: Davide Caratti Acked-by: Cong Wang Signed-off-by: David S. Miller commit 0a3b8b2b215f9e84b82ae97df71292ccfd92b1e7 Author: Cong Wang Date: Mon Sep 3 19:12:41 2018 -0700 tipc: orphan sock in tipc_release() Before we unlock the sock in tipc_release(), we have to detach sk->sk_socket from sk, otherwise a parallel tipc_sk_fill_sock_diag() could stil read it after we free this socket. Fixes: c30b70deb5f4 ("tipc: implement socket diagnostics for AF_TIPC") Reported-and-tested-by: syzbot+48804b87c16588ad491d@syzkaller.appspotmail.com Cc: Jon Maloy Cc: Ying Xue Signed-off-by: Cong Wang Acked-by: Ying Xue Signed-off-by: David S. Miller commit 792fab2c0d45758ad3d187bd252570d2bb627fa9 Author: Weinan Li Date: Tue Sep 4 14:13:43 2018 +0800 drm/i915/gvt: Fix the incorrect length of child_device_config issue GVT-g emualte the opregion for guest with bdb version as '186' which child_device_config length should be '33'. v2: split into 2 patch. 1st for issue fix, 2nd for code clean up.(Zhenyu) v3: add fixes tag.(Zhenyu) Fixes: 4023f301d28f ("drm/i915/gvt: opregion virtualization for win") CC: Xiaolin Zhang Reviewed-by: Xiaolin Zhang Signed-off-by: Weinan Li Signed-off-by: Zhenyu Wang commit ad9421e36a77056a4f095d49b9605e80b4d216ed Author: Roi Dayan Date: Mon Aug 20 11:43:03 2018 +0300 net/mlx5: Fix possible deadlock from lockdep when adding fte to fg This is a false positive report due to incorrect nested lock annotations as we lock multiple fgs with the same subclass. Instead of locking all fgs only lock the one being used as was done before. Fixes: bd71b08ec2ee ("net/mlx5: Support multiple updates of steering rules in parallel") Signed-off-by: Roi Dayan Signed-off-by: Saeed Mahameed commit fc433829f9a29530d492f0eb20804ac5e6967204 Author: Saeed Mahameed Date: Fri Aug 24 12:24:10 2018 -0700 net/mlx5e: Ethtool steering, fix udp source port value Copy and paste bug was introduced in the offending patch. We need to write udp source port value into the headers value and not headers criteria "mask". Fixes: 142644f8a1f8 ("net/mlx5e: Ethtool steering flow parsing refactoring") Signed-off-by: Saeed Mahameed commit 47bc94b82291e007da61ee1b3d18c77871f3e158 Author: Huy Nguyen Date: Wed Aug 15 11:08:48 2018 -0500 net/mlx5: Check for error in mlx5_attach_interface Currently, mlx5_attach_interface does not check for error after calling intf->attach or intf->add. When these two calls fails, the client is not initialized and will cause issues such as kernel panic on invalid address in the teardown path (mlx5_detach_interface) Fixes: 737a234bb638 ("net/mlx5: Introduce attach/detach to interface API") Signed-off-by: Huy Nguyen Signed-off-by: Saeed Mahameed commit df7ddb2396cd162e64aaff9401be05e31e438961 Author: Daniel Jurgens Date: Mon Aug 27 09:09:46 2018 -0500 net/mlx5: Consider PCI domain in search for next dev The PCI BDF is not unique. PCI domain must also be considered when searching for the next physical device during lag setup. Example below: mlx5_core 0000:01:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(128) RxCqeCmprss(0) mlx5_core 0000:01:00.1: MLX5E: StrdRq(1) RqSz(8) StrdSz(128) RxCqeCmprss(0) mlx5_core 0001:01:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(128) RxCqeCmprss(0) mlx5_core 0001:01:00.1: MLX5E: StrdRq(1) RqSz(8) StrdSz(128) RxCqeCmprss(0) Signed-off-by: Daniel Jurgens Reviewed-by: Aviv Heller Signed-off-by: Saeed Mahameed commit 071304772fc747d5df13c51f1cf48a4b922a5e0d Author: Roi Dayan Date: Sun Aug 19 08:56:09 2018 +0300 net/mlx5: Fix not releasing read lock when adding flow rules If building match list fg fails and we never jumped to search_again_locked label then the function returned without unlocking the read lock. Fixes: bd71b08ec2ee ("net/mlx5: Support multiple updates of steering rules in parallel") Signed-off-by: Roi Dayan Reviewed-by: Maor Gottlieb Signed-off-by: Saeed Mahameed commit c88a026e01219488e745f4f0267fd76c2bb68421 Author: Raed Salem Date: Tue Aug 21 15:22:42 2018 +0300 net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables The memory allocated for the slow path table flow group input structure was not freed upon successful return, fix that. Fixes: 1967ce6ea5c8 ("net/mlx5: E-Switch, Refactor fast path FDB table creation in switchdev mode") Signed-off-by: Raed Salem Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed commit a09036221092989b88c55d24d1f12ceb1d7d361f Author: Tariq Toukan Date: Tue Aug 21 16:07:58 2018 +0300 net/mlx5: Use u16 for Work Queue buffer strides offset Minimal stride size is 16. Hence, the number of strides in a fragment (of PAGE_SIZE) is <= PAGE_SIZE / 16 <= 4K. u16 is sufficient to represent this. Fixes: d7037ad73daa ("net/mlx5: Fix QP fragmented buffer allocation") Signed-off-by: Tariq Toukan Reviewed-by: Eran Ben Elisha Signed-off-by: Saeed Mahameed commit 8d71e818506718e8d7032ce824b5c74a17d4f7a5 Author: Tariq Toukan Date: Tue Aug 21 16:04:41 2018 +0300 net/mlx5: Use u16 for Work Queue buffer fragment size Minimal stride size is 16. Hence, the number of strides in a fragment (of PAGE_SIZE) is <= PAGE_SIZE / 16 <= 4K. u16 is sufficient to represent this. Fixes: 388ca8be0037 ("IB/mlx5: Implement fragmented completion queue (CQ)") Signed-off-by: Tariq Toukan Reviewed-by: Eran Ben Elisha Signed-off-by: Saeed Mahameed commit 5df816e7f43f1297c40021ef17ec6e722b45c82f Author: Jack Morgenstein Date: Tue Aug 7 09:59:03 2018 +0300 net/mlx5: Fix debugfs cleanup in the device init/remove flow When initializing the device (procedure init_one), the driver calls mlx5_pci_init to perform pci initialization. As part of this initialization, mlx5_pci_init creates a debugfs directory. If this creation fails, init_one aborts, returning failure to the caller (which is the probe method caller). The main reason for such a failure to occur is if the debugfs directory already exists. This can happen if the last time mlx5_pci_close was called, debugfs_remove (silently) failed due to the debugfs directory not being empty. Guarantee that such a debugfs_remove failure will not occur by instead calling debugfs_remove_recursive in procedure mlx5_pci_close. Fixes: 59211bd3b632 ("net/mlx5: Split the load/unload flow into hardware and software flows") Signed-off-by: Jack Morgenstein Reviewed-by: Daniel Jurgens Signed-off-by: Saeed Mahameed commit 76d5581c870454be5f1f1a106c57985902e7ea20 Author: Jack Morgenstein Date: Sun Aug 5 09:19:33 2018 +0300 net/mlx5: Fix use-after-free in self-healing flow When the mlx5 health mechanism detects a problem while the driver is in the middle of init_one or remove_one, the driver needs to prevent the health mechanism from scheduling future work; if future work is scheduled, there is a problem with use-after-free: the system WQ tries to run the work item (which has been freed) at the scheduled future time. Prevent this by disabling work item scheduling in the health mechanism when the driver is in the middle of init_one() or remove_one(). Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters") Signed-off-by: Jack Morgenstein Reviewed-by: Feras Daoud Signed-off-by: Saeed Mahameed commit 08e74be103051861eb2c1ee52a2dcf119cde264f Author: Parav Pandit Date: Wed Sep 5 09:47:57 2018 +0300 RDMA/uverbs: Fix error cleanup path of ib_uverbs_add_one() If ib_uverbs_create_uapi() fails, dev_num should be freed from the bitmap. Fixes: 7d96c9b17636 ("IB/uverbs: Have the core code create the uverbs_root_spec") Signed-off-by: Parav Pandit Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 8b2ded1c94c06f841f8c1612bcfa33c85012a36b Author: Mikulas Patocka Date: Wed Sep 5 16:14:36 2018 -0600 block: don't warn when doing fsync on read-only devices It is possible to call fsync on a read-only handle (for example, fsck.ext2 does it when doing read-only check), and this call results in kernel warning. The patch b089cfd95d32 ("block: don't warn for flush on read-only device") attempted to disable the warning, but it is buggy and it doesn't (op_is_flush tests flags, but bio_op strips off the flags). Signed-off-by: Mikulas Patocka Fixes: 721c7fc701c7 ("block: fail op_is_write() requests to read-only partitions") Cc: stable@vger.kernel.org # 4.18 Signed-off-by: Jens Axboe commit f40f299bbe806a2e2c8b0d7cdda822fa3bdd171b Author: Somnath Kotur Date: Wed Sep 5 13:20:34 2018 +0530 bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces 1. DMA-able memory allocated for Shadow QP was not being freed. 2. bnxt_qplib_alloc_qp_hdr_buf() had a bug wherein the SQ pointer was erroneously pointing to the RQ. But since the corresponding free_qp_hdr_buf() was correct, memory being free was less than what was allocated. Fixes: 1ac5a4047975 ("RDMA/bnxt_re: Add bnxt_re RoCE driver") Signed-off-by: Somnath Kotur Signed-off-by: Jason Gunthorpe commit e3f3d7ab00cd459d0f7a839758a4542f4d4b8ac8 Author: Dan Carpenter Date: Wed Sep 5 10:46:27 2018 +0300 hwmon: (nct6775) Set weight source to zero correctly This is dead code because j can never be 1 at this point. We had intended to just test if the bit was clear. Fixes: bbd8decd4123 ("hwmon: (nct6775) Add support for weighted fan control") Signed-off-by: Dan Carpenter Signed-off-by: Guenter Roeck commit 816e846c2eb9129a3e0afa5f920c8bbc71efecaa Author: Aaron Knister Date: Fri Aug 24 08:42:46 2018 -0400 IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler Inside of start_xmit() the call to check if the connection is up and the queueing of the packets for later transmission is not atomic which leaves a window where cm_rep_handler can run, set the connection up, dequeue pending packets and leave the subsequently queued packets by start_xmit() sitting on neigh->queue until they're dropped when the connection is torn down. This only applies to connected mode. These dropped packets can really upset TCP, for example, and cause multi-minute delays in transmission for open connections. Here's the code in start_xmit where we check to see if the connection is up: if (ipoib_cm_get(neigh)) { if (ipoib_cm_up(neigh)) { ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } } The race occurs if cm_rep_handler execution occurs after the above connection check (specifically if it gets to the point where it acquires priv->lock to dequeue pending skb's) but before the below code snippet in start_xmit where packets are queued. if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { push_pseudo_header(skb, phdr->hwaddr); spin_lock_irqsave(&priv->lock, flags); __skb_queue_tail(&neigh->queue, skb); spin_unlock_irqrestore(&priv->lock, flags); } else { ++dev->stats.tx_dropped; dev_kfree_skb_any(skb); } The patch acquires the netif tx lock in cm_rep_handler for the section where it sets the connection up and dequeues and retransmits deferred skb's. Fixes: 839fcaba355a ("IPoIB: Connected mode experimental support") Cc: stable@vger.kernel.org Signed-off-by: Aaron Knister Tested-by: Ira Weiny Reviewed-by: Ira Weiny Signed-off-by: Jason Gunthorpe commit 8407879c4e0d7731f6e7e905893cecf61a7762c7 Author: Sagi Grimberg Date: Mon Sep 3 03:47:07 2018 -0700 nvmet-rdma: fix possible bogus dereference under heavy load Currently we always repost the recv buffer before we send a response capsule back to the host. Since ordering is not guaranteed for send and recv completions, it is posible that we will receive a new request from the host before we got a send completion for the response capsule. Today, we pre-allocate 2x rsps the length of the queue, but in reality, under heavy load there is nothing that is really preventing the gap to expand until we exhaust all our rsps. To fix this, if we don't have any pre-allocated rsps left, we dynamically allocate a rsp and make sure to free it when we are done. If under memory pressure we fail to allocate a rsp, we silently drop the command and wait for the host to retry. Reported-by: Steve Wise Tested-by: Steve Wise Signed-off-by: Sagi Grimberg [hch: dropped a superflous assignment] Signed-off-by: Christoph Hellwig commit d07f05fb86439c41dd6967c94be3ba3837b21567 Author: Peter Robinson Date: Sat Jul 21 00:02:12 2018 +0100 hwmon: rpi: add module alias to raspberrypi-hwmon The raspberrypi-hwmon driver doesn't automatically load, although it does work when loaded, by adding the alias it auto loads as expected when built as a module. Tested on RPi2/RPi3 on 32 bit kernel and RPi3B+ on aarch64 with Fedora 28 and a patched 4.18 RC kernel. Fixes: 3c493c885cf ("hwmon: Add support for RPi voltage sensor") Signed-off-by: Peter Robinson CC: Stefan Wahren CC: Eric Anholt Acked-by: Guenter Roeck Tested-by: Stefan Wahren Reviewed-by: Eric Anholt Signed-off-by: Florian Fainelli commit 4d85af102a66ee6aeefa596f273169e77fb2b48e Author: Lei Yang Date: Wed Sep 5 17:57:15 2018 +0800 selftests: memory-hotplug: add required configs add CONFIG_MEMORY_HOTREMOVE=y in config without this config, /sys/devices/system/memory/memory*/removable always return 0, I endup getting an early skip during test Signed-off-by: Lei Yang Signed-off-by: Shuah Khan (Samsung OSG) commit 53cf59d6c0ad3edc4f4449098706a8f8986258b6 Author: Lei Yang Date: Wed Sep 5 11:14:49 2018 +0800 selftests/efivarfs: add required kernel configs add config file Signed-off-by: Lei Yang Signed-off-by: Shuah Khan (Samsung OSG) commit b36fdc6853a38a6f8749897a33435635019e0647 Merge: f4697d9a8a9c d49b48f088c3 Author: Linus Torvalds Date: Wed Sep 5 09:27:45 2018 -0700 Merge tag 'gpio-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO fixes from Linus Walleij: "Some GPIO fixes. The ACPI stuff is probably the most annoying for users that get fixed this time. - Atomic contexts, cansleep* calls and such fastpath/slopwpath things. - Defer ACPI event handler registration to late_initcall() so IRQs do not fire in our face before other drivers have a chance to register handlers. - Race condition if a consumer requests a GPIO after gpiochip_add_data_with_key() but before of_gpiochip_add() - Probe errorpath in the dwapb driver" * tag 'gpio-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpio: Fix crash due to registration race gpio: dwapb: Fix error handling in dwapb_gpio_probe() gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall gpiolib: acpi: Switch to cansleep version of GPIO library call gpio: adp5588: Fix sleep-in-atomic-context bug commit f4697d9a8a9c7a3ce4d33bb37bb1390f0d17c870 Merge: d0c1db1da4b7 b9eb3b14f1db Author: Linus Torvalds Date: Wed Sep 5 09:17:20 2018 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "A set of very minor fixes and a couple of reverts to fix a major problem (the attempt to change the busy count causes a hang when attempting to change the drive cache type)" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: aacraid: fix a signedness bug Revert "scsi: core: avoid host-wide host_busy counter for scsi_mq" Revert "scsi: core: fix scsi_host_queue_ready" scsi: libata: Add missing newline at end of file scsi: target: iscsi: cxgbit: use pr_debug() instead of pr_info() scsi: hpsa: limit transfer length to 1MB, not 512kB scsi: lpfc: Correct MDS diag and nvmet configuration scsi: lpfc: Default fdmi_on to on scsi: csiostor: fix incorrect port capabilities scsi: csiostor: add a check for NULL pointer after kmalloc() scsi: documentation: add scsi_mod.use_blk_mq to scsi-parameters scsi: core: Update SCSI_MQ_DEFAULT help text to match default commit d0c1db1da4b7e16bcca139bca7f3b3557a8cf3d7 Merge: 0e9b10395018 3350139c0ff3 Author: Linus Torvalds Date: Wed Sep 5 09:13:31 2018 -0700 Merge tag 'nds32-for-linus-4.19-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/greentime/linux Pull nds32 updates from Greentime Hu: "Contained in here are the bug fixes, building error fixes and ftrace support for nds32" * tag 'nds32-for-linus-4.19-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/greentime/linux: nds32: linker script: GCOV kernel may refers data in __exit nds32: fix build error because of wrong semicolon nds32: Fix a kernel panic issue because of wrong frame pointer access. nds32: Only print one page of stack when die to prevent printing too much information. nds32: Add macro definition for offset of lp register on stack nds32: Remove the deprecated ABI implementation nds32/stack: Get real return address by using ftrace_graph_ret_addr nds32/ftrace: Support dynamic function graph tracer nds32/ftrace: Support dynamic function tracer nds32/ftrace: Add RECORD_MCOUNT support nds32/ftrace: Support static function graph tracer nds32/ftrace: Support static function tracer nds32: Extract the checking and getting pointer to a macro nds32: Clean up the coding style nds32: Fix get_user/put_user macro expand pointer problem nds32: Fix empty call trace nds32: add NULL entry to the end of_device_id array nds32: fix logic for module commit 865e63b04e9b2a658d7f26bd13a71dcd964a9118 Author: Steven Rostedt (VMware) Date: Tue Sep 4 16:26:11 2018 -0400 tracing: Add back in rcu_irq_enter/exit_irqson() for rcuidle tracepoints Borislav reported the following splat: ============================= WARNING: suspicious RCU usage 4.19.0-rc1+ #1 Not tainted ----------------------------- ./include/linux/rcupdate.h:631 rcu_read_lock() used illegally while idle! other info that might help us debug this: RCU used illegally from idle CPU! rcu_scheduler_active = 2, debug_locks = 1 RCU used illegally from extended quiescent state! 1 lock held by swapper/0/0: #0: 000000004557ee0e (rcu_read_lock){....}, at: perf_event_output_forward+0x0/0x130 stack backtrace: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.0-rc1+ #1 Hardware name: LENOVO 2320CTO/2320CTO, BIOS G2ET86WW (2.06 ) 11/13/2012 Call Trace: dump_stack+0x85/0xcb perf_event_output_forward+0xf6/0x130 __perf_event_overflow+0x52/0xe0 perf_swevent_overflow+0x91/0xb0 perf_tp_event+0x11a/0x350 ? find_held_lock+0x2d/0x90 ? __lock_acquire+0x2ce/0x1350 ? __lock_acquire+0x2ce/0x1350 ? retint_kernel+0x2d/0x2d ? find_held_lock+0x2d/0x90 ? tick_nohz_get_sleep_length+0x83/0xb0 ? perf_trace_cpu+0xbb/0xd0 ? perf_trace_buf_alloc+0x5a/0xa0 perf_trace_cpu+0xbb/0xd0 cpuidle_enter_state+0x185/0x340 do_idle+0x1eb/0x260 cpu_startup_entry+0x5f/0x70 start_kernel+0x49b/0x4a6 secondary_startup_64+0xa4/0xb0 This is due to the tracepoints moving to SRCU usage which does not require RCU to be "watching". But perf uses these tracepoints with RCU and expects it to be. Hence, we still need to add in the rcu_irq_enter/exit_irqson() calls for "rcuidle" tracepoints. This is a temporary fix until we have SRCU working in NMI context, and then perf can be converted to use that instead of normal RCU. Link: http://lkml.kernel.org/r/20180904162611.6a120068@gandalf.local.home Cc: x86-ml Cc: Peter Zijlstra Reported-by: Borislav Petkov Tested-by: Borislav Petkov Reviewed-by: "Paul E. McKenney" Fixes: e6753f23d961d ("tracepoint: Make rcuidle tracepoint callers use SRCU") Signed-off-by: Steven Rostedt (VMware) commit e65a9e480e91ddf9e15155454d370cead64689c8 Author: Stefan Wahren Date: Wed Sep 5 15:23:18 2018 +0200 net: qca_spi: Fix race condition in spi transfers With performance optimization the spi transfer and messages of basic register operations like qcaspi_read_register moved into the private driver structure. But they weren't protected against mutual access (e.g. between driver kthread and ethtool). So dumping the QCA7000 registers via ethtool during network traffic could make spi_sync hang forever, because the completion in spi_message is overwritten. So revert the optimization completely. Fixes: 291ab06ecf676 ("net: qualcomm: new Ethernet over SPI driver for QCA700") Signed-off-by: Stefan Wahren Signed-off-by: David S. Miller commit 9d7f19dc4673fbafebfcbf30eb90e09fa7d1c037 Author: Petr Oros Date: Wed Sep 5 14:37:45 2018 +0200 be2net: Fix memory leak in be_cmd_get_profile_config() DMA allocated memory is lost in be_cmd_get_profile_config() when we call it with non-NULL port_res parameter. Signed-off-by: Petr Oros Reviewed-by: Ivan Vecera Signed-off-by: David S. Miller commit 3a3539cd36327c6f9e0ffd9f3fd3dea7ff8b3567 Author: Petr Machata Date: Wed Sep 5 12:16:00 2018 +0200 mlxsw: spectrum_buffers: Set up a dedicated pool for BUM traffic MC-aware mode was recently enabled by mlxsw on Spectrum switches in commit 7b8195306694 ("mlxsw: spectrum: Configure MC-aware mode on mlxsw ports"). Unfortunately, testing has shown that the fix is incomplete and in the presented form actually makes the problem even worse, because any amount of MC traffic causes UC disruption. The reason for this is that currently, mlxsw configures the MC-specific TCs (8..15) to map to pool 0. It also configures a maximum buffer size of 0, but for MC traffic that maximum is disregarded and not part of the quota. Therefore MC traffic is always admitted to the egress buffer. Fix the configuration by directing the MC TCs into pool 15, which is dedicated to MC traffic and recognized as such by the silicon. Fixes: 7b8195306694 ("mlxsw: spectrum: Configure MC-aware mode on mlxsw ports") Signed-off-by: Petr Machata Acked-by: Jiri Pirko Signed-off-by: David S. Miller commit d8c3916023d438a40cf16b284ee6ae7acab57b64 Merge: 6e22e3af7bb3 5dfdd24eb3d3 Author: Greg Kroah-Hartman Date: Wed Sep 5 16:25:02 2018 +0200 Merge tag 'usb-serial-4.19-rc3' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus Johan writes: USB-serial fixes for v4.19-rc3 Here are two fixes for array-underflow bugs in completion handlers due to insufficient sanity checks. All have been in linux-next with no reported issues. Signed-off-by: Johan Hovold commit b2d35fa5fc80c27e868e393dcab4c94a0d71737f Author: Anders Roxell Date: Tue Sep 4 12:47:21 2018 +0200 selftests: add headers_install to lib.mk If the kernel headers aren't installed we can't build all the tests. Add a new make target rule 'khdr' in the file lib.mk to generate the kernel headers and that gets include for every test-dir Makefile that includes lib.mk If the testdir in turn have its own sub-dirs the top_srcdir needs to be set to the linux-rootdir to be able to generate the kernel headers. Signed-off-by: Anders Roxell Reviewed-by: Fathi Boudra Signed-off-by: Shuah Khan (Samsung OSG) commit 6e22e3af7bb3a7b9dc53cb4687659f6e63fca427 Author: Jia-Ju Bai Date: Sat Sep 1 16:12:10 2018 +0800 usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() wdm_in_callback() is a completion handler function for the USB driver. So it should not sleep. But it calls service_outstanding_interrupt(), which calls usb_submit_urb() with GFP_KERNEL. To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC. This bug is found by my static analysis tool DSAC. Signed-off-by: Jia-Ju Bai Cc: stable Signed-off-by: Greg Kroah-Hartman commit bc8acc214d3f1cafebcbcd101a695bbac716595d Author: Jia-Ju Bai Date: Sat Sep 1 16:25:08 2018 +0800 usb: misc: uss720: Fix two sleep-in-atomic-context bugs async_complete() in uss720.c is a completion handler function for the USB driver. So it should not sleep, but it is can sleep according to the function call paths (from bottom to top) in Linux-4.16. [FUNC] set_1284_register(GFP_KERNEL) drivers/usb/misc/uss720.c, 372: set_1284_register in parport_uss720_frob_control drivers/parport/ieee1284.c, 560: [FUNC_PTR]parport_uss720_frob_control in parport_ieee1284_ack_data_avail drivers/parport/ieee1284.c, 577: parport_ieee1284_ack_data_avail in parport_ieee1284_interrupt ./include/linux/parport.h, 474: parport_ieee1284_interrupt in parport_generic_irq drivers/usb/misc/uss720.c, 116: parport_generic_irq in async_complete [FUNC] get_1284_register(GFP_KERNEL) drivers/usb/misc/uss720.c, 382: get_1284_register in parport_uss720_read_status drivers/parport/ieee1284.c, 555: [FUNC_PTR]parport_uss720_read_status in parport_ieee1284_ack_data_avail drivers/parport/ieee1284.c, 577: parport_ieee1284_ack_data_avail in parport_ieee1284_interrupt ./include/linux/parport.h, 474: parport_ieee1284_interrupt in parport_generic_irq drivers/usb/misc/uss720.c, 116: parport_generic_irq in async_complete Note that [FUNC_PTR] means a function pointer call is used. To fix these bugs, GFP_KERNEL is replaced with GFP_ATOMIC. These bugs are found by my static analysis tool DSAC. Signed-off-by: Jia-Ju Bai Cc: stable Signed-off-by: Greg Kroah-Hartman commit 6d4f268fa132742fe96dad22307c68d237356d88 Author: Jia-Ju Bai Date: Sat Sep 1 17:23:47 2018 +0800 usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() i_usX2Y_subs_startup in usbusx2yaudio.c is a completion handler function for the USB driver. So it should not sleep, but it is can sleep according to the function call paths (from bottom to top) in Linux-4.16. [FUNC] msleep drivers/usb/host/u132-hcd.c, 2558: msleep in u132_get_frame drivers/usb/core/hcd.c, 2231: [FUNC_PTR]u132_get_frame in usb_hcd_get_frame_number drivers/usb/core/usb.c, 822: usb_hcd_get_frame_number in usb_get_current_frame_number sound/usb/usx2y/usbusx2yaudio.c, 303: usb_get_current_frame_number in i_usX2Y_urb_complete sound/usb/usx2y/usbusx2yaudio.c, 366: i_usX2Y_urb_complete in i_usX2Y_subs_startup Note that [FUNC_PTR] means a function pointer call is used. To fix this bug, msleep() is replaced with mdelay(). This bug is found by my static analysis tool DSAC. Signed-off-by: Jia-Ju Bai Cc: stable Signed-off-by: Greg Kroah-Hartman commit f9a5b4f58b280c1d26255376713c132f93837621 Author: Mathias Nyman Date: Mon Sep 3 15:44:16 2018 +0300 usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() The steps taken by usb core to set a new interface is very different from what is done on the xHC host side. xHC hardware will do everything in one go. One command is used to set up new endpoints, free old endpoints, check bandwidth, and run the new endpoints. All this is done by xHC when usb core asks the hcd to check for available bandwidth. At this point usb core has not yet flushed the old endpoints, which will cause use-after-free issues in xhci driver as queued URBs are cancelled on a re-allocated endpoint. To resolve this add a call to usb_disable_interface() which will flush the endpoints before calling usb_hcd_alloc_bandwidth() Additional checks in xhci driver will also be implemented to gracefully handle stale URB cancel on freed and re-allocated endpoints Cc: Reported-by: Sudip Mukherjee Signed-off-by: Mathias Nyman Acked-by: Alan Stern Signed-off-by: Greg Kroah-Hartman commit d23df2dc56325c72b51670b1fb400ddd23dc17cd Author: Randy Dunlap Date: Mon Sep 3 12:51:59 2018 -0700 linux/mod_devicetable.h: fix kernel-doc missing notation for typec_device_id Fix kernel-doc warning for missing struct member description: ../include/linux/mod_devicetable.h:763: warning: Function parameter or member 'driver_data' not described in 'typec_device_id' Fixes: 8a37d87d72f0c ("usb: typec: Bus type for alternate modes") Signed-off-by: Randy Dunlap Cc: Heikki Krogerus Reviewed-by: Heikki Krogerus Signed-off-by: Greg Kroah-Hartman commit 40de5fe4f45c5b804ea085d7e3f1a72fc6705929 Author: Randy Dunlap Date: Mon Sep 3 12:58:35 2018 -0700 usb/typec: fix kernel-doc notation warning for typec_match_altmode Fix kernel-doc warning for missing function parameter 'mode' description: ../drivers/usb/typec/bus.c:268: warning: Function parameter or member 'mode' not described in 'typec_match_altmode' Also fix typos for same function documentation. Fixes: 8a37d87d72f0 ("usb: typec: Bus type for alternate modes") Signed-off-by: Randy Dunlap Acked-by: Heikki Krogerus Signed-off-by: Greg Kroah-Hartman commit f3dc41c5d22b2ca14a0802a65d8cdc33a3882d4e Author: Mathias Nyman Date: Tue Sep 4 17:35:16 2018 +0300 usb: Don't die twice if PCI xhci host is not responding in resume usb_hc_died() should only be called once, and with the primary HCD as parameter. It will mark both primary and secondary hcd's dead. Remove the extra call to usb_cd_died with the shared hcd as parameter. Fixes: ff9d78b36f76 ("USB: Set usb_hcd->state and flags for shared roothubs") Signed-off-by: Mathias Nyman Cc: stable Acked-by: Alan Stern Signed-off-by: Greg Kroah-Hartman commit ae45893f74c72e632cbad882509f12558db2e4f3 Author: Katsuhiro Suzuki Date: Wed Sep 5 17:31:37 2018 +0900 ASoC: uniphier: change status to orphan Since I'm leaving from Socionext, I'll unable to access specification documents of this hardware (these are not public). So change the state to orphan until someone will maintain this driver. Signed-off-by: Katsuhiro Suzuki Signed-off-by: Mark Brown commit 8dbbaa47b96f6ea5f09f922b4effff3c505cd8cf Author: Geert Uytterhoeven Date: Wed Sep 5 10:49:39 2018 +0200 spi: rspi: Fix interrupted DMA transfers When interrupted, wait_event_interruptible_timeout() returns -ERESTARTSYS, and the SPI transfer in progress will fail, as expected: m25p80 spi0.0: SPI transfer failed: -512 spi_master spi0: failed to transfer one message from queue However, as the underlying DMA transfers may not have completed, all subsequent SPI transfers may start to fail: spi_master spi0: receive timeout qspi_transfer_out_in() returned -110 m25p80 spi0.0: SPI transfer failed: -110 spi_master spi0: failed to transfer one message from queue Fix this by calling dmaengine_terminate_all() not only for timeouts, but also for errors. This can be reproduced on r8a7991/koelsch, using "hd /dev/mtd0" followed by CTRL-C. Signed-off-by: Geert Uytterhoeven Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit c1ca59c22c56930b377a665fdd1b43351887830b Author: Geert Uytterhoeven Date: Wed Sep 5 10:49:38 2018 +0200 spi: rspi: Fix invalid SPI use during system suspend If the SPI queue is running during system suspend, the system may lock up. Fix this by stopping/restarting the queue during system suspend/resume, by calling spi_master_suspend()/spi_master_resume() from the PM callbacks. In-kernel users will receive an -ESHUTDOWN error while system suspend/resume is in progress. Based on a patch for sh-msiof by Gaku Inami. Signed-off-by: Geert Uytterhoeven Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit 31a5fae4c5a009898da6d177901d5328051641ff Author: Hiromitsu Yamasaki Date: Wed Sep 5 10:49:37 2018 +0200 spi: sh-msiof: Fix handling of write value for SISTR register This patch changes writing to the SISTR register according to the H/W user's manual. The TDREQ bit and RDREQ bits of SISTR are read-only, and must be written their initial values of zero. Signed-off-by: Hiromitsu Yamasaki [geert: reword] Signed-off-by: Geert Uytterhoeven Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit ffa69d6a16f686efe45269342474e421f2aa58b2 Author: Gaku Inami Date: Wed Sep 5 10:49:36 2018 +0200 spi: sh-msiof: Fix invalid SPI use during system suspend If the SPI queue is running during system suspend, the system may lock up. Fix this by stopping/restarting the queue during system suspend/resume by calling spi_master_suspend()/spi_master_resume() from the PM callbacks. In-kernel users will receive an -ESHUTDOWN error while system suspend/resume is in progress. Signed-off-by: Gaku Inami Signed-off-by: Hiromitsu Yamasaki [geert: Cleanup, reword] Signed-off-by: Geert Uytterhoeven Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit 78af87b8bbbbcaa613f1a7d8f14472fe9a7dc622 Author: Chunfeng Yun Date: Wed Aug 29 10:36:49 2018 +0800 usb: mtu3: fix error of xhci port id when enable U3 dual role If dual role mode is enabled, when switch u3port0 to device mode, it will affect port id calculation of host(xHCI), specially when host supports multi U2 ports or U3 ports, so need enable its dual role mode, and fix it here. Signed-off-by: Chunfeng Yun Cc: stable Signed-off-by: Greg Kroah-Hartman commit 42d1c6d4a06a77b3ab206a919b9050c3080f3a71 Author: Oliver Neukum Date: Thu Aug 9 16:03:37 2018 +0200 usb: uas: add support for more quirk flags The hope that UAS devices would be less broken than old style storage devices has turned out to be unfounded. Make UAS support more of the quirk flags of the old driver. Signed-off-by: Oliver Neukum Cc: stable Signed-off-by: Greg Kroah-Hartman commit f45681f9becaa65111ed0a691ccf080a0cd5feb8 Author: Tim Anderson Date: Thu Aug 9 14:55:34 2018 -0700 USB: Add quirk to support DJI CineSSD This device does not correctly handle the LPM operations. Also, the device cannot handle ATA pass-through commands and locks up when attempted while running in super speed. This patch adds the equivalent quirk logic as found in uas. Signed-off-by: Tim Anderson Acked-by: Alan Stern Cc: stable Signed-off-by: Greg Kroah-Hartman commit 49aa5afda2ed9cf6a8819707014385ede895ff87 Author: Randy Dunlap Date: Sun Sep 2 19:30:48 2018 -0700 usb: typec: fix kernel-doc parameter warning Fix kernel-doc warning (13 times): ../drivers/usb/typec/class.c:1497: warning: Excess function parameter 'drvdata' description in 'typec_port_register_altmode' Signed-off-by: Randy Dunlap Acked-by: Heikki Krogerus Signed-off-by: Greg Kroah-Hartman commit 4e3121abcf536f26fd08a4b395c6a6711a961641 Author: Randy Dunlap Date: Sun Sep 2 19:39:55 2018 -0700 usb/dwc3/gadget: fix kernel-doc parameter warning Fix kernel-doc warning: ../drivers/usb/dwc3/gadget.c:510: warning: Excess function parameter 'dwc' description in 'dwc3_gadget_start_config' Signed-off-by: Randy Dunlap Cc: Felipe Balbi Signed-off-by: Greg Kroah-Hartman commit 14427b86837a4baf1c121934c6599bdb67dfa9fc Author: Ben Hutchings Date: Wed Aug 15 21:45:37 2018 +0100 USB: yurex: Check for truncation in yurex_read() snprintf() always returns the full length of the string it could have printed, even if it was truncated because the buffer was too small. So in case the counter value is truncated, we will over-read from in_buffer and over-write to the caller's buffer. I don't think it's actually possible for this to happen, but in case truncation occurs, WARN and return -EIO. Signed-off-by: Ben Hutchings Signed-off-by: Greg Kroah-Hartman commit 7e10f14ebface44a48275c8d6dc1caae3668d5a9 Author: Ben Hutchings Date: Wed Aug 15 21:44:25 2018 +0100 USB: yurex: Fix buffer over-read in yurex_write() If the written data starts with a digit, yurex_write() tries to parse it as an integer using simple_strtoull(). This requires a null- terminator, and currently there's no guarantee that there is one. (The sample program at https://github.com/NeoCat/YUREX-driver-for-Linux/blob/master/sample/yurex_clock.pl writes an integer without a null terminator. It seems like it must have worked by chance!) Always add a null byte after the written data. Enlarge the buffer to allow for this. Cc: stable@vger.kernel.org Signed-off-by: Ben Hutchings Signed-off-by: Greg Kroah-Hartman commit 222471f7640d9771a993218d825d84825adc805d Author: Anurag Kumar Vulisha Date: Fri Aug 31 17:24:42 2018 +0300 usb: host: xhci-plat: Iterate over parent nodes for finding quirks In xhci_plat_probe() both sysdev and pdev->dev are being used for finding quirks. There are some drivers(like dwc3 host.c) which adds quirks(like usb3-lpm-capable) into pdev and the logic present in xhci_plat_probe() checks for quirks in either sysdev or pdev for finding the quirks. Because of this logic, some of the quirks are getting missed(usb3-lpm-capable quirk added by dwc3 host.c driver is getting missed).This patch fixes this by iterating over all the available parents for finding the quirks. In this way all the quirks which are present in child or parent are correctly updated. Signed-off-by: Anurag Kumar Vulisha Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman commit 4937213ba7fafa13f30496b3965ffe93970d8b53 Author: Mathias Nyman Date: Fri Aug 31 17:24:43 2018 +0300 xhci: Fix use after free for URB cancellation on a reallocated endpoint Make sure the cancelled URB is on the current endpoint ring. If the endpoint ring has been reallocated since the URB was enqueued then the URB may contain TD and TRB pointers to a already freed ring. In this the case return the URB without touching any of the freed ring structure data. Don't try to stop the ring. It would be useless. This can occur if endpoint is not flushed before it is dropped and re-added, which is the case in usb_set_interface() as xhci does things in an odd order. Cc: Tested-by: Sudip Mukherjee Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman commit 9b83a1c301ad6d24988a128c69b42cbaaf537d82 Author: Maxence Duprès Date: Wed Aug 8 23:56:33 2018 +0000 USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller WORLDE Controller KS49 or Prodipe MIDI 49C USB controller cause a -EPROTO error, a communication restart and loop again. This issue has already been fixed for KS25. https://lore.kernel.org/patchwork/patch/753077/ I just add device 201 for KS49 in quirks.c to get it works. Signed-off-by: Laurent Roux Cc: stable Signed-off-by: Greg Kroah-Hartman commit 6eae4a6c2be387fec41b0d2782c4fffb57159498 Author: Bob Copeland Date: Wed Sep 5 06:22:59 2018 -0400 mac80211: fix pending queue hang due to TX_DROP In our environment running lots of mesh nodes, we are seeing the pending queue hang periodically, with the debugfs queues file showing lines such as: 00: 0x00000000/348 i.e. there are a large number of frames but no stop reason set. One way this could happen is if queue processing from the pending tasklet exited early without processing all frames, and without having some future event (incoming frame, stop reason flag, ...) to reschedule it. Exactly this can occur today if ieee80211_tx() returns false due to packet drops or power-save buffering in the tx handlers. In the past, this function would return true in such cases, and the change to false doesn't seem to be intentional. Fix this case by reverting to the previous behavior. Fixes: bb42f2d13ffc ("mac80211: Move reorder-sensitive TX handlers to after TXQ dequeue") Signed-off-by: Bob Copeland Acked-by: Toke Høiland-Jørgensen Signed-off-by: Johannes Berg commit d9707490077bee0c7060ef5665a90656e1078b66 Author: Bruno Meirelles Herrera Date: Mon Aug 27 18:36:38 2018 -0300 usb: dwc2: Fix call location of dwc2_check_core_endianness Some SoC/IP as STM32F469, the snpsid can only be read after clock is enabled, otherwise it will read as 0, and the dwc2_check_core_endianness will assume the core and AHB have opposite endianness, leading to the following error: [ 1.976339] dwc2 50000000.usb: 50000000.usb supply vusb_d not found, using dummy regulator [ 1.986124] dwc2 50000000.usb: Linked as a consumer to regulator.0 [ 1.992711] dwc2 50000000.usb: 50000000.usb supply vusb_a not found, using dummy regulator [ 2.003672] dwc2 50000000.usb: dwc2_core_reset: HANG! AHB Idle timeout GRSTCTL GRSTCTL_AHBIDLE [ 2.015176] dwc2: probe of 50000000.usb failed with error -16 The proposed patch changes the location where dwc2_check_core_endianness is called, allowing the clock peripheral to be enabled first. Acked-by: Minas Harutyunyan Tested-by: Martin Blumenstingl Signed-off-by: Bruno Meirelles Herrera Signed-off-by: Felipe Balbi commit ade573eb1e03d1ee5abcb3359b1259469ab6e8ed Author: Hans de Goede Date: Sat Aug 18 10:12:08 2018 +0200 HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Commit b0f847e16c1e ("HID: hid-sensor-hub: Force logical minimum to 1 for power and report state") not only replaced the descriptor fixup done for devices with the HID_SENSOR_HUB_ENUM_QUIRK with a generic fix, but also accidentally removed the unrelated descriptor fixup for the Lenovo ThinkPad Helix 2 sensor hub. This commit restores this fixup. Restoring this fixup not only fixes the Lenovo ThinkPad Helix 2's sensors, but also the Lenovo ThinkPad 8's sensors. Fixes: b0f847e16c1e ("HID: hid-sensor-hub: Force logical minimum ...") Cc: Srinivas Pandruvada Cc: Fernando D S Lima Acked-by: Srinivas Pandruvada Signed-off-by: Hans de Goede Signed-off-by: Jiri Kosina commit b034ed50a2bb517c4b76e84f7723cb6bf60a4edd Author: Gustavo A. R. Silva Date: Wed Aug 29 10:22:09 2018 -0500 HID: core: fix NULL pointer dereference There is a NULL pointer dereference in case memory resources for *parse* are not successfully allocated. Fix this by adding a new goto label and make the execution path jump to it in case vzalloc() fails. Addresses-Coverity-ID: 1473081 ("Dereference after null check") Fixes: b2dd9f2e5a8a ("HID: core: fix memory leak on probe") Signed-off-by: Gustavo A. R. Silva Reviewed-by: Stefan Agner Signed-off-by: Jiri Kosina commit 24f33e64fcd0d50a4b1a8e5b41bd0257aa66b0e8 Author: Andrei Otcheretianski Date: Wed Sep 5 08:06:12 2018 +0300 cfg80211: reg: Init wiphy_idx in regulatory_hint_core() Core regulatory hints didn't set wiphy_idx to WIPHY_IDX_INVALID. Since the regulatory request is zeroed, wiphy_idx was always implicitly set to 0. This resulted in updating only phy #0. Fix that. Fixes: 806a9e39670b ("cfg80211: make regulatory_request use wiphy_idx instead of wiphy") Signed-off-by: Andrei Otcheretianski Signed-off-by: Luca Coelho [add fixes tag] Signed-off-by: Johannes Berg commit 94a5b3acd0aef83c0e38b5117eda7b2abf4a05a4 Author: Andrei Otcheretianski Date: Wed Sep 5 08:06:14 2018 +0300 mac80211: Don't wake up from PS for offchannel TX Otherwise the offchannel frame might be queued due to IEEE80211_QUEUE_STOP_REASON_PS and later dropped (in ieee80211_tx_frags()). Anyway, it doesn't make much sense to wake up the device during ROC. Signed-off-by: Andrei Otcheretianski Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg commit 8682250b3c1b75a45feb7452bc413d004cfe3778 Author: Andrei Otcheretianski Date: Wed Sep 5 08:06:13 2018 +0300 mac80211: Always report TX status If a frame is dropped for any reason, mac80211 wouldn't report the TX status back to user space. As the user space may rely on the TX_STATUS to kick its state machines, resends etc, it's better to just report this frame as not acked instead. Signed-off-by: Andrei Otcheretianski Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg commit c483a5cc9d09f4ceaa9abb106f863cc89cb643d9 Author: Johan Hovold Date: Mon Aug 27 10:21:48 2018 +0200 mmc: meson-mx-sdio: fix OF child-node lookup Use the new of_get_compatible_child() helper to lookup the slot child node instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the node of the device being probed). While at it, also fix up the related slot-node reference leak. Fixes: ed80a13bb4c4 ("mmc: meson-mx-sdio: Add a driver for the Amlogic Meson8 and Meson8b SoCs") Cc: stable # 4.15 Cc: Carlo Caione Cc: Martin Blumenstingl Cc: Ulf Hansson Acked-by: Martin Blumenstingl Signed-off-by: Johan Hovold Signed-off-by: Ulf Hansson commit 3350139c0ff3c95724b784f7109987d533cb3ecd Author: Greentime Hu Date: Tue Sep 4 14:25:57 2018 +0800 nds32: linker script: GCOV kernel may refers data in __exit This patch is used to fix nds32 allmodconfig/allyesconfig build error because GCOV kernel embeds counters in the kernel for each line and a part of that embed in __exit text. So we need to keep the EXIT_TEXT and EXIT_DATA if CONFIG_GCOV_KERNEL=y. Link: https://lkml.org/lkml/2018/9/1/125 Signed-off-by: Greentime Hu Reviewed-by: Masami Hiramatsu commit e866d3e84eb7c9588afb77604d417e8cc49fe216 Author: Guenter Roeck Date: Tue Aug 28 17:33:46 2018 -0700 riscv: Do not overwrite initrd_start and initrd_end setup_initrd() overwrites initrd_start and initrd_end if __initramfs_size is larger than 0, which is always true even if there is no embedded initramfs. This prevents booting qemu with "-initrd" parameter. Overwriting initrd_start and initrd_end is not necessary since __initramfs_start and __initramfs_size are used directly in populate_rootfs() to load the built-in initramfs, so just drop that code. Signed-off-by: Guenter Roeck Signed-off-by: Palmer Dabbelt commit 0e9b10395018ab78bf6bffcb9561a703c7f82cee Merge: 28619527b8a7 ae98043f5f7f Author: Linus Torvalds Date: Tue Sep 4 17:01:11 2018 -0700 Merge branch 'akpm' (patches from Andrew) Merge misc fixes from Andrew Morton: "17 fixes" * emailed patches from Andrew Morton : nilfs2: convert to SPDX license tags drivers/dax/device.c: convert variable to vm_fault_t type lib/Kconfig.debug: fix three typos in help text checkpatch: add __ro_after_init to known $Attribute mm: fix BUG_ON() in vmf_insert_pfn_pud() from VM_MIXEDMAP removal uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name memory_hotplug: fix kernel_panic on offline page processing checkpatch: add optional static const to blank line declarations test ipc/shm: properly return EIDRM in shm_lock() mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported. mm/util.c: improve kvfree() kerneldoc tools/vm/page-types.c: fix "defined but not used" warning tools/vm/slabinfo.c: fix sign-compare warning kmemleak: always register debugfs file mm: respect arch_dup_mmap() return value mm, oom: fix missing tlb_finish_mmu() in __oom_reap_task_mm(). mm: memcontrol: print proper OOM header when no eligible victim left commit ae98043f5f7fa45b65084f70e3ada3209873ebb4 Author: Ryusuke Konishi Date: Tue Sep 4 15:46:30 2018 -0700 nilfs2: convert to SPDX license tags Remove the verbose license text from NILFS2 files and replace them with SPDX tags. This does not change the license of any of the code. Link: http://lkml.kernel.org/r/1535624528-5982-1-git-send-email-konishi.ryusuke@lab.ntt.co.jp Signed-off-by: Ryusuke Konishi Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 36bdac1e674debd2714cb3e80eaa18266c2426e4 Author: Souptick Joarder Date: Tue Sep 4 15:46:26 2018 -0700 drivers/dax/device.c: convert variable to vm_fault_t type As part of 226ab561075f ("device-dax: Convert to vmf_insert_mixed and vm_fault_t") in 4.19-rc1, 'rc' was not converted to vm_fault_t. Now converted. Link: http://lkml.kernel.org/r/20180830153813.GA26059@jordon-HP-15-Notebook-PC Signed-off-by: Souptick Joarder Cc: Dan Williams Cc: Dave Jiang Cc: Ross Zwisler Cc: Vishal Verma Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 4c5d114ea04d5b6c7009d46895ec26109aa654f3 Author: Thibaut Sautereau Date: Tue Sep 4 15:46:23 2018 -0700 lib/Kconfig.debug: fix three typos in help text Fix three typos in CONFIG_WARN_ALL_UNSEEDED_RANDOM help text. Link: http://lkml.kernel.org/r/20180830194505.4778-1-thibaut@sautereau.fr Signed-off-by: Thibaut Sautereau Acked-by: Randy Dunlap Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c5967e989f1fe702e75d7405b9251ec7e490d847 Author: Joe Perches Date: Tue Sep 4 15:46:20 2018 -0700 checkpatch: add __ro_after_init to known $Attribute __ro_after_init is a specific __attribute__ that checkpatch does currently not understand. Add it to the known $Attribute types so that code that uses variables declared with __ro_after_init are not thought to be a modifier type. This appears as a defect in checkpatch output of code like: static bool trust_cpu __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_CPU); [...] if (trust_cpu && arch_init) { where checkpatch reports: ERROR: space prohibited after that '&&' (ctx:WxW) if (trust_cpu && arch_init) { Link: http://lkml.kernel.org/r/0fa8a2cb83ade4c525e18261ecf6cfede3015983.camel@perches.com Signed-off-by: Joe Perches Reported-by: Kees Cook Tested-by: Kees Cook Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 62ec0d8c4f332dedf19d6fad15ddea639044d5fe Author: Dave Jiang Date: Tue Sep 4 15:46:16 2018 -0700 mm: fix BUG_ON() in vmf_insert_pfn_pud() from VM_MIXEDMAP removal It looks like I missed the PUD path when doing VM_MIXEDMAP removal. This can be triggered by: 1. Boot with memmap=4G!8G 2. build ndctl with destructive flag on 3. make TESTS=device-dax check [ +0.000675] kernel BUG at mm/huge_memory.c:824! Applying the same change that was applied to vmf_insert_pfn_pmd() in the original patch. Link: http://lkml.kernel.org/r/153565957352.35524.1005746906902065126.stgit@djiang5-desk3.ch.intel.com Fixes: e1fb4a08649 ("dax: remove VM_MIXEDMAP for fsdax and device dax") Signed-off-by: Dave Jiang Reported-by: Vishal Verma Tested-by: Vishal Verma Acked-by: Jeff Moyer Reviewed-by: Jan Kara Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8a2336e549d385bb0b46880435b411df8d8200e8 Author: Randy Dunlap Date: Tue Sep 4 15:46:13 2018 -0700 uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name Since this header is in "include/uapi/linux/", apparently people want to use it in userspace programs -- even in C++ ones. However, the header uses a C++ reserved keyword ("private"), so change that to "dh_private" instead to allow the header file to be used in C++ userspace. Fixes https://bugzilla.kernel.org/show_bug.cgi?id=191051 Link: http://lkml.kernel.org/r/0db6c314-1ef4-9bfa-1baa-7214dd2ee061@infradead.org Fixes: ddbb41148724 ("KEYS: Add KEYCTL_DH_COMPUTE command") Signed-off-by: Randy Dunlap Reviewed-by: Andrew Morton Cc: David Howells Cc: James Morris Cc: "Serge E. Hallyn" Cc: Mat Martineau Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 4e8346d0be889c7ab5eb2d3deedc18111d741e99 Author: Mikhail Zaslonko Date: Tue Sep 4 15:46:09 2018 -0700 memory_hotplug: fix kernel_panic on offline page processing Within show_valid_zones() the function test_pages_in_a_zone() should be called for online memory blocks only. Otherwise it might lead to the VM_BUG_ON due to uninitialized struct pages (when CONFIG_DEBUG_VM_PGFLAGS kernel option is set): page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p)) ------------[ cut here ]------------ Call Trace: ([<000000000038f91e>] test_pages_in_a_zone+0xe6/0x168) [<0000000000923472>] show_valid_zones+0x5a/0x1a8 [<0000000000900284>] dev_attr_show+0x3c/0x78 [<000000000046f6f0>] sysfs_kf_seq_show+0xd0/0x150 [<00000000003ef662>] seq_read+0x212/0x4b8 [<00000000003bf202>] __vfs_read+0x3a/0x178 [<00000000003bf3ca>] vfs_read+0x8a/0x148 [<00000000003bfa3a>] ksys_read+0x62/0xb8 [<0000000000bc2220>] system_call+0xdc/0x2d8 That VM_BUG_ON was triggered by the page poisoning introduced in mm/sparse.c with the git commit d0dc12e86b31 ("mm/memory_hotplug: optimize memory hotplug"). With the same commit the new 'nid' field has been added to the struct memory_block in order to store and later on derive the node id for offline pages (instead of accessing struct page which might be uninitialized). But one reference to nid in show_valid_zones() function has been overlooked. Fixed with current commit. Also, nr_pages will not be used any more after test_pages_in_a_zone() call, do not update it. Link: http://lkml.kernel.org/r/20180828090539.41491-1-zaslonko@linux.ibm.com Fixes: d0dc12e86b31 ("mm/memory_hotplug: optimize memory hotplug") Signed-off-by: Mikhail Zaslonko Acked-by: Michal Hocko Reviewed-by: Pavel Tatashin Cc: [4.17+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 328b5f417a4ac929e20d98b989a2babac66c8520 Author: Joe Perches Date: Tue Sep 4 15:46:06 2018 -0700 checkpatch: add optional static const to blank line declarations test Using a static const struct definition as part of a series of declarations produces a false positive "Missing a blank line after declarations" for code like: WARNING: Missing a blank line after declarations #710: FILE: drivers/gpu/drm/tidss/tidss_scale_coefs.c:137: + int inc; + static const struct { So fix it. Link: http://lkml.kernel.org/r/5905126e70b0ed1781e49265fd5c49c5090d0223.camel@perches.com Signed-off-by: Joe Perches Reported-by: Jyri Sarha Cc: "Valkeinen, Tomi" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 9c21dae291d1b7763b749dfaef3fb911286c0d98 Author: Davidlohr Bueso Date: Tue Sep 4 15:46:02 2018 -0700 ipc/shm: properly return EIDRM in shm_lock() When getting rid of the general ipc_lock(), this was missed furthermore, making the comment around the ipc object validity check bogus. Under EIDRM conditions, callers will in turn not see the error and continue with the operation. Link: http://lkml.kernel.org/r/20180824030920.GD3677@linux-r8p5 Link: http://lkml.kernel.org/r/20180823024051.GC13343@shao2-debian Fixes: 82061c57ce9 ("ipc: drop ipc_lock()") Signed-off-by: Davidlohr Bueso Reported-by: kernel test robot Cc: Manfred Spraul Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 464c7ffbcb164b2e5cebfa406b7fc6cdb7945344 Author: Aneesh Kumar K.V Date: Tue Sep 4 15:45:59 2018 -0700 mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported. When scanning for movable pages, filter out Hugetlb pages if hugepage migration is not supported. Without this we hit infinte loop in __offline_pages() where we do pfn = scan_movable_pages(start_pfn, end_pfn); if (pfn) { /* We have movable pages */ ret = do_migrate_range(pfn, end_pfn); goto repeat; } Fix this by checking hugepage_migration_supported both in has_unmovable_pages which is the primary backoff mechanism for page offlining and for consistency reasons also into scan_movable_pages because it doesn't make any sense to return a pfn to non-migrateable huge page. This issue was revealed by, but not caused by 72b39cfc4d75 ("mm, memory_hotplug: do not fail offlining too early"). Link: http://lkml.kernel.org/r/20180824063314.21981-1-aneesh.kumar@linux.ibm.com Fixes: 72b39cfc4d75 ("mm, memory_hotplug: do not fail offlining too early") Signed-off-by: Aneesh Kumar K.V Reported-by: Haren Myneni Acked-by: Michal Hocko Reviewed-by: Naoya Horiguchi Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 04b8e946075d4582093e84f54dc1a004b227794d Author: Andrew Morton Date: Tue Sep 4 15:45:55 2018 -0700 mm/util.c: improve kvfree() kerneldoc Scooped from an email from Matthew. Cc: Mike Rapoport Cc: Jonathan Corbet Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7ab660f8baecfe26c1c267fa8e64d2073feae2bb Author: Naoya Horiguchi Date: Tue Sep 4 15:45:51 2018 -0700 tools/vm/page-types.c: fix "defined but not used" warning debugfs_known_mountpoints[] is not used any more, so let's remove it. Link: http://lkml.kernel.org/r/1535102651-19418-1-git-send-email-n-horiguchi@ah.jp.nec.com Signed-off-by: Naoya Horiguchi Reviewed-by: Andrew Morton Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 904506562e0856f2535d876407d087c9459d345b Author: Naoya Horiguchi Date: Tue Sep 4 15:45:48 2018 -0700 tools/vm/slabinfo.c: fix sign-compare warning Currently we get the following compiler warning: slabinfo.c:854:22: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] if (s->object_size < min_objsize) ^ due to the mismatch of signed/unsigned comparison. ->object_size and ->slab_size are never expected to be negative, so let's define them as unsigned int. [n-horiguchi@ah.jp.nec.com: convert everything - none of these can be negative] Link: http://lkml.kernel.org/r/20180826234947.GA9787@hori1.linux.bs1.fc.nec.co.jp Link: http://lkml.kernel.org/r/1535103134-20239-1-git-send-email-n-horiguchi@ah.jp.nec.com Signed-off-by: Naoya Horiguchi Reviewed-by: Andrew Morton Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b353756b2b71915e81ed41239292306622d08c9f Author: Vincent Whitchurch Date: Tue Sep 4 15:45:44 2018 -0700 kmemleak: always register debugfs file If kmemleak built in to the kernel, but is disabled by default, the debugfs file is never registered. Because of this, it is not possible to find out if the kernel is built with kmemleak support by checking for the presence of this file. To allow this, always register the file. After this patch, if the file doesn't exist, kmemleak is not available in the kernel. If writing "scan" or any other value than "clear" to this file results in EBUSY, then kmemleak is available but is disabled by default and can be activated via the kernel command line. Catalin: "that's also consistent with a late disabling of kmemleak when the debugfs entry sticks around." Link: http://lkml.kernel.org/r/20180824131220.19176-1-vincent.whitchurch@axis.com Signed-off-by: Vincent Whitchurch Acked-by: Catalin Marinas Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 1ed0cc5a01a4d868d9907ce96468c4b4c6709556 Author: Nadav Amit Date: Tue Sep 4 15:45:41 2018 -0700 mm: respect arch_dup_mmap() return value Commit d70f2a14b72a ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") ignored the return value of arch_dup_mmap(). As a result, on x86, a failure to duplicate the LDT (e.g. due to memory allocation error) would leave the duplicated memory mapping in an inconsistent state. Fix by using the return value, as it was before the change. Link: http://lkml.kernel.org/r/20180823051229.211856-1-namit@vmware.com Fixes: d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") Signed-off-by: Nadav Amit Acked-by: Michal Hocko Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 79cc81057eef7ad846588976296ab0f266c1a7a5 Author: Tetsuo Handa Date: Tue Sep 4 15:45:37 2018 -0700 mm, oom: fix missing tlb_finish_mmu() in __oom_reap_task_mm(). Commit 93065ac753e4 ("mm, oom: distinguish blockable mode for mmu notifiers") has added an ability to skip over vmas with blockable mmu notifiers. This however didn't call tlb_finish_mmu as it should. As a result inc_tlb_flush_pending has been called without its pairing dec_tlb_flush_pending and all callers mm_tlb_flush_pending would flush even though this is not really needed. This alone is not harmful and it seems there shouldn't be any such callers for oom victims at all but there is no real reason to skip tlb_finish_mmu on early skip either so call it. [mhocko@suse.com: new changelog] Link: http://lkml.kernel.org/r/b752d1d5-81ad-7a35-2394-7870641be51c@i-love.sakura.ne.jp Signed-off-by: Tetsuo Handa Acked-by: Michal Hocko Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3100dab2aa09dc6e082956e306fc9f81b3cc0f7a Author: Johannes Weiner Date: Tue Sep 4 15:45:34 2018 -0700 mm: memcontrol: print proper OOM header when no eligible victim left When the memcg OOM killer runs out of killable tasks, it currently prints a WARN with no further OOM context. This has caused some user confusion. Warnings indicate a kernel problem. In a reported case, however, the situation was triggered by a nonsensical memcg configuration (hard limit set to 0). But without any VM context this wasn't obvious from the report, and it took some back and forth on the mailing list to identify what is actually a trivial issue. Handle this OOM condition like we handle it in the global OOM killer: dump the full OOM context and tell the user we ran out of tasks. This way the user can identify misconfigurations easily by themselves and rectify the problem - without having to go through the hassle of running into an obscure but unsettling warning, finding the appropriate kernel mailing list and waiting for a kernel developer to remote-analyze that the memcg configuration caused this. If users cannot make sense of why the OOM killer was triggered or why it failed, they will still report it to the mailing list, we know that from experience. So in case there is an actual kernel bug causing this, kernel developers will very likely hear about it. Link: http://lkml.kernel.org/r/20180821160406.22578-1-hannes@cmpxchg.org Signed-off-by: Johannes Weiner Acked-by: Michal Hocko Cc: Dmitry Vyukov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 308aa2b8f7b7db3332a7d41099fd37851fb793b2 Author: Steve Wise Date: Fri Aug 31 07:15:56 2018 -0700 iw_cxgb4: only allow 1 flush on user qps Once the qp has been flushed, it cannot be flushed again. The user qp flush logic wasn't enforcing it however. The bug can cause touch-after-free crashes like: Unable to handle kernel paging request for data at address 0x000001ec Faulting instruction address: 0xc008000016069100 Oops: Kernel access of bad area, sig: 11 [#1] ... NIP [c008000016069100] flush_qp+0x80/0x480 [iw_cxgb4] LR [c00800001606cd6c] c4iw_modify_qp+0x71c/0x11d0 [iw_cxgb4] Call Trace: [c00800001606cd6c] c4iw_modify_qp+0x71c/0x11d0 [iw_cxgb4] [c00800001606e868] c4iw_ib_modify_qp+0x118/0x200 [iw_cxgb4] [c0080000119eae80] ib_security_modify_qp+0xd0/0x3d0 [ib_core] [c0080000119c4e24] ib_modify_qp+0xc4/0x2c0 [ib_core] [c008000011df0284] iwcm_modify_qp_err+0x44/0x70 [iw_cm] [c008000011df0fec] destroy_cm_id+0xcc/0x370 [iw_cm] [c008000011ed4358] rdma_destroy_id+0x3c8/0x520 [rdma_cm] [c0080000134b0540] ucma_close+0x90/0x1b0 [rdma_ucm] [c000000000444da4] __fput+0xe4/0x2f0 So fix flush_qp() to only flush the wq once. Cc: stable@vger.kernel.org Signed-off-by: Steve Wise Signed-off-by: Jason Gunthorpe commit e4ff3d22c11dd505353896cdcad0ee8f3251be68 Author: Artemy Kovalyov Date: Tue Aug 28 14:40:32 2018 +0300 IB/core: Release object lock if destroy failed The object lock was supposed to always be released during destroy, but when the destruction retry series was integrated with the destroy series it created a failure path that missed the unlock. Keep with convention, if destroy fails the caller must undo all locking. Fixes: 87ad80abc70d ("IB/uverbs: Consolidate uobject destruction") Signed-off-by: Artemy Kovalyov Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 0d23ba6034b9cf48b8918404367506da3e4b3ee5 Author: Jann Horn Date: Mon Sep 3 18:54:14 2018 +0200 RDMA/ucma: check fd type in ucma_migrate_id() The current code grabs the private_data of whatever file descriptor userspace has supplied and implicitly casts it to a `struct ucma_file *`, potentially causing a type confusion. This is probably fine in practice because the pointer is only used for comparisons, it is never actually dereferenced; and even in the comparisons, it is unlikely that a file from another filesystem would have a ->private_data pointer that happens to also be valid in this context. But ->private_data is not always guaranteed to be a valid pointer to an object owned by the file's filesystem; for example, some filesystems just cram numbers in there. Check the type of the supplied file descriptor to be safe, analogous to how other places in the kernel do it. Fixes: 88314e4dda1e ("RDMA/cma: add support for rdma_migrate_id()") Signed-off-by: Jann Horn Signed-off-by: Jason Gunthorpe commit dd45210b6dd4f1512eafcc41774154ebb762360f Author: Eugeniy Paltsev Date: Mon Jul 30 19:26:36 2018 +0300 ARC: don't check for HIGHMEM pages in arch_dma_alloc __GFP_HIGHMEM flag is cleared by upper layer functions (in include/linux/dma-mapping.h) so we'll never get a __GFP_HIGHMEM flag in arch_dma_alloc gfp argument. That's why alloc_pages will never return highmem page here. Get rid of highmem pages handling and cleanup arch_dma_alloc and arch_dma_free functions. Reviewed-by: Christoph Hellwig Signed-off-by: Eugeniy Paltsev Signed-off-by: Vineet Gupta commit 2b720e99a1297417b979bf4810a0f01d27133c48 Author: Eugeniy Paltsev Date: Mon Jul 30 19:26:35 2018 +0300 ARC: IOC: panic if both IOC and ZONE_HIGHMEM enabled Signed-off-by: Eugeniy Paltsev Signed-off-by: Vineet Gupta commit 2820a708d5a321342bef34e459fdc8679c30e20f Author: Eugeniy Paltsev Date: Mon Jul 30 19:26:34 2018 +0300 ARC: dma [IOC] Enable per device io coherency So far the IOC treatment was global on ARC, being turned on (or off) for all devices in the system. With this patch, this can now be done per device using the "dma-coherent" DT property; IOW with this patch we can use both HW-coherent and regular DMA peripherals simultaneously. The changes involved are too many so enlisting the summary below: 1. common code calls ARC arch_setup_dma_ops() per device. 2. For coherent dma (IOC) it plugs in generic @dma_direct_ops which doesn't need any arch specific backend: No need for any explicit cache flushes or MMU mappings to provide for uncached access - dma_(map|sync)_single* return early as corresponding dma ops callbacks are NULL in generic code. So arch_sync_dma_*() -> dma_cache_*() need not handle the coherent dma case, hence drop ARC __dma_cache_*_ioc() which were no-op anyways 3. For noncoherent dma (non IOC) generic @dma_noncoherent_ops is used which in turns calls ARC specific routines - arch_dma_alloc() no longer checks for @ioc_enable since this is called only for !IOC case. Reviewed-by: Christoph Hellwig Signed-off-by: Eugeniy Paltsev Signed-off-by: Vineet Gupta [vgupta: rewrote changelog] commit 28619527b8a712590c93d0a9e24b4425b9376a8c Merge: 60c1f89241d4 a33710bdb6b2 Author: Linus Torvalds Date: Tue Sep 4 12:45:11 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Must perform TXQ teardown before unregistering interfaces in mac80211, from Toke Høiland-Jørgensen. 2) Don't allow creating mac80211_hwsim with less than one channel, from Johannes Berg. 3) Division by zero in cfg80211, fix from Johannes Berg. 4) Fix endian issue in tipc, from Haiqing Bai. 5) BPF sockmap use-after-free fixes from Daniel Borkmann. 6) Spectre-v1 in mac80211_hwsim, from Jinbum Park. 7) Missing rhashtable_walk_exit() in tipc, from Cong Wang. 8) Revert kvzalloc() conversion of AF_PACKET, it breaks mmap() when kvzalloc() tries to use kmalloc() pages. From Eric Dumazet. 9) Fix deadlock in hv_netvsc, from Dexuan Cui. 10) Do not restart timewait timer on RST, from Florian Westphal. 11) Fix double lwstate refcount grab in ipv6, from Alexey Kodanev. 12) Unsolicit report count handling is off-by-one, fix from Hangbin Liu. 13) Sleep-in-atomic in cadence driver, from Jia-Ju Bai. 14) Respect ttl-inherit in ip6 tunnel driver, from Hangbin Liu. 15) Use-after-free in act_ife, fix from Cong Wang. 16) Missing hold to meta module in act_ife, from Vlad Buslov. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (91 commits) net: phy: sfp: Handle unimplemented hwmon limits and alarms net: sched: action_ife: take reference to meta module act_ife: fix a potential use-after-free net/mlx5: Fix SQ offset in QPs with small RQ tipc: correct spelling errors for tipc_topsrv_queue_evt() comments tipc: correct spelling errors for struct tipc_bc_base's comment bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA. bnxt_en: Clean up unused functions. bnxt_en: Fix firmware signaled resource change logic in open. sctp: not traverse asoc trans list if non-ipv6 trans exists for ipv6_flowlabel sctp: fix invalid reference to the index variable of the iterator net/ibm/emac: wrong emac_calc_base call was used by typo net: sched: null actions array pointer before releasing action vhost: fix VHOST_GET_BACKEND_FEATURES ioctl request definition r8169: add support for NCube 8168 network card ip6_tunnel: respect ttl inherit for ip6tnl mac80211: shorten the IBSS debug messages mac80211: don't Tx a deauth frame if the AP forbade Tx mac80211: Fix station bandwidth setting after channel switch mac80211: fix a race between restart and CSA flows ... commit 0d6c3011409135ea84e2a231b013a22017ff999a Author: Benjamin Tissoires Date: Tue Sep 4 15:31:14 2018 +0200 HID: core: fix grouping by application commit f07b3c1da92d ("HID: generic: create one input report per application type") was effectively the same as MULTI_INPUT: hidinput->report was never set, so hidinput_match_application() always returned null. Fix that by testing against the real application. Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward compatibility on all non-Win8 touchscreens. link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 link: https://bugs.archlinux.org/task/59699 link: https://github.com/NixOS/nixpkgs/issues/45165 Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Benjamin Tissoires Signed-off-by: Jiri Kosina commit ec6adef5fbc3f140c70e7499fdad818acb3a46c6 Author: Benjamin Tissoires Date: Tue Sep 4 15:31:12 2018 +0200 HID: multitouch: fix Elan panels with 2 input modes declaration When implementing commit 7f81c8db5489 ("HID: multitouch: simplify the settings of the various features"), I wrongly removed a test that made sure we never try to set the second InputMode feature to something else than 0. This broke badly some recent Elan panels that now forget to send the click button in some area of the touchpad. Link: https://bugzilla.kernel.org/show_bug.cgi?id=200899 Fixes: 7f81c8db5489 ("HID: multitouch: simplify the settings of the various features") Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Benjamin Tissoires Signed-off-by: Jiri Kosina commit a33710bdb6b284f8f1e24f1119d167037b374ebb Author: Andrew Lunn Date: Tue Sep 4 04:23:56 2018 +0200 net: phy: sfp: Handle unimplemented hwmon limits and alarms Not all SFPs implement the registers containing sensor limits and alarms. Luckily, there is a bit indicating if they are implemented or not. Add checking for this bit, when deciding if the hwmon attributes should be visible. Fixes: 1323061a018a ("net: phy: sfp: Add HWMON support for module sensors") Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit 84cb8eb26cb9ce3c79928094962a475a9d850a53 Author: Vlad Buslov Date: Tue Sep 4 00:44:42 2018 +0300 net: sched: action_ife: take reference to meta module Recent refactoring of add_metainfo() caused use_all_metadata() to add metainfo to ife action metalist without taking reference to module. This causes warning in module_put called from ife action cleanup function. Implement add_metainfo_and_get_ops() function that returns with reference to module taken if metainfo was added successfully, and call it from use_all_metadata(), instead of calling __add_metainfo() directly. Example warning: [ 646.344393] WARNING: CPU: 1 PID: 2278 at kernel/module.c:1139 module_put+0x1cb/0x230 [ 646.352437] Modules linked in: act_meta_skbtcindex act_meta_mark act_meta_skbprio act_ife ife veth nfsv3 nfs fscache xt_CHECKSUM iptable_mangle ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c tun ebtable_filter ebtables ip6table_filter ip6_tables bridge stp llc mlx5_ib ib_uverbs ib_core intel_rapl sb_edac x86_pkg_temp_thermal mlx5_core coretemp kvm_intel kvm nfsd igb irqbypass crct10dif_pclmul devlink crc32_pclmul mei_me joydev ses crc32c_intel enclosure auth_rpcgss i2c_algo_bit ioatdma ptp mei pps_core ghash_clmulni_intel iTCO_wdt iTCO_vendor_support pcspkr dca ipmi_ssif lpc_ich target_core_mod i2c_i801 ipmi_si ipmi_devintf pcc_cpufreq wmi ipmi_msghandler nfs_acl lockd acpi_pad acpi_power_meter grace sunrpc mpt3sas raid_class scsi_transport_sas [ 646.425631] CPU: 1 PID: 2278 Comm: tc Not tainted 4.19.0-rc1+ #799 [ 646.432187] Hardware name: Supermicro SYS-2028TP-DECR/X10DRT-P, BIOS 2.0b 03/30/2017 [ 646.440595] RIP: 0010:module_put+0x1cb/0x230 [ 646.445238] Code: f3 66 94 02 e8 26 ff fa ff 85 c0 74 11 0f b6 1d 51 30 94 02 80 fb 01 77 60 83 e3 01 74 13 65 ff 0d 3a 83 db 73 e9 2b ff ff ff <0f> 0b e9 00 ff ff ff e8 59 01 fb ff 85 c0 75 e4 48 c7 c2 20 62 6b [ 646.464997] RSP: 0018:ffff880354d37068 EFLAGS: 00010286 [ 646.470599] RAX: 0000000000000000 RBX: ffffffffc0a52518 RCX: ffffffff8c2668db [ 646.478118] RDX: 0000000000000003 RSI: dffffc0000000000 RDI: ffffffffc0a52518 [ 646.485641] RBP: ffffffffc0a52180 R08: fffffbfff814a4a4 R09: fffffbfff814a4a3 [ 646.493164] R10: ffffffffc0a5251b R11: fffffbfff814a4a4 R12: 1ffff1006a9a6e0d [ 646.500687] R13: 00000000ffffffff R14: ffff880362bab890 R15: dead000000000100 [ 646.508213] FS: 00007f4164c99800(0000) GS:ffff88036fe40000(0000) knlGS:0000000000000000 [ 646.516961] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 646.523080] CR2: 00007f41638b8420 CR3: 0000000351df0004 CR4: 00000000001606e0 [ 646.530595] Call Trace: [ 646.533408] ? find_symbol_in_section+0x260/0x260 [ 646.538509] tcf_ife_cleanup+0x11b/0x200 [act_ife] [ 646.543695] tcf_action_cleanup+0x29/0xa0 [ 646.548078] __tcf_action_put+0x5a/0xb0 [ 646.552289] ? nla_put+0x65/0xe0 [ 646.555889] __tcf_idr_release+0x48/0x60 [ 646.560187] tcf_generic_walker+0x448/0x6b0 [ 646.564764] ? tcf_action_dump_1+0x450/0x450 [ 646.569411] ? __lock_is_held+0x84/0x110 [ 646.573720] ? tcf_ife_walker+0x10c/0x20f [act_ife] [ 646.578982] tca_action_gd+0x972/0xc40 [ 646.583129] ? tca_get_fill.constprop.17+0x250/0x250 [ 646.588471] ? mark_lock+0xcf/0x980 [ 646.592324] ? check_chain_key+0x140/0x1f0 [ 646.596832] ? debug_show_all_locks+0x240/0x240 [ 646.601839] ? memset+0x1f/0x40 [ 646.605350] ? nla_parse+0xca/0x1a0 [ 646.609217] tc_ctl_action+0x215/0x230 [ 646.613339] ? tcf_action_add+0x220/0x220 [ 646.617748] rtnetlink_rcv_msg+0x56a/0x6d0 [ 646.622227] ? rtnl_fdb_del+0x3f0/0x3f0 [ 646.626466] netlink_rcv_skb+0x18d/0x200 [ 646.630752] ? rtnl_fdb_del+0x3f0/0x3f0 [ 646.634959] ? netlink_ack+0x500/0x500 [ 646.639106] netlink_unicast+0x2d0/0x370 [ 646.643409] ? netlink_attachskb+0x340/0x340 [ 646.648050] ? _copy_from_iter_full+0xe9/0x3e0 [ 646.652870] ? import_iovec+0x11e/0x1c0 [ 646.657083] netlink_sendmsg+0x3b9/0x6a0 [ 646.661388] ? netlink_unicast+0x370/0x370 [ 646.665877] ? netlink_unicast+0x370/0x370 [ 646.670351] sock_sendmsg+0x6b/0x80 [ 646.674212] ___sys_sendmsg+0x4a1/0x520 [ 646.678443] ? copy_msghdr_from_user+0x210/0x210 [ 646.683463] ? lock_downgrade+0x320/0x320 [ 646.687849] ? debug_show_all_locks+0x240/0x240 [ 646.692760] ? do_raw_spin_unlock+0xa2/0x130 [ 646.697418] ? _raw_spin_unlock+0x24/0x30 [ 646.701798] ? __handle_mm_fault+0x1819/0x1c10 [ 646.706619] ? __pmd_alloc+0x320/0x320 [ 646.710738] ? debug_show_all_locks+0x240/0x240 [ 646.715649] ? restore_nameidata+0x7b/0xa0 [ 646.720117] ? check_chain_key+0x140/0x1f0 [ 646.724590] ? check_chain_key+0x140/0x1f0 [ 646.729070] ? __fget_light+0xbc/0xd0 [ 646.733121] ? __sys_sendmsg+0xd7/0x150 [ 646.737329] __sys_sendmsg+0xd7/0x150 [ 646.741359] ? __ia32_sys_shutdown+0x30/0x30 [ 646.746003] ? up_read+0x53/0x90 [ 646.749601] ? __do_page_fault+0x484/0x780 [ 646.754105] ? do_syscall_64+0x1e/0x2c0 [ 646.758320] do_syscall_64+0x72/0x2c0 [ 646.762353] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 646.767776] RIP: 0033:0x7f4163872150 [ 646.771713] Code: 8b 15 3c 7d 2b 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb cd 66 0f 1f 44 00 00 83 3d b9 d5 2b 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 be cd 00 00 48 89 04 24 [ 646.791474] RSP: 002b:00007ffdef7d6b58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 646.799721] RAX: ffffffffffffffda RBX: 0000000000000024 RCX: 00007f4163872150 [ 646.807240] RDX: 0000000000000000 RSI: 00007ffdef7d6bd0 RDI: 0000000000000003 [ 646.814760] RBP: 000000005b8b9482 R08: 0000000000000001 R09: 0000000000000000 [ 646.822286] R10: 00000000000005e7 R11: 0000000000000246 R12: 00007ffdef7dad20 [ 646.829807] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000679bc0 [ 646.837360] irq event stamp: 6083 [ 646.841043] hardirqs last enabled at (6081): [] __call_rcu+0x17d/0x500 [ 646.849882] hardirqs last disabled at (6083): [] trace_hardirqs_off_thunk+0x1a/0x1c [ 646.859775] softirqs last enabled at (5968): [] __do_softirq+0x4a1/0x6ee [ 646.868784] softirqs last disabled at (6082): [] tcf_ife_cleanup+0x39/0x200 [act_ife] [ 646.878845] ---[ end trace b1b8c12ffe51e657 ]--- Fixes: 5ffe57da29b3 ("act_ife: fix a potential deadlock") Signed-off-by: Vlad Buslov Acked-by: Cong Wang Signed-off-by: David S. Miller commit 6d784f1625ea68783cc1fb17de8f6cd3e1660c3f Author: Cong Wang Date: Mon Sep 3 11:08:15 2018 -0700 act_ife: fix a potential use-after-free Immediately after module_put(), user could delete this module, so e->ops could be already freed before we call e->ops->release(). Fix this by moving module_put() after ops->release(). Fixes: ef6980b6becb ("introduce IFE action") Cc: Jamal Hadi Salim Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 639505d4397b8c654a8e2616f9cb70ece40c83f9 Author: Tariq Toukan Date: Mon Sep 3 18:06:24 2018 +0300 net/mlx5: Fix SQ offset in QPs with small RQ Correct the formula for calculating the RQ page remainder, which should be in byte granularity. The result will be non-zero only for RQs smaller than PAGE_SIZE, as an RQ size is a power of 2. Divide this by the SQ stride (MLX5_SEND_WQE_BB) to get the SQ offset in strides granularity. Fixes: d7037ad73daa ("net/mlx5: Fix QP fragmented buffer allocation") Signed-off-by: Tariq Toukan Reviewed-by: Eran Ben Elisha Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller commit 732b53146ac8f604e45c593efe0579f78205fdcc Merge: c012a0f26775 46dec40fb741 Author: Radim Krčmář Date: Tue Sep 4 21:12:46 2018 +0200 Merge tag 'kvm-ppc-fixes-4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc PPC KVM fixes for 4.19 Two small fixes for KVM on POWER machines; one fixes a bug where pages might not get marked dirty, causing guest memory corruption on migration, and the other fixes a bug causing reads from guest memory to use the wrong guest real address for very large HPT guests (>256G of memory), leading to failures in instruction emulation. commit bc811f05d77f47059c197a98b6ad242eb03999cb Author: Jens Axboe Date: Tue Sep 4 11:52:34 2018 -0600 nbd: don't allow invalid blocksize settings syzbot reports a divide-by-zero off the NBD_SET_BLKSIZE ioctl. We need proper validation of the input here. Not just if it's zero, but also if the value is a power-of-2 and in a valid range. Add that. Cc: stable@vger.kernel.org Reported-by: syzbot Reviewed-by: Josef Bacik Signed-off-by: Jens Axboe commit 1723c3155f117ee6e00f28fadf6e9eda4fc85806 Author: Linus Walleij Date: Tue Sep 4 15:39:30 2018 +0200 spi: gpio: Fix copy-and-paste error This fixes an embarrassing copy-and-paste error in the errorpath of spi_gpio_request(): we were checking the wrong struct member for error code right after retrieveing the sck GPIO. Fixes: 9b00bc7b901ff672 ("spi: spi-gpio: Rewrite to use GPIO descriptors") Reviewed-by: Geert Uytterhoeven Signed-off-by: Linus Walleij Signed-off-by: Mark Brown commit 851a15114895c5bce163a6f2d57e0aa4658a1be4 Author: Felipe Balbi Date: Mon Sep 3 11:24:57 2018 +0300 i2c: i801: fix DNV's SMBCTRL register offset DNV's iTCO is slightly different with SMBCTRL sitting at a different offset when compared to all other devices. Let's fix so that we can properly use iTCO watchdog. Fixes: 84d7f2ebd70d ("i2c: i801: Add support for Intel DNV") Cc: # v4.4+ Signed-off-by: Felipe Balbi Reviewed-by: Jean Delvare Signed-off-by: Wolfram Sang commit e4b069e0945fa14c71cf8b5b89f8b1b2aa68dbc2 Author: Mikulas Patocka Date: Wed Aug 22 12:45:51 2018 -0400 dm verity: fix crash on bufio buffer that was allocated with vmalloc Since commit d1ac3ff008fb ("dm verity: switch to using asynchronous hash crypto API") dm-verity uses asynchronous crypto calls for verification, so that it can use hardware with asynchronous processing of crypto operations. These asynchronous calls don't support vmalloc memory, but the buffer data can be allocated with vmalloc if dm-bufio is short of memory and uses a reserved buffer that was preallocated in dm_bufio_client_create(). Fix verity_hash_update() so that it deals with vmalloc'd memory correctly. Reported-by: "Xiao, Jin" Signed-off-by: Mikulas Patocka Fixes: d1ac3ff008fb ("dm verity: switch to using asynchronous hash crypto API") Cc: stable@vger.kernel.org # 4.12+ Signed-off-by: Mike Snitzer commit 3c398f3c3bef21961eaaeb93227fa66d440dc83d Author: Andreas Kemnade Date: Sun Sep 2 09:30:58 2018 +0200 mmc: omap_hsmmc: fix wakeirq handling on removal after unbinding mmc I get things like this: [ 185.294067] mmc1: card 0001 removed [ 185.305206] omap_hsmmc 480b4000.mmc: wake IRQ with no resume: -13 The wakeirq stays in /proc-interrupts rebinding shows this: [ 289.795959] genirq: Flags mismatch irq 112. 0000200a (480b4000.mmc:wakeup) vs. 0000200a (480b4000.mmc:wakeup) [ 289.808959] omap_hsmmc 480b4000.mmc: Unable to request wake IRQ [ 289.815338] omap_hsmmc 480b4000.mmc: no SDIO IRQ support, falling back to polling That bug seems to be introduced by switching from devm_request_irq() to generic wakeirq handling. So let us cleanup at removal. Signed-off-by: Andreas Kemnade Fixes: 5b83b2234be6 ("mmc: omap_hsmmc: Change wake-up interrupt to use generic wakeirq") Cc: stable@vger.kernel.org # v4.2+ Signed-off-by: Ulf Hansson commit df88f3181f10565c6e3a89eb6f0f9e6afaaf15f1 Author: Janosch Frank Date: Thu Aug 30 16:14:18 2018 +0200 KVM: s390: Properly lock mm context allow_gmap_hpage_1m setting We have to do down_write on the mm semaphore to set a bitfield in the mm context. Signed-off-by: Janosch Frank Fixes: a4499382 ("KVM: s390: Add huge page enablement control") Reviewed-by: Christian Borntraeger Signed-off-by: Christian Borntraeger commit 204c97245612b6c255edf4e21e24d417c4a0c008 Author: Pierre Morel Date: Thu Aug 23 12:25:54 2018 +0200 KVM: s390: vsie: copy wrapping keys to right place Copy the key mask to the right offset inside the shadow CRYCB Fixes: bbeaa58b3 ("KVM: s390: vsie: support aes dea wrapping keys") Signed-off-by: Pierre Morel Reviewed-by: David Hildenbrand Reviewed-by: Cornelia Huck Reviewed-by: Janosch Frank Cc: stable@vger.kernel.org # v4.8+ Message-Id: <1535019956-23539-2-git-send-email-pmorel@linux.ibm.com> Signed-off-by: Janosch Frank Signed-off-by: Christian Borntraeger commit a11bdb1a6b782ee97587f92fae798efc78c31093 Author: Janosch Frank Date: Thu Aug 30 10:13:55 2018 +0200 KVM: s390: Fix pfmf and conditional skey emulation We should not return with a lock. We also have to increase the address when we do page clearing. Fixes: bd096f644319 ("KVM: s390: Add skey emulation fault handling") Signed-off-by: Janosch Frank Message-Id: <20180830081355.59234-1-frankja@linux.ibm.com> Reviewed-by: David Hildenbrand Signed-off-by: Christian Borntraeger commit b81126e01a8c6048249955feea46c8217ebefa91 Author: Ingo Franzki Date: Mon Aug 27 14:28:47 2018 +0200 s390/crypto: Fix return code checking in cbc_paes_crypt() The return code of cpacf_kmc() is less than the number of bytes to process in case of an error, not greater. The crypt routines for the other cipher modes already have this correctly. Cc: stable@vger.kernel.org # v4.11+ Fixes: 279378430768 ("s390/crypt: Add protected key AES module") Signed-off-by: Ingo Franzki Acked-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky commit 782710e333a526780d65918d669cb96646983ba2 Author: Sowmini Varadhan Date: Mon Sep 3 04:36:53 2018 -0700 xfrm: reset crypto_done when iterating over multiple input xfrms We only support one offloaded xfrm (we do not have devices that can handle more than one offload), so reset crypto_done in xfrm_input() when iterating over multiple transforms in xfrm_input, so that we can invoke the appropriate x->type->input for the non-offloaded transforms Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API") Signed-off-by: Sowmini Varadhan Signed-off-by: Steffen Klassert commit bfc0698bebcb16d19ecfc89574ad4d696955e5d3 Author: Sowmini Varadhan Date: Mon Sep 3 04:36:52 2018 -0700 xfrm: reset transport header back to network header after all input transforms ahave been applied A policy may have been set up with multiple transforms (e.g., ESP and ipcomp). In this situation, the ingress IPsec processing iterates in xfrm_input() and applies each transform in turn, processing the nexthdr to find any additional xfrm that may apply. This patch resets the transport header back to network header only after the last transformation so that subsequent xfrms can find the correct transport header. Fixes: 7785bba299a8 ("esp: Add a software GRO codepath") Suggested-by: Steffen Klassert Signed-off-by: Sowmini Varadhan Signed-off-by: Steffen Klassert commit 0a1b60d76b0abcc2a0de4eb96d5dd379cd855f30 Author: Zhenyu Wang Date: Fri Aug 31 10:58:52 2018 +0800 drm/i915/gvt: Fix life cycle reference on KVM mm Handle guest mm access life cycle properly with mmget()/mmput(). As noted by Linus, use_mm() depends on valid live page table but KVM's mmgrab() doesn't guarantee that. As vGPU usage depends on guest VM life cycle, need to make sure to use mmget()/mmput() to guarantee VM address access. v3: fix build v2: v1 caused a weird dependence issue which failed for vfio device release, which result invalid mdev vgpu and kvm state without proper release taken. This trys to put right reference around VM address space access instead. Cc: Linus Torvalds Cc: Paolo Bonzini Cc: Zhi Wang Reviewed-by: Zhi Wang Signed-off-by: Zhenyu Wang commit ec865393292f5ad8d52da20788b3685ebce44c48 Author: Greentime Hu Date: Tue Aug 28 16:07:39 2018 +0800 nds32: fix build error because of wrong semicolon It shall be removed in the define usage. We shall not put a semicolon there. /kisskb/src/arch/nds32/include/asm/elf.h:126:29: error: expected '}' before ';' token #define ELF_DATA ELFDATA2LSB; ^ /kisskb/src/fs/proc/kcore.c:318:17: note: in expansion of macro 'ELF_DATA' [EI_DATA] = ELF_DATA, ^~~~~~~~ /kisskb/src/fs/proc/kcore.c:312:15: note: to match this '{' .e_ident = { ^ /kisskb/src/scripts/Makefile.build:307: recipe for target 'fs/proc/kcore.o' failed Signed-off-by: Greentime Hu commit 0cde56e0280d70ce26b54d22131944c2fe584b38 Author: Greentime Hu Date: Thu Aug 23 15:05:46 2018 +0800 nds32: Fix a kernel panic issue because of wrong frame pointer access. It can make sure that trace_hardirqs_off/trace_hardirqs_on can get a correct return address by frame pointer through __builtin_return_address() in this fix. Unable to handle kernel paging request at virtual address fffffffc pgd = 3c42e9cf [fffffffc] *pgd=02a9c000 Internal error: Oops: 1 [#1] Modules linked in: CPU: 0 PC is at trace_hardirqs_off+0x78/0xec LP is at common_exception_handler+0xda/0xf4 pc : [] lp : [] Tainted: G W sp : ada60ab0 fp : efcaff48 gp : 3a020490 r25: efcb0000 r24: 00000000 r23: 00000000 r22: 00000000 r21: 00000000 r20: 000700c1 r19: 000700ca r18: 3a21b018 r17: 00000001 r16: 00000002 r15: 00000001 r14: 0000002a r13: 3a00a804 r12: ada60ab0 r11: 3a113af8 r10: 3a01c530 r9 : 3a124404 r8 : 00120f9c r7 : b2352eba r6 : 00000000 r5 : 3a126b58 r4 : 00000000 r3 : 3a1726a8 r2 : b2921000 r1 : 00000000 r0 : 00000000 IRQs off Segment user Process init (pid: 1, stack limit = 0x069d7f15) Stack: (0xada60ab0 to 0xada61000) Stack: 0aa0: 00000000 00000003 3a110000 0011f000 Stack: 0ac0: 00000005 00000000 00000000 00000000 ada60b10 3a01fe68 ada60b0c ada60b08 Stack: 0ae0: 00000000 ada60ab8 ada60b30 3a020550 00000000 00000001 3a11c2f8 3a01c6e8 Stack: 0b00: 3a01cb80 fffffba8 3a113af8 3a21b018 3a122c28 00003ec4 00000165 00000000 Stack: 0b20: 3a126aec 0000006c 00000000 00000001 3a01fe68 00000000 00000003 00000000 Stack: 0b40: 00000001 000003f8 3a020930 3a01c530 00000008 ada60c18 3a020490 3a003120 Stack: 0b60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Stack: 0b80: 00000000 00000000 00000000 00000000 ffff8000 00000000 00000000 00000000 Stack: 0ba0: 00000000 00000001 3a020550 00000000 3a01d020 00000000 fffff000 fffff000 Stack: 0bc0: 00000000 00000000 00000000 00000000 ada60f2c 00000000 00000001 00000000 Stack: 0be0: 00000000 00000000 3a01fe68 fffffab0 00008034 00000008 3a0010cc 3a01fe68 Stack: 0c00: 00000000 00000000 00000001 ada60c88 3a020490 3a0139d4 0009dc6f 00000000 Stack: 0c20: 00000000 00000000 ada60fce fffff000 00000000 0000ebe0 3a020038 3a020550 Stack: 0c40: ada60f20 ada60c90 3a0007f0 3a0002a8 ada60c8c 00000000 00000000 ada60c88 Stack: 0c60: 3a020490 3a004570 00000000 00000000 ada60f20 3a0007f0 3a000000 00000000 Stack: 0c80: 3a020490 3a004850 00000000 3a013f24 3a000000 00000000 3a01ff44 00000000 Stack: 0ca0: 00000000 00000000 00000000 00000000 00000000 00000000 3a01ff84 3a01ff7c Stack: 0cc0: 3a01ff4c 3a01ff5c 3a01ff64 3a01ff9c 3a01ffa4 3a01ffac 3a01ff6c 3a01ff74 Stack: 0ce0: 00000000 00000000 3a01ff44 00000000 00000000 00000000 00000000 00000000 Stack: 0d00: 3a01ff8c 00000000 00000000 3a01ff94 00000000 00000000 00000000 00000000 Stack: 0d20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Stack: 0d40: 3a01ffbc 3a01ffb4 00000000 00000000 00000000 00000000 00000000 00000000 Stack: 0d60: 00000000 00000000 00000000 00000000 00000000 3a01ffc4 00000000 00000000 Stack: 0d80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Stack: 0da0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Stack: 0dc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 3a01ff54 Stack: 0de0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Stack: 0e00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Stack: 0e20: 00000000 00000004 00000000 00000000 00000000 00000000 00000000 00000000 Stack: 0e40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Stack: 0e60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Stack: 0e80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Stack: 0ea0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Stack: 0ec0: 00000000 00000000 00000000 00000000 ffffffff 00000000 00000000 00000000 Stack: 0ee0: 00000000 00000000 00000000 00000000 ada60f20 00000000 00000000 00000000 Stack: 0f00: 00000000 00000000 00000000 00000000 00000000 00000000 3a020490 3a000b24 Stack: 0f20: 00000001 ada60fde 00000000 ada60fe4 ada60feb 00000000 00000021 3a038000 Stack: 0f40: 00000010 0009dc6f 00000006 00001000 00000011 00000064 00000003 00008034 Stack: 0f60: 00000004 00000020 00000005 00000008 00000007 3a000000 00000008 00000000 Stack: 0f80: 00000009 0000ebe0 0000000b 00000000 0000000c 00000000 0000000d 00000000 Stack: 0fa0: 0000000e 00000000 00000017 00000000 00000019 ada60fce 0000001f ada60ff6 Stack: 0fc0: 00000000 00000000 00000000 b5010000 fa839914 23b5dd89 a2aea540 692fc82e Stack: 0fe0: 0074696e 454d4f48 54002f3d 3d4d5245 756e696c 692f0078 0074696e 00000000 CPU: 0 PID: 1 Comm: init Tainted: G W 4.18.0-00015-g1888b64a2558-dirty #112 Hardware name: andestech,ae3xx (DT) Call Trace: [] dump_stack+0x2c/0x38 [] die+0x128/0x18c [] do_page_fault+0x3b8/0x4e0 [] ret_from_exception+0x0/0x10 [] common_exception_handler+0xda/0xf4 Signed-off-by: Greentime Hu commit 487c4b2323b26cfb5fd4d77d3605a92c182b6288 Author: Greentime Hu Date: Thu Aug 23 14:47:43 2018 +0800 nds32: Only print one page of stack when die to prevent printing too much information. It may print too much information sometimes if the stack is wrong or too big. This patch can limit the debug information in a page of stack. Signed-off-by: Greentime Hu commit 95f93ed7fe92c16f5346e477491d91e4fa8e92b8 Author: Zong Li Date: Mon Aug 20 09:51:29 2018 +0800 nds32: Add macro definition for offset of lp register on stack Use macro to replace the magic number. Signed-off-by: Zong Li Acked-by: Greentime Hu Signed-off-by: Greentime Hu commit c5fdf7e00d490dc094a97d287e0fa27e253cca84 Author: Zong Li Date: Mon Aug 20 09:40:08 2018 +0800 nds32: Remove the deprecated ABI implementation We are not using NDS32 ABI 2 for now, just remove the preprocessor directives __NDS32_ABI_2. Signed-off-by: Zong Li Acked-by: Greentime Hu Signed-off-by: Greentime Hu commit 1e377ae9b04aef4dc531fa4c5f81b65d440ebcba Author: Zong Li Date: Wed Aug 15 11:05:40 2018 +0800 nds32/stack: Get real return address by using ftrace_graph_ret_addr Function graph tracer has modified the return address to 'return_to_handler' on stack, and provide the 'ftrace_graph_ret_addr' to get the real return address. Signed-off-by: Zong Li Acked-by: Greentime Hu Signed-off-by: Greentime Hu commit 95cd2f7bce9aa712473bba1b5b3f4fdec148baee Author: Zong Li Date: Wed Aug 15 11:01:10 2018 +0800 nds32/ftrace: Support dynamic function graph tracer This patch contains the implementation of dynamic function graph tracer. Signed-off-by: Zong Li Acked-by: Greentime Hu Signed-off-by: Greentime Hu commit 6b1d6d2fba37129f690ee7e9164f225c55626cac Author: Zong Li Date: Wed Aug 15 11:00:08 2018 +0800 nds32/ftrace: Support dynamic function tracer This patch contains the implementation of dynamic function tracer. The mcount call is composed of three instructions, so there are three nop for enough placeholder. Signed-off-by: Zong Li Acked-by: Greentime Hu Signed-off-by: Greentime Hu commit fbf58a52ac088669dfa930e557d0303a9fbb7e17 Author: Zong Li Date: Wed Aug 15 10:57:16 2018 +0800 nds32/ftrace: Add RECORD_MCOUNT support Recognize NDS32 object files in recordmcount.pl. Signed-off-by: Zong Li Acked-by: Greentime Hu Signed-off-by: Greentime Hu commit 1e9b14c0d92b61a0979fd5ee24d5e7f080f11030 Author: Zong Li Date: Wed Aug 15 10:53:04 2018 +0800 nds32/ftrace: Support static function graph tracer This patch contains implementation of static function graph tracer. Signed-off-by: Zong Li Acked-by: Greentime Hu Signed-off-by: Greentime Hu commit a18082575c664847d36c6ca030b09ce8d93aec2f Author: Zong Li Date: Wed Aug 15 10:45:59 2018 +0800 nds32/ftrace: Support static function tracer This patch support the static function tracer. On nds32 ABI, we need to always push return address to stack for __builtin_return_address can work correctly, otherwise, it will get the wrong value of $lp at leaf function. Signed-off-by: Zong Li Acked-by: Greentime Hu Signed-off-by: Greentime Hu commit 487913ab18c215b06611c4c91c7e905fc0960eb8 Author: Zong Li Date: Mon Aug 13 16:02:53 2018 +0800 nds32: Extract the checking and getting pointer to a macro Signed-off-by: Zong Li Acked-by: Greentime Hu Signed-off-by: Greentime Hu commit 7ef39548df8cdb6406e3b4b7255e7f8cd3fe3b13 Author: Zong Li Date: Mon Aug 13 15:08:52 2018 +0800 nds32: Clean up the coding style 1. Adjust indentation. 2. Unify argument name of each macro. 3. Add space after comma in parameters list. 4. Add space after 'if' keyword. 5. Replace space by tab. 6. Change asm volatile to __asm__ __volatile__ Signed-off-by: Zong Li Acked-by: Greentime Hu Signed-off-by: Greentime Hu commit 6cce95a6c7d288ac2126eee4b95df448b9015b84 Author: Zong Li Date: Mon Aug 13 14:48:49 2018 +0800 nds32: Fix get_user/put_user macro expand pointer problem The pointer argument of macro need to be taken out once first, and then use the new pointer in the macro body. In kernel/trace/trace.c, get_user(ch, ubuf++) causes the unexpected increment after expand the macro. Signed-off-by: Zong Li Acked-by: Greentime Hu Signed-off-by: Greentime Hu commit c17df7960534357fb74074c2f514c831d4a9cf5a Author: Zong Li Date: Mon Aug 13 13:28:23 2018 +0800 nds32: Fix empty call trace The compiler predefined macro 'NDS32_ABI_2' had been removed, it should use the '__NDS32_ABI_2' here. Signed-off-by: Zong Li Acked-by: Greentime Hu Signed-off-by: Greentime Hu commit 1944a50859ec2b570b42b459ac25d607fc7c31f0 Author: YueHaibing Date: Tue Aug 7 12:03:13 2018 +0800 nds32: add NULL entry to the end of_device_id array Make sure of_device_id tables are NULL terminated. Found by coccinelle spatch "misc/of_table.cocci" Signed-off-by: YueHaibing Acked-by: Greentime Hu Signed-off-by: Greentime Hu commit 1dfdf99106668679b0de5a62fd4f42c1a11c9445 Author: Greentime Hu Date: Wed Jul 18 09:54:55 2018 +0800 nds32: fix logic for module This bug is report by Dan Carpenter. We shall use ~loc_mask instead of !loc_mask because we need to and(&) the bits of ~loc_mask. Reported-by: Dan Carpenter Fixes: c9a4a8da6baa ("nds32: Loadable modules") Signed-off-by: Greentime Hu commit fc3e3bf55f48e5b18481075b0591ca938c9dba78 Merge: a484ef3442d2 c6e57b3896fc Author: David S. Miller Date: Mon Sep 3 22:12:02 2018 -0700 Merge tag 'mac80211-for-davem-2018-09-03' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Here are quite a large number of fixes, notably: * various A-MSDU building fixes (currently only affects mt76) * syzkaller & spectre fixes in hwsim * TXQ vs. teardown fix that was causing crashes * embed WMM info in reg rule, bad code here had been causing crashes * one compilation issue with fix from Arnd (rfkill-gpio includes) * fixes for a race and bad data during/after channel switch * nl80211: a validation fix, attribute type & unit fixes along with other small fixes. ==================== Signed-off-by: David S. Miller commit a484ef3442d2f05fa59edf4f6d14a8169d1b94a6 Author: Zhenbo Gao Date: Mon Sep 3 16:36:46 2018 +0800 tipc: correct spelling errors for tipc_topsrv_queue_evt() comments tipc_conn_queue_evt -> tipc_topsrv_queue_evt tipc_send_work -> tipc_conn_send_work tipc_send_to_sock -> tipc_conn_send_to_sock Signed-off-by: Zhenbo Gao Reviewed-by: Ying Xue Signed-off-by: David S. Miller commit 9cc1bf3928b31e515ed15477b3c7eb653d0b3b42 Author: Zhenbo Gao Date: Mon Sep 3 16:36:45 2018 +0800 tipc: correct spelling errors for struct tipc_bc_base's comment Trivial fix for two spelling mistakes. Signed-off-by: Zhenbo Gao Reviewed-by: Ying Xue Signed-off-by: David S. Miller commit a104d18def0468afdd0d753a91fc770f90df30e3 Merge: 6570aa1d1039 00fe9c326d20 Author: David S. Miller Date: Mon Sep 3 21:59:43 2018 -0700 Merge branch 'bnxt_en-Bug-fixes' Michael Chan says: ==================== bnxt_en: Bug fixes. This short series fixes resource related logic in the driver, mostly affecting the RDMA driver under corner cases. ==================== Signed-off-by: David S. Miller commit 00fe9c326d2027f2437dea38ef0e82f9d02d94c0 Author: Michael Chan Date: Mon Sep 3 04:23:19 2018 -0400 bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA. Currently, the driver adjusts the bp->hw_resc.max_cp_rings by the number of MSIX vectors used by RDMA. There is one code path in open that needs to check the true max_cp_rings including any used by RDMA. This code is now checking for the reduced max_cp_rings which will fail when the number of cp rings is very small. To fix this in a clean way, we don't adjust max_cp_rings anymore. Instead, we add a helper bnxt_get_max_func_cp_rings_for_en() to get the reduced max_cp_rings when appropriate. Fixes: ec86f14ea506 ("bnxt_en: Add ULP calls to stop and restart IRQs.") Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit ad95c27bdb930105f3eea02621bda157caf2862d Author: Michael Chan Date: Mon Sep 3 04:23:18 2018 -0400 bnxt_en: Clean up unused functions. Remove unused bnxt_subtract_ulp_resources(). Change bnxt_get_max_func_irqs() to static since it is only locally used. Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 6b95c3e9697254dab0c8eafc6ab9d5e10d2eca4e Author: Michael Chan Date: Mon Sep 3 04:23:17 2018 -0400 bnxt_en: Fix firmware signaled resource change logic in open. When the driver detects that resources have changed during open, it should reset the rx and tx rings to 0. This will properly setup the init sequence to initialize the default rings again. We also need to signal the RDMA driver to stop and clear its interrupts. We then call the RoCE driver to restart if a new set of default rings is successfully reserved. Fixes: 25e1acd6b92b ("bnxt_en: Notify firmware about IF state changes.") Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 6570aa1d1039fc389cdcbeb8c6e1d1f370f113f4 Merge: bf68066fccb1 741880e1f2f5 Author: David S. Miller Date: Mon Sep 3 21:57:55 2018 -0700 Merge branch 'sctp-two-fixes-for-spp_ipv6_flowlabel-and-spp_dscp-sockopts' Xin Long says: ==================== sctp: two fixes for spp_ipv6_flowlabel and spp_dscp sockopts This patchset fixes two problems in sctp_apply_peer_addr_params() when setting spp_ipv6_flowlabel or spp_dscp. ==================== Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller commit 741880e1f2f59b20125dc480765d2546cec66080 Author: Xin Long Date: Mon Sep 3 15:47:11 2018 +0800 sctp: not traverse asoc trans list if non-ipv6 trans exists for ipv6_flowlabel When users set params.spp_address and get a trans, ipv6_flowlabel flag should be applied into this trans. But even if this one is not an ipv6 trans, it should not go to apply it into all other transes of the asoc but simply ignore it. Fixes: 0b0dce7a36fb ("sctp: add spp_ipv6_flowlabel and spp_dscp for sctp_paddrparams") Signed-off-by: Xin Long Signed-off-by: David S. Miller commit af8a2b8ba7678b4695f9e854ba9abae1076beabe Author: Xin Long Date: Mon Sep 3 15:47:10 2018 +0800 sctp: fix invalid reference to the index variable of the iterator Now in sctp_apply_peer_addr_params(), if SPP_IPV6_FLOWLABEL flag is set and trans is NULL, it would use trans as the index variable to traverse transport_addr_list, then trans is set as the last transport of it. Later, if SPP_DSCP flag is set, it would enter into the wrong branch as trans is actually an invalid reference. So fix it by using a new index variable to traverse transport_addr_list for both SPP_DSCP and SPP_IPV6_FLOWLABEL flags process. Fixes: 0b0dce7a36fb ("sctp: add spp_ipv6_flowlabel and spp_dscp for sctp_paddrparams") Reported-by: Julia Lawall Signed-off-by: Xin Long Signed-off-by: David S. Miller commit bf68066fccb10fce6bbffdda24ee2ae314c9c5b2 Author: Ivan Mikhaylov Date: Mon Sep 3 10:26:28 2018 +0300 net/ibm/emac: wrong emac_calc_base call was used by typo __emac_calc_base_mr1 was used instead of __emac4_calc_base_mr1 by copy-paste mistake for emac4syn. Fixes: 45d6e545505fd32edb812f085be7de45b6a5c0af ("net/ibm/emac: add 8192 rx/tx fifo size") Signed-off-by: Ivan Mikhaylov Signed-off-by: David S. Miller commit c10bbfae3ae43fae1d77e16f05a73474acf514ff Author: Vlad Buslov Date: Mon Sep 3 10:04:55 2018 +0300 net: sched: null actions array pointer before releasing action Currently, tcf_action_delete() nulls actions array pointer after putting and deleting it. However, if tcf_idr_delete_index() returns an error, pointer to action is not set to null. That results it being released second time in error handling code of tca_action_gd(). Kasan error: [ 807.367755] ================================================================== [ 807.375844] BUG: KASAN: use-after-free in tc_setup_cb_call+0x14e/0x250 [ 807.382763] Read of size 8 at addr ffff88033e636000 by task tc/2732 [ 807.391289] CPU: 0 PID: 2732 Comm: tc Tainted: G W 4.19.0-rc1+ #799 [ 807.399542] Hardware name: Supermicro SYS-2028TP-DECR/X10DRT-P, BIOS 2.0b 03/30/2017 [ 807.407948] Call Trace: [ 807.410763] dump_stack+0x92/0xeb [ 807.414456] print_address_description+0x70/0x360 [ 807.419549] kasan_report+0x14d/0x300 [ 807.423582] ? tc_setup_cb_call+0x14e/0x250 [ 807.428150] tc_setup_cb_call+0x14e/0x250 [ 807.432539] ? nla_put+0x65/0xe0 [ 807.436146] fl_dump+0x394/0x3f0 [cls_flower] [ 807.440890] ? fl_tmplt_dump+0x140/0x140 [cls_flower] [ 807.446327] ? lock_downgrade+0x320/0x320 [ 807.450702] ? lock_acquire+0xe2/0x220 [ 807.454819] ? is_bpf_text_address+0x5/0x140 [ 807.459475] ? memcpy+0x34/0x50 [ 807.462980] ? nla_put+0x65/0xe0 [ 807.466582] tcf_fill_node+0x341/0x430 [ 807.470717] ? tcf_block_put+0xe0/0xe0 [ 807.474859] tcf_node_dump+0xdb/0xf0 [ 807.478821] fl_walk+0x8e/0x170 [cls_flower] [ 807.483474] tcf_chain_dump+0x35a/0x4d0 [ 807.487703] ? tfilter_notify+0x170/0x170 [ 807.492091] ? tcf_fill_node+0x430/0x430 [ 807.496411] tc_dump_tfilter+0x362/0x3f0 [ 807.500712] ? tc_del_tfilter+0x850/0x850 [ 807.505104] ? kasan_unpoison_shadow+0x30/0x40 [ 807.509940] ? __mutex_unlock_slowpath+0xcf/0x410 [ 807.515031] netlink_dump+0x263/0x4f0 [ 807.519077] __netlink_dump_start+0x2a0/0x300 [ 807.523817] ? tc_del_tfilter+0x850/0x850 [ 807.528198] rtnetlink_rcv_msg+0x46a/0x6d0 [ 807.532671] ? rtnl_fdb_del+0x3f0/0x3f0 [ 807.536878] ? tc_del_tfilter+0x850/0x850 [ 807.541280] netlink_rcv_skb+0x18d/0x200 [ 807.545570] ? rtnl_fdb_del+0x3f0/0x3f0 [ 807.549773] ? netlink_ack+0x500/0x500 [ 807.553913] netlink_unicast+0x2d0/0x370 [ 807.558212] ? netlink_attachskb+0x340/0x340 [ 807.562855] ? _copy_from_iter_full+0xe9/0x3e0 [ 807.567677] ? import_iovec+0x11e/0x1c0 [ 807.571890] netlink_sendmsg+0x3b9/0x6a0 [ 807.576192] ? netlink_unicast+0x370/0x370 [ 807.580684] ? netlink_unicast+0x370/0x370 [ 807.585154] sock_sendmsg+0x6b/0x80 [ 807.589015] ___sys_sendmsg+0x4a1/0x520 [ 807.593230] ? copy_msghdr_from_user+0x210/0x210 [ 807.598232] ? do_wp_page+0x174/0x880 [ 807.602276] ? __handle_mm_fault+0x749/0x1c10 [ 807.607021] ? __handle_mm_fault+0x1046/0x1c10 [ 807.611849] ? __pmd_alloc+0x320/0x320 [ 807.615973] ? check_chain_key+0x140/0x1f0 [ 807.620450] ? check_chain_key+0x140/0x1f0 [ 807.624929] ? __fget_light+0xbc/0xd0 [ 807.628970] ? __sys_sendmsg+0xd7/0x150 [ 807.633172] __sys_sendmsg+0xd7/0x150 [ 807.637201] ? __ia32_sys_shutdown+0x30/0x30 [ 807.641846] ? up_read+0x53/0x90 [ 807.645442] ? __do_page_fault+0x484/0x780 [ 807.649949] ? do_syscall_64+0x1e/0x2c0 [ 807.654164] do_syscall_64+0x72/0x2c0 [ 807.658198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.663625] RIP: 0033:0x7f42e9870150 [ 807.667568] Code: 8b 15 3c 7d 2b 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb cd 66 0f 1f 44 00 00 83 3d b9 d5 2b 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 be cd 00 00 48 89 04 24 [ 807.687328] RSP: 002b:00007ffdbf595b58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 807.695564] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f42e9870150 [ 807.703083] RDX: 0000000000000000 RSI: 00007ffdbf595b80 RDI: 0000000000000003 [ 807.710605] RBP: 00007ffdbf599d90 R08: 0000000000679bc0 R09: 000000000000000f [ 807.718127] R10: 00000000000005e7 R11: 0000000000000246 R12: 00007ffdbf599d88 [ 807.725651] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 807.735048] Allocated by task 2687: [ 807.738902] kasan_kmalloc+0xa0/0xd0 [ 807.742852] __kmalloc+0x118/0x2d0 [ 807.746615] tcf_idr_create+0x44/0x320 [ 807.750738] tcf_nat_init+0x41e/0x530 [act_nat] [ 807.755638] tcf_action_init_1+0x4e0/0x650 [ 807.760104] tcf_action_init+0x1ce/0x2d0 [ 807.764395] tcf_exts_validate+0x1d8/0x200 [ 807.768861] fl_change+0x55a/0x26b4 [cls_flower] [ 807.773845] tc_new_tfilter+0x748/0xa20 [ 807.778051] rtnetlink_rcv_msg+0x56a/0x6d0 [ 807.782517] netlink_rcv_skb+0x18d/0x200 [ 807.786804] netlink_unicast+0x2d0/0x370 [ 807.791095] netlink_sendmsg+0x3b9/0x6a0 [ 807.795387] sock_sendmsg+0x6b/0x80 [ 807.799240] ___sys_sendmsg+0x4a1/0x520 [ 807.803445] __sys_sendmsg+0xd7/0x150 [ 807.807473] do_syscall_64+0x72/0x2c0 [ 807.811506] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.818776] Freed by task 2728: [ 807.822283] __kasan_slab_free+0x122/0x180 [ 807.826752] kfree+0xf4/0x2f0 [ 807.830080] __tcf_action_put+0x5a/0xb0 [ 807.834281] tcf_action_put_many+0x46/0x70 [ 807.838747] tca_action_gd+0x232/0xc40 [ 807.842862] tc_ctl_action+0x215/0x230 [ 807.846977] rtnetlink_rcv_msg+0x56a/0x6d0 [ 807.851444] netlink_rcv_skb+0x18d/0x200 [ 807.855731] netlink_unicast+0x2d0/0x370 [ 807.860021] netlink_sendmsg+0x3b9/0x6a0 [ 807.864312] sock_sendmsg+0x6b/0x80 [ 807.868166] ___sys_sendmsg+0x4a1/0x520 [ 807.872372] __sys_sendmsg+0xd7/0x150 [ 807.876401] do_syscall_64+0x72/0x2c0 [ 807.880431] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.887704] The buggy address belongs to the object at ffff88033e636000 which belongs to the cache kmalloc-256 of size 256 [ 807.900909] The buggy address is located 0 bytes inside of 256-byte region [ffff88033e636000, ffff88033e636100) [ 807.913155] The buggy address belongs to the page: [ 807.918322] page:ffffea000cf98d80 count:1 mapcount:0 mapping:ffff88036f80ee00 index:0x0 compound_mapcount: 0 [ 807.928831] flags: 0x5fff8000008100(slab|head) [ 807.933647] raw: 005fff8000008100 ffffea000db44f00 0000000400000004 ffff88036f80ee00 [ 807.942050] raw: 0000000000000000 0000000080190019 00000001ffffffff 0000000000000000 [ 807.950456] page dumped because: kasan: bad access detected [ 807.958240] Memory state around the buggy address: [ 807.963405] ffff88033e635f00: fc fc fc fc fb fb fb fb fb fb fb fc fc fc fc fb [ 807.971288] ffff88033e635f80: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 807.979166] >ffff88033e636000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 807.994882] ^ [ 807.998477] ffff88033e636080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 808.006352] ffff88033e636100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 808.014230] ================================================================== [ 808.022108] Disabling lock debugging due to kernel taint Fixes: edfaf94fa705 ("net_sched: improve and refactor tcf_action_put_many()") Signed-off-by: Vlad Buslov Acked-by: Cong Wang Signed-off-by: David S. Miller commit 2b82435cb90bed2c5f8398730d964dd11602217c Author: Imre Deak Date: Fri Aug 31 20:47:39 2018 +0300 drm/i915/dp_mst: Fix enabling pipe clock for all streams commit afb2c4437dae ("drm/i915/ddi: Push pipe clock enabling to encoders") inadvertently stopped enabling the pipe clock for any DP-MST stream after the first one. It also rearranged the pipe clock enabling wrt. initial MST payload allocation step (which may or may not be a problem, but it's contrary to the spec.). Fix things by making the above commit truly a non-functional change. Fixes: afb2c4437dae ("drm/i915/ddi: Push pipe clock enabling to encoders") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107365 Reported-by: Lyude Paul Reported-by: dmummenschanz@web.de Tested-by: dmummenschanz@web.de Tested-by: Lyude Paul Cc: Lyude Paul Cc: dmummenschanz@web.de Cc: Ville Syrjälä Cc: Rodrigo Vivi Cc: Chris Wilson Signed-off-by: Imre Deak Reviewed-by: Ville Syrjälä Reviewed-by: Lyude Paul Reviewed-by: Rodrigo Vivi Link: https://patchwork.freedesktop.org/patch/msgid/20180831174739.30387-1-imre.deak@intel.com (cherry picked from commit 2b5cf4ef541f1b2facaca58cae5e8e0b5f19ad4c) Signed-off-by: Rodrigo Vivi commit 4fe967912ee83048beb45a6b4f0f6774fddcfa0a Author: Manasi Navare Date: Thu Aug 23 18:48:07 2018 -0700 drm/i915/dsc: Fix PPS register definition macros for 2nd VDSC engine This patch fixes the PPS4 and PPS5 register definition macros that were resulting into an incorect MMIO address. Fixes: 2efbb2f099fb ("i915/dp/dsc: Add DSC PPS register definitions") Cc: Anusha Srivatsa Signed-off-by: Manasi Navare Reviewed-by: Rodrigo Vivi Reviewed-by: Anusha Srivatsa Link: https://patchwork.freedesktop.org/patch/msgid/20180824014807.14681-1-manasi.d.navare@intel.com (cherry picked from commit 5df52391ddbed869c7d67b00fbb013bd64334115) Signed-off-by: Rodrigo Vivi commit 399334708b4f07b107094e5db4a390f0f25d2d4f Author: Jan-Marek Glogowski Date: Sat Aug 25 15:10:35 2018 -0400 drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse" This re-applies the workaround for "some DP sinks, [which] are a little nuts" from commit 1a36147bb939 ("drm/i915: Perform link quality check unconditionally during long pulse"). It makes the secondary AOC E2460P monitor connected via DP to an acer Veriton N4640G usable again. This hunk was dropped in commit c85d200e8321 ("drm/i915: Move SST DP link retraining into the ->post_hotplug() hook") Fixes: c85d200e8321 ("drm/i915: Move SST DP link retraining into the ->post_hotplug() hook") [Cleaned up commit message, added stable cc] Signed-off-by: Lyude Paul Signed-off-by: Jan-Marek Glogowski Cc: stable@vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20180825191035.3945-1-lyude@redhat.com (cherry picked from commit 3cf71bc9904d7ee4a25a822c5dcb54c7804ea388) Signed-off-by: Rodrigo Vivi commit f518cd94ecdce3298c9bace261475b6342a0111d Merge: 57361846b52b 54ff01fd0d44 Author: Rodrigo Vivi Date: Mon Sep 3 21:30:55 2018 -0700 Merge tag 'gvt-fixes-2018-09-04' of https://github.com/intel/gvt-linux into drm-intel-fixes gvt-fixes-2018-09-04 - two BXT virtual display emulation fixes (Colin) - gen9 dbuf guest warning fix (Xiaolin) - vgpu close pm warning fix (Hang) - dmabuf format_mod fix (Zhenyu) - multiple VM guest failure fix for scheduling (Zhenyu) Signed-off-by: Rodrigo Vivi From: Zhenyu Wang Link: https://patchwork.freedesktop.org/patch/msgid/20180904025437.GE20737@zhen-hp.sh.intel.com commit c48300c92ad9f029f4dcbcf5d71ad880e3acf2fa Author: Gleb Fotengauer-Malinovskiy Date: Mon Sep 3 20:59:13 2018 +0300 vhost: fix VHOST_GET_BACKEND_FEATURES ioctl request definition The _IOC_READ flag fits this ioctl request more because this request actually only writes to, but doesn't read from userspace. See NOTEs in include/uapi/asm-generic/ioctl.h for more information. Fixes: 429711aec282 ("vhost: switch to use new message format") Signed-off-by: Gleb Fotengauer-Malinovskiy Acked-by: Jason Wang Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller commit 5f8c10936fab2b69a487400f2872902e597dd320 Author: Theodore Ts'o Date: Mon Sep 3 22:25:01 2018 -0400 ext4: fix online resizing for bigalloc file systems with a 1k block size An online resize of a file system with the bigalloc feature enabled and a 1k block size would be refused since ext4_resize_begin() did not understand s_first_data_block is 0 for all bigalloc file systems, even when the block size is 1k. Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org commit f0a459dec5495a3580f8d784555e6f8f3bf7f263 Author: Theodore Ts'o Date: Mon Sep 3 22:19:43 2018 -0400 ext4: fix online resize's handling of a too-small final block group Avoid growing the file system to an extent so that the last block group is too small to hold all of the metadata that must be stored in the block group. This problem can be triggered with the following reproducer: umount /mnt mke2fs -F -m0 -b 4096 -t ext4 -O resize_inode,^has_journal \ -E resize=1073741824 /tmp/foo.img 128M mount /tmp/foo.img /mnt truncate --size 1708M /tmp/foo.img resize2fs /dev/loop0 295400 umount /mnt e2fsck -fy /tmp/foo.img Reported-by: Torsten Hilbrich Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org commit 9fd0e09a4e86499639653243edfcb417a05c5c46 Author: Anthony Wong Date: Fri Aug 31 20:06:42 2018 +0800 r8169: add support for NCube 8168 network card This card identifies itself as: Ethernet controller [0200]: NCube Device [10ff:8168] (rev 06) Subsystem: TP-LINK Technologies Co., Ltd. Device [7470:3468] Adding a new entry to rtl8169_pci_tbl makes the card work. Link: http://launchpad.net/bugs/1788730 Signed-off-by: Anthony Wong Signed-off-by: David S. Miller commit 36feaac35405e932ad9c321d7a2db8a7e4a4d7ca Author: Hangbin Liu Date: Fri Aug 31 16:52:01 2018 +0800 ip6_tunnel: respect ttl inherit for ip6tnl man ip-tunnel ttl section says: 0 is a special value meaning that packets inherit the TTL value. IPv4 tunnel respect this in ip_tunnel_xmit(), but IPv6 tunnel has not implement it yet. To make IPv6 behave consistently with IP tunnel, add ipv6 tunnel inherit support. Signed-off-by: Hangbin Liu Signed-off-by: David S. Miller commit f7c50fa636f72490baceb1664ba64973137266f2 Author: Keyon Jie Date: Mon Sep 3 10:47:09 2018 +0800 ALSA: hda: Fix several mismatch for register mask and value E.g. for snd_hdac_ext_link_clear_stream_id(), we should set (1 << stream) as mask, and 0 as value, here correct it and several similar mismatches. And, here also remove unreadable register_mask usage for those mask value updating. Signed-off-by: Keyon Jie Signed-off-by: Takashi Iwai commit edf4e7b7b9104b58fddfcd073bd7dcc1585d5326 Author: John Johansen Date: Sat Sep 1 01:57:52 2018 -0700 apparmor: fix bad debug check in apparmor_secid_to_secctx() apparmor_secid_to_secctx() has a bad debug statement tripping on a condition handle by the code. When kconfig SECURITY_APPARMOR_DEBUG is enabled the debug WARN_ON will trip when **secdata is NULL resulting in the following trace. ------------[ cut here ]------------ AppArmor WARN apparmor_secid_to_secctx: ((!secdata)): WARNING: CPU: 0 PID: 14826 at security/apparmor/secid.c:82 apparmor_secid_to_secctx+0x2b5/0x2f0 security/apparmor/secid.c:82 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 14826 Comm: syz-executor1 Not tainted 4.19.0-rc1+ #193 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 panic+0x238/0x4e7 kernel/panic.c:184 __warn.cold.8+0x163/0x1ba kernel/panic.c:536 report_bug+0x252/0x2d0 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:993 RIP: 0010:apparmor_secid_to_secctx+0x2b5/0x2f0 security/apparmor/secid.c:82 Code: c7 c7 40 66 58 87 e8 6a 6d 0f fe 0f 0b e9 6c fe ff ff e8 3e aa 44 fe 48 c7 c6 80 67 58 87 48 c7 c7 a0 65 58 87 e8 4b 6d 0f fe <0f> 0b e9 3f fe ff ff 48 89 df e8 fc a7 83 fe e9 ed fe ff ff bb f4 RSP: 0018:ffff8801ba1bed10 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff8801ba1beed0 RCX: ffffc9000227e000 RDX: 0000000000018482 RSI: ffffffff8163ac01 RDI: 0000000000000001 RBP: ffff8801ba1bed30 R08: ffff8801b80ec080 R09: ffffed003b603eca R10: ffffed003b603eca R11: ffff8801db01f657 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000000 R15: ffff8801ba1beed0 security_secid_to_secctx+0x63/0xc0 security/security.c:1314 ctnetlink_secctx_size net/netfilter/nf_conntrack_netlink.c:621 [inline] ctnetlink_nlmsg_size net/netfilter/nf_conntrack_netlink.c:659 [inline] ctnetlink_conntrack_event+0x303/0x1470 net/netfilter/nf_conntrack_netlink.c:706 nf_conntrack_eventmask_report+0x55f/0x930 net/netfilter/nf_conntrack_ecache.c:151 nf_conntrack_event_report include/net/netfilter/nf_conntrack_ecache.h:112 [inline] nf_ct_delete+0x33c/0x5d0 net/netfilter/nf_conntrack_core.c:601 nf_ct_iterate_cleanup+0x48c/0x5e0 net/netfilter/nf_conntrack_core.c:1892 nf_ct_iterate_cleanup_net+0x23c/0x2d0 net/netfilter/nf_conntrack_core.c:1974 ctnetlink_flush_conntrack net/netfilter/nf_conntrack_netlink.c:1226 [inline] ctnetlink_del_conntrack+0x66c/0x850 net/netfilter/nf_conntrack_netlink.c:1258 nfnetlink_rcv_msg+0xd88/0x1070 net/netfilter/nfnetlink.c:228 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2454 nfnetlink_rcv+0x1c0/0x4d0 net/netfilter/nfnetlink.c:560 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x5a0/0x760 net/netlink/af_netlink.c:1343 netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2114 __sys_sendmsg+0x11d/0x290 net/socket.c:2152 __do_sys_sendmsg net/socket.c:2161 [inline] __se_sys_sendmsg net/socket.c:2159 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457089 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f7bc6e03c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f7bc6e046d4 RCX: 0000000000457089 RDX: 0000000000000000 RSI: 0000000020d65000 RDI: 0000000000000003 RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004d4588 R14: 00000000004c8d5c R15: 0000000000000000 Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled Rebooting in 86400 seconds.. CC: #4.18 Fixes: c092921219d2 ("apparmor: add support for mapping secids and using secctxes") Reported-by: syzbot+21016130b0580a9de3b5@syzkaller.appspotmail.com Signed-off-by: John Johansen commit 3edd79cf5a44b12dbb13bc320f5788aed6562b36 Author: Marek Szyprowski Date: Mon Sep 3 16:49:37 2018 +0200 regulator: Fix 'do-nothing' value for regulators without suspend state Some regulators don't have all states defined and in such cases regulator core should not assume anything. However in current implementation of of_get_regulation_constraints() DO_NOTHING_IN_SUSPEND enable value was set only for regulators which had suspend node defined, otherwise the default 0 value was used, what means DISABLE_IN_SUSPEND. This lead to broken system suspend/resume on boards, which had simple regulator constraints definition (without suspend state nodes). To avoid further mismatches between the default and uninitialized values of the suspend enabled/disabled states, change the values of the them, so default '0' means DO_NOTHING_IN_SUSPEND. Fixes: 72069f9957a1: regulator: leave one item to record whether regulator is enabled Signed-off-by: Marek Szyprowski Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit 4d230d12710646788af581ba0155d83ab48b955c Author: Jiada Wang Date: Mon Sep 3 07:08:58 2018 +0000 ASoC: rsnd: fixup not to call clk_get/set under non-atomic Clocking operations clk_get/set_rate, are non-atomic, they shouldn't be called in soc_pcm_trigger() which is atomic. Following issue was found due to execution of clk_get_rate() causes sleep in soc_pcm_trigger(), which shouldn't be blocked. We can reproduce this issue by following > enable CONFIG_DEBUG_ATOMIC_SLEEP=y > compile, and boot > mount -t debugfs none /sys/kernel/debug > while true; do cat /sys/kernel/debug/clk/clk_summary > /dev/null; done & > while true; do aplay xxx; done This patch adds support to .prepare callback, and moves non-atomic clocking operations to it. As .prepare is non-atomic, it is always called before trigger_start/trigger_stop. BUG: sleeping function called from invalid context at kernel/locking/mutex.c:620 in_atomic(): 1, irqs_disabled(): 128, pid: 2242, name: aplay INFO: lockdep is turned off. irq event stamp: 5964 hardirqs last enabled at (5963): [] mutex_lock_nested+0x6e8/0x6f0 hardirqs last disabled at (5964): [] _raw_spin_lock_irqsave+0x24/0x68 softirqs last enabled at (5502): [] __do_softirq+0x560/0x10c0 softirqs last disabled at (5495): [] irq_exit+0x160/0x25c Preemption disabled at:[ 62.904063] [] snd_pcm_stream_lock+0xb4/0xc0 CPU: 2 PID: 2242 Comm: aplay Tainted: G B C 4.9.54+ #186 Hardware name: Renesas Salvator-X board based on r8a7795 (DT) Call trace: [] dump_backtrace+0x0/0x37c [] show_stack+0x14/0x1c [] dump_stack+0xfc/0x154 [] ___might_sleep+0x57c/0x58c [] __might_sleep+0x208/0x21c [] mutex_lock_nested+0xb4/0x6f0 [] clk_prepare_lock+0xb0/0x184 [] clk_core_get_rate+0x14/0x54 [] clk_get_rate+0x20/0x34 [] rsnd_adg_ssi_clk_try_start+0x158/0x4f8 [snd_soc_rcar] [] rsnd_ssi_init+0x668/0x7a0 [snd_soc_rcar] [] rsnd_soc_dai_trigger+0x4bc/0xcf8 [snd_soc_rcar] [] soc_pcm_trigger+0x2a4/0x2d4 Fixes: e7d850dd10f4 ("ASoC: rsnd: use mod base common method on SSI-parent") Signed-off-by: Jiada Wang Signed-off-by: Timo Wischer [Kuninori: tidyup for upstream] Signed-off-by: Kuninori Morimoto Tested-by: Hiroyuki Yokoyama Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit 5a7b44a8df822e0667fc76ed7130252523993bda Author: Takashi Iwai Date: Mon Sep 3 15:16:43 2018 +0200 ALSA: rawmidi: Initialize allocated buffers syzbot reported the uninitialized value exposure in certain situations using virmidi loop. It's likely a very small race at writing and reading, and the influence is almost negligible. But it's safer to paper over this just by replacing the existing kvmalloc() with kvzalloc(). Reported-by: syzbot+194dffdb8b22fc5d207a@syzkaller.appspotmail.com Signed-off-by: Takashi Iwai commit 9bdda4e9cf2dcecb60a0683b10ffb8cd7e5f2f45 Author: Amir Goldstein Date: Sat Sep 1 09:40:01 2018 +0300 fsnotify: fix ignore mask logic in fsnotify() Commit 92183a42898d ("fsnotify: fix ignore mask logic in send_to_group()") acknoledges the use case of ignoring an event on an inode mark, because of an ignore mask on a mount mark of the same group (i.e. I want to get all events on this file, except for the events that came from that mount). This change depends on correctly merging the inode marks and mount marks group lists, so that the mount mark ignore mask would be tested in send_to_group(). Alas, the merging of the lists did not take into account the case where event in question is not in the mask of any of the mount marks. To fix this, completely remove the tests for inode and mount event masks from the lists merging code. Fixes: 92183a42898d ("fsnotify: fix ignore mask logic in send_to_group") Signed-off-by: Amir Goldstein Signed-off-by: Jan Kara commit c43c5e9f524ec914e7e202f9c5ab91779629ccc6 Author: Christian Borntraeger Date: Mon Sep 3 10:15:33 2018 +0200 timekeeping: Fix declaration of read_persistent_wall_and_boot_offset() It is read_persistent_wall_and_boot_offset() and not read_persistent_clock_and_boot_offset() Fixes: 3eca993740b8eb40f51 ("timekeeping: Replace read_boot_clock64() with read_persistent_wall_and_boot_offset()") Signed-off-by: Christian Borntraeger Signed-off-by: Thomas Gleixner Cc: Pavel Tatashin Link: https://lkml.kernel.org/r/20180903081533.34366-1-borntraeger@de.ibm.com commit 7001cab1dabc0b72b2b672ef58a90ab64f5e2343 Author: Marcel Ziswiler Date: Wed Aug 29 08:47:57 2018 +0200 spi: tegra20-slink: explicitly enable/disable clock Depending on the SPI instance one may get an interrupt storm upon requesting resp. interrupt unless the clock is explicitly enabled beforehand. This has been observed trying to bring up instance 4 on T20. Signed-off-by: Marcel Ziswiler Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit 7aa09ff24301535491cd4de1b93107ee91449a12 Author: Srinivas Kandagatla Date: Mon Sep 3 12:07:47 2018 +0100 ASoC: q6routing: initialize data correctly Some of the router data fields are left as default zeros which are valid dai ids, so initialize these to invalid value of -1. Without intializing these correctly get_session_from_id() can return incorrect session resulting in not closing the opened copp and messing up with the copp ref count. Fixes: e3a33673e845 ("ASoC: qdsp6: q6routing: Add q6routing driver") Signed-off-by: Srinivas Kandagatla Signed-off-by: Mark Brown commit 4331f4d5ada5684fc77fa16e3f6177f077c9e6ec Author: Randy Dunlap Date: Sun Sep 2 19:30:53 2018 -0700 x86: Fix kernel-doc atomic.h warnings Fix kernel-doc warnings in arch/x86/include/asm/atomic.h that are caused by having a #define macro between the kernel-doc notation and the function name. Fixed by moving the #define macro to after the function implementation. Make the same change for atomic64_{32,64}.h for consistency even though there were no kernel-doc warnings found in these header files, but there would be if they were used in generation of documentation. Fixes these kernel-doc warnings: ../arch/x86/include/asm/atomic.h:84: warning: Excess function parameter 'i' description in 'arch_atomic_sub_and_test' ../arch/x86/include/asm/atomic.h:84: warning: Excess function parameter 'v' description in 'arch_atomic_sub_and_test' ../arch/x86/include/asm/atomic.h:96: warning: Excess function parameter 'v' description in 'arch_atomic_inc' ../arch/x86/include/asm/atomic.h:109: warning: Excess function parameter 'v' description in 'arch_atomic_dec' ../arch/x86/include/asm/atomic.h:124: warning: Excess function parameter 'v' description in 'arch_atomic_dec_and_test' ../arch/x86/include/asm/atomic.h:138: warning: Excess function parameter 'v' description in 'arch_atomic_inc_and_test' ../arch/x86/include/asm/atomic.h:153: warning: Excess function parameter 'i' description in 'arch_atomic_add_negative' ../arch/x86/include/asm/atomic.h:153: warning: Excess function parameter 'v' description in 'arch_atomic_add_negative' Fixes: 18cc1814d4e7 ("atomics/treewide: Make test ops optional") Signed-off-by: Randy Dunlap Signed-off-by: Thomas Gleixner Cc: Mark Rutland Link: https://lkml.kernel.org/r/0a1e678d-c8c5-b32c-2640-ed4e94d399d2@infradead.org commit c6e57b3896fc76299913b8cfd82d853bee8a2c84 Author: Emmanuel Grumbach Date: Fri Aug 31 11:31:13 2018 +0300 mac80211: shorten the IBSS debug messages When tracing is enabled, all the debug messages are recorded and must not exceed MAX_MSG_LEN (100) columns. Longer debug messages grant the user with: WARNING: CPU: 3 PID: 32642 at /tmp/wifi-core-20180806094828/src/iwlwifi-stack-dev/net/mac80211/./trace_msg.h:32 trace_event_raw_event_mac80211_msg_event+0xab/0xc0 [mac80211] Workqueue: phy1 ieee80211_iface_work [mac80211] RIP: 0010:trace_event_raw_event_mac80211_msg_event+0xab/0xc0 [mac80211] Call Trace: __sdata_dbg+0xbd/0x120 [mac80211] ieee80211_ibss_rx_queued_mgmt+0x15f/0x510 [mac80211] ieee80211_iface_work+0x21d/0x320 [mac80211] Signed-off-by: Emmanuel Grumbach Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg commit 6c18b27d6e5c6a7206364eae2b47bc8d8b2fa68f Author: Emmanuel Grumbach Date: Fri Aug 31 11:31:12 2018 +0300 mac80211: don't Tx a deauth frame if the AP forbade Tx If the driver fails to properly prepare for the channel switch, mac80211 will disconnect. If the CSA IE had mode set to 1, it means that the clients are not allowed to send any Tx on the current channel, and that includes the deauthentication frame. Make sure that we don't send the deauthentication frame in this case. In iwlwifi, this caused a failure to flush queues since the firmware already closed the queues after having parsed the CSA IE. Then mac80211 would wait until the deauthentication frame would go out (drv_flush(drop=false)) and that would never happen. Signed-off-by: Emmanuel Grumbach Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg commit 0007e94355fdb71a1cf5dba0754155cba08f0666 Author: Ilan Peer Date: Fri Aug 31 11:31:10 2018 +0300 mac80211: Fix station bandwidth setting after channel switch When performing a channel switch flow for a managed interface, the flow did not update the bandwidth of the AP station and the rate scale algorithm. In case of a channel width downgrade, this would result with the rate scale algorithm using a bandwidth that does not match the interface channel configuration. Fix this by updating the AP station bandwidth and rate scaling algorithm before the actual channel change in case of a bandwidth downgrade, or after the actual channel change in case of a bandwidth upgrade. Signed-off-by: Ilan Peer Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg commit f3ffb6c3a28963657eb8b02a795d75f2ebbd5ef4 Author: Emmanuel Grumbach Date: Fri Aug 31 11:31:06 2018 +0300 mac80211: fix a race between restart and CSA flows We hit a problem with iwlwifi that was caused by a bug in mac80211. A bug in iwlwifi caused the firwmare to crash in certain cases in channel switch. Because of that bug, drv_pre_channel_switch would fail and trigger the restart flow. Now we had the hw restart worker which runs on the system's workqueue and the csa_connection_drop_work worker that runs on mac80211's workqueue that can run together. This is obviously problematic since the restart work wants to reconfigure the connection, while the csa_connection_drop_work worker does the exact opposite: it tries to disconnect. Fix this by cancelling the csa_connection_drop_work worker in the restart worker. Note that this can sound racy: we could have: driver iface_work CSA_work restart_work +++++++++++++++++++++++++++++++++++++++++++++ | <--drv_cs ---| -CS FAILED--> | | | cancel_work(CSA) schedule | CSA work | | | Race between those 2 But this is not possible because we flush the workqueue in the restart worker before we cancel the CSA worker. That would be bullet proof if we could guarantee that we schedule the CSA worker only from the iface_work which runs on the workqueue (and not on the system's workqueue), but unfortunately we do have an instance in which we schedule the CSA work outside the context of the workqueue (ieee80211_chswitch_done). Note also that we should probably cancel other workers like beacon_connection_loss_work and possibly others for different types of interfaces, at the very least, IBSS should suffer from the exact same problem, but for now, do the minimum to fix the actual bug that was actually experienced and reproduced. Signed-off-by: Emmanuel Grumbach Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg commit abd76d255d69d70206c01b9cb19ba36a9c1df6a1 Author: Dreyfuss, Haim Date: Fri Aug 31 11:31:04 2018 +0300 mac80211: fix WMM TXOP calculation In commit 9236c4523e5b ("mac80211: limit wmm params to comply with ETSI requirements"), we have limited the WMM parameters to comply with 802.11 and ETSI standard. Mistakenly the TXOP value was caluclated wrong. Fix it by taking the minimum between 802.11 to ETSI to make sure we are not violating both. Fixes: e552af058148 ("mac80211: limit wmm params to comply with ETSI requirements") Signed-off-by: Haim Dreyfuss Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg commit 8442938c3a2177ba16043b3a935f2c78266ad399 Author: Dan Carpenter Date: Fri Aug 31 11:10:55 2018 +0300 cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() The "chandef->center_freq1" variable is a u32 but "freq" is a u16 so we are truncating away the high bits. I noticed this bug because in commit 9cf0a0b4b64a ("cfg80211: Add support for 60GHz band channels 5 and 6") we made "freq <= 56160 + 2160 * 6" a valid requency when before it was only "freq <= 56160 + 2160 * 4" that was valid. It introduces a static checker warning: net/wireless/util.c:1571 ieee80211_chandef_to_operating_class() warn: always true condition '(freq <= 56160 + 2160 * 6) => (0-u16max <= 69120)' But really we probably shouldn't have been truncating the high bits away to begin with. Signed-off-by: Dan Carpenter Signed-off-by: Johannes Berg commit 66eb02d839e8495ae6b612e2d09ff599374b80e2 Author: Lorenzo Bianconi Date: Fri Aug 31 01:04:13 2018 +0200 mac80211: fix an off-by-one issue in A-MSDU max_subframe computation Initialize 'n' to 2 in order to take into account also the first packet in the estimation of max_subframe limit for a given A-MSDU since frag_tail pointer is NULL when ieee80211_amsdu_aggregate routine analyzes the second frame. Fixes: 6e0456b54545 ("mac80211: add A-MSDU tx support") Signed-off-by: Lorenzo Bianconi Signed-off-by: Johannes Berg commit b833a3660394876541d2513ce2736debc7c6797a Author: Amir Goldstein Date: Tue Aug 28 10:58:41 2018 +0300 ovl: add ovl_fadvise() Implement stacked fadvise to fix syscalls readahead(2) and fadvise64(2) on an overlayfs file. Suggested-by: Miklos Szeredi Fixes: d1d04ef8572b ("ovl: stack file ops") Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 54ff01fd0d44b9681615f77c15fe9ea6dfadb501 Author: Zhenyu Wang Date: Thu Aug 30 11:33:43 2018 +0800 drm/i915/gvt: Give new born vGPU higher scheduling chance This trys to give new born vGPU with higher scheduling chance not only with adding to sched list head and also have higher priority for workload sched for 2 seconds after starting to schedule it. In order for fast GPU execution during VM boot, and ensure guest driver setup with required state given in time. This fixes recent failure seen on one VM with multiple linux VMs running on kernel with commit 2621cefaa42b3("drm/i915: Provide a timeout to i915_gem_wait_for_idle() on setup"), which had shorter setup timeout that caused context state init failed. v2: change to 2s for higher scheduling period Cc: Yuan Hang Reviewed-by: Hang Yuan Signed-off-by: Zhenyu Wang commit 215ab0f021c9fea3c18b75e7d522400ee6a49990 Author: Thadeu Lima de Souza Cascardo Date: Fri Aug 31 08:38:49 2018 -0300 xfrm6: call kfree_skb when skb is toobig After commit d6990976af7c5d8f55903bfb4289b6fb030bf754 ("vti6: fix PMTU caching and reporting on xmit"), some too big skbs might be potentially passed down to __xfrm6_output, causing it to fail to transmit but not free the skb, causing a leak of skb, and consequentially a leak of dst references. After running pmtu.sh, that shows as failure to unregister devices in a namespace: [ 311.397671] unregister_netdevice: waiting for veth_b to become free. Usage count = 1 The fix is to call kfree_skb in case of transmit failures. Fixes: dd767856a36e ("xfrm6: Don't call icmpv6_send on local error") Signed-off-by: Thadeu Lima de Souza Cascardo Reviewed-by: Sabrina Dubroca Signed-off-by: Steffen Klassert commit 395a2076b4064f97d3fce03af15210ff2a7bb7f9 Author: Thomas Werschlein Date: Thu Aug 30 18:29:20 2018 +0200 cifs: connect to servername instead of IP for IPC$ share This patch is required allows access to a Microsoft fileserver failover cluster behind a 1:1 NAT firewall. The change also provides stronger context for authentication and share connection (see MS-SMB2 3.3.5.7 and MS-SRVS 3.1.6.8) as noted by Tom Talpey, and addresses comments about the buffer size for the UNC made by Aurélien Aptel. Signed-off-by: Thomas Werschlein Signed-off-by: Steve French CC: Tom Talpey Reviewed-by: Aurelien Aptel CC: Stable commit f801568332321e2b1e7a8bd26c3e4913a312a2ec Author: Steve French Date: Fri Aug 31 15:12:10 2018 -0500 smb3: check for and properly advertise directory lease support Although servers will typically ignore unsupported features, we should advertise the support for directory leases (as Windows e.g. does) in the negotiate protocol capabilities we pass to the server, and should check for the server capability (CAP_DIRECTORY_LEASING) before sending a lease request for an open of a directory. This will prevent us from accidentally sending directory leases to SMB2.1 or SMB2 server for example. Signed-off-by: Steve French CC: Stable Reviewed-by: Ronnie Sahlberg commit 25f2573512d7b38bca4c0878109db9600b8b711f Author: Steve French Date: Wed Aug 29 09:22:22 2018 -0500 smb3: minor debugging clarifications in rfc1001 len processing I ran into some cases where server was returning the wrong length on frames but I couldn't easily match them to the command in the network trace (or server logs) since I need the command and/or multiplex id to find the offending SMB2/SMB3 command. Add these two fields to the log message. In the case of padding too much it may not be a problem in all cases but might have correlated to a network disconnect case in some problems we have been looking at. In the case of frame too short is even more important. Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg commit 5e19697b56a64004e2d0ff1bb952ea05493c088f Author: Steve French Date: Mon Aug 27 17:04:13 2018 -0500 SMB3: Backup intent flag missing for directory opens with backupuid mounts When "backup intent" is requested on the mount (e.g. backupuid or backupgid mount options), the corresponding flag needs to be set on opens of directories (and files) but was missing in some places causing access denied trying to enumerate and backup servers. Fixes kernel bugzilla #200953 https://bugzilla.kernel.org/show_bug.cgi?id=200953 Reported-and-tested-by: Signed-off-by: Steve French CC: Stable Reviewed-by: Pavel Shilovsky commit c15e3f19a6d5c89b1209dc94b40e568177cb0921 Author: Jon Kuhn Date: Mon Jul 9 14:33:14 2018 +0000 fs/cifs: don't translate SFM_SLASH (U+F026) to backslash When a Mac client saves an item containing a backslash to a file server the backslash is represented in the CIFS/SMB protocol as as U+F026. Before this change, listing a directory containing an item with a backslash in its name will return that item with the backslash represented with a true backslash character (U+005C) because convert_sfm_character mapped U+F026 to U+005C when interpretting the CIFS/SMB protocol response. However, attempting to open or stat the path using a true backslash will result in an error because convert_to_sfm_char does not map U+005C back to U+F026 causing the CIFS/SMB request to be made with the backslash represented as U+005C. This change simply prevents the U+F026 to U+005C conversion from happenning. This is analogous to how the code does not do any translation of UNI_SLASH (U+F000). Signed-off-by: Jon Kuhn Signed-off-by: Steve French commit 60c1f89241d49bacf71035470684a8d7b4bb46ea Merge: 57361846b52b 8c89ef7b6b64 Author: Linus Torvalds Date: Sun Sep 2 20:09:36 2018 -0700 Merge tag 'dma-mapping-4.19-2' of git://git.infradead.org/users/hch/dma-mapping Pull dma-mapping fixes from Christoph Hellwig: "A few fixes for the fallout of being a little more pedantic about dma masks" * tag 'dma-mapping-4.19-2' of git://git.infradead.org/users/hch/dma-mapping: of/platform: initialise AMBA default DMA masks sparc: set a default 32-bit dma mask for OF devices kernel/dma/direct: take DMA offset into account in dma_direct_supported commit c90bbce9eedd14f9428388d9442b5b3e98a2a6dd Author: Mike Rapoport Date: Mon Aug 20 08:25:37 2018 +0300 m68k: fix early memory reservation for ColdFire MMU systems The bootmem to memblock conversion introduced by the commit 1008a11590b9 ("m68k: switch to MEMBLOCK + NO_BOOTMEM") made reservation of kernel code and data to start from a wrong address. Fix it. Signed-off-by: Mike Rapoport Tested-by: Angelo Dureghello Signed-off-by: Greg Ungerer commit 59a03fea131d671a57b8ed3dc446264c61d4b75f Author: Vinson Lee Date: Sat Sep 1 21:20:27 2018 +0000 uapi: Fix linux/rds.h userspace compilation errors. Include linux/in6.h for struct in6_addr. /usr/include/linux/rds.h:156:18: error: field ‘laddr’ has incomplete type struct in6_addr laddr; ^~~~~ /usr/include/linux/rds.h:157:18: error: field ‘faddr’ has incomplete type struct in6_addr faddr; ^~~~~ /usr/include/linux/rds.h:178:18: error: field ‘laddr’ has incomplete type struct in6_addr laddr; ^~~~~ /usr/include/linux/rds.h:179:18: error: field ‘faddr’ has incomplete type struct in6_addr faddr; ^~~~~ /usr/include/linux/rds.h:198:18: error: field ‘bound_addr’ has incomplete type struct in6_addr bound_addr; ^~~~~~~~~~ /usr/include/linux/rds.h:199:18: error: field ‘connected_addr’ has incomplete type struct in6_addr connected_addr; ^~~~~~~~~~~~~~ /usr/include/linux/rds.h:219:18: error: field ‘local_addr’ has incomplete type struct in6_addr local_addr; ^~~~~~~~~~ /usr/include/linux/rds.h:221:18: error: field ‘peer_addr’ has incomplete type struct in6_addr peer_addr; ^~~~~~~~~ /usr/include/linux/rds.h:245:18: error: field ‘src_addr’ has incomplete type struct in6_addr src_addr; ^~~~~~~~ /usr/include/linux/rds.h:246:18: error: field ‘dst_addr’ has incomplete type struct in6_addr dst_addr; ^~~~~~~~ Fixes: b7ff8b1036f0 ("rds: Extend RDS API for IPv6 support") Signed-off-by: Vinson Lee Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller commit 16fe10cf92783ed9ceb182d6ea2b8adf5e8ec1b8 Author: Jia-Ju Bai Date: Sat Sep 1 20:11:05 2018 +0800 net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() The kernel module may sleep with holding a spinlock. The function call paths (from bottom to top) in Linux-4.16 are: [FUNC] usleep_range drivers/net/ethernet/cadence/macb_main.c, 648: usleep_range in macb_halt_tx drivers/net/ethernet/cadence/macb_main.c, 730: macb_halt_tx in macb_tx_error_task drivers/net/ethernet/cadence/macb_main.c, 721: _raw_spin_lock_irqsave in macb_tx_error_task To fix this bug, usleep_range() is replaced with udelay(). This bug is found by my static analysis tool DSAC. Signed-off-by: Jia-Ju Bai Signed-off-by: David S. Miller commit a80afe89d81af6b64bf2d9b3afef70dcf75df12b Merge: 15a81b418e22 597222f72a94 Author: David S. Miller Date: Sun Sep 2 15:53:38 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Daniel Borkmann says: ==================== pull-request: bpf 2018-09-02 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Fix one remaining buggy offset override in sockmap's bpf_msg_pull_data() when linearizing multiple scatterlist elements, from Tushar. 2) Fix BPF sockmap's misuse of ULP when a collision with another ULP is found on map update where it would release existing ULP. syzbot found and triggered this couple of times now, fix from John. 3) Add missing xskmap type to bpftool so it will properly show the type on map dump, from Prashant. ==================== Signed-off-by: David S. Miller commit 20fdcd760a63ea66335c58bceb175e7712ab18ff Author: Fabio Estevam Date: Fri Aug 31 10:24:15 2018 -0300 i2c: imx-lpi2c: Remove mx8dv compatible entry mx8dv never entered into production and there is no other place in the kernel referring to this SoC, so remove it from the driver's compatible entry. Signed-off-by: Fabio Estevam Signed-off-by: Wolfram Sang commit f6eb89349078b2ca3e42dbb272ab444bab1b9f42 Author: Fabio Estevam Date: Fri Aug 31 10:24:14 2018 -0300 dt-bindings: imx-lpi2c: Remove mx8dv compatible entry mx8dv never entered into production and there is no other place in the kernel referring to this SoC, so remove it from the dt bindings documentation. Signed-off-by: Fabio Estevam Signed-off-by: Wolfram Sang commit 4c85609b08c4761eca0a40fd7beb06bc650f252d Author: Masahiro Yamada Date: Fri Aug 31 23:30:48 2018 +0900 i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP This driver currently emits a STOP if the next message is not I2C_MD_RD. It should not do it because it disturbs the I2C_RDWR ioctl, where read/write transactions are combined without STOP between. Issue STOP only when the message is the last one _or_ flagged with I2C_M_STOP. Fixes: 6a62974b667f ("i2c: uniphier_f: add UniPhier FIFO-builtin I2C driver") Signed-off-by: Masahiro Yamada Signed-off-by: Wolfram Sang commit 38f5d8d8cbb2ffa2b54315118185332329ec891c Author: Masahiro Yamada Date: Fri Aug 31 23:30:47 2018 +0900 i2c: uniphier: issue STOP only for last message or I2C_M_STOP This driver currently emits a STOP if the next message is not I2C_MD_RD. It should not do it because it disturbs the I2C_RDWR ioctl, where read/write transactions are combined without STOP between. Issue STOP only when the message is the last one _or_ flagged with I2C_M_STOP. Fixes: dd6fd4a32793 ("i2c: uniphier: add UniPhier FIFO-less I2C driver") Signed-off-by: Masahiro Yamada Signed-off-by: Wolfram Sang commit 57361846b52bc686112da6ca5368d11210796804 Author: Linus Torvalds Date: Sun Sep 2 14:37:30 2018 -0700 Linux 4.19-rc2 commit 15a81b418e22a9aa4a0504471fdcb0f4ebf69b96 Author: David Ahern Date: Thu Aug 30 14:15:43 2018 -0700 net/ipv6: Only update MTU metric if it set Jan reported a regression after an update to 4.18.5. In this case ipv6 default route is setup by systemd-networkd based on data from an RA. The RA contains an MTU of 1492 which is used when the route is first inserted but then systemd-networkd pushes down updates to the default route without the mtu set. Prior to the change to fib6_info, metrics such as MTU were held in the dst_entry and rt6i_pmtu in rt6_info contained an update to the mtu if any. ip6_mtu would look at rt6i_pmtu first and use it if set. If not, the value from the metrics is used if it is set and finally falling back to the idev value. After the fib6_info change metrics are contained in the fib6_info struct and there is no equivalent to rt6i_pmtu. To maintain consistency with the old behavior the new code should only reset the MTU in the metrics if the route update has it set. Fixes: d4ead6b34b67 ("net/ipv6: move metrics from dst to rt6_info") Reported-by: Jan Janssen Signed-off-by: David Ahern Signed-off-by: David S. Miller commit 18eb8aea7fb2fb4490e578b1b8a1096c34b2fc48 Author: Tony Lindgren Date: Wed Aug 29 08:00:24 2018 -0700 net: ethernet: cpsw-phy-sel: prefer phandle for phy sel The cpsw-phy-sel device is not a child of the cpsw interconnect target module. It lives in the system control module. Let's fix this issue by trying to use cpsw-phy-sel phandle first if it exists and if not fall back to current usage of trying to find the cpsw-phy-sel child. That way the phy sel driver can be a child of the system control module where it belongs in the device tree. Without this fix, we cannot have a proper interconnect target module hierarchy in device tree for things like genpd. Note that deferred probe is mostly not supported by cpsw and this patch does not attempt to fix that. In case deferred probe support is needed, this could be added to cpsw_slave_open() and phy_connect() so they start handling and returning errors. For documenting it, looks like the cpsw-phy-sel is used for all cpsw device tree nodes. It's missing the related binding documentation, so let's also update the binding documentation accordingly. Cc: devicetree@vger.kernel.org Cc: Andrew Lunn Cc: Grygorii Strashko Cc: Ivan Khoronzhuk Cc: Mark Rutland Cc: Murali Karicheri Cc: Rob Herring Signed-off-by: Tony Lindgren Signed-off-by: David S. Miller commit 10d7fac4c52618d94a42d701d28f114147291ecc Author: Tony Lindgren Date: Wed Aug 29 08:00:23 2018 -0700 dt-bindings: net: cpsw: Document cpsw-phy-sel usage but prefer phandle The current cpsw usage for cpsw-phy-sel is undocumented but is used for all the boards using cpsw. And cpsw-phy-sel is not really a child of the cpsw device, it lives in the system control module instead. Let's document the existing usage, and improve it a bit where we prefer to use a phandle instead of a child device for it. That way we can properly describe the hardware in dts files for things like genpd. Cc: devicetree@vger.kernel.org Cc: Andrew Lunn Cc: Grygorii Strashko Cc: Ivan Khoronzhuk Cc: Mark Rutland Cc: Murali Karicheri Cc: Rob Herring Signed-off-by: Tony Lindgren Signed-off-by: David S. Miller commit c60e06c3e056f88d5c9bfffcb29dc8aee0b3827b Merge: 93bbadd6e0a2 ff06525fcb8a Author: David S. Miller Date: Sun Sep 2 13:39:37 2018 -0700 Merge branch 'igmp-fix-two-incorrect-unsolicit-report-count-issues' Hangbin Liu says: ==================== igmp: fix two incorrect unsolicit report count issues Just like the subject, fix two minor igmp unsolicit report count issues. ==================== Signed-off-by: David S. Miller commit ff06525fcb8ae3c302ac1319bf6c07c026dea964 Author: Hangbin Liu Date: Wed Aug 29 18:06:10 2018 +0800 igmp: fix incorrect unsolicit report count after link down and up After link down and up, i.e. when call ip_mc_up(), we doesn't init im->unsolicit_count. So after igmp_timer_expire(), we will not start timer again and only send one unsolicit report at last. Fix it by initializing im->unsolicit_count in igmp_group_added(), so we can respect igmp robustness value. Fixes: 24803f38a5c0b ("igmp: do not remove igmp souce list info when set link down") Signed-off-by: Hangbin Liu Signed-off-by: David S. Miller commit 4fb7253e4f9a8f06a986a3b317e2f79d9b43d552 Author: Hangbin Liu Date: Wed Aug 29 18:06:08 2018 +0800 igmp: fix incorrect unsolicit report count when join group We should not start timer if im->unsolicit_count equal to 0 after decrease. Or we will send one more unsolicit report message. i.e. 3 instead of 2 by default. Fixes: 1da177e4c3f41 ("Linux-2.6.12-rc2") Signed-off-by: Hangbin Liu Signed-off-by: David S. Miller commit 597222f72a94118f593e4f32bf58ae7e049a0df1 Author: John Fastabend Date: Thu Aug 30 21:25:02 2018 -0700 bpf: avoid misuse of psock when TCP_ULP_BPF collides with another ULP Currently we check sk_user_data is non NULL to determine if the sk exists in a map. However, this is not sufficient to ensure the psock or the ULP ops are not in use by another user, such as kcm or TLS. To avoid this when adding a sock to a map also verify it is of the correct ULP type. Additionally, when releasing a psock verify that it is the TCP_ULP_BPF type before releasing the ULP. The error case where we abort an update due to ULP collision can cause this error path. For example, __sock_map_ctx_update_elem() [...] err = tcp_set_ulp_id(sock, TCP_ULP_BPF) <- collides with TLS if (err) <- so err out here goto out_free [...] out_free: smap_release_sock() <- calling tcp_cleanup_ulp releases the TLS ULP incorrectly. Fixes: 2f857d04601a ("bpf: sockmap, remove STRPARSER map_flags and add multi-map support") Signed-off-by: John Fastabend Signed-off-by: Daniel Borkmann commit 97911e0ccb54c7478b9dac77e6c54c01b449e3a7 Author: Prashant Bhole Date: Fri Aug 31 15:32:42 2018 +0900 tools/bpf: bpftool, add xskmap in map types When listed all maps, bpftool currently shows (null) for xskmap. Added xskmap type in map_type_name[] to show correct type. Signed-off-by: Prashant Bhole Acked-by: Jakub Kicinski Signed-off-by: Daniel Borkmann commit 9db39f4d4f94b61e4b64b077f6ddb2bdfb533a88 Author: Tushar Dave Date: Fri Aug 31 23:45:16 2018 +0200 bpf: Fix bpf_msg_pull_data() Helper bpf_msg_pull_data() mistakenly reuses variable 'offset' while linearizing multiple scatterlist elements. Variable 'offset' is used to find first starting scatterlist element i.e. msg->data = sg_virt(&sg[first_sg]) + start - offset" Use different variable name while linearizing multiple scatterlist elements so that value contained in variable 'offset' won't get overwritten. Fixes: 015632bb30da ("bpf: sk_msg program helper bpf_sk_msg_pull_data") Signed-off-by: Tushar Dave Signed-off-by: Daniel Borkmann commit a13bf65f3f2e36008ea60b49d3bda2527e09fd9c Author: Lorenzo Bianconi Date: Fri Aug 31 10:51:14 2018 +0200 iio: imu: st_lsm6dsx: take into account ts samples in wm configuration Take into account hw timer samples in pattern length computation done in st_lsm6dsx_update_watermark routine for watermark configuration. Moreover use samples in pattern (sip) already computed in st_lsm6dsx_update_decimators routine Fixes: 213451076bd3 ("iio: imu: st_lsm6dsx: add hw timestamp support") Signed-off-by: Lorenzo Bianconi Signed-off-by: Jonathan Cameron commit fd6868d82b824b1bea42001ecc2411f2689d3634 Merge: a3ea9911e225 0413bedabc88 Author: Linus Torvalds Date: Sun Sep 2 10:56:01 2018 -0700 Merge tag 'devicetree-fixes-for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux Pull devicetree updates from Rob Herring: "A couple of new helper functions in preparation for some tree wide clean-ups. I'm sending these new helpers now for rc2 in order to simplify the dependencies on subsequent cleanups across the tree in 4.20" * tag 'devicetree-fixes-for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: of: Add device_type access helper functions of: add node name compare helper functions of: add helper to lookup compatible child node commit a3ea9911e225337472fe7cc9278966049a1571e5 Merge: 899ba79553cf a72b44a871c2 Author: Linus Torvalds Date: Sun Sep 2 10:44:28 2018 -0700 Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Olof Johansson: "First batch of fixes post-merge window: - A handful of devicetree changes for i.MX2{3,8} to change over to new panel bindings. The platforms were moved from legacy framebuffers to DRM and some development board panels hadn't yet been converted. - OMAP fixes related to ti-sysc driver conversion fallout, fixing some register offsets, no_console_suspend fixes, etc. - Droid4 changes to fix flaky eMMC probing and vibrator DTS mismerge. - Fixed 0755->0644 permissions on a newly added file. - Defconfig changes to make ARM Versatile more useful with QEMU (helps testing). - Enable defconfig options for new TI SoC platform that was merged this window (AM6)" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: arm64: defconfig: Enable TI's AM6 SoC platform ARM: defconfig: Update the ARM Versatile defconfig ARM: dts: omap4-droid4: Fix emmc errors seen on some devices ARM: dts: Fix file permission for am335x-osd3358-sm-red.dts ARM: imx_v6_v7_defconfig: Select CONFIG_DRM_PANEL_SEIKO_43WVF1G ARM: mxs_defconfig: Select CONFIG_DRM_PANEL_SEIKO_43WVF1G ARM: dts: imx23-evk: Convert to the new display bindings ARM: dts: imx23-evk: Move regulators outside simple-bus ARM: dts: imx28-evk: Convert to the new display bindings ARM: dts: imx28-evk: Move regulators outside simple-bus Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" arm: dts: am4372: setup rtc as system-power-controller ARM: dts: omap4-droid4: fix vibrations on Droid 4 bus: ti-sysc: Fix no_console_suspend handling bus: ti-sysc: Fix module register ioremap for larger offsets ARM: OMAP2+: Fix module address for modules using mpu_rt_idx ARM: OMAP2+: Fix null hwmod for ti-sysc debug commit 914b087ff9e0e9a399a4927fa30793064afc0178 Author: Randy Dunlap Date: Tue Aug 28 12:59:10 2018 -0700 kbuild: make missing $DEPMOD a Warning instead of an Error When $DEPMOD is not found, only print a warning instead of exiting with an error message and error status: Warning: 'make modules_install' requires /sbin/depmod. Please install it. This is probably in the kmod package. Change the Error to a Warning because "not all build hosts for cross compiling Linux are Linux systems and are able to provide a working port of depmod, especially at the file patch /sbin/depmod." I.e., "make modules_install" may be used to copy/install the loadable modules files to a target directory on a build system and then transferred to an embedded device where /sbin/depmod is run instead of it being run on the build system. Fixes: 934193a654c1 ("kbuild: verify that $DEPMOD is installed") Signed-off-by: Randy Dunlap Reported-by: H. Nikolaus Schaller Cc: stable@vger.kernel.org Cc: Lucas De Marchi Cc: Lucas De Marchi Cc: Michal Marek Cc: Jessica Yu Cc: Chih-Wei Huang Signed-off-by: Masahiro Yamada commit fd65465b7016dc6d9fa5c2f39cc706c231c9a089 Author: Masahiro Yamada Date: Fri Aug 31 18:34:55 2018 +0900 kconfig: do not require pkg-config on make {menu,n}config Meelis Roos reported a {menu,n}config regression: "I have libncurses devel package installed in the default system location (as do 99%+ on actual developers probably) and in this case, pkg-config is useless. pkg-config is needed only when libraries and headers are installed in non-default locations but it is bad to require installation of pkg-config on all the machines where make menuconfig would be possibly run." For {menu,n}config, do not use pkg-config if it is not installed. For {g,x}config, keep checking pkg-config since we really rely on it for finding the installation paths of the required packages. Fixes: 4ab3b80159d4 ("kconfig: check for pkg-config on make {menu,n,g,x}config") Reported-by: Meelis Roos Signed-off-by: Masahiro Yamada Tested-by: Meelis Roos Tested-by: Randy Dunlap commit 899ba79553cf1699bdcd262950b48501b0285529 Merge: 1395d109cddc ff924c5a1ec7 Author: Linus Torvalds Date: Sun Sep 2 10:11:30 2018 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Thomas Gleixner: "Speculation: - Make the microcode check more robust - Make the L1TF memory limit depend on the internal cache physical address space and not on the CPUID advertised physical address space, which might be significantly smaller. This avoids disabling L1TF on machines which utilize the full physical address space. - Fix the GDT mapping for EFI calls on 32bit PTI - Fix the MCE nospec implementation to prevent #GP Fixes and robustness: - Use the proper operand order for LSL in the VDSO - Prevent NMI uaccess race against CR3 switching - Add a lockdep check to verify that text_mutex is held in text_poke() functions - Repair the fallout of giving native_restore_fl() a prototype - Prevent kernel memory dumps based on usermode RIP - Wipe KASAN shadow stack before rewinding the stack to prevent false positives - Move the AMS GOTO enforcement to the actual build stage to allow user API header extraction without a compiler - Fix a section mismatch introduced by the on demand VDSO mapping change Miscellaneous: - Trivial typo, GCC quirk removal and CC_SET/OUT() cleanups" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/pti: Fix section mismatch warning/error x86/vdso: Fix lsl operand order x86/mce: Fix set_mce_nospec() to avoid #GP fault x86/efi: Load fixmap GDT in efi_call_phys_epilog() x86/nmi: Fix NMI uaccess race against CR3 switching x86: Allow generating user-space headers without a compiler x86/dumpstack: Don't dump kernel memory based on usermode RIP x86/asm: Use CC_SET()/CC_OUT() in __gen_sigismember() x86/alternatives: Lockdep-enforce text_mutex in text_poke*() x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() x86/irqflags: Mark native_restore_fl extern inline x86/build: Remove jump label quirk for GCC older than 4.5.2 x86/Kconfig: Fix trivial typo x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ x86/spectre: Add missing family 6 check to microcode check commit 1395d109cddcf6c8ebf20ba3bfaa2beb48febfbc Merge: 501dacbc2435 6fb86d972078 Author: Linus Torvalds Date: Sun Sep 2 10:09:35 2018 -0700 Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull CPU hotplug fix from Thomas Gleixner: "Remove the stale skip_onerr member from the hotplug states" * 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: cpu/hotplug: Remove skip_onerr field from cpuhp_step structure commit 501dacbc2435c0198e0c8561f21bceeeeed87293 Merge: 360bd62dc494 113fc08357ad Author: Linus Torvalds Date: Sun Sep 2 09:41:45 2018 -0700 Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull core fixes from Thomas Gleixner: "A small set of updates for core code: - Prevent tracing in functions which are called from trace patching via stop_machine() to prevent executing half patched function trace entries. - Remove old GCC workarounds - Remove pointless includes of notifier.h" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: objtool: Remove workaround for unreachable warnings from old GCC notifier: Remove notifier header file wherever not used watchdog: Mark watchdog touch functions as notrace commit 8da38ebaad23fe1b0c4a205438676f6356607cfc Author: Filippo Sironi Date: Tue Jul 31 17:29:30 2018 +0200 x86/microcode: Update the new microcode revision unconditionally Handle the case where microcode gets loaded on the BSP's hyperthread sibling first and the boot_cpu_data's microcode revision doesn't get updated because of early exit due to the siblings sharing a microcode engine. For that, simply write the updated revision on all CPUs unconditionally. Signed-off-by: Filippo Sironi Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Cc: prarit@redhat.com Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/1533050970-14385-1-git-send-email-sironi@amazon.de commit 370a132bb2227ff76278f98370e0e701d86ff752 Author: Prarit Bhargava Date: Tue Jul 31 07:27:39 2018 -0400 x86/microcode: Make sure boot_cpu_data.microcode is up-to-date When preparing an MCE record for logging, boot_cpu_data.microcode is used to read out the microcode revision on the box. However, on systems where late microcode update has happened, the microcode revision output in a MCE log record is wrong because boot_cpu_data.microcode is not updated when the microcode gets updated. But, the microcode revision saved in boot_cpu_data's microcode member should be kept up-to-date, regardless, for consistency. Make it so. Fixes: fa94d0c6e0f3 ("x86/MCE: Save microcode revision in machine check records") Signed-off-by: Prarit Bhargava Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Cc: Tony Luck Cc: sironi@amazon.de Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20180731112739.32338-1-prarit@redhat.com commit ff924c5a1ec7548825cc2d07980b03be4224ffac Author: Randy Dunlap Date: Sat Sep 1 21:01:28 2018 -0700 x86/pti: Fix section mismatch warning/error Fix the section mismatch warning in arch/x86/mm/pti.c: WARNING: vmlinux.o(.text+0x6972a): Section mismatch in reference from the function pti_clone_pgtable() to the function .init.text:pti_user_pagetable_walk_pte() The function pti_clone_pgtable() references the function __init pti_user_pagetable_walk_pte(). This is often because pti_clone_pgtable lacks a __init annotation or the annotation of pti_user_pagetable_walk_pte is wrong. FATAL: modpost: Section mismatches detected. Fixes: 85900ea51577 ("x86/pti: Map the vsyscall page if needed") Reported-by: kbuild test robot Signed-off-by: Randy Dunlap Signed-off-by: Thomas Gleixner Cc: Andy Lutomirski Link: https://lkml.kernel.org/r/43a6d6a3-d69d-5eda-da09-0b1c88215a2a@infradead.org commit 65099ea85e885c3ea1272eca8774b771419d8ce8 Author: Matt Ranostay Date: Sat Aug 25 02:00:48 2018 -0700 Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" This reverts commit 535fba29b3e1afef4ba201b3c69a6992583ec0bd. Seems the submitter (er me, hang head in shame) didn't look at the datasheet enough to see that the registers are quite different. This needs to be reverted because a) would never work b) to open it be added to a Maxim RTDs (Resistance Temperature Detectors) under development by author Signed-off-by: Matt Ranostay Signed-off-by: Jonathan Cameron commit 8c89ef7b6b64ba093239305f77a485905d03f7bf Author: Linus Walleij Date: Fri Aug 31 16:13:07 2018 +0200 of/platform: initialise AMBA default DMA masks This addresses a v4.19-rc1 regression in the PL111 DRM driver in drivers/gpu/pl111/* The driver uses the CMA KMS helpers and will thus at some point call down to dma_alloc_attrs() to allocate a chunk of contigous DMA memory for the framebuffer. It appears that in v4.18, it was OK that this (and other DMA mastering AMBA devices) left dev->coherent_dma_mask blank (zero). In v4.19-rc1 the WARN_ON_ONCE(dev && !dev->coherent_dma_mask) in dma_alloc_attrs() in include/linux/dma-mapping.h is triggered. The allocation later fails when get_coherent_dma_mask() is called from __dma_alloc() and __dma_alloc() returns NULL: drm-clcd-pl111 dev:20: coherent DMA mask is unset drm-clcd-pl111 dev:20: [drm:drm_fb_helper_fbdev_setup] *ERROR* Failed to set fbdev configuration It turns out that in commit 4d8bde883bfb ("OF: Don't set default coherent DMA mask") the OF core stops setting the default DMA mask on new devices, especially those lines of the patch: - if (!dev->coherent_dma_mask) - dev->coherent_dma_mask = DMA_BIT_MASK(32); Robin Murphy solved a similar problem in a5516219b102 ("of/platform: Initialise default DMA masks") by simply assigning dev.coherent_dma_mask and the dev.dma_mask to point to the same when creating devices from the device tree, and introducing the same code into the code path creating AMBA/PrimeCell devices solved my problem, graphics now come up. The code simply assumes that the device can access all of the system memory by setting the coherent DMA mask to 0xffffffff when creating a device from the device tree, which is crude, but seems to be what kernel v4.18 assumed. The AMBA PrimeCells do not differ between coherent and streaming DMA so we can just assign the same to any DMA mask. Possibly drivers should augment their coherent DMA mask in accordance with "dma-ranges" from the device tree if more finegranular masking is needed. Reported-by: Russell King Fixes: 4d8bde883bfb ("OF: Don't set default coherent DMA mask") Cc: Russell King Cc: Robin Murphy Signed-off-by: Linus Walleij Signed-off-by: Christoph Hellwig commit 5a7faef72eb9d51487feac467c8c68afa459534c Author: Christoph Hellwig Date: Tue Aug 28 11:25:51 2018 +0200 sparc: set a default 32-bit dma mask for OF devices This keeps the historic default behavior for devices without a DMA mask, but removes the warning about a lacking DMA mask for doing DMA without a mask. Reported-by: Meelis Roos Signed-off-by: Christoph Hellwig Tested-by: Guenter Roeck commit a72b44a871c218e2a0580e68affa1d3528c0587a Merge: 67e6ddb5be44 2d59bb602314 Author: Olof Johansson Date: Sat Sep 1 18:22:19 2018 -0700 Merge tag 'omap-for-v4.19/fixes-v2-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes Fixes for omap variants against v4.19-rc1 These are mostly fixes related to using ti-sysc interconnect target module driver for accessing right register offsets for sgx and cpsw and for no_console_suspend regression. There is also a droid4 emmc fix where emmc may not get detected for some models, and vibrator dts mismerge fix. And we have a file permission fix for am335x-osd3358-sm-red.dts that just got added. And we must tag RTC as system-power-controller for am437x for PMIC to shut down during poweroff. * tag 'omap-for-v4.19/fixes-v2-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: ARM: dts: omap4-droid4: Fix emmc errors seen on some devices ARM: dts: Fix file permission for am335x-osd3358-sm-red.dts arm: dts: am4372: setup rtc as system-power-controller ARM: dts: omap4-droid4: fix vibrations on Droid 4 bus: ti-sysc: Fix no_console_suspend handling bus: ti-sysc: Fix module register ioremap for larger offsets ARM: OMAP2+: Fix module address for modules using mpu_rt_idx ARM: OMAP2+: Fix null hwmod for ti-sysc debug Signed-off-by: Olof Johansson commit 93bbadd6e0a2a58e49d265b9b1aa58e621b60a26 Author: Alexey Kodanev Date: Thu Aug 30 19:11:24 2018 +0300 ipv6: don't get lwtstate twice in ip6_rt_copy_init() Commit 80f1a0f4e0cd ("net/ipv6: Put lwtstate when destroying fib6_info") partially fixed the kmemleak [1], lwtstate can be copied from fib6_info, with ip6_rt_copy_init(), and it should be done only once there. rt->dst.lwtstate is set by ip6_rt_init_dst(), at the start of the function ip6_rt_copy_init(), so there is no need to get it again at the end. With this patch, lwtstate also isn't copied from RTF_REJECT routes. [1]: unreferenced object 0xffff880b6aaa14e0 (size 64): comm "ip", pid 10577, jiffies 4295149341 (age 1273.903s) hex dump (first 32 bytes): 01 00 04 00 04 00 00 00 10 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000018664623>] lwtunnel_build_state+0x1bc/0x420 [<00000000b73aa29a>] ip6_route_info_create+0x9f7/0x1fd0 [<00000000ee2c5d1f>] ip6_route_add+0x14/0x70 [<000000008537b55c>] inet6_rtm_newroute+0xd9/0xe0 [<000000002acc50f5>] rtnetlink_rcv_msg+0x66f/0x8e0 [<000000008d9cd381>] netlink_rcv_skb+0x268/0x3b0 [<000000004c893c76>] netlink_unicast+0x417/0x5a0 [<00000000f2ab1afb>] netlink_sendmsg+0x70b/0xc30 [<00000000890ff0aa>] sock_sendmsg+0xb1/0xf0 [<00000000a2e7b66f>] ___sys_sendmsg+0x659/0x950 [<000000001e7426c8>] __sys_sendmsg+0xde/0x170 [<00000000fe411443>] do_syscall_64+0x9f/0x4a0 [<000000001be7b28b>] entry_SYSCALL_64_after_hwframe+0x49/0xbe [<000000006d21f353>] 0xffffffffffffffff Fixes: 6edb3c96a5f0 ("net/ipv6: Defer initialization of dst to data path") Signed-off-by: Alexey Kodanev Reviewed-by: David Ahern Signed-off-by: David S. Miller commit e78e5a91456fcecaa2efbb3706572fe043766f4d Author: Samuel Neves Date: Sat Sep 1 21:14:52 2018 +0100 x86/vdso: Fix lsl operand order In the __getcpu function, lsl is using the wrong target and destination registers. Luckily, the compiler tends to choose %eax for both variables, so it has been working so far. Fixes: a582c540ac1b ("x86/vdso: Use RDPID in preference to LSL when available") Signed-off-by: Samuel Neves Signed-off-by: Thomas Gleixner Acked-by: Andy Lutomirski Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180901201452.27828-1-sneves@dei.uc.pt commit 360bd62dc4943a0754e6cb5637e01b5b43143cfc Merge: b18ed664c262 74081c9f16a2 Author: Linus Torvalds Date: Sat Sep 1 13:17:15 2018 -0700 Merge tag 'linux-watchdog-4.19-rc2' of git://www.linux-watchdog.org/linux-watchdog Pull watchdog fixlet from Wim Van Sebroeck: "Document support for r8a774a1" * tag 'linux-watchdog-4.19-rc2' of git://www.linux-watchdog.org/linux-watchdog: dt-bindings: watchdog: renesas-wdt: Document r8a774a1 support commit b18ed664c262e6c2f7067f2d12e566d134d13505 Merge: 420f51f4ab6b bded6c03e398 Author: Linus Torvalds Date: Sat Sep 1 13:03:32 2018 -0700 Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk fixes from Stephen Boyd: "Two small fixes, one for the x86 Stoney SoC to get a more accurate clk frequency and the other to fix a bad allocation in the Nuvoton NPCM7XX driver" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: x86: Set default parent to 48Mhz clk: npcm7xx: fix memory allocation commit 4274f516d4bc50648a4d97e4f67ecbd7b65cde4a Author: Theodore Ts'o Date: Sat Sep 1 14:42:14 2018 -0400 ext4: recalucate superblock checksum after updating free blocks/inodes When mounting the superblock, ext4_fill_super() calculates the free blocks and free inodes and stores them in the superblock. It's not strictly necessary, since we don't use them any more, but it's nice to keep them roughly aligned to reality. Since it's not critical for file system correctness, the code doesn't call ext4_commit_super(). The problem is that it's in ext4_commit_super() that we recalculate the superblock checksum. So if we're not going to call ext4_commit_super(), we need to call ext4_superblock_csum_set() to make sure the superblock checksum is consistent. Most of the time, this doesn't matter, since we end up calling ext4_commit_super() very soon thereafter, and definitely by the time the file system is unmounted. However, it doesn't work in this sequence: mke2fs -Fq -t ext4 /dev/vdc 128M mount /dev/vdc /vdc cp xfstests/git-versions /vdc godown /vdc umount /vdc mount /dev/vdc tune2fs -l /dev/vdc With this commit, the "tune2fs -l" no longer fails. Reported-by: Chengguang Xu Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org commit 9b25436662d5fb4c66eb527ead53cab15f596ee0 Author: Kees Cook Date: Mon Aug 27 14:51:54 2018 -0700 random: make CPU trust a boot parameter Instead of forcing a distro or other system builder to choose at build time whether the CPU is trusted for CRNG seeding via CONFIG_RANDOM_TRUST_CPU, provide a boot-time parameter for end users to control the choice. The CONFIG will set the default state instead. Signed-off-by: Kees Cook Signed-off-by: Theodore Ts'o commit bcd8e91f98c156f4b1ebcfacae675f9cfd962441 Author: Theodore Ts'o Date: Sat Sep 1 12:45:04 2018 -0400 ext4: avoid arithemetic overflow that can trigger a BUG A maliciously crafted file system can cause an overflow when the results of a 64-bit calculation is stored into a 32-bit length parameter. https://bugzilla.kernel.org/show_bug.cgi?id=200623 Signed-off-by: Theodore Ts'o Reported-by: Wen Xu Cc: stable@vger.kernel.org commit c1d0af1a1d5dfde880f588eceb4c00710e0f60ff Author: Christoph Hellwig Date: Fri Aug 24 08:07:52 2018 +0200 kernel/dma/direct: take DMA offset into account in dma_direct_supported When a device has a DMA offset the dma capable result will change due to the difference between the physical and DMA address. Take that into account. Signed-off-by: Christoph Hellwig Reviewed-by: Benjamin Herrenschmidt Reviewed-by: Robin Murphy commit c7486104a5ce7e8763e3cb5157bba8d0f1468d87 Author: LuckTony Date: Fri Aug 31 09:55:06 2018 -0700 x86/mce: Fix set_mce_nospec() to avoid #GP fault The trick with flipping bit 63 to avoid loading the address of the 1:1 mapping of the poisoned page while the 1:1 map is updated used to work when unmapping the page. But it falls down horribly when attempting to directly set the page as uncacheable. The problem is that when the cache mode is changed to uncachable, the pages needs to be flushed from the cache first. But the decoy address is non-canonical due to bit 63 flipped, and the CLFLUSH instruction throws a #GP fault. Add code to change_page_attr_set_clr() to fix the address before calling flush. Fixes: 284ce4011ba6 ("x86/memory_failure: Introduce {set, clear}_mce_nospec()") Suggested-by: Linus Torvalds Signed-off-by: Tony Luck Signed-off-by: Thomas Gleixner Acked-by: Linus Torvalds Cc: Peter Anvin Cc: Borislav Petkov Cc: linux-edac Cc: Dan Williams Cc: Dave Jiang Link: https://lkml.kernel.org/r/20180831165506.GA9605@agluck-desk commit f611a5b4a51fa36a0aa792be474f5d6aacaef7e3 Author: Thomas Falcon Date: Thu Aug 30 13:19:53 2018 -0500 ibmvnic: Include missing return code checks in reset function Check the return codes of these functions and halt reset in case of failure. The driver will remain in a dormant state until the next reset event, when device initialization will be re-attempted. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller commit c81c7012e0c769b5704c2b07bd5224965e76fb70 Author: Sabrina Dubroca Date: Thu Aug 30 16:01:18 2018 +0200 selftests: pmtu: detect correct binary to ping ipv6 addresses Some systems don't have the ping6 binary anymore, and use ping for everything. Detect the absence of ping6 and try to use ping instead. Fixes: d1f1b9cbf34c ("selftests: net: Introduce first PMTU test") Signed-off-by: Sabrina Dubroca Acked-by: Stefano Brivio Signed-off-by: David S. Miller commit 902b5417f28d955cdb4898df6ffaab15f56c5cff Author: Sabrina Dubroca Date: Thu Aug 30 16:01:17 2018 +0200 selftests: pmtu: maximum MTU for vti4 is 2^16-1-20 Since commit 82612de1c98e ("ip_tunnel: restore binding to ifaces with a large mtu"), the maximum MTU for vti4 is based on IP_MAX_MTU instead of the mysterious constant 0xFFF8. This makes this selftest fail. Fixes: 82612de1c98e ("ip_tunnel: restore binding to ifaces with a large mtu") Signed-off-by: Sabrina Dubroca Acked-by: Stefano Brivio Acked-by: Nicolas Dichtel Signed-off-by: David S. Miller commit 63cc357f7bba6729869565a12df08441a5995d9a Author: Florian Westphal Date: Thu Aug 30 14:24:29 2018 +0200 tcp: do not restart timewait timer on rst reception RFC 1337 says: ''Ignore RST segments in TIME-WAIT state. If the 2 minute MSL is enforced, this fix avoids all three hazards.'' So with net.ipv4.tcp_rfc1337=1, expected behaviour is to have TIME-WAIT sk expire rather than removing it instantly when a reset is received. However, Linux will also re-start the TIME-WAIT timer. This causes connect to fail when tying to re-use ports or very long delays (until syn retry interval exceeds MSL). packetdrill test case: // Demonstrate bogus rearming of TIME-WAIT timer in rfc1337 mode. `sysctl net.ipv4.tcp_rfc1337=1` 0.000 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3 0.000 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 0.000 bind(3, ..., ...) = 0 0.000 listen(3, 1) = 0 0.100 < S 0:0(0) win 29200 0.100 > S. 0:0(0) ack 1 0.200 < . 1:1(0) ack 1 win 257 0.200 accept(3, ..., ...) = 4 // Receive first segment 0.310 < P. 1:1001(1000) ack 1 win 46 // Send one ACK 0.310 > . 1:1(0) ack 1001 // read 1000 byte 0.310 read(4, ..., 1000) = 1000 // Application writes 100 bytes 0.350 write(4, ..., 100) = 100 0.350 > P. 1:101(100) ack 1001 // ACK 0.500 < . 1001:1001(0) ack 101 win 257 // close the connection 0.600 close(4) = 0 0.600 > F. 101:101(0) ack 1001 win 244 // Our side is in FIN_WAIT_1 & waits for ack to fin 0.7 < . 1001:1001(0) ack 102 win 244 // Our side is in FIN_WAIT_2 with no outstanding data. 0.8 < F. 1001:1001(0) ack 102 win 244 0.8 > . 102:102(0) ack 1002 win 244 // Our side is now in TIME_WAIT state, send ack for fin. 0.9 < F. 1002:1002(0) ack 102 win 244 0.9 > . 102:102(0) ack 1002 win 244 // Peer reopens with in-window SYN: 1.000 < S 1000:1000(0) win 9200 // Therefore, reply with ACK. 1.000 > . 102:102(0) ack 1002 win 244 // Peer sends RST for this ACK. Normally this RST results // in tw socket removal, but rfc1337=1 setting prevents this. 1.100 < R 1002:1002(0) win 244 // second syn. Due to rfc1337=1 expect another pure ACK. 31.0 < S 1000:1000(0) win 9200 31.0 > . 102:102(0) ack 1002 win 244 // .. and another RST from peer. 31.1 < R 1002:1002(0) win 244 31.2 `echo no timer restart;ss -m -e -a -i -n -t -o state TIME-WAIT` // third syn after one minute. Time-Wait socket should have expired by now. 63.0 < S 1000:1000(0) win 9200 // so we expect a syn-ack & 3whs to proceed from here on. 63.0 > S. 0:0(0) ack 1 Without this patch, 'ss' shows restarts of tw timer and last packet is thus just another pure ack, more than one minute later. This restores the original code from commit 283fd6cf0be690a83 ("Merge in ANK networking jumbo patch") in netdev-vger-cvs.git . For some reason the else branch was removed/lost in 1f28b683339f7 ("Merge in TCP/UDP optimizations and [..]") and timer restart became unconditional. Reported-by: Michal Tesar Signed-off-by: Florian Westphal Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller commit b0e0b0abbd5e52568e3848b0ba54a9efa3a11547 Author: Pavel Machek Date: Thu Aug 30 13:30:03 2018 +0200 net/rds: RDS is not Radio Data System Getting prompt "The RDS Protocol" (RDS) is not too helpful, and it is easily confused with Radio Data System (which we may want to support in kernel, too). Signed-off-by: Pavel Machek Acked-by: Sowmini Varadhan Acked-by: Santosh Shilimkar Acked-by: Sowmini Varadhan Signed-off-by: David S. Miller commit e04e7a7bbd4bbabef4e1a58367e5fc9b2edc3b10 Author: Dexuan Cui Date: Thu Aug 30 05:42:13 2018 +0000 hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() This patch fixes the race between netvsc_probe() and rndis_set_subchannel(), which can cause a deadlock. These are the related 3 paths which show the deadlock: path #1: Workqueue: hv_vmbus_con vmbus_onmessage_work [hv_vmbus] Call Trace: schedule schedule_preempt_disabled __mutex_lock __device_attach bus_probe_device device_add vmbus_device_register vmbus_onoffer vmbus_onmessage_work process_one_work worker_thread kthread ret_from_fork path #2: schedule schedule_preempt_disabled __mutex_lock netvsc_probe vmbus_probe really_probe __driver_attach bus_for_each_dev driver_attach_async async_run_entry_fn process_one_work worker_thread kthread ret_from_fork path #3: Workqueue: events netvsc_subchan_work [hv_netvsc] Call Trace: schedule rndis_set_subchannel netvsc_subchan_work process_one_work worker_thread kthread ret_from_fork Before path #1 finishes, path #2 can start to run, because just before the "bus_probe_device(dev);" in device_add() in path #1, there is a line "object_uevent(&dev->kobj, KOBJ_ADD);", so systemd-udevd can immediately try to load hv_netvsc and hence path #2 can start to run. Next, path #2 offloads the subchannal's initialization to a workqueue, i.e. path #3, so we can end up in a deadlock situation like this: Path #2 gets the device lock, and is trying to get the rtnl lock; Path #3 gets the rtnl lock and is waiting for all the subchannel messages to be processed; Path #1 is trying to get the device lock, but since #2 is not releasing the device lock, path #1 has to sleep; since the VMBus messages are processed one by one, this means the sub-channel messages can't be procedded, so #3 has to sleep with the rtnl lock held, and finally #2 has to sleep... Now all the 3 paths are sleeping and we hit the deadlock. With the patch, we can make sure #2 gets both the device lock and the rtnl lock together, gets its job done, and releases the locks, so #1 and #3 will not be blocked for ever. Fixes: 8195b1396ec8 ("hv_netvsc: fix deadlock on hotplug") Signed-off-by: Dexuan Cui Cc: Stephen Hemminger Cc: K. Y. Srinivasan Cc: Haiyang Zhang Signed-off-by: David S. Miller commit 9ad716b95fd6c6be46a4f2d5936e514b5bcd744d Author: Jakub Kicinski Date: Wed Aug 29 12:46:08 2018 -0700 nfp: wait for posted reconfigs when disabling the device To avoid leaking a running timer we need to wait for the posted reconfigs after netdev is unregistered. In common case the process of deinitializing the device will perform synchronous reconfigs which wait for posted requests, but especially with VXLAN ports being actively added and removed there can be a race condition leaving a timer running after adapter structure is freed leading to a crash. Add an explicit flush after deregistering and for a good measure a warning to check if timer is running just before structures are freed. Fixes: 3d780b926a12 ("nfp: add async reconfiguration mechanism") Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe Signed-off-by: David S. Miller commit 3a7ad0634f0986d807772ba74f66f7c3a73612e5 Author: Eric Dumazet Date: Wed Aug 29 11:50:12 2018 -0700 Revert "packet: switch kvzalloc to allocate memory" This reverts commit 71e41286203c017d24f041a7cd71abea7ca7b1e0. mmap()/munmap() can not be backed by kmalloced pages : We fault in : VM_BUG_ON_PAGE(PageSlab(page), page); unmap_single_vma+0x8a/0x110 unmap_vmas+0x4b/0x90 unmap_region+0xc9/0x140 do_munmap+0x274/0x360 vm_munmap+0x81/0xc0 SyS_munmap+0x2b/0x40 do_syscall_64+0x13e/0x1c0 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: 71e41286203c ("packet: switch kvzalloc to allocate memory") Signed-off-by: Eric Dumazet Reported-by: John Sperbeck Bisected-by: John Sperbeck Cc: Zhang Yu Cc: Li RongQing Signed-off-by: David S. Miller commit 41a95041126522a921fb73df22cbdd520dfdebad Author: Guoqing Jiang Date: Fri Aug 31 10:05:57 2018 +0800 md-cluster: release RESYNC lock after the last resync message All the RESYNC messages are sent with resync lock held, the only exception is resync_finish which releases resync_lockres before send the last resync message, this should be changed as well. Otherwise, we can see deadlock issue as follows: clustermd2-gqjiang2:~ # cat /proc/mdstat Personalities : [raid10] [raid1] md0 : active raid1 sdg[0] sdf[1] 134144 blocks super 1.2 [2/2] [UU] [===================>.] resync = 99.6% (134144/134144) finish=0.0min speed=26K/sec bitmap: 1/1 pages [4KB], 65536KB chunk unused devices: clustermd2-gqjiang2:~ # ps aux|grep md|grep D root 20497 0.0 0.0 0 0 ? D 16:00 0:00 [md0_raid1] clustermd2-gqjiang2:~ # cat /proc/20497/stack [] dlm_lock_sync+0x8e/0xc0 [md_cluster] [] __sendmsg+0x98/0x130 [md_cluster] [] sendmsg+0x20/0x30 [md_cluster] [] resync_info_update+0xb5/0xc0 [md_cluster] [] md_reap_sync_thread+0x134/0x170 [md_mod] [] md_check_recovery+0x28c/0x510 [md_mod] [] raid1d+0x42/0x800 [raid1] [] md_thread+0x121/0x150 [md_mod] [] kthread+0xff/0x140 [] ret_from_fork+0x35/0x40 [] 0xffffffffffffffff clustermd-gqjiang1:~ # ps aux|grep md|grep D root 20531 0.0 0.0 0 0 ? D 16:00 0:00 [md0_raid1] root 20537 0.0 0.0 0 0 ? D 16:00 0:00 [md0_cluster_rec] root 20676 0.0 0.0 0 0 ? D 16:01 0:00 [md0_resync] clustermd-gqjiang1:~ # cat /proc/mdstat Personalities : [raid10] [raid1] md0 : active raid1 sdf[1] sdg[0] 134144 blocks super 1.2 [2/2] [UU] [===================>.] resync = 97.3% (131072/134144) finish=8076.8min speed=0K/sec bitmap: 1/1 pages [4KB], 65536KB chunk unused devices: clustermd-gqjiang1:~ # cat /proc/20531/stack [] metadata_update_start+0xcd/0xd0 [md_cluster] [] md_update_sb.part.61+0x97/0x820 [md_mod] [] md_check_recovery+0x29b/0x510 [md_mod] [] raid1d+0x42/0x800 [raid1] [] md_thread+0x121/0x150 [md_mod] [] kthread+0xff/0x140 [] ret_from_fork+0x35/0x40 [] 0xffffffffffffffff clustermd-gqjiang1:~ # cat /proc/20537/stack [] freeze_array+0xf2/0x140 [raid1] [] recv_daemon+0x41e/0x580 [md_cluster] [] md_thread+0x121/0x150 [md_mod] [] kthread+0xff/0x140 [] ret_from_fork+0x35/0x40 [] 0xffffffffffffffff clustermd-gqjiang1:~ # cat /proc/20676/stack [] dlm_lock_sync+0x8e/0xc0 [md_cluster] [] lock_token+0x2f/0xa0 [md_cluster] [] lock_comm+0x32/0x90 [md_cluster] [] sendmsg+0x15/0x30 [md_cluster] [] resync_info_update+0x8a/0xc0 [md_cluster] [] raid1_sync_request+0xa9a/0xb10 [raid1] [] md_do_sync+0xbaa/0xf90 [md_mod] [] md_thread+0x121/0x150 [md_mod] [] kthread+0xff/0x140 [] ret_from_fork+0x35/0x40 [] 0xffffffffffffffff Reviewed-by: NeilBrown Signed-off-by: Guoqing Jiang Signed-off-by: Shaohua Li commit 1d0ffd264204eba1861865560f1f7f7a92919384 Author: Xiao Ni Date: Thu Aug 30 15:57:09 2018 +0800 RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 In raid10 reshape_request it gets max_sectors in read_balance. If the underlayer disks have bad blocks, the max_sectors is less than last. It will call goto read_more many times. It calls raise_barrier(conf, sectors_done != 0) every time. In this condition sectors_done is not 0. So the value passed to the argument force of raise_barrier is true. In raise_barrier it checks conf->barrier when force is true. If force is true and conf->barrier is 0, it panic. In this case reshape_request submits bio to under layer disks. And in the callback function of the bio it calls lower_barrier. If the bio finishes before calling raise_barrier again, it can trigger the BUG_ON. Add one pair of raise_barrier/lower_barrier to fix this bug. Signed-off-by: Xiao Ni Suggested-by: Neil Brown Signed-off-by: Shaohua Li commit e254de6bcf3f5b6e78a92ac95fb91acef8adfe1a Author: Shaohua Li Date: Wed Aug 29 11:05:42 2018 -0700 md/raid5-cache: disable reshape completely We don't support reshape yet if an array supports log device. Previously we determine the fact by checking ->log. However, ->log could be NULL after a log device is removed, but the array is still marked to support log device. Don't allow reshape in this case too. User can disable log device support by setting 'consistency_policy' to 'resync' then do reshape. Reported-by: Xiao Ni Tested-by: Xiao Ni Signed-off-by: Shaohua Li commit 3111885015b458c97b4cf272e2a87f1d6f0ed06a Author: Dennis Zhou (Facebook) Date: Fri Aug 31 16:22:44 2018 -0400 blkcg: use tryget logic when associating a blkg with a bio There is a very small change a bio gets caught up in a really unfortunate race between a task migration, cgroup exiting, and itself trying to associate with a blkg. This is due to css offlining being performed after the css->refcnt is killed which triggers removal of blkgs that reach their blkg->refcnt of 0. To avoid this, association with a blkg should use tryget and fallback to using the root_blkg. Fixes: 08e18eab0c579 ("block: add bi_blkg to the bio for cgroups") Reviewed-by: Josef Bacik Signed-off-by: Dennis Zhou Cc: Jiufei Xue Cc: Joseph Qi Cc: Tejun Heo Cc: Josef Bacik Cc: Jens Axboe Signed-off-by: Jens Axboe commit 59b57717fff8b562825d9d25e0180ad7e8048ca9 Author: Dennis Zhou (Facebook) Date: Fri Aug 31 16:22:43 2018 -0400 blkcg: delay blkg destruction until after writeback has finished Currently, blkcg destruction relies on a sequence of events: 1. Destruction starts. blkcg_css_offline() is called and blkgs release their reference to the blkcg. This immediately destroys the cgwbs (writeback). 2. With blkgs giving up their reference, the blkcg ref count should become zero and eventually call blkcg_css_free() which finally frees the blkcg. Jiufei Xue reported that there is a race between blkcg_bio_issue_check() and cgroup_rmdir(). To remedy this, blkg destruction becomes contingent on the completion of all writeback associated with the blkcg. A count of the number of cgwbs is maintained and once that goes to zero, blkg destruction can follow. This should prevent premature blkg destruction related to writeback. The new process for blkcg cleanup is as follows: 1. Destruction starts. blkcg_css_offline() is called which offlines writeback. Blkg destruction is delayed on the cgwb_refcnt count to avoid punting potentially large amounts of outstanding writeback to root while maintaining any ongoing policies. Here, the base cgwb_refcnt is put back. 2. When the cgwb_refcnt becomes zero, blkcg_destroy_blkgs() is called and handles destruction of blkgs. This is where the css reference held by each blkg is released. 3. Once the blkcg ref count goes to zero, blkcg_css_free() is called. This finally frees the blkg. It seems in the past blk-throttle didn't do the most understandable things with taking data from a blkg while associating with current. So, the simplification and unification of what blk-throttle is doing caused this. Fixes: 08e18eab0c579 ("block: add bi_blkg to the bio for cgroups") Reviewed-by: Josef Bacik Signed-off-by: Dennis Zhou Cc: Jiufei Xue Cc: Joseph Qi Cc: Tejun Heo Cc: Josef Bacik Cc: Jens Axboe Signed-off-by: Jens Axboe commit 6b06546206868f723f2061d703a3c3c378dcbf4c Author: Dennis Zhou (Facebook) Date: Fri Aug 31 16:22:42 2018 -0400 Revert "blk-throttle: fix race between blkcg_bio_issue_check() and cgroup_rmdir()" This reverts commit 4c6994806f708559c2812b73501406e21ae5dcd0. Destroying blkgs is tricky because of the nature of the relationship. A blkg should go away when either a blkcg or a request_queue goes away. However, blkg's pin the blkcg to ensure they remain valid. To break this cycle, when a blkcg is offlined, blkgs put back their css ref. This eventually lets css_free() get called which frees the blkcg. The above commit (4c6994806f70) breaks this order of events by trying to destroy blkgs in css_free(). As the blkgs still hold references to the blkcg, css_free() is never called. The race between blkcg_bio_issue_check() and cgroup_rmdir() will be addressed in the following patch by delaying destruction of a blkg until all writeback associated with the blkcg has been finished. Fixes: 4c6994806f70 ("blk-throttle: fix race between blkcg_bio_issue_check() and cgroup_rmdir()") Reviewed-by: Josef Bacik Signed-off-by: Dennis Zhou Cc: Jiufei Xue Cc: Joseph Qi Cc: Tejun Heo Cc: Jens Axboe Signed-off-by: Jens Axboe commit 678c8110d23c0ac7d69fda558992c31be64e7507 Author: Eugeniy Paltsev Date: Mon Jul 30 19:26:33 2018 +0300 ARC: dma [IOC]: mark DMA devices connected as dma-coherent Mark DMA devices on AXS103 and HSDK boards connected through IOC port as dma-coherent. Signed-off-by: Eugeniy Paltsev Signed-off-by: Vineet Gupta commit a8627cda7cfffe1792c199660c2b4f03ba2bd97b Author: Gustavo A. R. Silva Date: Fri Aug 31 10:00:34 2018 -0500 ipmi: Fix NULL pointer dereference in ssif_probe There is a potential execution path in which function ssif_info_find() returns NULL, hence there is a NULL pointer dereference when accessing pointer *addr_info* Fix this by null checking *addr_info* before dereferencing it. Addresses-Coverity-ID: 1473145 ("Explicit null dereferenced") Fixes: e333054a91d1 ("ipmi: Fix I2C client removal in the SSIF driver") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Corey Minyard commit 3fcbb8260a87efb691d837e8cd24e81f65b3eb70 Author: Will Deacon Date: Thu Aug 30 13:52:38 2018 -0700 ARC: atomics: unbork atomic_fetch_##op() In 4.19-rc1, Eugeniy reported weird boot and IO errors on ARC HSDK | INFO: task syslogd:77 blocked for more than 10 seconds. | Not tainted 4.19.0-rc1-00007-gf213acea4e88 #40 | "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this | message. | syslogd D 0 77 76 0x00000000 | | Stack Trace: | __switch_to+0x0/0xac | __schedule+0x1b2/0x730 | io_schedule+0x5c/0xc0 | __lock_page+0x98/0xdc | find_lock_entry+0x38/0x100 | shmem_getpage_gfp.isra.3+0x82/0xbfc | shmem_fault+0x46/0x138 | handle_mm_fault+0x5bc/0x924 | do_page_fault+0x100/0x2b8 | ret_from_exception+0x0/0x8 He bisected to 84c6591103db ("locking/atomics, asm-generic/bitops/lock.h: Rewrite using atomic_fetch_*()") This commit however only unmasked the real issue introduced by commit 4aef66c8ae9 ("locking/atomic, arch/arc: Fix build") which missed the retry-if-scond-failed branch in atomic_fetch_##op() macros. The bisected commit started using atomic_fetch_##op() macros for building the rest of atomics. Fixes: 4aef66c8ae9 ("locking/atomic, arch/arc: Fix build") Reported-by: Eugeniy Paltsev Acked-by: Peter Zijlstra (Intel) Signed-off-by: Will Deacon Signed-off-by: Vineet Gupta [vgupta: wrote changelog] commit 0f02cfbc3d9e413d450d8d0fd660077c23f67eff Author: Paul Burton Date: Thu Aug 30 11:01:21 2018 -0700 MIPS: VDSO: Match data page cache colouring when D$ aliases When a system suffers from dcache aliasing a user program may observe stale VDSO data from an aliased cache line. Notably this can break the expectation that clock_gettime(CLOCK_MONOTONIC, ...) is, as its name suggests, monotonic. In order to ensure that users observe updates to the VDSO data page as intended, align the user mappings of the VDSO data page such that their cache colouring matches that of the virtual address range which the kernel will use to update the data page - typically its unmapped address within kseg0. This ensures that we don't introduce aliasing cache lines for the VDSO data page, and therefore that userland will observe updates without requiring cache invalidation. Signed-off-by: Paul Burton Reported-by: Hauke Mehrtens Reported-by: Rene Nielsen Reported-by: Alexandre Belloni Fixes: ebb5e78cc634 ("MIPS: Initial implementation of a VDSO") Patchwork: https://patchwork.linux-mips.org/patch/20344/ Tested-by: Alexandre Belloni Tested-by: Hauke Mehrtens Cc: James Hogan Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org # v4.4+ commit 7acfda539c0b9636a58bfee56abfb3aeee806d96 Author: Taehee Yoo Date: Sun Aug 26 02:35:44 2018 +0900 netfilter: nf_tables: release chain in flushing set When element of verdict map is deleted, the delete routine should release chain. however, flush element of verdict map routine doesn't release chain. test commands: %nft add table ip filter %nft add chain ip filter c1 %nft add map ip filter map1 { type ipv4_addr : verdict \; } %nft add element ip filter map1 { 1 : jump c1 } %nft flush map ip filter map1 %nft flush ruleset splat looks like: [ 4895.170899] kernel BUG at net/netfilter/nf_tables_api.c:1415! [ 4895.178114] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI [ 4895.178880] CPU: 0 PID: 1670 Comm: nft Not tainted 4.18.0+ #55 [ 4895.178880] RIP: 0010:nf_tables_chain_destroy.isra.28+0x39/0x220 [nf_tables] [ 4895.178880] Code: fc ff df 53 48 89 fb 48 83 c7 50 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 09 3c 03 7f 05 e8 3e 4c 25 e1 8b 43 50 85 c0 74 02 <0f> 0b 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 [ 4895.228342] RSP: 0018:ffff88010b98f4c0 EFLAGS: 00010202 [ 4895.234841] RAX: 0000000000000001 RBX: ffff8801131c6968 RCX: ffff8801146585b0 [ 4895.234841] RDX: 1ffff10022638d37 RSI: ffff8801191a9348 RDI: ffff8801131c69b8 [ 4895.234841] RBP: ffff8801146585a8 R08: 1ffff1002323526a R09: 0000000000000000 [ 4895.234841] R10: 0000000000000000 R11: 0000000000000000 R12: dead000000000200 [ 4895.234841] R13: dead000000000100 R14: ffffffffa3638af8 R15: dffffc0000000000 [ 4895.234841] FS: 00007f6d188e6700(0000) GS:ffff88011b600000(0000) knlGS:0000000000000000 [ 4895.234841] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4895.234841] CR2: 00007ffe72b8df88 CR3: 000000010e2d4000 CR4: 00000000001006f0 [ 4895.234841] Call Trace: [ 4895.234841] nf_tables_commit+0x2704/0x2c70 [nf_tables] [ 4895.234841] ? nfnetlink_rcv_batch+0xa4f/0x11b0 [nfnetlink] [ 4895.234841] ? nf_tables_setelem_notify.constprop.48+0x1a0/0x1a0 [nf_tables] [ 4895.323824] ? __lock_is_held+0x9d/0x130 [ 4895.323824] ? kasan_unpoison_shadow+0x30/0x40 [ 4895.333299] ? kasan_kmalloc+0xa9/0xc0 [ 4895.333299] ? kmem_cache_alloc_trace+0x2c0/0x310 [ 4895.333299] ? nfnetlink_rcv_batch+0xa4f/0x11b0 [nfnetlink] [ 4895.333299] nfnetlink_rcv_batch+0xdb9/0x11b0 [nfnetlink] [ 4895.333299] ? debug_show_all_locks+0x290/0x290 [ 4895.333299] ? nfnetlink_net_init+0x150/0x150 [nfnetlink] [ 4895.333299] ? sched_clock_cpu+0xe5/0x170 [ 4895.333299] ? sched_clock_local+0xff/0x130 [ 4895.333299] ? sched_clock_cpu+0xe5/0x170 [ 4895.333299] ? find_held_lock+0x39/0x1b0 [ 4895.333299] ? sched_clock_local+0xff/0x130 [ 4895.333299] ? memset+0x1f/0x40 [ 4895.333299] ? nla_parse+0x33/0x260 [ 4895.333299] ? ns_capable_common+0x6e/0x110 [ 4895.333299] nfnetlink_rcv+0x2c0/0x310 [nfnetlink] [ ... ] Fixes: 591054469b3e ("netfilter: nf_tables: revisit chain/object refcounting from elements") Signed-off-by: Taehee Yoo Signed-off-by: Pablo Neira Ayuso commit e0758412208960be9de11e6d2350c81ffd88410f Author: Florian Westphal Date: Sat Aug 25 01:14:46 2018 +0200 netfilter: kconfig: nat related expression depend on nftables core NF_TABLES_IPV4 is now boolean so it is possible to set NF_TABLES=m NF_TABLES_IPV4=y NFT_CHAIN_NAT_IPV4=y which causes: nft_chain_nat_ipv4.c:(.text+0x6d): undefined reference to `nft_do_chain' Wrap NFT_CHAIN_NAT_IPV4 and related nat expressions with NF_TABLES to restore the dependency. Reported-by: Randy Dunlap Fixes: 02c7b25e5f54 ("netfilter: nf_tables: build-in filter chain type") Signed-off-by: Florian Westphal Acked-by: Randy Dunlap Signed-off-by: Pablo Neira Ayuso commit bc8d2e20a3eb2f8d268ad7bbca878cf3acdcf389 Author: Lukas Bulwahn Date: Thu Aug 30 11:18:42 2018 +0200 kconfig: remove a spurious self-assignment The self assignment was probably introduced by an automated code refactoring in commit 694c49a7c01c ("kconfig: drop localization support"). The issue was identified by a self-assign warning when running make menuconfig with clang. Fixes: 694c49a7c01c ("kconfig: drop localization support") Signed-off-by: Lukas Bulwahn Signed-off-by: Masahiro Yamada commit 6147b1cf19651c7de297e69108b141fb30aa2349 Author: Genki Sky Date: Tue Aug 28 23:26:24 2018 -0400 scripts/setlocalversion: git: Make -dirty check more robust $(git diff-index) relies on the index being refreshed. This refreshing of the index used to happen, but was removed in cdf2bc632ebc ("scripts/setlocalversion on write-protected source tree", 2013-06-14) due to issues with a read-only filesystem. If the index is not refreshed, one runs into problems. E.g. as described in [0], git stores the uid in its index, so even if just the uid has changed (or git is tricked into thinking so), then we will think the tree is dirty. So as in [1], if you package linux-git with a system that uses fakeroot(1), you get a "-dirty" version. Unless you manually $(git update-index --refresh) themselves. The simplest solution seems to be $(git status --porcelain), with an additional flag saying "ignore untracked files". It seems clearer about what it does, and avoids issues regarding cached indexes and writable filesystems, but still has stable output for scripting. [0]: https://public-inbox.org/git/0190ae30-b6c8-2a8b-b1fb-fd9d84e6dfdf@oracle.com/ [1]: https://bbs.archlinux.org/viewtopic.php?id=236702 Signed-off-by: Genki Sky Signed-off-by: Masahiro Yamada commit 420f51f4ab6bce6e580390729fadb89c31123636 Merge: 4290d5b9ca01 f52bb98f5ade Author: Linus Torvalds Date: Fri Aug 31 09:20:30 2018 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "A few arm64 fixes came in this week, specifically fixing some nasty truncation of return values from firmware calls and resolving a VM_BUG_ON due to accessing uninitialised struct pages corresponding to NOMAP pages. Summary: - Fix typos in SVE documentation - Fix type-checking and implicit truncation for SMCCC calls - Force CONFIG_HOLES_IN_ZONE=y so that SLAB doesn't fall over NOMAP regions" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: mm: always enable CONFIG_HOLES_IN_ZONE arm/arm64: smccc-1.1: Handle function result as parameters arm/arm64: smccc-1.1: Make return values unsigned long Documentation/arm64/sve: Couple of improvements and typos commit eeb89e2bb1ac45b0836d4170e97a988c3a746c62 Author: Joerg Roedel Date: Fri Aug 31 10:05:38 2018 +0200 x86/efi: Load fixmap GDT in efi_call_phys_epilog() When PTI is enabled on x86-32 the kernel uses the GDT mapped in the fixmap for the simple reason that this address is also mapped for user-space. The efi_call_phys_prolog()/efi_call_phys_epilog() wrappers change the GDT to call EFI runtime services and switch back to the kernel GDT when they return. But the switch-back uses the writable GDT, not the fixmap GDT. When that happened and and the CPU returns to user-space it switches to the user %cr3 and tries to restore user segment registers. This fails because the writable GDT is not mapped in the user page-table, and without a GDT the fault handlers also can't be launched. The result is a triple fault and reboot of the machine. Fix that by restoring the GDT back to the fixmap GDT which is also mapped in the user page-table. Fixes: 7757d607c6b3 x86/pti: ('Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32') Reported-by: Guenter Roeck Signed-off-by: Joerg Roedel Signed-off-by: Thomas Gleixner Tested-by: Guenter Roeck Cc: Ard Biesheuvel Cc: Michal Hocko Cc: Andi Kleen Cc: Linus Torvalds Cc: Dave Hansen Cc: Pavel Machek Cc: hpa@zytor.com Cc: linux-efi@vger.kernel.org Link: https://lkml.kernel.org/r/1535702738-10971-1-git-send-email-joro@8bytes.org commit 4290d5b9ca018be10c7582524f7500df731bfab0 Merge: 01f6543a0dac 6d3c8ce012ce Author: Linus Torvalds Date: Fri Aug 31 08:45:16 2018 -0700 Merge tag 'for-linus-4.19b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fixes from Juergen Gross: - minor cleanup avoiding a warning when building with new gcc - a patch to add a new sysfs node for Xen frontend/backend drivers to make it easier to obtain the state of a pv device - two fixes for 32-bit pv-guests to avoid intermediate L1TF vulnerable PTEs * tag 'for-linus-4.19b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: x86/xen: remove redundant variable save_pud xen: export device state to sysfs x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear x86/xen: don't write ptes directly in 32-bit PV guests commit 01f6543a0dacd8d9901a130b26e9fec080c1f276 Merge: 754cf4b2432d 0986b16ab49b Author: Linus Torvalds Date: Fri Aug 31 08:42:46 2018 -0700 Merge tag 'm68k-for-v4.19-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k Pull m68k fix from Geert Uytterhoeven: "Just a single fix for a bug introduced during the merge window: fix wrong date and time on PMU-based Macs" * tag 'm68k-for-v4.19-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k: m68k/mac: Use correct PMU response format commit 754cf4b2432dfea0f925a0b760506a9c97c8f00b Merge: 4658aff6eeaa cebc07d84ad7 Author: Linus Torvalds Date: Fri Aug 31 08:38:53 2018 -0700 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: - regression fixes for i801 and designware - better API and leak fix for releasing DMA safe buffers - better greppable strings for the bitbang algorithm * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: sh_mobile: fix leak when using DMA bounce buffer i2c: sh_mobile: define start_ch() void as it only returns 0 anyhow i2c: refactor function to release a DMA safe buffer i2c: algos: bit: make the error messages grepable i2c: designware: Re-init controllers with pm_disabled set on resume i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus commit d40e3e9e44db4b3c8777f3b515ba6097ba26e3b2 Author: Andrew F. Davis Date: Fri Aug 31 10:14:05 2018 -0500 ASoC: tas6424: Save last fault register even when clear When there is no fault bit set in a fault register we skip the fault reporting section for that register. This also skips over saving that registers value. We save the value so we will not double report an error, but if an error clears then returns we will also not report it as we did not save the all cleared register value. Fix this by saving the fault register value in the all clear path. Signed-off-by: Andrew F. Davis Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit 4012e77a903d114f915fc607d6d2ed54a3d6c9b1 Author: Andy Lutomirski Date: Wed Aug 29 08:47:18 2018 -0700 x86/nmi: Fix NMI uaccess race against CR3 switching A NMI can hit in the middle of context switching or in the middle of switch_mm_irqs_off(). In either case, CR3 might not match current->mm, which could cause copy_from_user_nmi() and friends to read the wrong memory. Fix it by adding a new nmi_uaccess_okay() helper and checking it in copy_from_user_nmi() and in __copy_from_user_nmi()'s callers. Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Reviewed-by: Rik van Riel Cc: Nadav Amit Cc: Borislav Petkov Cc: Jann Horn Cc: Peter Zijlstra Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/dd956eba16646fd0b15c3c0741269dfd84452dac.1535557289.git.luto@kernel.org commit 829fe4aa9ac16417a904ad1de1307de906854bcf Author: Ben Hutchings Date: Wed Aug 29 20:43:17 2018 +0100 x86: Allow generating user-space headers without a compiler When bootstrapping an architecture, it's usual to generate the kernel's user-space headers (make headers_install) before building a compiler. Move the compiler check (for asm goto support) to the archprepare target so that it is only done when building code for the target. Fixes: e501ce957a78 ("x86: Force asm-goto") Reported-by: Helmut Grohne Signed-off-by: Ben Hutchings Signed-off-by: Thomas Gleixner Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180829194317.GA4765@decadent.org.uk commit 342db04ae71273322f0011384a9ed414df8bdae4 Author: Jann Horn Date: Tue Aug 28 17:49:01 2018 +0200 x86/dumpstack: Don't dump kernel memory based on usermode RIP show_opcodes() is used both for dumping kernel instructions and for dumping user instructions. If userspace causes #PF by jumping to a kernel address, show_opcodes() can be reached with regs->ip controlled by the user, pointing to kernel code. Make sure that userspace can't trick us into dumping kernel memory into dmesg. Fixes: 7cccf0725cf7 ("x86/dumpstack: Add a show_ip() function") Signed-off-by: Jann Horn Signed-off-by: Thomas Gleixner Reviewed-by: Kees Cook Reviewed-by: Borislav Petkov Cc: "H. Peter Anvin" Cc: Andy Lutomirski Cc: security@kernel.org Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180828154901.112726-1-jannh@google.com commit ef394f3fbecbe61d69450ad8cf0fa8f713c8ce8f Author: Philipp Zabel Date: Fri Aug 31 14:34:02 2018 +0200 regulator: da9063: fix DT probing with constraints Commit 1c892e38ce59 ("regulator: da9063: Handle less LDOs on DA9063L") reordered the da9063_regulator_info[] array, but not the DA9063_ID_* regulator ids and not the da9063_matches[] array, because ids are used as indices in the array initializer. This mismatch between regulator id and da9063_regulator_info[] array index causes the driver probe to fail because constraints from DT are not applied to the correct regulator: da9063 0-0058: Device detected (chip-ID: 0x61, var-ID: 0x50) DA9063_BMEM: Bringing 900000uV into 3300000-3300000uV DA9063_LDO9: Bringing 3300000uV into 2500000-2500000uV DA9063_LDO1: Bringing 900000uV into 3300000-3300000uV DA9063_LDO1: failed to apply 3300000-3300000uV constraint(-22) This patch reorders the DA9063_ID_* as apparently intended, and with them the entries in the da90630_matches[] array. Fixes: 1c892e38ce59 ("regulator: da9063: Handle less LDOs on DA9063L") Signed-off-by: Philipp Zabel Reviewed-by: Geert Uytterhoeven Reviewed-by: Marek Vasut Signed-off-by: Mark Brown commit 0745dde62835be7e2afe62fcdb482fcad79cb743 Author: Corey Minyard Date: Thu Aug 30 13:06:21 2018 -0500 ipmi: Fix I2C client removal in the SSIF driver The SSIF driver was removing any client that came in through the platform interface, but it should only remove clients that it added. On a failure in the probe function, this could result in the following oops when the driver is removed and the client gets unregistered twice: CPU: 107 PID: 30266 Comm: rmmod Not tainted 4.18.0+ #80 Hardware name: Cavium Inc. Saber/Saber, BIOS Cavium reference firmware version 7.0 08/04/2018 pstate: 60400009 (nZCv daif +PAN -UAO) pc : kernfs_find_ns+0x28/0x120 lr : kernfs_find_and_get_ns+0x40/0x60 sp : ffff00002310fb50 x29: ffff00002310fb50 x28: ffff800a8240f800 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000056000000 x24: ffff000009073000 x23: ffff000008998b38 x22: 0000000000000000 x21: ffff800ed86de820 x20: 0000000000000000 x19: ffff00000913a1d8 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 5300737265766972 x13: 643d4d4554535953 x12: 0000000000000030 x11: 0000000000000030 x10: 0101010101010101 x9 : ffff800ea06cc3f9 x8 : 0000000000000000 x7 : 0000000000000141 x6 : ffff000009073000 x5 : ffff800adb706b00 x4 : 0000000000000000 x3 : 00000000ffffffff x2 : 0000000000000000 x1 : ffff000008998b38 x0 : ffff000008356760 Process rmmod (pid: 30266, stack limit = 0x00000000e218418d) Call trace: kernfs_find_ns+0x28/0x120 kernfs_find_and_get_ns+0x40/0x60 sysfs_unmerge_group+0x2c/0x6c dpm_sysfs_remove+0x34/0x70 device_del+0x58/0x30c device_unregister+0x30/0x7c i2c_unregister_device+0x84/0x90 [i2c_core] ssif_platform_remove+0x38/0x98 [ipmi_ssif] platform_drv_remove+0x2c/0x6c device_release_driver_internal+0x168/0x1f8 driver_detach+0x50/0xbc bus_remove_driver+0x74/0xe8 driver_unregister+0x34/0x5c platform_driver_unregister+0x20/0x2c cleanup_ipmi_ssif+0x50/0xd82c [ipmi_ssif] __arm64_sys_delete_module+0x1b4/0x220 el0_svc_handler+0x104/0x160 el0_svc+0x8/0xc Code: aa1e03e0 aa0203f6 aa0103f7 d503201f (7940e280) ---[ end trace 09f0e34cce8e2d8c ]--- Kernel panic - not syncing: Fatal exception SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x23800c38 So track the clients that the SSIF driver adds and only remove those. Reported-by: George Cherian Signed-off-by: Corey Minyard Tested-by: George Cherian Cc: # 4.14.x commit c86ba91be75702c013bbf7379542920b6920e98f Author: Corey Minyard Date: Thu Aug 23 15:22:35 2018 -0500 ipmi: Move BT capabilities detection to the detect call The capabilities detection was being done as part of the normal state machine, but it was possible for it to be running while the upper layers of the IPMI driver were initializing the device, resulting in error and failure to initialize. Move the capabilities detection to the the detect function, so it's done before anything else runs on the device. This also simplifies the state machine and removes some code, as a bonus. Signed-off-by: Corey Minyard Reported-by: Andrew Banman Tested-by: Andrew Banman Cc: commit 2512e40e48d21d8bac09f7e91d2c3ceb2d3b50b2 Author: Corey Minyard Date: Wed Aug 22 12:08:13 2018 -0500 ipmi: Rework SMI registration failure There were certain situations where ipmi_register_smi() would return a failure, but the interface would still be registered and would need to be unregistered. This is obviously a bad design and resulted in an oops in certain failure cases. If the interface is started up in ipmi_register_smi(), then an error occurs, shut down the interface there so the cleanup can be done properly. Fix the various smi users, too. Signed-off-by: Corey Minyard Reported-by: Justin Ernst Tested-by: Justin Ernst Cc: Andrew Banman Cc: Russ Anderson Cc: # 4.18.x commit 0413bedabc886c3a56804d1c80a58e99077b1d91 Author: Rob Herring Date: Tue Aug 28 15:10:48 2018 -0500 of: Add device_type access helper functions In preparation to remove direct access to device_node.type, add of_node_is_type() and of_node_get_device_type() helpers to check and retrieve the device type. Cc: Frank Rowand Signed-off-by: Rob Herring commit 6fb86d97207880c1286cd4cb3a7e6a598afbc727 Author: Mukesh Ojha Date: Tue Aug 28 12:24:54 2018 +0530 cpu/hotplug: Remove skip_onerr field from cpuhp_step structure When notifiers were there, `skip_onerr` was used to avoid calling particular step startup/teardown callbacks in the CPU up/down rollback path, which made the hotplug asymmetric. As notifiers are gone now after the full state machine conversion, the `skip_onerr` field is no longer required. Remove it from the structure and its usage. Signed-off-by: Mukesh Ojha Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/1535439294-31426-1-git-send-email-mojha@codeaurora.org commit f52bb98f5aded4c43e52f5ce19fb83f7261e9e73 Author: James Morse Date: Thu Aug 30 16:05:32 2018 +0100 arm64: mm: always enable CONFIG_HOLES_IN_ZONE Commit 6d526ee26ccd ("arm64: mm: enable CONFIG_HOLES_IN_ZONE for NUMA") only enabled HOLES_IN_ZONE for NUMA systems because the NUMA code was choking on the missing zone for nomap pages. This problem doesn't just apply to NUMA systems. If the architecture doesn't set HAVE_ARCH_PFN_VALID, pfn_valid() will return true if the pfn is part of a valid sparsemem section. When working with multiple pages, the mm code uses pfn_valid_within() to test each page it uses within the sparsemem section is valid. On most systems memory comes in MAX_ORDER_NR_PAGES chunks which all have valid/initialised struct pages. In this case pfn_valid_within() is optimised out. Systems where this isn't true (e.g. due to nomap) should set HOLES_IN_ZONE and provide HAVE_ARCH_PFN_VALID so that mm tests each page as it works with it. Currently non-NUMA arm64 systems can't enable HOLES_IN_ZONE, leading to a VM_BUG_ON(): | page:fffffdff802e1780 is uninitialized and poisoned | raw: ffffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffff | raw: ffffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffff | page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p)) | ------------[ cut here ]------------ | kernel BUG at include/linux/mm.h:978! | Internal error: Oops - BUG: 0 [#1] PREEMPT SMP [...] | CPU: 1 PID: 25236 Comm: dd Not tainted 4.18.0 #7 | Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 | pstate: 40000085 (nZcv daIf -PAN -UAO) | pc : move_freepages_block+0x144/0x248 | lr : move_freepages_block+0x144/0x248 | sp : fffffe0071177680 [...] | Process dd (pid: 25236, stack limit = 0x0000000094cc07fb) | Call trace: | move_freepages_block+0x144/0x248 | steal_suitable_fallback+0x100/0x16c | get_page_from_freelist+0x440/0xb20 | __alloc_pages_nodemask+0xe8/0x838 | new_slab+0xd4/0x418 | ___slab_alloc.constprop.27+0x380/0x4a8 | __slab_alloc.isra.21.constprop.26+0x24/0x34 | kmem_cache_alloc+0xa8/0x180 | alloc_buffer_head+0x1c/0x90 | alloc_page_buffers+0x68/0xb0 | create_empty_buffers+0x20/0x1ec | create_page_buffers+0xb0/0xf0 | __block_write_begin_int+0xc4/0x564 | __block_write_begin+0x10/0x18 | block_write_begin+0x48/0xd0 | blkdev_write_begin+0x28/0x30 | generic_perform_write+0x98/0x16c | __generic_file_write_iter+0x138/0x168 | blkdev_write_iter+0x80/0xf0 | __vfs_write+0xe4/0x10c | vfs_write+0xb4/0x168 | ksys_write+0x44/0x88 | sys_write+0xc/0x14 | el0_svc_naked+0x30/0x34 | Code: aa1303e0 90001a01 91296421 94008902 (d4210000) | ---[ end trace 1601ba47f6e883fe ]--- Remove the NUMA dependency. Link: https://www.spinics.net/lists/arm-kernel/msg671851.html Cc: Cc: Ard Biesheuvel Reported-by: Mikulas Patocka Reviewed-by: Pavel Tatashin Tested-by: Mikulas Patocka Signed-off-by: James Morse Signed-off-by: Will Deacon commit d49b48f088c323dbacae44dfbe56d9c985c8a2a1 Author: Vincent Whitchurch Date: Fri Aug 31 09:04:18 2018 +0200 gpio: Fix crash due to registration race gpiochip_add_data_with_key() adds the gpiochip to the gpio_devices list before of_gpiochip_add() is called, but it's only the latter which sets the ->of_xlate function pointer. gpiochip_find() can be called by someone else between these two actions, and it can find the chip and call of_gpiochip_match_node_and_xlate() which leads to the following crash due to a NULL ->of_xlate(). Unhandled prefetch abort: page domain fault (0x01b) at 0x00000000 Modules linked in: leds_gpio(+) gpio_generic(+) CPU: 0 PID: 830 Comm: insmod Not tainted 4.18.0+ #43 Hardware name: ARM-Versatile Express PC is at (null) LR is at of_gpiochip_match_node_and_xlate+0x2c/0x38 Process insmod (pid: 830, stack limit = 0x(ptrval)) (of_gpiochip_match_node_and_xlate) from (gpiochip_find+0x48/0x84) (gpiochip_find) from (of_get_named_gpiod_flags+0xa8/0x238) (of_get_named_gpiod_flags) from (gpiod_get_from_of_node+0x2c/0xc8) (gpiod_get_from_of_node) from (devm_fwnode_get_index_gpiod_from_child+0xb8/0x144) (devm_fwnode_get_index_gpiod_from_child) from (gpio_led_probe+0x208/0x3c4 [leds_gpio]) (gpio_led_probe [leds_gpio]) from (platform_drv_probe+0x48/0x9c) (platform_drv_probe) from (really_probe+0x1d0/0x3d4) (really_probe) from (driver_probe_device+0x78/0x1c0) (driver_probe_device) from (__driver_attach+0x120/0x13c) (__driver_attach) from (bus_for_each_dev+0x68/0xb4) (bus_for_each_dev) from (bus_add_driver+0x1a8/0x268) (bus_add_driver) from (driver_register+0x78/0x10c) (driver_register) from (do_one_initcall+0x54/0x1fc) (do_one_initcall) from (do_init_module+0x64/0x1f4) (do_init_module) from (load_module+0x2198/0x26ac) (load_module) from (sys_finit_module+0xe0/0x110) (sys_finit_module) from (ret_fast_syscall+0x0/0x54) One way to fix this would be to rework the hairy registration sequence in gpiochip_add_data_with_key(), but since I'd probably introduce a couple of new bugs if I attempted that, simply add a check for a non-NULL of_xlate function pointer in of_gpiochip_match_node_and_xlate(). This works since the driver looking for the gpio will simply fail to find the gpio and defer its probe and be reprobed when the driver which is registering the gpiochip has fully completed its probe. Signed-off-by: Vincent Whitchurch Signed-off-by: Linus Walleij commit 0986b16ab49b18063d29a9e02e9c7fab1928bc8e Author: Finn Thain Date: Fri Aug 24 12:02:06 2018 +1000 m68k/mac: Use correct PMU response format Now that the 68k Mac port has adopted the via-pmu driver, it must decode the PMU response accordingly otherwise the date and time will be wrong. Fixes: ebd722275f9cfc67 ("macintosh/via-pmu: Replace via-pmu68k driver with via-pmu driver") Signed-off-by: Finn Thain Signed-off-by: Geert Uytterhoeven commit 4658aff6eeaaf0b049ce787513abfc985c452e3a Merge: 217c3e019675 49a51c4b4064 Author: Linus Torvalds Date: Thu Aug 30 21:18:05 2018 -0700 Merge tag 'drm-fixes-2018-08-31' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "Regular fixes pull: - Mediatek has a bunch of fixes to their RDMA and Overlay engines. - i915 has some Cannonlake/Geminilake watermark workarounds, LSPCON fix, HDCP free fix, audio fix and a ppgtt reference counting fix. - amdgpu has some SRIOV, Kasan, memory leaks and other misc fixes" * tag 'drm-fixes-2018-08-31' of git://anongit.freedesktop.org/drm/drm: (35 commits) drm/i915/audio: Hook up component bindings even if displays are disabled drm/i915: Increase LSPCON timeout drm/i915: Stop holding a ref to the ppgtt from each vma drm/i915: Free write_buf that we allocated with kzalloc. drm/i915: Fix glk/cnl display w/a #1175 drm/amdgpu: Need to set moved to true when evict bo drm/amdgpu: Remove duplicated power source update drm/amd/display: Fix memory leak caused by missed dc_sink_release drm/amdgpu: fix holding mn_lock while allocating memory drm/amdgpu: Power on uvd block when hw_fini drm/amdgpu: Update power state at the end of smu hw_init. drm/amdgpu: Fix vce initialize failed on Kaveri/Mullins drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode drm/amdgpu: Adjust the VM size based on system memory size v2 drm/mediatek: fix connection from RDMA2 to DSI1 drm/mediatek: update some variable name from ovl to comp drm/mediatek: use layer_nr function to get layer number to init plane drm/mediatek: add function to return RDMA layer number drm/mediatek: add function to return OVL layer number drm/mediatek: add function to get layer number for component ... commit 217c3e0196758662aa0429863b09d1c13da1c5d6 Author: Stephen Rothwell Date: Fri Aug 31 07:47:28 2018 +1000 disable stringop truncation warnings for now They are too noisy Signed-off-by: Stephen Rothwell Signed-off-by: Linus Torvalds commit b6935d2aa49dabff296680a6f349b32e5a16afe0 Merge: fb6463856658 a0b9c4de7bf3 Author: Linus Torvalds Date: Thu Aug 30 18:02:02 2018 -0700 Merge tag 'pm-4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "These address a corner case in the menu cpuidle governor and fix error handling in the PM core's generic clock management code. Specifics: - Make the menu cpuidle governor avoid stopping the scheduler tick if the predicted idle duration exceeds the tick period length, but the selected idle state is shallow and deeper idle states with high target residencies are available (Rafael Wysocki). - Make the PM core's generic clock management code use a proper data type for one variable to make error handling work (Dan Carpenter)" * tag 'pm-4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpuidle: menu: Retain tick when shallow state is selected PM / clk: signedness bug in of_pm_clk_add_clks() commit 2b52e2a67c86b0714eeae0d2030cb7fc14737626 Author: Masahiro Yamada Date: Mon Aug 27 12:07:37 2018 +0900 arc: remove redundant GCC version checks Commit cafa0010cd51 ("Raise the minimum required gcc version to 4.6") bumped the minimum GCC version to 4.6 for all architectures. With GCC >= 4.6 assumed, 'upto_gcc44' is empty, 'atleast_gcc44' is y. Signed-off-by: Masahiro Yamada Signed-off-by: Vineet Gupta commit a0b9c4de7bf3dacc32a7e70fff25e158a0bf848f Merge: 757ab15c3f49 5e2e2f9f76e1 Author: Rafael J. Wysocki Date: Fri Aug 31 01:23:31 2018 +0200 Merge branch 'pm-core' Merge a generic clock management fix for 4.19-rc2. * pm-core: PM / clk: signedness bug in of_pm_clk_add_clks() commit bded6c03e398dc6e862dc8301fb9a60175740653 Author: Akshu Agrawal Date: Tue Aug 21 12:21:57 2018 +0530 clk: x86: Set default parent to 48Mhz System clk provided in ST soc can be set to: 48Mhz, non-spread 25Mhz, spread To get accurate rate, we need it to set it at non-spread option which is 48Mhz. Signed-off-by: Akshu Agrawal Reviewed-by: Daniel Kurtz Fixes: 421bf6a1f061 ("clk: x86: Add ST oscout platform clock") Signed-off-by: Stephen Boyd commit cebc07d84ad71bc58d6f59b770e4347da48a5a2b Author: Wolfram Sang Date: Fri Aug 24 16:52:46 2018 +0200 i2c: sh_mobile: fix leak when using DMA bounce buffer We only freed the bounce buffer after successful DMA, missing the cases where DMA setup may have gone wrong. Use a better location which always gets called after each message and use 'stop_after_dma' as a flag for a successful transfer. Signed-off-by: Wolfram Sang Reviewed-by: Niklas Söderlund Signed-off-by: Wolfram Sang commit 531db50170a3e6d113c968fe7a6dda8d55d02ede Author: Wolfram Sang Date: Fri Aug 24 16:52:45 2018 +0200 i2c: sh_mobile: define start_ch() void as it only returns 0 anyhow After various refactoring over the years, start_ch() doesn't return errno anymore, so make the function return void. This saves the error handling when calling it which in turn eases cleanup of resources of a future patch. Signed-off-by: Wolfram Sang Reviewed-by: Niklas Söderlund Signed-off-by: Wolfram Sang commit 82fe39a6bc7b866fc3ffd838e3c5a4cadb328b04 Author: Wolfram Sang Date: Fri Aug 24 16:52:44 2018 +0200 i2c: refactor function to release a DMA safe buffer a) rename to 'put' instead of 'release' to match 'get' when obtaining the buffer b) change the argument order to have the buffer as first argument c) add a new argument telling the function if the message was transferred. This allows the function to be used also in cases where setting up DMA failed, so the buffer needs to be freed without syncing to the message buffer. Also convert the only user. Signed-off-by: Wolfram Sang Reviewed-by: Niklas Söderlund Signed-off-by: Wolfram Sang commit 1204d12a494cf5dff497859a5febf2ae30a28970 Author: Jan Kundrát Date: Tue Aug 28 10:07:40 2018 +0200 i2c: algos: bit: make the error messages grepable Yep, I went looking for one of these, and I wasn't able to find it easily. That's worse than a line which is 82-chars long, IMHO. Signed-off-by: Jan Kundrát Signed-off-by: Wolfram Sang commit 9d9a152ebaa86a9dede4624919566483c955d0a7 Author: Hans de Goede Date: Wed Aug 29 15:06:31 2018 +0200 i2c: designware: Re-init controllers with pm_disabled set on resume On Bay Trail and Cherry Trail devices we set the pm_disabled flag for I2C busses which the OS shares with the PUNIT as these need special handling. Until now we called dev_pm_syscore_device(dev, true) for I2C controllers with this flag set to keep these I2C controllers always on. After commit 12864ff8545f ("ACPI / LPSS: Avoid PM quirks on suspend and resume from hibernation"), this no longer works. This commit modifies lpss_iosf_exit_d3_state() to only run if lpss_iosf_enter_d3_state() has ran before it, so that it does not run on a resume from hibernate (or from S3). On these systems the conditions for lpss_iosf_enter_d3_state() to run never become true, so lpss_iosf_exit_d3_state() never gets called and the 2 LPSS DMA controllers never get forced into D0 mode, instead they are left in their default automatic power-on when needed mode. The not forcing of D0 mode for the DMA controllers enables these systems to properly enter S0ix modes, which is a good thing. But after entering S0ix modes the I2C controller connected to the PMIC no longer works, leading to e.g. broken battery monitoring. The _PS3 method for this I2C controller looks like this: Method (_PS3, 0, NotSerialized) // _PS3: Power State 3 { If ((((PMID == 0x04) || (PMID == 0x05)) || (PMID == 0x06))) { Return (Zero) } PSAT |= 0x03 Local0 = PSAT /* \_SB_.I2C5.PSAT */ } Where PMID = 0x05, so we enter the Return (Zero) path on these systems. So even if we were to not call dev_pm_syscore_device(dev, true) the I2C controller will be left in D0 rather then be switched to D3. Yet on other Bay and Cherry Trail devices S0ix is not entered unless *all* I2C controllers are in D3 mode. This combined with the I2C controller no longer working now that we reach S0ix states on these systems leads to me believing that the PUNIT itself puts the I2C controller in D3 when all other conditions for entering S0ix states are true. Since now the I2C controller is put in D3 over a suspend/resume we must re-initialize it afterwards and that does indeed fix it no longer working. This commit implements this fix by: 1) Making the suspend_late callback a no-op if pm_disabled is set and making the resume_early callback skip the clock re-enable (since it now was not disabled) while still doing the necessary I2C controller re-init. 2) Removing the dev_pm_syscore_device(dev, true) call, so that the suspend and resume callbacks are actually called. Normally this would cause the ACPI pm code to call _PS3 putting the I2C controller in D3, wreaking havoc since it is shared with the PUNIT, but in this special case the _PS3 method is a no-op so we can safely allow a "fake" suspend / resume. Fixes: 12864ff8545f ("ACPI / LPSS: Avoid PM quirks on suspend and resume ...") Link: https://bugzilla.kernel.org/show_bug.cgi?id=200861 Cc: 4.15+ # 4.15+ Signed-off-by: Hans de Goede Reviewed-by: Andy Shevchenko Acked-by: Jarkko Nikula Signed-off-by: Wolfram Sang commit 7fd6d98b89f382d414e1db528e29a67bbd749457 Author: Mika Westerberg Date: Thu Aug 30 11:50:13 2018 +0300 i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Commit 7ae81952cda ("i2c: i801: Allow ACPI SystemIO OpRegion to conflict with PCI BAR") made it possible for AML code to access SMBus I/O ports by installing custom SystemIO OpRegion handler and blocking i80i driver access upon first AML read/write to this OpRegion. However, while ThinkPad T560 does have SystemIO OpRegion declared under the SMBus device, it does not access any of the SMBus registers: Device (SMBU) { ... OperationRegion (SMBP, PCI_Config, 0x50, 0x04) Field (SMBP, DWordAcc, NoLock, Preserve) { , 5, TCOB, 11, Offset (0x04) } Name (TCBV, 0x00) Method (TCBS, 0, NotSerialized) { If ((TCBV == 0x00)) { TCBV = (\_SB.PCI0.SMBU.TCOB << 0x05) } Return (TCBV) /* \_SB_.PCI0.SMBU.TCBV */ } OperationRegion (TCBA, SystemIO, TCBS (), 0x10) Field (TCBA, ByteAcc, NoLock, Preserve) { Offset (0x04), , 9, CPSC, 1 } } Problem with the current approach is that it blocks all I/O port access and because this system has touchpad connected to the SMBus controller after first AML access (happens during suspend/resume cycle) the touchpad fails to work anymore. Fix this so that we allow ACPI AML I/O port access if it does not touch the region reserved for the SMBus. Fixes: 7ae81952cda ("i2c: i801: Allow ACPI SystemIO OpRegion to conflict with PCI BAR") Link: https://bugzilla.kernel.org/show_bug.cgi?id=200737 Reported-by: Yussuf Khalil Signed-off-by: Mika Westerberg Reviewed-by: Jean Delvare Signed-off-by: Wolfram Sang commit fb64638566588392e4a544760b649fd7f857e33a Merge: 9f8f16c86e4d 52bd456a66c1 Author: Linus Torvalds Date: Thu Aug 30 13:39:04 2018 -0700 Merge tag 'for-linus-20180830' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "Small collection of fixes that should go into this series. This pull contains: - NVMe pull request with three small fixes (via Christoph) - Kill useless NULL check before kmem_cache_destroy (Chengguang Xu) - Xen block driver pull request with persistent grant flushing fixes (Juergen Gross) - Final wbt fixes, wrapping up the changes for this series. These have been heavily tested (me) - cdrom info leak fix (Scott Bauer) - ATA dma quirk for SQ201 (Linus Walleij) - Straight forward bsg refcount_t conversion (John Pittman)" * tag 'for-linus-20180830' of git://git.kernel.dk/linux-block: cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status nvmet: free workqueue object if module init fails nvme-fcloop: Fix dropped LS's to removed target port nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event block: bsg: move atomic_t ref_count variable to refcount API block: remove unnecessary condition check ata: ftide010: Add a quirk for SQ201 blk-wbt: remove dead code blk-wbt: improve waking of tasks blk-wbt: abstract out end IO completion handler xen/blkback: remove unused pers_gnts_lock from struct xen_blkif_ring xen/blkback: move persistent grants flags to bool xen/blkfront: reorder tests in xlblk_init() xen/blkfront: cleanup stale persistent grants xen/blkback: don't keep persistent grants too long commit cd2315d471f45a36cb1329722920d89cd6d3d11f Author: Benjamin Fair Date: Fri Jul 6 11:16:03 2018 -0700 ipmi: kcs_bmc: don't change device name kcs_bmc_alloc(...) calls dev_set_name(...) which is incorrect as most bus driver frameworks, platform_driver in particular, assume that they are able to set the device name themselves. Signed-off-by: Benjamin Fair Signed-off-by: Corey Minyard commit f42b0e18f2e5cf34f73ef1b6327b49040b307a33 Author: Rob Herring Date: Mon Aug 27 07:50:47 2018 -0500 of: add node name compare helper functions In preparation to remove device_node.name pointer, add helper functions for node name comparisons which are a common pattern throughout the kernel. Cc: Frank Rowand Signed-off-by: Rob Herring commit 4e67b2a5df5d3f341776d12ee575e00ca3ef92de Author: Kim Phillips Date: Mon Aug 27 12:53:40 2018 -0500 perf annotate: Fix parsing aarch64 branch instructions after objdump update Starting with binutils 2.28, aarch64 objdump adds comments to the disassembly output to show the alternative names of a condition code [1]. It is assumed that commas in objdump comments could occur in other arches now or in the future, so this fix is arch-independent. The fix could have been done with arm64 specific jump__parse and jump__scnprintf functions, but the jump__scnprintf instruction would have to have its comment character be a literal, since the scnprintf functions cannot receive a struct arch easily. This inconvenience also applies to the generic jump__scnprintf, which is why we add a raw_comment pointer to struct ins_operands, so the __parse function assigns it to be re-used by its corresponding __scnprintf function. Example differences in 'perf annotate --stdio2' output on an aarch64 perf.data file: BEFORE: → b.cs ffff200008133d1c // b.hs, dffff7ecc47b AFTER : ↓ b.cs 18c BEFORE: → b.cc ffff200008d8d9cc // b.lo, b.ul, dffff727295b AFTER : ↓ b.cc 31c The branch target labels 18c and 31c also now appear in the output: BEFORE: add x26, x29, #0x80 AFTER : 18c: add x26, x29, #0x80 BEFORE: add x21, x21, #0x8 AFTER : 31c: add x21, x21, #0x8 The Fixes: tag below is added so stable branches will get the update; it doesn't necessarily mean that commit was broken at the time, rather it didn't withstand the aarch64 objdump update. Tested no difference in output for sample x86_64, power arch perf.data files. [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=bb7eff5206e4795ac79c177a80fe9f4630aaf730 Signed-off-by: Kim Phillips Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: Anton Blanchard Cc: Christian Borntraeger Cc: Jiri Olsa Cc: Mark Rutland Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Ravi Bangoria Cc: Robin Murphy Cc: Taeung Song Cc: linux-arm-kernel@lists.infradead.org Fixes: b13bbeee5ee6 ("perf annotate: Fix branch instruction with multiple operands") Link: http://lkml.kernel.org/r/20180827125340.a2f7e291901d17cea05daba4@arm.com Signed-off-by: Arnaldo Carvalho de Melo commit fa694160cca6dbba17c57dc7efec5f93feaf8795 Author: Sandipan Das Date: Tue Aug 28 14:38:48 2018 +0530 perf probe powerpc: Ignore SyS symbols irrespective of endianness This makes sure that the SyS symbols are ignored for any powerpc system, not just the big endian ones. Reported-by: Naveen N. Rao Signed-off-by: Sandipan Das Reviewed-by: Kamalesh Babulal Acked-by: Naveen N. Rao Cc: Jiri Olsa Cc: Ravi Bangoria Fixes: fb6d59423115 ("perf probe ppc: Use the right prefix when ignoring SyS symbols on ppc") Link: http://lkml.kernel.org/r/20180828090848.1914-1-sandipan@linux.ibm.com Signed-off-by: Arnaldo Carvalho de Melo commit 3d8f7615319b2bca87a4815e13787439e3339a93 Author: Amir Goldstein Date: Wed Aug 29 08:41:29 2018 +0300 vfs: implement readahead(2) using POSIX_FADV_WILLNEED The implementation of readahead(2) syscall is identical to that of fadvise64(POSIX_FADV_WILLNEED) with a few exceptions: 1. readahead(2) returns -EINVAL for !mapping->a_ops and fadvise64() ignores the request and returns 0. 2. fadvise64() checks for integer overflow corner case 3. fadvise64() calls the optional filesystem fadvise() file operation Unite the two implementations by calling vfs_fadvise() from readahead(2) syscall. Check the !mapping->a_ops in readahead(2) syscall to preserve documented syscall ABI behaviour. Suggested-by: Miklos Szeredi Fixes: d1d04ef8572b ("ovl: stack file ops") Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit c9f23d2bc21cb263ae931f3e264d003d746107bb Author: Chris Phlipot Date: Wed Aug 29 19:19:50 2018 -0700 perf event-parse: Use fixed size string for comms Some implementations of libc do not support the 'm' width modifier as part of the scanf string format specifier. This can cause the parsing to fail. Since the parser never checks if the scanf parsing was successesful, this can result in a crash. Change the comm string to be allocated as a fixed size instead of dynamically using 'm' scanf width modifier. This can be safely done since comm size is limited to 16 bytes by TASK_COMM_LEN within the kernel. This change prevents perf from crashing when linked against bionic as well as reduces the total number of heap allocations and frees invoked while accomplishing the same task. Signed-off-by: Chris Phlipot Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180830021950.15563-1-cphlipot0@gmail.com Signed-off-by: Arnaldo Carvalho de Melo commit a72f64261359b7451f8478f2a2bf357b4e6c757f Author: Chris Phlipot Date: Tue Aug 28 23:19:54 2018 -0700 perf util: Fix bad memory access in trace info. In the write to the output_fd in the error condition of record_saved_cmdline(), we are writing 8 bytes from a memory location on the stack that contains a primitive that is only 4 bytes in size. Change the primitive to 8 bytes in size to match the size of the write in order to avoid reading unknown memory from the stack. Signed-off-by: Chris Phlipot Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180829061954.18871-1-cphlipot0@gmail.com Signed-off-by: Arnaldo Carvalho de Melo commit dad2762aac17eac01ea97779e78a061ed1b83b86 Author: Arnaldo Carvalho de Melo Date: Wed Aug 29 17:31:52 2018 -0300 perf tools: Streamline bpf examples and headers installation We were emitting 4 lines, two of them misleading: make: Entering directory '/home/acme/git/perf/tools/perf' INSTALL lib INSTALL include/bpf INSTALL lib INSTALL examples/bpf make: Leaving directory '/home/acme/git/perf/tools/perf' Make it more compact by showing just two lines: make: Entering directory '/home/acme/git/perf/tools/perf' INSTALL bpf-headers INSTALL bpf-examples make: Leaving directory '/home/acme/git/perf/tools/perf' Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-0nvkyciqdkrgy829lony5925@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit fd8d2702791a970c751f8b526a17d8e725a05b46 Author: Hisao Tanabe Date: Sat Aug 25 00:45:56 2018 +0900 perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() If evsel is NULL, we should return NULL to avoid a NULL pointer dereference a bit later in the code. Signed-off-by: Hisao Tanabe Acked-by: Namhyung Kim Cc: Jiri Olsa Cc: Wang Nan Fixes: 03e0a7df3efd ("perf tools: Introduce bpf-output event") LPU-Reference: 20180824154556.23428-1-xtanabe@gmail.com Link: https://lkml.kernel.org/n/tip-e5plzjhx6595a5yjaf22jss3@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 5ab1de932e2923f490645ad017a689c5b58dc433 Author: Kim Phillips Date: Mon Aug 6 17:28:00 2018 -0500 perf arm64: Fix include path for asm-generic/unistd.h The new syscall table support for arm64 mistakenly used the system's asm-generic/unistd.h file when processing the tools/arch/arm64/include/uapi/asm/unistd.h file's include directive: #include See "Committer notes" section of commit 2b5882435606 "perf arm64: Generate system call table from asm/unistd.h" for more details. This patch removes the committer's temporary workaround, and instructs the host compiler to search the build tree's include path for the right copy of the unistd.h file, instead of the one on the system's /usr/include path. It thus fixes the committer's test that cross-builds an arm64 perf on an x86 platform running Ubuntu 14.04.5 LTS with an old toolchain: $ tools/perf/arch/arm64/entry/syscalls/mksyscalltbl /gcc-linaro-5.4.1-2017.05-x86_64_aarch64-linux-gnu/bin/aarch64-linux-gnu-gcc gcc `pwd`/tools tools/arch/arm64/include/uapi/asm/unistd.h | grep bpf [280] = "bpf", Signed-off-by: Kim Phillips Cc: Alexander Shishkin Cc: Hendrik Brueckner Cc: Jiri Olsa Cc: Michael Ellerman Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Ravi Bangoria Cc: Thomas Richter Fixes: 2b5882435606 ("perf arm64: Generate system call table from asm/unistd.h") Link: http://lkml.kernel.org/r/20180806172800.bbcec3cfcc51e2facc978bf2@arm.com Signed-off-by: Arnaldo Carvalho de Melo commit bf06278c3fdf8909c3a9283e2c270b0fc170fa90 Author: Jiri Olsa Date: Mon Aug 27 11:12:28 2018 +0200 perf/hw_breakpoint: Simplify breakpoint enable in perf_event_modify_breakpoint We can safely enable the breakpoint back for both the fail and success paths by checking only the bp->attr.disabled, which either holds the new 'requested' disabled state or the original breakpoint state. Committer testing: At the end of the series, the 'perf test' entry introduced as the first patch now runs to completion without finding the fixed issues: # perf test "bp modify" 62: x86 bp modify : Ok # In verbose mode: # perf test -v "bp modify" 62: x86 bp modify : --- start --- test child forked, pid 5161 rip 5950a0, bp_1 0x5950a0 in bp_1 rip 5950a0, bp_1 0x5950a0 in bp_1 test child finished with 0 ---- end ---- x86 bp modify: Ok Suggested-by: Oleg Nesterov Acked-by: Oleg Nesterov Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: David Ahern Cc: Milind Chabbi Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180827091228.2878-6-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 969558371bf926258241727ebb994f516f2e6f61 Author: Jiri Olsa Date: Mon Aug 27 11:12:27 2018 +0200 perf/hw_breakpoint: Enable breakpoint in modify_user_hw_breakpoint Currently we enable the breakpoint back only if the breakpoint modification was successful. If it fails we can leave the breakpoint in disabled state with attr->disabled == 0. We can safely enable the breakpoint back for both the fail and success paths by checking the bp->attr.disabled, which either holds the new 'requested' disabled state or the original breakpoint state. Suggested-by: Oleg Nesterov Signed-off-by: Jiri Olsa Acked-by: Frederic Weisbecker Acked-by: Oleg Nesterov Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: David Ahern Cc: Milind Chabbi Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180827091228.2878-5-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit cb45302d7c5e20f0c0598cdbd7753fa44daceb2a Author: Jiri Olsa Date: Mon Aug 27 11:12:26 2018 +0200 perf/hw_breakpoint: Remove superfluous bp->attr.disabled = 0 Once the breakpoint was succesfully modified, the attr->disabled value is in bp->attr.disabled. So there's no reason to set it again, removing that. Signed-off-by: Jiri Olsa Acked-by: Frederic Weisbecker Acked-by: Oleg Nesterov Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: David Ahern Cc: Milind Chabbi Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180827091228.2878-4-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit bd14406b78e6daa1ea3c1673bda1ffc9efdeead0 Author: Jiri Olsa Date: Mon Aug 27 11:12:25 2018 +0200 perf/hw_breakpoint: Modify breakpoint even if the new attr has disabled set We need to change the breakpoint even if the attr with new fields has disabled set to true. Current code prevents following user code to change the breakpoint address: ptrace(PTRACE_POKEUSER, child, offsetof(struct user, u_debugreg[0]), addr_1) ptrace(PTRACE_POKEUSER, child, offsetof(struct user, u_debugreg[0]), addr_2) ptrace(PTRACE_POKEUSER, child, offsetof(struct user, u_debugreg[7]), dr7) The first PTRACE_POKEUSER creates the breakpoint with attr.disabled set to true: ptrace_set_breakpoint_addr(nr = 0) struct perf_event *bp = t->ptrace_bps[nr]; ptrace_register_breakpoint(..., disabled = true) ptrace_fill_bp_fields(..., disabled) register_user_hw_breakpoint So the second PTRACE_POKEUSER will be omitted: ptrace_set_breakpoint_addr(nr = 0) struct perf_event *bp = t->ptrace_bps[nr]; struct perf_event_attr attr = bp->attr; modify_user_hw_breakpoint(bp, &attr) if (!attr->disabled) modify_user_hw_breakpoint_check Reported-by: Milind Chabbi Signed-off-by: Jiri Olsa Acked-by: Frederic Weisbecker Acked-by: Oleg Nesterov Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180827091228.2878-3-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 9b3579fc6c6ac45502de1fa9a1fdf873805c2157 Author: Jiri Olsa Date: Mon Aug 27 11:12:24 2018 +0200 perf tests: Add breakpoint modify tests Adding to tests that aims on kernel breakpoint modification bugs. First test creates HW breakpoint, tries to change it and checks it was properly changed. It aims on kernel issue that prevents HW breakpoint to be changed via ptrace interface. The first test forks, the child sets itself as ptrace tracee and waits in signal for parent to trace it, then it calls bp_1 and quits. The parent does following steps: - creates a new breakpoint (id 0) for bp_2 function - changes that breakpoint to bp_1 function - waits for the breakpoint to hit and checks it has proper rip of bp_1 function This test aims on an issue in kernel preventing to change disabled breakpoints Second test mimics the first one except for few steps in the parent: - creates a new breakpoint (id 0) for bp_1 function - changes that breakpoint to bogus (-1) address - waits for the breakpoint to hit and checks it has proper rip of bp_1 function This test aims on an issue in kernel disabling enabled breakpoint after unsuccesful change. Committer testing: # uname -a Linux jouet 4.18.0-rc8-00002-g1236568ee3cb #12 SMP Tue Aug 7 14:08:26 -03 2018 x86_64 x86_64 x86_64 GNU/Linux # perf test -v "bp modify" 62: x86 bp modify : --- start --- test child forked, pid 25671 in bp_1 tracee exited prematurely 2 FAILED arch/x86/tests/bp-modify.c:209 modify test 1 failed test child finished with -1 ---- end ---- x86 bp modify: FAILED! # Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: David Ahern Cc: Milind Chabbi Cc: Namhyung Kim Cc: Oleg Nesterov Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180827091228.2878-2-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 1dc27f63303db58ce1b1a6932d1825305f86d574 Author: Martin Liška Date: Thu Aug 23 14:29:34 2018 +0200 perf annotate: Properly interpret indirect call The patch changes the parsing of: callq *0x8(%rbx) from: 0.26 │ → callq *8 to: 0.26 │ → callq *0x8(%rbx) in this case an address is followed by a register, thus one can't parse only the address. Committer testing: 1) run 'perf record sleep 10' 2) before applying the patch, run: perf annotate --stdio2 > /tmp/before 3) after applying the patch, run: perf annotate --stdio2 > /tmp/after 4) diff /tmp/before /tmp/after: --- /tmp/before 2018-08-28 11:16:03.238384143 -0300 +++ /tmp/after 2018-08-28 11:15:39.335341042 -0300 @@ -13274,7 +13274,7 @@ ↓ jle 128 hash_value = hash_table->hash_func (key); mov 0x8(%rsp),%rdi - 0.91 → callq *30 + 0.91 → callq *0x30(%r12) mov $0x2,%r8d cmp $0x2,%eax node_hash = hash_table->hashes[node_index]; @@ -13848,7 +13848,7 @@ mov %r14,%rdi sub %rbx,%r13 mov %r13,%rdx - → callq *38 + → callq *0x38(%r15) cmp %rax,%r13 1.91 ↓ je 240 1b4: mov $0xffffffff,%r13d @@ -14026,7 +14026,7 @@ mov %rcx,-0x500(%rbp) mov %r15,%rsi mov %r14,%rdi - → callq *38 + → callq *0x38(%rax) mov -0x500(%rbp),%rcx cmp %rax,%rcx ↓ jne 9b0 Signed-off-by: Martin Liška Tested-by: Arnaldo Carvalho de Melo Tested-by: Kim Phillips Cc: Jiri Olsa Link: http://lkml.kernel.org/r/bd1f3932-be2b-85f9-7582-111ee0a43b07@suse.cz Signed-off-by: Arnaldo Carvalho de Melo commit 9f8f16c86e4d9e2afcbdcd6045981c4d9129450e Merge: 48f8e8e96fc2 336d139f8718 Author: Linus Torvalds Date: Thu Aug 30 10:05:12 2018 -0700 Merge tag 'mtd/for-4.19-rc2' of git://git.infradead.org/linux-mtd Pull mtd fixes from Boris Brezillon: "Raw NAND fixes: - denali: Fix a regression caused by the nand_scan() rework - docg4: Fix a build error when gcc decides to not iniline some functions (can be reproduced with gcc 4.1.2): * tag 'mtd/for-4.19-rc2' of git://git.infradead.org/linux-mtd: mtd: rawnand: denali: do not pass zero maxchips to nand_scan() mtd: rawnand: docg4: Remove wrong __init annotations commit 48f8e8e96fc2b2fc99b09460224d57fe0a7e93b1 Merge: 58c3f14f86c9 d2332f887ddf Author: Linus Torvalds Date: Thu Aug 30 09:50:15 2018 -0700 Merge tag 'mmc-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: "MMC core: - Fix unsupported parallel dispatch of requests MMC host: - atmel-mci/android-goldfish: Fixup logic of sg_copy_{from,to}_buffer - renesas_sdhi_internal_dmac: Prevent IRQ-storm due of DMAC IRQs - renesas_sdhi_internal_dmac: Fixup bad register offset" * tag 'mmc-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: renesas_sdhi_internal_dmac: mask DMAC interrupts mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS mmc: block: Fix unsupported parallel dispatch of requests mmc: android-goldfish: fix bad logic of sg_copy_{from,to}_buffer conversion mmc: atmel-mci: fix bad logic of sg_copy_{from,to}_buffer conversion commit c012a0f2677529a0ae8f53a15bd7c61dc4ca5b5e Author: Stefan Raspl Date: Fri Aug 24 14:04:01 2018 +0200 tools/kvm_stat: re-animate display of dead guests When filtering by guest (interactive commands 'p'/'g'), and the respective guest was destroyed, detect when the guest is up again through the guest name if possible. I.e. when displaying events for a specific guest, it is not necessary anymore to restart kvm_stat in case the guest is restarted. Signed-off-by: Stefan Raspl Signed-off-by: Radim Krčmář commit 404517e40867aef60554ef497d5cf8d089a5b9cf Author: Stefan Raspl Date: Fri Aug 24 14:04:00 2018 +0200 tools/kvm_stat: indicate dead guests as such For destroyed guests, kvm_stat essentially freezes with the last data displayed. This is acceptable for users, in case they want to inspect the final data. But it looks a bit irritating. Therefore, detect this situation and display a respective indicator in the header. Signed-off-by: Stefan Raspl Signed-off-by: Radim Krčmář commit 29c39f38e4e8dbf0497e81db6c985ee59259f002 Author: Stefan Raspl Date: Fri Aug 24 14:03:59 2018 +0200 tools/kvm_stat: handle guest removals more gracefully When running with the DebugFS provider, removal of a guest can result in a negative CurAvg/s, which looks rather confusing. If so, suppress the body refresh and print a message instead. To reproduce, have at least one guest A completely booted. Then start another guest B (which generates a huge amount of events), then destroy B. On the next refresh, kvm_stat should display a whole lot of negative values in the CurAvg/s column. Signed-off-by: Stefan Raspl Signed-off-by: Radim Krčmář commit 0db8b3102368755242b44f2b30f93302c70e8e82 Author: Stefan Raspl Date: Fri Aug 24 14:03:58 2018 +0200 tools/kvm_stat: don't reset stats when setting PID filter for debugfs When setting a PID filter in debugfs, we unnecessarily reset the statistics, although there is no reason to do so. This behavior was merely introduced with commit 9f114a03c6854f "tools/kvm_stat: add interactive command 'r'", most likely to mimic the behavior of the tracepoints provider in this respect. However, there are plenty of differences between the two providers, so there is no reason not to take advantage of the possibility to filter by PID without resetting the statistics. Signed-off-by: Stefan Raspl Signed-off-by: Radim Krčmář commit 710ab11ad9329d2d4b044405e328c994b19a2aa9 Author: Stefan Raspl Date: Fri Aug 24 14:03:57 2018 +0200 tools/kvm_stat: fix updates for dead guests With pid filtering active, when a guest is removed e.g. via virsh shutdown, successive updates produce garbage. Therefore, we add code to detect this case and prevent further body updates. Note that when displaying the help dialog via 'h' in this case, once we exit we're stuck with the 'Collecting data...' message till we remove the filter. Signed-off-by: Stefan Raspl Signed-off-by: Radim Krčmář commit 617c66b9f236d20f11cecbb3f45e6d5675b2fae1 Author: Stefan Raspl Date: Fri Aug 24 14:03:56 2018 +0200 tools/kvm_stat: fix handling of invalid paths in debugfs provider When filtering by guest, kvm_stat displays garbage when the guest is destroyed - see sample output below. We add code to remove the invalid paths from the providers, so at least no more garbage is displayed. Here's a sample output to illustrate: kvm statistics - pid 13986 (foo) Event Total %Total CurAvg/s diagnose_258 -2 0.0 0 deliver_program_interruption -3 0.0 0 diagnose_308 -4 0.0 0 halt_poll_invalid -91 0.0 -6 deliver_service_signal -244 0.0 -16 halt_successful_poll -250 0.1 -17 exit_pei -285 0.1 -19 exit_external_request -312 0.1 -21 diagnose_9c -328 0.1 -22 userspace_handled -713 0.1 -47 halt_attempted_poll -939 0.2 -62 deliver_emergency_signal -3126 0.6 -208 halt_wakeup -7199 1.5 -481 exit_wait_state -7379 1.5 -493 diagnose_500 -56499 11.5 -3757 exit_null -85491 17.4 -5685 diagnose_44 -133300 27.1 -8874 exit_instruction -195898 39.8 -13037 Total -492063 Signed-off-by: Stefan Raspl Signed-off-by: Radim Krčmář commit 58f33cfe73076b6497bada4f7b5bda961ed68083 Author: Stefan Raspl Date: Fri Aug 24 14:03:55 2018 +0200 tools/kvm_stat: fix python3 issues Python3 returns a float for a regular division - switch to a division operator that returns an integer. Furthermore, filters return a generator object instead of the actual list - wrap result in yet another list, which makes it still work in both, Python2 and 3. Signed-off-by: Stefan Raspl Signed-off-by: Radim Krčmář commit 45cd0faae3715e305bc46e23b34c5ed4d185ceb8 Author: Amir Goldstein Date: Mon Aug 27 15:56:02 2018 +0300 vfs: add the fadvise() file operation This is going to be used by overlayfs and possibly useful for other filesystems. Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 17ef445f9befdc5c9adac270b18240ad24ee50ec Author: Amir Goldstein Date: Mon Aug 27 15:56:01 2018 +0300 Documentation/filesystems: update documentation of file_operations ...to kernel 4.18. Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 5b910bd615ba947383e63cd1ed106ffa3060159e Author: Amir Goldstein Date: Mon Aug 27 15:56:00 2018 +0300 ovl: fix GPF in swapfile_activate of file from overlayfs over xfs Since overlayfs implements stacked file operations, the underlying filesystems are not supposed to be exposed to the overlayfs file, whose f_inode is an overlayfs inode. Assigning an overlayfs file to swap_file results in an attempt of xfs code to dereference an xfs_inode struct from an ovl_inode pointer: CPU: 0 PID: 2462 Comm: swapon Not tainted 4.18.0-xfstests-12721-g33e17876ea4e #3402 RIP: 0010:xfs_find_bdev_for_inode+0x23/0x2f Call Trace: xfs_iomap_swapfile_activate+0x1f/0x43 __se_sys_swapon+0xb1a/0xee9 Fix this by not assigning the real inode mapping to f_mapping, which will cause swapon() to return an error (-EINVAL). Although it makes sense not to allow setting swpafile on an overlayfs file, some users may depend on it, so we may need to fix this up in the future. Keeping f_mapping pointing to overlay inode mapping will cause O_DIRECT open to fail. Fix this by installing ovl_aops with noop_direct_IO in overlay inode mapping. Keeping f_mapping pointing to overlay inode mapping will cause other a_ops related operations to fail (e.g. readahead()). Those will be fixed by follow up patches. Suggested-by: Miklos Szeredi Fixes: f7c72396d0de ("ovl: add O_DIRECT support") Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 80d34810815b1d708e3e59901a2afcdbd90c2a6f Author: Amir Goldstein Date: Mon Aug 27 15:55:59 2018 +0300 ovl: respect FIEMAP_FLAG_SYNC flag Stacked overlayfs fiemap operation broke xfstests that test delayed allocation (with "_test_generic_punch -d"), because ovl_fiemap() failed to write dirty pages when requested. Fixes: 9e142c4102db ("ovl: add ovl_fiemap()") Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit c60658d1d983641fcdbb16f86bc2f3806d88bab4 Author: Sean Christopherson Date: Thu Aug 23 13:56:53 2018 -0700 KVM: x86: Unexport x86_emulate_instruction() Allowing x86_emulate_instruction() to be called directly has led to subtle bugs being introduced, e.g. not setting EMULTYPE_NO_REEXECUTE in the emulation type. While most of the blame lies on re-execute being opt-out, exporting x86_emulate_instruction() also exposes its cr2 parameter, which may have contributed to commit d391f1207067 ("x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested") using x86_emulate_instruction() instead of emulate_instruction() because "hey, I have a cr2!", which in turn introduced its EMULTYPE_NO_REEXECUTE bug. Signed-off-by: Sean Christopherson Signed-off-by: Radim Krčmář commit 0ce97a2b627c5e26347aee298f571ddf925e5fe4 Author: Sean Christopherson Date: Thu Aug 23 13:56:52 2018 -0700 KVM: x86: Rename emulate_instruction() to kvm_emulate_instruction() Lack of the kvm_ prefix gives the impression that it's a VMX or SVM specific function, and there's no conflict that prevents adding the kvm_ prefix. Signed-off-by: Sean Christopherson Signed-off-by: Radim Krčmář commit 6c3dfeb6a48b1562bd5b8ec5f3317ef34d0134ef Author: Sean Christopherson Date: Thu Aug 23 13:56:51 2018 -0700 KVM: x86: Do not re-{try,execute} after failed emulation in L2 Commit a6f177efaa58 ("KVM: Reenter guest after emulation failure if due to access to non-mmio address") added reexecute_instruction() to handle the scenario where two (or more) vCPUS race to write a shadowed page, i.e. reexecute_instruction() is intended to return true if and only if the instruction being emulated was accessing a shadowed page. As L0 is only explicitly shadowing L1 tables, an emulation failure of a nested VM instruction cannot be due to a race to write a shadowed page and so should never be re-executed. This fixes an issue where an "MMIO" emulation failure[1] in L2 is all but guaranteed to result in an infinite loop when TDP is enabled. Because "cr2" is actually an L2 GPA when TDP is enabled, calling kvm_mmu_gva_to_gpa_write() to translate cr2 in the non-direct mapped case (L2 is never direct mapped) will almost always yield UNMAPPED_GVA and cause reexecute_instruction() to immediately return true. The !mmio_info_in_cache() check in kvm_mmu_page_fault() doesn't catch this case because mmio_info_in_cache() returns false for a nested MMU (the MMIO caching currently handles L1 only, e.g. to cache nested guests' GPAs we'd have to manually flush the cache when switching between VMs and when L1 updated its page tables controlling the nested guest). Way back when, commit 68be0803456b ("KVM: x86: never re-execute instruction with enabled tdp") changed reexecute_instruction() to always return false when using TDP under the assumption that KVM would only get into the emulator for MMIO. Commit 95b3cf69bdf8 ("KVM: x86: let reexecute_instruction work for tdp") effectively reverted that behavior in order to handle the scenario where emulation failed due to an access from L1 to the shadow page tables for L2, but it didn't account for the case where emulation failed in L2 with TDP enabled. All of the above logic also applies to retry_instruction(), added by commit 1cb3f3ae5a38 ("KVM: x86: retry non-page-table writing instructions"). An indefinite loop in retry_instruction() should be impossible as it protects against retrying the same instruction over and over, but it's still correct to not retry an L2 instruction in the first place. Fix the immediate issue by adding a check for a nested guest when determining whether or not to allow retry in kvm_mmu_page_fault(). In addition to fixing the immediate bug, add WARN_ON_ONCE in the retry functions since they are not designed to handle nested cases, i.e. they need to be modified even if there is some scenario in the future where we want to allow retrying a nested guest. [1] This issue was encountered after commit 3a2936dedd20 ("kvm: mmu: Don't expose private memslots to L2") changed the page fault path to return KVM_PFN_NOSLOT when translating an L2 access to a prive memslot. Returning KVM_PFN_NOSLOT is semantically correct when we want to hide a memslot from L2, i.e. there effectively is no defined memory region for L2, but it has the unfortunate side effect of making KVM think the GFN is a MMIO page, thus triggering emulation. The failure occurred with in-development code that deliberately exposed a private memslot to L2, which L2 accessed with an instruction that is not emulated by KVM. Fixes: 95b3cf69bdf8 ("KVM: x86: let reexecute_instruction work for tdp") Fixes: 1cb3f3ae5a38 ("KVM: x86: retry non-page-table writing instructions") Signed-off-by: Sean Christopherson Cc: Jim Mattson Cc: Krish Sadhukhan Cc: Xiao Guangrong Cc: stable@vger.kernel.org Signed-off-by: Radim Krčmář commit 472faffacd9032164f611f56329d0025ddca55b5 Author: Sean Christopherson Date: Thu Aug 23 13:56:50 2018 -0700 KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault Effectively force kvm_mmu_page_fault() to opt-in to allowing retry to make it more obvious when and why it allows emulation to be retried. Previously this approach was less convenient due to retry and re-execute behavior being controlled by separate flags that were also inverted in their implementations (opt-in versus opt-out). Suggested-by: Paolo Bonzini Signed-off-by: Sean Christopherson Cc: stable@vger.kernel.org Signed-off-by: Radim Krčmář commit 384bf2218e96f57118270945b1841e4dbbe9e352 Author: Sean Christopherson Date: Thu Aug 23 13:56:49 2018 -0700 KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE retry_instruction() and reexecute_instruction() are a package deal, i.e. there is no scenario where one is allowed and the other is not. Merge their controlling emulation type flags to enforce this in code. Name the combined flag EMULTYPE_ALLOW_RETRY to make it abundantly clear that we are allowing re{try,execute} to occur, as opposed to explicitly requesting retry of a previously failed instruction. Signed-off-by: Sean Christopherson Cc: stable@vger.kernel.org Signed-off-by: Radim Krčmář commit 8065dbd1ee0ef04321d80da7999b4f0086e0a407 Author: Sean Christopherson Date: Thu Aug 23 13:56:48 2018 -0700 KVM: x86: Invert emulation re-execute behavior to make it opt-in Re-execution of an instruction after emulation decode failure is intended to be used only when emulating shadow page accesses. Invert the flag to make allowing re-execution opt-in since that behavior is by far in the minority. Signed-off-by: Sean Christopherson Cc: stable@vger.kernel.org Signed-off-by: Radim Krčmář commit 35be0aded76b54a24dc8aa678a71bca22273e8d8 Author: Sean Christopherson Date: Thu Aug 23 13:56:47 2018 -0700 KVM: x86: SVM: Set EMULTYPE_NO_REEXECUTE for RSM emulation Re-execution after an emulation decode failure is only intended to handle a case where two or vCPUs race to write a shadowed page, i.e. we should never re-execute an instruction as part of RSM emulation. Add a new helper, kvm_emulate_instruction_from_buffer(), to support emulating from a pre-defined buffer. This eliminates the last direct call to x86_emulate_instruction() outside of kvm_mmu_page_fault(), which means x86_emulate_instruction() can be unexported in a future patch. Fixes: 7607b7174405 ("KVM: SVM: install RSM intercept") Cc: Brijesh Singh Signed-off-by: Sean Christopherson Cc: stable@vger.kernel.org Signed-off-by: Radim Krčmář commit c4409905cd6eb42cfd06126e9226b0150e05a715 Author: Sean Christopherson Date: Thu Aug 23 13:56:46 2018 -0700 KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr Re-execution after an emulation decode failure is only intended to handle a case where two or vCPUs race to write a shadowed page, i.e. we should never re-execute an instruction as part of MMIO emulation. As handle_ept_misconfig() is only used for MMIO emulation, it should pass EMULTYPE_NO_REEXECUTE when using the emulator to skip an instr in the fast-MMIO case where VM_EXIT_INSTRUCTION_LEN is invalid. And because the cr2 value passed to x86_emulate_instruction() is only destined for use when retrying or reexecuting, we can simply call emulate_instruction(). Fixes: d391f1207067 ("x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested") Cc: Vitaly Kuznetsov Signed-off-by: Sean Christopherson Cc: stable@vger.kernel.org Signed-off-by: Radim Krčmář commit 0186ec823280f5db55ab2e6291933bebe2e92772 Author: Colin Ian King Date: Tue Aug 28 16:22:28 2018 +0100 KVM: SVM: remove unused variable dst_vaddr_end Variable dst_vaddr_end is being assigned but is never used hence it is redundant and can be removed. Cleans up clang warning: variable 'dst_vaddr_end' set but not used [-Wunused-but-set-variable] Signed-off-by: Colin Ian King Signed-off-by: Radim Krčmář commit b871da4a7778eda2e700ae8bf5f86e74a004c1ec Author: Vitaly Kuznetsov Date: Thu Aug 23 18:24:24 2018 +0200 KVM: nVMX: avoid redundant double assignment of nested_run_pending nested_run_pending is set 20 lines above and check_vmentry_prereqs()/ check_vmentry_postreqs() don't seem to be resetting it (the later, however, checks it). Signed-off-by: Vitaly Kuznetsov Reviewed-by: Paolo Bonzini Reviewed-by: Jim Mattson Reviewed-by: Eduardo Valentin Reviewed-by: Krish Sadhukhan Signed-off-by: Radim Krčmář commit 16037643969e095509cd8446a3f8e406a6dc3a2c Author: Takashi Iwai Date: Thu Aug 30 15:13:16 2018 +0200 ALSA: hda - Fix cancel_work_sync() stall from jackpoll work On AMD/ATI controllers, the HD-audio controller driver allows a bus reset upon the error recovery, and its procedure includes the cancellation of pending jack polling work as found in snd_hda_bus_codec_reset(). This works usually fine, but it becomes a problem when the reset happens from the jack poll work itself; then calling cancel_work_sync() from the work being processed tries to wait the finish endlessly. As a workaround, this patch adds the check of current_work() and applies the cancel_work_sync() only when it's not from the jackpoll_work. This doesn't fix the root cause of the reported error below, but at least, it eases the unexpected stall of the whole system. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200937 Cc: Cc: Lukas Wunner Signed-off-by: Takashi Iwai commit 755a8bf5579d22eb5636685c516d8dede799e27b Author: Marc Zyngier Date: Fri Aug 24 15:08:30 2018 +0100 arm/arm64: smccc-1.1: Handle function result as parameters If someone has the silly idea to write something along those lines: extern u64 foo(void); void bar(struct arm_smccc_res *res) { arm_smccc_1_1_smc(0xbad, foo(), res); } they are in for a surprise, as this gets compiled as: 0000000000000588 : 588: a9be7bfd stp x29, x30, [sp, #-32]! 58c: 910003fd mov x29, sp 590: f9000bf3 str x19, [sp, #16] 594: aa0003f3 mov x19, x0 598: aa1e03e0 mov x0, x30 59c: 94000000 bl 0 <_mcount> 5a0: 94000000 bl 0 5a4: aa0003e1 mov x1, x0 5a8: d4000003 smc #0x0 5ac: b4000073 cbz x19, 5b8 5b0: a9000660 stp x0, x1, [x19] 5b4: a9010e62 stp x2, x3, [x19, #16] 5b8: f9400bf3 ldr x19, [sp, #16] 5bc: a8c27bfd ldp x29, x30, [sp], #32 5c0: d65f03c0 ret 5c4: d503201f nop The call to foo "overwrites" the x0 register for the return value, and we end up calling the wrong secure service. A solution is to evaluate all the parameters before assigning anything to specific registers, leading to the expected result: 0000000000000588 : 588: a9be7bfd stp x29, x30, [sp, #-32]! 58c: 910003fd mov x29, sp 590: f9000bf3 str x19, [sp, #16] 594: aa0003f3 mov x19, x0 598: aa1e03e0 mov x0, x30 59c: 94000000 bl 0 <_mcount> 5a0: 94000000 bl 0 5a4: aa0003e1 mov x1, x0 5a8: d28175a0 mov x0, #0xbad 5ac: d4000003 smc #0x0 5b0: b4000073 cbz x19, 5bc 5b4: a9000660 stp x0, x1, [x19] 5b8: a9010e62 stp x2, x3, [x19, #16] 5bc: f9400bf3 ldr x19, [sp, #16] 5c0: a8c27bfd ldp x29, x30, [sp], #32 5c4: d65f03c0 ret Reported-by: Julien Grall Signed-off-by: Marc Zyngier Signed-off-by: Will Deacon commit c77a2fa3ff8f73d1a485e67e6f81c64823739d59 Author: Nilesh Javali Date: Wed Aug 29 23:55:53 2018 -0700 scsi: qedi: Add the CRC size within iSCSI NVM image The QED driver commit, 1ac4329a1cff ("qed: Add configuration information to register dump and debug data"), removes the CRC length validation causing nvm_get_image failure while loading qedi driver: [qed_mcp_get_nvm_image:2700(host_10-0)]Image [0] is too big - 00006008 bytes where only 00006004 are available [qedi_get_boot_info:2253]:10: Could not get NVM image. ret = -12 Hence add and adjust the CRC size to iSCSI NVM image to read boot info at qedi load time. Signed-off-by: Nilesh Javali Signed-off-by: Martin K. Petersen commit 05a86e78ea9823ec25b3515db078dd8a76fc263c Author: Mike Christie Date: Mon Aug 27 14:45:16 2018 -0500 scsi: iscsi: target: Fix conn_ops double free If iscsi_login_init_conn fails it can free conn_ops. __iscsi_target_login_thread will then call iscsi_target_login_sess_out which will also free it. This fixes the problem by organizing conn allocation/setup into parts that are needed through the life of the conn and parts that are only needed for the login. The free functions then release what was allocated in the alloc functions. With this patch we have: iscsit_alloc_conn/iscsit_free_conn - allocs/frees the conn we need for the entire life of the conn. iscsi_login_init_conn/iscsi_target_nego_release - allocs/frees the parts of the conn that are only needed during login. Signed-off-by: Mike Christie Signed-off-by: Martin K. Petersen commit 7915919bb94e12460c58e27c708472e6f85f6699 Author: Vincent Pelletier Date: Mon Aug 27 14:45:15 2018 -0500 scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Fixes a use-after-free reported by KASAN when later iscsi_target_login_sess_out gets called and it tries to access conn->sess->se_sess: Disabling lock debugging due to kernel taint iSCSI Login timeout on Network Portal [::]:3260 iSCSI Login negotiation failed. ================================================================== BUG: KASAN: use-after-free in iscsi_target_login_sess_out.cold.12+0x58/0xff [iscsi_target_mod] Read of size 8 at addr ffff880109d070c8 by task iscsi_np/980 CPU: 1 PID: 980 Comm: iscsi_np Tainted: G O 4.17.8kasan.sess.connops+ #4 Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 05/19/2014 Call Trace: dump_stack+0x71/0xac print_address_description+0x65/0x22e ? iscsi_target_login_sess_out.cold.12+0x58/0xff [iscsi_target_mod] kasan_report.cold.6+0x241/0x2fd iscsi_target_login_sess_out.cold.12+0x58/0xff [iscsi_target_mod] iscsi_target_login_thread+0x1086/0x1710 [iscsi_target_mod] ? __sched_text_start+0x8/0x8 ? iscsi_target_login_sess_out+0x250/0x250 [iscsi_target_mod] ? __kthread_parkme+0xcc/0x100 ? parse_args.cold.14+0xd3/0xd3 ? iscsi_target_login_sess_out+0x250/0x250 [iscsi_target_mod] kthread+0x1a0/0x1c0 ? kthread_bind+0x30/0x30 ret_from_fork+0x35/0x40 Allocated by task 980: kasan_kmalloc+0xbf/0xe0 kmem_cache_alloc_trace+0x112/0x210 iscsi_target_login_thread+0x816/0x1710 [iscsi_target_mod] kthread+0x1a0/0x1c0 ret_from_fork+0x35/0x40 Freed by task 980: __kasan_slab_free+0x125/0x170 kfree+0x90/0x1d0 iscsi_target_login_thread+0x1577/0x1710 [iscsi_target_mod] kthread+0x1a0/0x1c0 ret_from_fork+0x35/0x40 The buggy address belongs to the object at ffff880109d06f00 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 456 bytes inside of 512-byte region [ffff880109d06f00, ffff880109d07100) The buggy address belongs to the page: page:ffffea0004274180 count:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0 flags: 0x17fffc000008100(slab|head) raw: 017fffc000008100 0000000000000000 0000000000000000 00000001000c000c raw: dead000000000100 dead000000000200 ffff88011b002e00 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff880109d06f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff880109d07000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff880109d07080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff880109d07100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880109d07180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== Signed-off-by: Vincent Pelletier [rebased against idr/ida changes and to handle ret review comments from Matthew] Signed-off-by: Mike Christie Cc: Matthew Wilcox Reviewed-by: Matthew Wilcox Signed-off-by: Martin K. Petersen commit 26e609eccd37967d3681662433086894830c5d62 Author: Uros Bizjak Date: Tue Aug 14 18:59:51 2018 +0200 x86/asm: Use CC_SET()/CC_OUT() in __gen_sigismember() Replace open-coded set instructions with CC_SET()/CC_OUT(). Signed-off-by: Uros Bizjak Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20180814165951.13538-1-ubizjak@gmail.com commit 9222f606506c5f8ca2c8b8c939d59ed3e6ac4148 Author: Jiri Kosina Date: Tue Aug 28 08:55:14 2018 +0200 x86/alternatives: Lockdep-enforce text_mutex in text_poke*() text_poke() and text_poke_bp() must be called with text_mutex held. Put proper lockdep anotation in place instead of just mentioning the requirement in a comment. Reported-by: Peter Zijlstra Signed-off-by: Jiri Kosina Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Acked-by: Masami Hiramatsu Cc: Andy Lutomirski Link: https://lkml.kernel.org/r/nycvar.YFH.7.76.1808280853520.25787@cbobk.fhfr.pm commit 113fc08357ad4e8b84caa75402430875d9ac4c1a Author: Masahiro Yamada Date: Mon Aug 27 12:39:43 2018 +0900 objtool: Remove workaround for unreachable warnings from old GCC Commit cafa0010cd51 ("Raise the minimum required gcc version to 4.6") bumped the minimum GCC version to 4.6 for all architectures. This effectively reverts commit da541b20021c ("objtool: Skip unreachable warnings for GCC 4.4 and older"), which was a workaround for GCC 4.4 or older. Signed-off-by: Masahiro Yamada Signed-off-by: Thomas Gleixner Acked-by: Josh Poimboeuf Cc: Peter Zijlstra Cc: Michal Marek Cc: linux-kbuild@vger.kernel.org Link: https://lkml.kernel.org/r/1535341183-19994-1-git-send-email-yamada.masahiro@socionext.com commit 13ba17bee18e321b073b49a88dcab10881f757da Author: Mukesh Ojha Date: Fri Aug 24 18:03:53 2018 +0530 notifier: Remove notifier header file wherever not used The conversion of the hotplug notifiers to a state machine left the notifier.h includes around in some places. Remove them. Signed-off-by: Mukesh Ojha Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/1535114033-4605-1-git-send-email-mojha@codeaurora.org commit cb9d7fd51d9fbb329d182423bd7b92d0f8cb0e01 Author: Vincent Whitchurch Date: Tue Aug 21 17:25:07 2018 +0200 watchdog: Mark watchdog touch functions as notrace Some architectures need to use stop_machine() to patch functions for ftrace, and the assumption is that the stopped CPUs do not make function calls to traceable functions when they are in the stopped state. Commit ce4f06dcbb5d ("stop_machine: Touch_nmi_watchdog() after MULTI_STOP_PREPARE") added calls to the watchdog touch functions from the stopped CPUs and those functions lack notrace annotations. This leads to crashes when enabling/disabling ftrace on ARM kernels built with the Thumb-2 instruction set. Fix it by adding the necessary notrace annotations. Fixes: ce4f06dcbb5d ("stop_machine: Touch_nmi_watchdog() after MULTI_STOP_PREPARE") Signed-off-by: Vincent Whitchurch Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra Cc: oleg@redhat.com Cc: tj@kernel.org Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180821152507.18313-1-vincent.whitchurch@axis.com commit f12d11c5c184626b4befdee3d573ec8237405a33 Author: Jann Horn Date: Tue Aug 28 20:40:33 2018 +0200 x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() Reset the KASAN shadow state of the task stack before rewinding RSP. Without this, a kernel oops will leave parts of the stack poisoned, and code running under do_exit() can trip over such poisoned regions and cause nonsensical false-positive KASAN reports about stack-out-of-bounds bugs. This does not wipe the exception stacks; if an oops happens on an exception stack, it might result in random KASAN false-positives from other tasks afterwards. This is probably relatively uninteresting, since if the kernel oopses on an exception stack, there are most likely bigger things to worry about. It'd be more interesting if vmapped stacks and KASAN were compatible, since then handle_stack_overflow() would oops from exception stack context. Fixes: 2deb4be28077 ("x86/dumpstack: When OOPSing, rewind the stack before do_exit()") Signed-off-by: Jann Horn Signed-off-by: Thomas Gleixner Acked-by: Andrey Ryabinin Cc: Andy Lutomirski Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Kees Cook Cc: kasan-dev@googlegroups.com Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180828184033.93712-1-jannh@google.com commit 1f59a4581b5ecfe9b4f049a7a2cf904d8352842d Author: Nick Desaulniers Date: Mon Aug 27 14:40:09 2018 -0700 x86/irqflags: Mark native_restore_fl extern inline This should have been marked extern inline in order to pick up the out of line definition in arch/x86/kernel/irqflags.S. Fixes: 208cbb325589 ("x86/irqflags: Provide a declaration for native_save_fl") Reported-by: Ben Hutchings Signed-off-by: Nick Desaulniers Signed-off-by: Thomas Gleixner Reviewed-by: Juergen Gross Cc: "H. Peter Anvin" Cc: Boris Ostrovsky Cc: Greg Kroah-Hartman Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180827214011.55428-1-ndesaulniers@google.com commit 36bf9da2913054c218337d8cd7cb11bddc1fafb0 Author: Masahiro Yamada Date: Mon Aug 27 14:45:14 2018 +0900 x86/build: Remove jump label quirk for GCC older than 4.5.2 Commit cafa0010cd51 ("Raise the minimum required gcc version to 4.6") bumped the minimum GCC version to 4.6 for all architectures. Remove the workaround code. It was the only user of cc-if-fullversion. Remove the macro as well. Signed-off-by: Masahiro Yamada Signed-off-by: Thomas Gleixner Cc: "H. Peter Anvin" Cc: Michal Marek Cc: linux-kbuild@vger.kernel.org Link: https://lkml.kernel.org/r/1535348714-25457-1-git-send-email-yamada.masahiro@socionext.com commit aa58acf325b4aadeecae2bfc90658273b47dbace Author: Johannes Berg Date: Thu Aug 30 10:55:49 2018 +0200 mac80211: always account for A-MSDU header changes In the error path of changing the SKB headroom of the second A-MSDU subframe, we would not account for the already-changed length of the first frame that just got converted to be in A-MSDU format and thus is a bit longer now. Fix this by doing the necessary accounting. It would be possible to reorder the operations, but that would make the code more complex (to calculate the necessary pad), and the headroom expansion should not fail frequently enough to make that worthwhile. Fixes: 6e0456b54545 ("mac80211: add A-MSDU tx support") Signed-off-by: Johannes Berg Acked-by: Lorenzo Bianconi Signed-off-by: Johannes Berg commit 43822c98f2ebb2cbd5e467ab72bbcdae7f0caa22 Author: Harry Mallon Date: Tue Aug 28 22:51:29 2018 +0100 HID: hid-saitek: Add device ID for RAT 7 Contagion Signed-off-by: Harry Mallon Signed-off-by: Jiri Kosina commit 1eb507903665442360a959136dfa3234c43db085 Author: Lorenzo Bianconi Date: Wed Aug 29 21:03:25 2018 +0200 mac80211: do not convert to A-MSDU if frag/subframe limited Do not start to aggregate packets in a A-MSDU frame (converting the first subframe to A-MSDU, adding the header) if max_tx_fragments or max_amsdu_subframes limits are already exceeded by it. In particular, this happens when drivers set the limit to 1 to avoid A-MSDUs at all. Signed-off-by: Lorenzo Bianconi [reword commit message to be more precise] Signed-off-by: Johannes Berg commit 4f0223bfe9c3e62d8f45a85f1ef1b18a8a263ef9 Author: Arunk Khandavalli Date: Thu Aug 30 00:40:16 2018 +0300 cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE nl80211_update_ft_ies() tried to validate NL80211_ATTR_IE with is_valid_ie_attr() before dereferencing it, but that helper function returns true in case of NULL pointer (i.e., attribute not included). This can result to dereferencing a NULL pointer. Fix that by explicitly checking that NL80211_ATTR_IE is included. Fixes: 355199e02b83 ("cfg80211: Extend support for IEEE 802.11r Fast BSS Transition") Signed-off-by: Arunk Khandavalli Signed-off-by: Jouni Malinen Signed-off-by: Johannes Berg commit dc641794929713c30b5c375da0c664d7e00bfded Merge: c4053ef32208 25a8238f4cc8 Author: David S. Miller Date: Wed Aug 29 22:10:59 2018 -0700 Merge branch 'net_sched-reject-unknown-tcfa_action-values' Paolo Abeni says: ==================== net_sched: reject unknown tcfa_action values As agreed some time ago, this changeset reject unknown tcfa_action values, instead of changing such values under the hood. A tdc test is included to verify the new behavior. v1 -> v2: - helper is now static and renamed according to act_* convention - updated extack message, according to the new behavior ==================== Reviewed-by: Xin Long Signed-off-by: David S. Miller commit 25a8238f4cc8425d4aade4f9041be468d0e8aa2e Author: Paolo Abeni Date: Wed Aug 29 10:22:34 2018 +0200 tc-testing: add test-cases for numeric and invalid control action Only the police action allows us to specify an arbitrary numeric value for the control action. This change introduces an explicit test case for the above feature and then leverage it for testing the kernel behavior for invalid control actions (reject). Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller commit 97763dc0f4010bc20e2969a6bf9a40a2551c4f79 Author: Paolo Abeni Date: Wed Aug 29 10:22:33 2018 +0200 net_sched: reject unknown tcfa_action values After the commit 802bfb19152c ("net/sched: user-space can't set unknown tcfa_action values"), unknown tcfa_action values are converted to TC_ACT_UNSPEC, but the common agreement is instead rejecting such configurations. This change also introduces a helper to simplify the destruction of a single action, avoiding code duplication. v1 -> v2: - helper is now static and renamed according to act_* convention - updated extack message, according to the new behavior Fixes: 802bfb19152c ("net/sched: user-space can't set unknown tcfa_action values") Signed-off-by: Paolo Abeni Acked-by: Jiri Pirko Signed-off-by: David S. Miller commit c4053ef322081554765e1b708d6cdd8855e1d72d Author: Baruch Siach Date: Wed Aug 29 09:44:39 2018 +0300 net: mvpp2: initialize port of_node pointer Without a valid of_node in struct device we can't find the mvpp2 port device by its DT node. Specifically, this breaks of_find_net_device_by_node(). For example, the Armada 8040 based Clearfog GT-8K uses Marvell 88E6141 switch connected to the &cp1_eth2 port: &cp1_mdio { ... switch0: switch0@4 { compatible = "marvell,mv88e6085"; ... ports { ... port@5 { reg = <5>; label = "cpu"; ethernet = <&cp1_eth2>; }; }; }; }; Without this patch, dsa_register_switch() returns -EPROBE_DEFER because of_find_net_device_by_node() can't find the device_node of the &cp1_eth2 device. Reviewed-by: Andrew Lunn Signed-off-by: Baruch Siach Signed-off-by: David S. Miller commit b244ffa15c8b1aabdc117c0b6008086df7b668b7 Author: Zhenyu Wang Date: Thu Aug 30 10:50:36 2018 +0800 drm/i915/gvt: Fix drm_format_mod value for vGPU plane Physical plane's tiling mode value is given directly as drm_format_mod for plane query, which is not correct fourcc code. Fix it by using correct intel tiling fourcc mod definition. Current qemu seems also doesn't correctly utilize drm_format_mod for plane object setting. Anyway this is required to fix the usage. v3: use DRM_FORMAT_MOD_LINEAR, fix comment v2: Fix missed old 'tiled' use for stride calculation Fixes: e546e281d33d ("drm/i915/gvt: Dmabuf support for GVT-g") Cc: Tina Zhang Cc: Gerd Hoffmann Cc: Colin Xu Reviewed-by: Colin Xu Signed-off-by: Zhenyu Wang commit b2b599fb54f90ae395ddc51f0d49e4f28244a8f8 Author: Hang Yuan Date: Wed Aug 29 17:15:56 2018 +0800 drm/i915/gvt: move intel_runtime_pm_get out of spin_lock in stop_schedule pm_runtime_get_sync in intel_runtime_pm_get might sleep if i915 device is not active. When stop vgpu schedule, the device may be inactive. So need to move runtime_pm_get out of spin_lock/unlock. Fixes: b24881e0b0b6("drm/i915/gvt: Add runtime_pm_get/put into gvt_switch_mmio Cc: Signed-off-by: Hang Yuan Signed-off-by: Xiong Zhang Signed-off-by: Zhenyu Wang commit b9b824a55876275f8506c1c187558ab22d879f73 Author: Colin Xu Date: Fri Aug 17 16:42:24 2018 +0800 drm/i915/gvt: Handle GEN9_WM_CHICKEN3 with F_CMD_ACCESS. Recent patch introduce strict check on scanning cmd: Commit 8d458ea0ec33 ("drm/i915/gvt: return error on cmd access") Before 8d458ea0ec33, if cmd_reg_handler() checks that a cmd access a mmio that not marked as F_CMD_ACCESS, it simply returns 0 and log an error. Now it will return -EBADRQC which will cause the workload fail to submit. On BXT, i915 applies WaClearHIZ_WM_CHICKEN3 which will program GEN9_WM_CHICKEN3 by LRI when init wa ctx. If it has no F_CMD_ACCESS flag, vgpu will fail to start. Also add F_MODE_MASK since it's mode mask reg. v2: Refresh commit message to elaborate issue symptom in detail. v3: Make SKL_PLUS share same handling since GEN9_WM_CHICKEN3 should be F_CMD_ACCESS from HW aspect. (yan, zhenyu) Signed-off-by: Colin Xu Acked-by: Zhao Yan Signed-off-by: Zhenyu Wang commit c8ab5ac30ccc20a31672ab0f8938a6271dfe4122 Author: Colin Xu Date: Mon Aug 20 16:46:34 2018 +0800 drm/i915/gvt: Make correct handling to vreg BXT_PHY_CTL_FAMILY Guest kernel will write to BXT_PHY_CTL_FAMILY to reset DDI PHY and pull BXT_PHY_CTL to check PHY status. Previous handling will set/reset BXT_PHY_CTL of all PHYs at same time on receiving vreg write to some BXT_PHY_CTL_FAMILY. If some BXT_PHY_CTL is already enabled, following reset to another BXT_PHY_CTL_FAMILY will clear the enabled BXT_PHY_CTL, which result in guest kernel print: ----------------------------------- [drm:intel_ddi_get_hw_state [i915]] *ERROR* Port B enabled but PHY powered down? (PHY_CTL 00000000) ----------------------------------- The correct handling should operate BXT_PHY_CTL_FAMILY and BXT_PHY_CTL on the same DDI. v2: Use correct reg define. The naming looks confusing, however current i915_reg.h bind DPIO_PHY0 to _PHY_CTL_FAMILY_DDI and bind DPIO_PHY1 to _PHY_CTL_FAMILY_EDP, pairing to _BXT_PHY_CTL_DDI_A and _BXT_PHY_CTL_DDI_B respectively. v3: v2 incorrectly map _PHY_CTL_FAMILY_EDP to _BXT_PHY_CTL_DDI_A. BXT_PHY_CTL() looks up DDI using PORTx but not PHYx. Based on DPIO_PHY to DDI mapping, make correct vreg handle to BXT_PHY_CTL on receiving vreg write to BXT_PHY_CTL_FAMILY. (He, Min) Current mapping according to bxt_power_wells: dpio-common-a: >>> DPIO_PHY1 >>> BXT_DPIO_CMN_A_POWER_DOMAINS >>> POWER_DOMAIN_PORT_DDI_A_LANES >>> PORT_A dpio-common-bc: >>> DPIO_PHY0 >>> BXT_DPIO_CMN_BC_POWER_DOMAINS >>> POWER_DOMAIN_PORT_DDI_B_LANES | POWER_DOMAIN_PORT_DDI_C_LANES >>> PORT_B or PORT_C Signed-off-by: Colin Xu Reviewed-by: He, Min Signed-off-by: Zhenyu Wang commit 9174c1d6196d612799808009ec2796df021ab625 Author: Xiaolin Zhang Date: Tue Aug 7 20:39:16 2018 +0800 drm/i915/gvt: emulate gen9 dbuf ctl register access there is below call track at boot time when booting guest with kabylake vgpu with specifal configuration and this try to fix it. [drm:gen9_dbuf_enable [i915]] *ERROR* DBuf power enable timeout ------------[ cut here ]------------ WARNING: gen9_dc_off_power_well_enable+0x224/0x230 [i915] Unexpected DBuf power power state (0x8000000a) Hardware name: Red Hat KVM, BIOS 1.11.0-2.el7 04/01/2014 Call Trace: [] dump_stack+0x19/0x1b [] __warn+0xd8/0x100 [] warn_slowpath_fmt+0x5f/0x80 [] gen9_dc_off_power_well_enable+0x224/0x230 [i915] [] intel_power_well_enable+0x42/0x50 [i915] [] __intel_display_power_get_domain+0x8a/0xb0 [i915] [] intel_display_power_get+0x33/0x50 [i915] [] intel_display_set_init_power+0x45/0x50 [i915] [] intel_power_domains_init_hw+0x63/0x8a0 [i915] [] i915_driver_load+0xae3/0x1760 [i915] [] ? nvmem_register+0x500/0x500 [] i915_pci_probe+0x2c/0x50 [i915] [] local_pci_probe+0x4a/0xb0 [] pci_device_probe+0x109/0x160 [] driver_probe_device+0xc5/0x3e0 [] __driver_attach+0x93/0xa0 [] ? __device_attach+0x50/0x50 [] bus_for_each_dev+0x75/0xc0 [] driver_attach+0x1e/0x20 [] bus_add_driver+0x200/0x2d0 [] driver_register+0x64/0xf0 [] __pci_register_driver+0xa5/0xc0 [] ? 0xffffffffc0928fff [] i915_init+0x59/0x5c [i915] [] do_one_initcall+0xba/0x240 [] load_module+0x272c/0x2bc0 [] ? ddebug_proc_write+0xf0/0xf0 [] SyS_init_module+0xc5/0x110 [] system_call_fastpath+0x1c/0x21 Signed-off-by: Xiaolin Zhang Signed-off-by: Zhenyu Wang commit c3c397c1f16c51601a3fac4fe0c63ad8aa85a904 Author: Doug Berger Date: Tue Aug 28 12:33:15 2018 -0700 net: bcmgenet: use MAC link status for fixed phy When using the fixed PHY with GENET (e.g. MOCA) the PHY link status can be determined from the internal link status captured by the MAC. This allows the PHY state machine to use the correct link state with the fixed PHY even if MAC link event interrupts are missed when the net device is opened. Fixes: 8d88c6ebb34c ("net: bcmgenet: enable MoCA link state change detection") Signed-off-by: Doug Berger Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit c305660b325463cdf3d944492f96155dc931b448 Author: Dinh Nguyen Date: Tue Aug 28 10:19:20 2018 -0500 net: stmmac: build the dwmac-socfpga platform driver for Stratix10 The Stratix10 SoC is an AARCH64 based platform that shares the same ethernet controller that is on other SoCFPGA platforms. Build the platform driver. Signed-off-by: Dinh Nguyen Signed-off-by: David S. Miller commit e0b7e7dc690183c79f772844cdc03a144d72a3e0 Merge: 85eb9af18224 f707ef61e172 Author: David S. Miller Date: Wed Aug 29 19:28:55 2018 -0700 Merge branch 'ipv6-fix-error-path-of-inet6_init' Sabrina Dubroca says: ==================== ipv6: fix error path of inet6_init() The error path of inet6_init() can trigger multiple kernel panics, mostly due to wrong ordering of cleanups. This series fixes those issues. ==================== Reviewed-by: Xin Long Signed-off-by: David S. Miller commit f707ef61e17261f2bb18c3e4871c6f135ab3aba9 Author: Sabrina Dubroca Date: Tue Aug 28 13:40:53 2018 +0200 net: rtnl: return early from rtnl_unregister_all when protocol isn't registered rtnl_unregister_all(PF_INET6) gets called from inet6_init in cases when no handler has been registered for PF_INET6 yet, for example if ip6_mr_init() fails. Abort and avoid a NULL pointer deref in that case. Example of panic (triggered by faking a failure of register_pernet_subsys): general protection fault: 0000 [#1] PREEMPT SMP KASAN PTI [...] RIP: 0010:rtnl_unregister_all+0x17e/0x2a0 [...] Call Trace: ? rtnetlink_net_init+0x250/0x250 ? sock_unregister+0x103/0x160 ? kernel_getsockopt+0x200/0x200 inet6_init+0x197/0x20d Fixes: e2fddf5e96df ("[IPV6]: Make af_inet6 to check ip6_route_init return value.") Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller commit a03dc36bdca6b614651fedfcd8559cf914d2d21d Author: Sabrina Dubroca Date: Tue Aug 28 13:40:52 2018 +0200 ipv6: fix cleanup ordering for pingv6 registration Commit 6d0bfe226116 ("net: ipv6: Add IPv6 support to the ping socket.") contains an error in the cleanup path of inet6_init(): when proto_register(&pingv6_prot, 1) fails, we try to unregister &pingv6_prot. When rawv6_init() fails, we skip unregistering &pingv6_prot. Example of panic (triggered by faking a failure of proto_register(&pingv6_prot, 1)): general protection fault: 0000 [#1] PREEMPT SMP KASAN PTI [...] RIP: 0010:__list_del_entry_valid+0x79/0x160 [...] Call Trace: proto_unregister+0xbb/0x550 ? trace_preempt_on+0x6f0/0x6f0 ? sock_no_shutdown+0x10/0x10 inet6_init+0x153/0x1b8 Fixes: 6d0bfe226116 ("net: ipv6: Add IPv6 support to the ping socket.") Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller commit afe49de44c27a89e8e9631c44b5ffadf6ace65e2 Author: Sabrina Dubroca Date: Tue Aug 28 13:40:51 2018 +0200 ipv6: fix cleanup ordering for ip6_mr failure Commit 15e668070a64 ("ipv6: reorder icmpv6_init() and ip6_mr_init()") moved the cleanup label for ipmr_fail, but should have changed the contents of the cleanup labels as well. Now we can end up cleaning up icmpv6 even though it hasn't been initialized (jump to icmp_fail or ipmr_fail). Simply undo things in the reverse order of their initialization. Example of panic (triggered by faking a failure of icmpv6_init): kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN PTI [...] RIP: 0010:__list_del_entry_valid+0x79/0x160 [...] Call Trace: ? lock_release+0x8a0/0x8a0 unregister_pernet_operations+0xd4/0x560 ? ops_free_list+0x480/0x480 ? down_write+0x91/0x130 ? unregister_pernet_subsys+0x15/0x30 ? down_read+0x1b0/0x1b0 ? up_read+0x110/0x110 ? kmem_cache_create_usercopy+0x1b4/0x240 unregister_pernet_subsys+0x1d/0x30 icmpv6_cleanup+0x1d/0x30 inet6_init+0x1b5/0x23f Fixes: 15e668070a64 ("ipv6: reorder icmpv6_init() and ip6_mr_init()") Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller commit 58c3f14f86c98e4030b03e6ab929fa3190565d4f Merge: ff69279a44e9 47d80a68f10d Author: Linus Torvalds Date: Wed Aug 29 18:41:48 2018 -0700 Merge tag 'riscv-for-linus-4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux Pull RISC-V fixes from Palmer Dabbelt: "RISC-V Fixes and Cleanups for 4.19-rc2 This contains a handful of patches that filtered their way in during the merge window but just didn't make the deadline. It includes: - Additional documentation in the riscv,cpu-intc device tree binding that resulted from some feedback I missed in the original patch set. - A build fix that provides the definition of tlb_flush() before including tlb.h, which fixes a RISC-V build regression introduced during this merge window. - A cosmetic cleanup to sys_riscv_flush_icache()" * tag 'riscv-for-linus-4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux: RISC-V: Use a less ugly workaround for unused variable warnings riscv: tlb: Provide definition of tlb_flush() before including tlb.h dt-bindings: riscv,cpu-intc: Cleanups from a missed review commit 49a51c4b4064c8a89ffd166434696138edef6b85 Merge: 185c3cfacafd 80ab316901bc Author: Dave Airlie Date: Thu Aug 30 11:34:55 2018 +1000 Merge tag 'drm-intel-fixes-2018-08-29' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes - fix for GLK and CNL watermark workaround - fix for display affecting NUCs with LSPCON - freeing an allocated write_buf on hdcp - audio hook when display is disabled - vma stop holding ppgtt reference Signed-off-by: Dave Airlie From: Rodrigo Vivi Link: https://patchwork.freedesktop.org/patch/msgid/20180829234512.GA32468@intel.com commit 185c3cfacafded57663dedd50bdab53fff0d8bc3 Merge: 852fde0a34ce 6ddd9769db4f Author: Dave Airlie Date: Thu Aug 30 11:30:02 2018 +1000 Merge branch 'drm-fixes-4.19' of git://people.freedesktop.org/~agd5f/linux into drm-fixes Fixes for 4.19: - SR-IOV fixes - Kasan and page fault fix on device removal - S3 stability fix for CZ/ST - VCE regression fixes for CIK parts - Avoid holding the mn_lock when allocating memory - DC memory leak fix - BO eviction fix Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20180829202555.2653-1-alexander.deucher@amd.com commit 852fde0a34ce28da818d8538f42d0b9ea5331875 Merge: 5b394b2ddf03 08bcbed747eb Author: Dave Airlie Date: Thu Aug 30 10:25:47 2018 +1000 Merge branch 'mediatek-drm-fixes-4.19' of https://github.com/ckhu-mediatek/linux.git-tags into drm-fixes "Here are some fixes for mediatek drm driver." Mostly fixes around the RDMA and Overlay Signed-off-by: Dave Airlie From: CK Hu Link: https://patchwork.freedesktop.org/patch/msgid/1535346194.27648.5.camel@mtksdaap41 commit 85eb9af182243ce9a8b72410d5321c440ac5f8d7 Author: Davide Caratti Date: Mon Aug 27 22:56:22 2018 +0200 net/sched: act_pedit: fix dump of extended layered op in the (rare) case of failure in nla_nest_start(), missing NULL checks in tcf_pedit_key_ex_dump() can make the following command # tc action add action pedit ex munge ip ttl set 64 dereference a NULL pointer: BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 800000007d1cd067 P4D 800000007d1cd067 PUD 7acd3067 PMD 0 Oops: 0002 [#1] SMP PTI CPU: 0 PID: 3336 Comm: tc Tainted: G E 4.18.0.pedit+ #425 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:tcf_pedit_dump+0x19d/0x358 [act_pedit] Code: be 02 00 00 00 48 89 df 66 89 44 24 20 e8 9b b1 fd e0 85 c0 75 46 8b 83 c8 00 00 00 49 83 c5 08 48 03 83 d0 00 00 00 4d 39 f5 <66> 89 04 25 00 00 00 00 0f 84 81 01 00 00 41 8b 45 00 48 8d 4c 24 RSP: 0018:ffffb5d4004478a8 EFLAGS: 00010246 RAX: ffff8880fcda2070 RBX: ffff8880fadd2900 RCX: 0000000000000000 RDX: 0000000000000002 RSI: ffffb5d4004478ca RDI: ffff8880fcda206e RBP: ffff8880fb9cb900 R08: 0000000000000008 R09: ffff8880fcda206e R10: ffff8880fadd2900 R11: 0000000000000000 R12: ffff8880fd26cf40 R13: ffff8880fc957430 R14: ffff8880fc957430 R15: ffff8880fb9cb988 FS: 00007f75a537a740(0000) GS:ffff8880fda00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000007a2fa005 CR4: 00000000001606f0 Call Trace: ? __nla_reserve+0x38/0x50 tcf_action_dump_1+0xd2/0x130 tcf_action_dump+0x6a/0xf0 tca_get_fill.constprop.31+0xa3/0x120 tcf_action_add+0xd1/0x170 tc_ctl_action+0x137/0x150 rtnetlink_rcv_msg+0x263/0x2d0 ? _cond_resched+0x15/0x40 ? rtnl_calcit.isra.30+0x110/0x110 netlink_rcv_skb+0x4d/0x130 netlink_unicast+0x1a3/0x250 netlink_sendmsg+0x2ae/0x3a0 sock_sendmsg+0x36/0x40 ___sys_sendmsg+0x26f/0x2d0 ? do_wp_page+0x8e/0x5f0 ? handle_pte_fault+0x6c3/0xf50 ? __handle_mm_fault+0x38e/0x520 ? __sys_sendmsg+0x5e/0xa0 __sys_sendmsg+0x5e/0xa0 do_syscall_64+0x5b/0x180 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f75a4583ba0 Code: c3 48 8b 05 f2 62 2c 00 f7 db 64 89 18 48 83 cb ff eb dd 0f 1f 80 00 00 00 00 83 3d fd c3 2c 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ae cc 00 00 48 89 04 24 RSP: 002b:00007fff60ee7418 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fff60ee7540 RCX: 00007f75a4583ba0 RDX: 0000000000000000 RSI: 00007fff60ee7490 RDI: 0000000000000003 RBP: 000000005b842d3e R08: 0000000000000002 R09: 0000000000000000 R10: 00007fff60ee6ea0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff60ee7554 R14: 0000000000000001 R15: 000000000066c100 Modules linked in: act_pedit(E) ip6table_filter ip6_tables iptable_filter binfmt_misc crct10dif_pclmul ext4 crc32_pclmul mbcache ghash_clmulni_intel jbd2 pcbc snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm aesni_intel crypto_simd snd_timer cryptd glue_helper snd joydev pcspkr soundcore virtio_balloon i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi virtio_net net_failover virtio_blk virtio_console failover qxl crc32c_intel drm_kms_helper syscopyarea serio_raw sysfillrect sysimgblt fb_sys_fops ttm drm ata_piix virtio_pci libata virtio_ring i2c_core virtio floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_pedit] CR2: 0000000000000000 Like it's done for other TC actions, give up dumping pedit rules and return an error if nla_nest_start() returns NULL. Fixes: 71d0ed7079df ("net/act_pedit: Support using offset relative to the conventional network headers") Signed-off-by: Davide Caratti Acked-by: Cong Wang Signed-off-by: David S. Miller commit 6e0bb04d0e4f597d8d8f4f21401a9636f2809fd1 Author: Chris Brandt Date: Mon Aug 27 12:42:02 2018 -0500 sh_eth: Add R7S9210 support Add support for the R7S9210 which is part of the RZ/A2 series. Signed-off-by: Chris Brandt Acked-by: Rob Herring Signed-off-by: David S. Miller commit def70b61afbc28f5df07841e0f770abde1b401ed Merge: 05212ba8132b 455c4401fe7a Author: David S. Miller Date: Wed Aug 29 18:08:20 2018 -0700 Merge branch 'hns-fixes' Peng Li says: ==================== net: hns: fix some bugs about speed and duplex change If there are packets in hardware when changing the spped or duplex, it may cause hardware hang up. This patchset adds the code for waiting chip to clean the all pkts(TX & RX) in chip when the driver uses the function named "adjust link". This patchset cleans the pkts as follows: 1) close rx of chip, close tx of protocol stack. 2) wait rcb, ppe, mac to clean. 3) adjust link 4) open rx of chip, open tx of protocol stack. ==================== Signed-off-by: David S. Miller commit 455c4401fe7a538facaffb35b906ce19f1ece474 Author: Peng Li Date: Mon Aug 27 09:59:30 2018 +0800 net: hns: add netif_carrier_off before change speed and duplex If there are packets in hardware when changing the speed or duplex, it may cause hardware hang up. This patch adds netif_carrier_off before change speed and duplex in ethtool_ops.set_link_ksettings, and adds netif_carrier_on after complete the change. Signed-off-by: Peng Li Signed-off-by: David S. Miller commit 31fabbee8f5c658c3fa1603c66e9e4f51ea8c2c6 Author: Peng Li Date: Mon Aug 27 09:59:29 2018 +0800 net: hns: add the code for cleaning pkt in chip If there are packets in hardware when changing the speed or duplex, it may cause hardware hang up. This patch adds the code for waiting chip to clean the all pkts(TX & RX) in chip when the driver uses the function named "adjust link". This patch cleans the pkts as follows: 1) close rx of chip, close tx of protocol stack. 2) wait rcb, ppe, mac to clean. 3) adjust link 4) open rx of chip, open tx of protocol stack. Signed-off-by: Peng Li Signed-off-by: David S. Miller commit 05212ba8132b42047ab5d63d759c6f9c28e7eab5 Author: Azat Khuzhin Date: Sun Aug 26 17:03:09 2018 +0300 r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices I have two Ethernet adapters: r8169 0000:03:01.0 eth0: RTL8169sb/8110sb, 00:14:d1:14:2d:49, XID 10000000, IRQ 18 r8169 0000:01:00.0 eth0: RTL8168e/8111e, 64:66:b3:11:14:5d, XID 2c200000, IRQ 30 And after upgrading from linux 4.15 [1] to linux 4.18+ [2] RTL8169sb failed to receive any packets. tcpdump shows a lot of checksum mismatch. [1]: a0f79386a4968b4925da6db2d1daffd0605a4402 [2]: 0519359784328bfa92bf0931bf0cff3b58c16932 (4.19 merge window opened) I started bisecting and the found that [3] breaks it. According to [4]: "For 8110S, 8110SB, and 8110SC series, the initial value of RxConfig needs to be set after the tx/rx is enabled." So I moved rtl_init_rxcfg() after enabling tx/rs and now my adapter works (RTL8168e works too). [3]: 3559d81e76bfe3803e89f2e04cf6ef7ab4f3aace [4]: e542a2269f232d61270ceddd42b73a4348dee2bb ("r8169: adjust the RxConfig settings.") Also drop "rx" from rtl_set_rx_tx_config_registers(), since it does nothing with it already. Fixes: 3559d81e76bfe3803e89f2e04cf6ef7ab4f3aace ("r8169: simplify rtl_hw_start_8169") Cc: Heiner Kallweit Cc: David S. Miller Cc: netdev@vger.kernel.org Cc: Realtek linux nic maintainers Signed-off-by: Azat Khuzhin Signed-off-by: David S. Miller commit 9a07efa9aea2f4a59f35da0785a4e6a6b5a96192 Author: Cong Wang Date: Fri Aug 24 12:28:06 2018 -0700 tipc: switch to rhashtable iterator syzbot reported a use-after-free in tipc_group_fill_sock_diag(), where tipc_group_fill_sock_diag() still reads tsk->group meanwhile tipc_group_delete() just deletes it in tipc_release(). tipc_nl_sk_walk() aims to lock this sock when walking each sock in the hash table to close race conditions with sock changes like this one, by acquiring tsk->sk.sk_lock.slock spinlock, unfortunately this doesn't work at all. All non-BH call path should take lock_sock() instead to make it work. tipc_nl_sk_walk() brutally iterates with raw rht_for_each_entry_rcu() where RCU read lock is required, this is the reason why lock_sock() can't be taken on this path. This could be resolved by switching to rhashtable iterator API's, where taking a sleepable lock is possible. Also, the iterator API's are friendly for restartable calls like diag dump, the last position is remembered behind the scence, all we need to do here is saving the iterator into cb->args[]. I tested this with parallel tipc diag dump and thousands of tipc socket creation and release, no crash or memory leak. Reported-by: syzbot+b9c8f3ab2994b7cd1625@syzkaller.appspotmail.com Cc: Jon Maloy Cc: Ying Xue Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit e5133f2f1261f8ab412e7fc5e3694c9f84328f89 Author: Jerome Brunet Date: Fri Aug 24 11:04:40 2018 +0200 Revert "net: stmmac: Do not keep rearming the coalesce timer in stmmac_xmit" This reverts commit 4ae0169fd1b3c792b66be58995b7e6b629919ecf. This change in the handling of the coalesce timer is causing regression on (at least) amlogic platforms. Network will break down very quickly (a few seconds) after starting a download. This can easily be reproduced using iperf3 for example. The problem has been reported on the S805, S905, S912 and A113 SoCs (Realtek and Micrel PHYs) and it is likely impacting all Amlogics platforms using Gbit ethernet No problem was seen with the platform using 10/100 only PHYs (GXL internal) Reverting change brings things back to normal and allows to use network again until we better understand the problem with the coalesce timer. Cc: Jose Abreu Cc: Joao Pinto Cc: Vitor Soares Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Cc: Corentin Labbe Signed-off-by: Jerome Brunet Signed-off-by: David S. Miller commit bd583fe30427500a2d0abe25724025b1cb5e2636 Author: Cong Wang Date: Thu Aug 23 16:19:44 2018 -0700 tipc: fix a missing rhashtable_walk_exit() rhashtable_walk_exit() must be paired with rhashtable_walk_enter(). Fixes: 40f9f4397060 ("tipc: Fix tipc_sk_reinit race conditions") Cc: Herbert Xu Cc: Ying Xue Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 9f2895461439fda2801a7906fb4c5fb3dbb37a0a Author: Alexey Kodanev Date: Thu Aug 23 19:49:54 2018 +0300 vti6: remove !skb->ignore_df check from vti6_xmit() Before the commit d6990976af7c ("vti6: fix PMTU caching and reporting on xmit") '!skb->ignore_df' check was always true because the function skb_scrub_packet() was called before it, resetting ignore_df to zero. In the commit, skb_scrub_packet() was moved below, and now this check can be false for the packet, e.g. when sending it in the two fragments, this prevents successful PMTU updates in such case. The next attempts to send the packet lead to the same tx error. Moreover, vti6 initial MTU value relies on PMTU adjustments. This issue can be reproduced with the following LTP test script: udp_ipsec_vti.sh -6 -p ah -m tunnel -s 2000 Fixes: ccd740cbc6e0 ("vti6: Add pmtu handling to vti6_xmit.") Signed-off-by: Alexey Kodanev Acked-by: Steffen Klassert Signed-off-by: David S. Miller commit 6a5d39aa9ac274d9ccdb50ec47112158537f00de Merge: 53ae914d898e d65e6c80c6bb Author: David S. Miller Date: Wed Aug 29 16:19:38 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Daniel Borkmann says: ==================== pull-request: bpf 2018-08-29 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Fix a build error in sk_reuseport_convert_ctx_access() when compiling with clang which cannot resolve hweight_long() at build time inside the BUILD_BUG_ON() assertion, from Stefan. 2) Several fixes for BPF sockmap, four of them in getting the bpf_msg_pull_data() helper to work, one use after free case in bpf_tcp_close() and one refcount leak in bpf_tcp_recvmsg(), from Daniel. 3) Another fix for BPF sockmap where we misaccount sk_mem_uncharge() in the socket redirect error case from unwinding scatterlist twice, from John. ==================== Signed-off-by: David S. Miller commit ff69279a44e9ba876466b7d3ab84d6dbd31cac92 Author: Ard Biesheuvel Date: Wed Aug 29 08:47:53 2018 +0200 powerpc: disable support for relative ksymtab references The newly added code that emits ksymtab entries as pairs of 32-bit relative references interacts poorly with the way powerpc lays out its address space: when a module exports a per-CPU variable, the primary module region covering the ksymtab entry -and thus the 32-bit relative reference- is too far away from the actual per-CPU variable's base address (to which the per-CPU offsets are applied to obtain the respective address of each CPU's copy), resulting in corruption when the module loader attempts to resolve symbol references of modules that are loaded on top and link to the exported per-CPU symbol. So let's disable this feature on powerpc. Even though it implements CONFIG_RELOCATABLE, it does not implement CONFIG_RANDOMIZE_BASE and so KASLR kernels (which are the main target of the feature) do not exist on powerpc anyway. Reported-by: Andreas Schwab Suggested-by: Nicholas Piggin Signed-off-by: Ard Biesheuvel Signed-off-by: Linus Torvalds commit af3a5fe4ddfe3d426eb025d4c3afd176efea658e Merge: f3f106dac045 d49dbfade96d Author: Linus Torvalds Date: Wed Aug 29 16:03:45 2018 -0700 Merge tag 'hwmon-for-linus-v4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fixes from Guenter Roeck: - Fix potential Spectre v1 in nct6775 - Add error checking to adt7475 driver - Fix reading shunt resistor value in ina2xx driver * tag 'hwmon-for-linus-v4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (nct6775) Fix potential Spectre v1 hwmon: (adt7475) Make adt7475_read_word() return errors hwmon: (adt7475) Potential error pointer dereferences hwmon: (ina2xx) fix sysfs shunt resistor read access commit f3f106dac0458e3010486860baba8fdc2a133e5e Merge: ff81a521b888 ee4af50ca94f Author: Linus Torvalds Date: Wed Aug 29 14:56:45 2018 -0700 Merge tag 'for_v4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull misc fs fixes from Jan Kara: - make UDF to properly mount media created by Win7 - make isofs to properly refuse devices with large physical block size - fix a Spectre gadget in quotactl(2) - fix a warning in fsnotify code hit by syzkaller * tag 'for_v4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: udf: Fix mounting of Win7 created UDF filesystems udf: Remove dead code from udf_find_fileset() fs/quota: Fix spectre gadget in do_quotactl fs/quota: Replace XQM_MAXQUOTAS usage with MAXQUOTAS isofs: reject hardware sector size > 2048 bytes fsnotify: fix false positive warning on inode delete commit ff81a521b888728e7ece69a437ac4d9ea810b6c6 Merge: b4df50de6ab6 c7c09dc187f0 Author: Linus Torvalds Date: Wed Aug 29 14:51:32 2018 -0700 Merge tag 'nios2-v4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2 Pull nios2 fix from Ley Foon Tan: "remove duplicate DEBUG_STACK_USAGE symbol defintions" * tag 'nios2-v4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2: nios2: kconfig: remove duplicate DEBUG_STACK_USAGE symbol defintions commit 80ab316901bc4ae6dd0b5903dbe22766307eac9b Author: Chris Wilson Date: Fri Aug 17 11:02:41 2018 +0100 drm/i915/audio: Hook up component bindings even if displays are disabled If the display has been disabled by modparam, we still want to connect together the HW bits and bobs with the associated drivers so that we can continue to manage their runtime power gating. Fixes: 108109444ff6 ("drm/i915: Check num_pipes before initializing audio component") Signed-off-by: Chris Wilson Cc: Imre Deak Cc: Takashi Iwai Cc: Jani Nikula Cc: Elaine Wang Reviewed-by: Imre Deak Link: https://patchwork.freedesktop.org/patch/msgid/20180817100241.4628-1-chris@chris-wilson.co.uk (cherry picked from commit 35a5fd9ebfa93758ca579e30f337b6c9126d995b) Signed-off-by: Rodrigo Vivi commit 299c2a904b1e8d5096d4813df6371357d97a6cd1 Author: Fredrik Schön Date: Fri Aug 17 22:07:28 2018 +0200 drm/i915: Increase LSPCON timeout 100 ms is not enough time for the LSPCON adapter on Intel NUC devices to settle. This causes dropped display modes at boot or screen reconfiguration. Empirical testing can reproduce the error up to a timeout of 190 ms. Basic boot and stress testing at 200 ms has not (yet) failed. Increase timeout to 400 ms to get some margin of error. Changes from v1: The initial suggestion of 1000 ms was lowered due to concerns about delaying valid timeout cases. Update patch metadata. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107503 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1570392 Fixes: 357c0ae9198a ("drm/i915/lspcon: Wait for expected LSPCON mode to settle") Cc: Shashank Sharma Cc: Imre Deak Cc: Jani Nikula Cc: # v4.11+ Reviewed-by: Rodrigo Vivi Reviewed-by: Shashank Sharma Signed-off-by: Fredrik Schön Signed-off-by: Jani Nikula Link: https://patchwork.freedesktop.org/patch/msgid/20180817200728.8154-1-fredrik.schon@gmail.com (cherry picked from commit 59f1c8ab30d6f9042562949f42cbd3f3cf69de94) Signed-off-by: Rodrigo Vivi commit f013027e266553effa3e9d9d62236ae5ee3b25e7 Author: Chris Wilson Date: Thu Aug 16 08:34:46 2018 +0100 drm/i915: Stop holding a ref to the ppgtt from each vma The context owns both the ppgtt and the vma within it, and our activity tracking on the context ensures that we do not release active ppgtt. As the context fulfils our obligations for active memory tracking, we can relinquish the reference from the vma. This fixes a silly transient refleak from closed vma being kept alive until the entire system was idle, keeping all vm alive as well. Reported-by: Paulo Zanoni Testcase: igt/gem_ctx_create/files Fixes: 3365e2268b6b ("drm/i915: Lazily unbind vma on close") Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Cc: Paulo Zanoni Reviewed-by: Mika Kuoppala Tested-by: Mika Kuoppala Link: https://patchwork.freedesktop.org/patch/msgid/20180816073448.19396-1-chris@chris-wilson.co.uk (cherry picked from commit a4417b7b419a68540ad7945ac4efbb39d19afa63) Signed-off-by: Rodrigo Vivi commit b4df50de6ab66e41b3b8d8acf3ce45c632084163 Merge: 3f16503b7d22 3d7c82060d1f Author: Linus Torvalds Date: Wed Aug 29 13:38:39 2018 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: - Check for the right CPU feature bit in sm4-ce on arm64. - Fix scatterwalk WARN_ON in aes-gcm-ce on arm64. - Fix unaligned fault in aesni on x86. - Fix potential NULL pointer dereference on exit in chtls. - Fix DMA mapping direction for RSA in caam. - Fix error path return value for xts setkey in caam. - Fix address endianness when DMA unmapping in caam. - Fix sleep-in-atomic in vmx. - Fix command corruption when queue is full in cavium/nitrox. * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. crypto: vmx - Fix sleep-in-atomic bugs crypto: arm64/aes-gcm-ce - fix scatterwalk API violation crypto: aesni - Use unaligned loads from gcm_context_data crypto: chtls - fix null dereference chtls_free_uld() crypto: arm64/sm4-ce - check for the right CPU feature bit crypto: caam - fix DMA mapping direction for RSA forms 2 & 3 crypto: caam/qi - fix error path in xts setkey crypto: caam/jr - fix descriptor DMA unmapping commit 67e6ddb5be440a92b82e87ca0ab8f973ae31b12c Author: Nishanth Menon Date: Mon Aug 27 19:46:50 2018 -0500 arm64: defconfig: Enable TI's AM6 SoC platform Enable K3 SoC platform for TI's AM6 SoC. Signed-off-by: Nishanth Menon Acked-by: Tony Lindgren Signed-off-by: Olof Johansson commit 1dbd150d04f11a6e8d03c80132167e8d3391f8ce Author: Linus Walleij Date: Mon Aug 27 15:27:08 2018 +0200 ARM: defconfig: Update the ARM Versatile defconfig This updates the ARM Versatile defconfig to the latest Kconfig structural changes and adds the DUMB VGA bridge driver so that VGA works out of the box, e.g. with QEMU. Signed-off-by: Linus Walleij Signed-off-by: Olof Johansson commit 55a020e21c16d7e5b00783ccd6c0c4487731dd75 Merge: 5b394b2ddf03 b9543a2e39dc Author: Olof Johansson Date: Wed Aug 29 11:50:14 2018 -0700 Merge tag 'imx-fixes-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes i.MX fixes for 4.19: - i.MX display folks decided to switch MXS display driver from legacy FB to DRM during 4.19 merge window. It leads to a fallout on some Freescale/NXP development boards with Seiko 43WVF1G panel, because this DRM panel driver is not enabled in i.MX defconfig. Here is a series from Fabio to convert i.MX23/28 EVK DT to Seiko 43WVF1G panel bindings and enable the panel driver in i.MX defconfig, so that users can still get functional LCD on these boards by default. - A fix from Leonard to revert incorrect legacy PCI irq mapping in i.MX7 device tree, that was caused by document errors. * tag 'imx-fixes-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux: ARM: imx_v6_v7_defconfig: Select CONFIG_DRM_PANEL_SEIKO_43WVF1G ARM: mxs_defconfig: Select CONFIG_DRM_PANEL_SEIKO_43WVF1G ARM: dts: imx23-evk: Convert to the new display bindings ARM: dts: imx23-evk: Move regulators outside simple-bus ARM: dts: imx28-evk: Convert to the new display bindings ARM: dts: imx28-evk: Move regulators outside simple-bus Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Signed-off-by: Olof Johansson commit 74081c9f16a213f8f2681c175dc6ad7d17ad16ba Author: Fabrizio Castro Date: Tue Aug 14 13:33:48 2018 +0100 dt-bindings: watchdog: renesas-wdt: Document r8a774a1 support RZ/G2M (R8A774A1) watchdog implementation is compatible with R-Car Gen3, therefore add relevant documentation. Signed-off-by: Fabrizio Castro Reviewed-by: Biju Das Reviewed-by: Rob Herring Reviewed-by: Simon Horman Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck commit 3799eca51c5be3cd76047a582ac52087373b54b3 Author: Arnd Bergmann Date: Wed Aug 15 06:27:28 2018 -0400 media: camss: add missing includes Multiple files in this driver fail to build because of missing header inclusions: drivers/media/platform/qcom/camss/camss-csiphy-2ph-1-0.c: In function 'csiphy_hw_version_read': drivers/media/platform/qcom/camss/camss-csiphy-2ph-1-0.c:31:18: error: implicit declaration of function 'readl_relaxed'; did you mean 'xchg_relaxed'? [-Werror=implicit-function-declaration] drivers/media/platform/qcom/camss/camss-csiphy-3ph-1-0.c: In function 'csiphy_hw_version_read': drivers/media/platform/qcom/camss/camss-csiphy-3ph-1-0.c:52:2: error: implicit declaration of function 'writel' [-Werror=implicit-function-declaration] Add linux/io.h there and in all other files that call readl/writel and related interfaces. Signed-off-by: Arnd Bergmann Signed-off-by: Todor Tomov Signed-off-by: Mauro Carvalho Chehab commit 55b518998996cc935d294bbf1f07ddba58b8b89e Author: Todor Tomov Date: Tue Aug 14 11:57:35 2018 -0400 media: camss: Use managed memory allocations Use managed memory allocations for structs which are used until the driver is removed. Signed-off-by: Todor Tomov Signed-off-by: Mauro Carvalho Chehab commit 44a9ffd4eb99ada6c1496a735a414414fef30696 Author: Arnd Bergmann Date: Fri Aug 17 05:53:42 2018 -0400 media: camss: mark PM functions as __maybe_unused The empty suspend/resume functions cause a build warning when they are unused: drivers/media/platform/qcom/camss/camss.c:1001:12: error: 'camss_runtime_resume' defined but not used [-Werror=unused-function] drivers/media/platform/qcom/camss/camss.c:996:12: error: 'camss_runtime_suspend' defined but not used [-Werror=unused-function] Mark them as __maybe_unused so the compiler can silently drop them. Fixes: 02afa816dbbf ("media: camss: Add basic runtime PM support") Signed-off-by: Arnd Bergmann Acked-by: Todor Tomov Acked-by: Geert Uytterhoeven Signed-off-by: Mauro Carvalho Chehab commit 312f73b648626a0526a3aceebb0a3192aaba05ce Author: Jozef Balga Date: Tue Aug 21 05:01:04 2018 -0400 media: af9035: prevent buffer overflow on write When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung@kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga Signed-off-by: Mauro Carvalho Chehab commit d65e6c80c6bb72ced46ce90dea4016d913a8ddd4 Merge: 5b24109b0563 a8cf76a9023b Author: Alexei Starovoitov Date: Wed Aug 29 10:47:17 2018 -0700 Merge branch 'bpf_msg_pull_data-fixes' Daniel Borkmann says: ==================== This set contains three more fixes for the bpf_msg_pull_data() mainly for correcting scatterlist ring wrap-arounds as well as fixing up data pointers. For details please see individual patches. Thanks! ==================== Signed-off-by: Alexei Starovoitov commit a8cf76a9023bc6709b1361d06bb2fae5227b9d68 Author: Daniel Borkmann Date: Wed Aug 29 16:50:36 2018 +0200 bpf: fix sg shift repair start offset in bpf_msg_pull_data When we perform the sg shift repair for the scatterlist ring, we currently start out at i = first_sg + 1. However, this is not correct since the first_sg could point to the sge sitting at slot MAX_SKB_FRAGS - 1, and a subsequent i = MAX_SKB_FRAGS will access the scatterlist ring (sg) out of bounds. Add the sk_msg_iter_var() helper for iterating through the ring, and apply the same rule for advancing to the next ring element as we do elsewhere. Later work will use this helper also in other places. Fixes: 015632bb30da ("bpf: sk_msg program helper bpf_sk_msg_pull_data") Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Signed-off-by: Alexei Starovoitov commit 2e43f95dd8ee62bc8bf57f2afac37fbd70c8d565 Author: Daniel Borkmann Date: Wed Aug 29 16:50:35 2018 +0200 bpf: fix shift upon scatterlist ring wrap-around in bpf_msg_pull_data If first_sg and last_sg wraps around in the scatterlist ring, then we need to account for that in the shift as well. E.g. crafting such msgs where this is the case leads to a hang as shift becomes negative. E.g. consider the following scenario: first_sg := 14 |=> shift := -12 msg->sg_start := 10 last_sg := 3 | msg->sg_end := 5 round 1: i := 15, move_from := 3, sg[15] := sg[ 3] round 2: i := 0, move_from := -12, sg[ 0] := sg[-12] round 3: i := 1, move_from := -11, sg[ 1] := sg[-11] round 4: i := 2, move_from := -10, sg[ 2] := sg[-10] [...] round 13: i := 11, move_from := -1, sg[ 2] := sg[ -1] round 14: i := 12, move_from := 0, sg[ 2] := sg[ 0] round 15: i := 13, move_from := 1, sg[ 2] := sg[ 1] round 16: i := 14, move_from := 2, sg[ 2] := sg[ 2] round 17: i := 15, move_from := 3, sg[ 2] := sg[ 3] [...] This means we will loop forever and never hit the msg->sg_end condition to break out of the loop. When we see that the ring wraps around, then the shift should be MAX_SKB_FRAGS - first_sg + last_sg - 1. Meaning, the remainder slots from the tail of the ring and the head until last_sg combined. Fixes: 015632bb30da ("bpf: sk_msg program helper bpf_sk_msg_pull_data") Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Signed-off-by: Alexei Starovoitov commit 0e06b227c5221dd51b5569de93f3b9f532be4a32 Author: Daniel Borkmann Date: Wed Aug 29 16:50:34 2018 +0200 bpf: fix msg->data/data_end after sg shift repair in bpf_msg_pull_data In the current code, msg->data is set as sg_virt(&sg[i]) + start - offset and msg->data_end relative to it as msg->data + bytes. Using iterator i to point to the updated starting scatterlist element holds true for some cases, however not for all where we'd end up pointing out of bounds. It is /correct/ for these ones: 1) When first finding the starting scatterlist element (sge) where we find that the page is already privately owned by the msg and where the requested bytes and headroom fit into the sge's length. However, it's /incorrect/ for the following ones: 2) After we made the requested area private and updated the newly allocated page into first_sg slot of the scatterlist ring; when we find that no shift repair of the ring is needed where we bail out updating msg->data and msg->data_end. At that point i will point to last_sg, which in this case is the next elem of first_sg in the ring. The sge at that point might as well be invalid (e.g. i == msg->sg_end), which we use for setting the range of sg_virt(&sg[i]). The correct one would have been first_sg. 3) Similar as in 2) but when we find that a shift repair of the ring is needed. In this case we fix up all sges and stop once we've reached the end. In this case i will point to will point to the new msg->sg_end, and the sge at that point will be invalid. Again here the requested range sits in first_sg. Fixes: 015632bb30da ("bpf: sk_msg program helper bpf_sk_msg_pull_data") Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Signed-off-by: Alexei Starovoitov commit 4fbf51ee6e822ac28be28ff25883745131e8c4a3 Author: Hans Verkuil Date: Thu Aug 23 09:55:43 2018 -0400 media: video_function_calls.rst: drop obsolete video-set-attributes reference This fixes this warning: Documentation/media/uapi/dvb/video_function_calls.rst:9: WARNING: toctree contains reference to nonexisting document 'uapi/dvb/video-set-attributes' Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab commit 52bd456a66c1abb7dd43628080025703248b1ea2 Merge: 8f3fafc9c2f0 04db0e5ec581 Author: Jens Axboe Date: Wed Aug 29 11:05:20 2018 -0600 Merge branch 'nvme-4.19' of git://git.infradead.org/nvme into for-linus Pull NVMe fixes from Christoph. * 'nvme-4.19' of git://git.infradead.org/nvme: nvmet: free workqueue object if module init fails nvme-fcloop: Fix dropped LS's to removed target port nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event commit 8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 Author: Scott Bauer Date: Thu Apr 26 11:51:08 2018 -0600 cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status Like d88b6d04: "cdrom: information leak in cdrom_ioctl_media_changed()" There is another cast from unsigned long to int which causes a bounds check to fail with specially crafted input. The value is then used as an index in the slot array in cdrom_slot_status(). Signed-off-by: Scott Bauer Signed-off-by: Scott Bauer Cc: stable@vger.kernel.org Signed-off-by: Jens Axboe commit 823f18f8b860526fc099c222619a126d57d2ad8c Author: Matti Vaittinen Date: Wed Aug 29 15:36:10 2018 +0300 regulator: bd71837: Disable voltage monitoring for LDO3/4 There is a HW quirk in BD71837. The shutdown sequence timings for bucks/LDOs which are enabled via register interface are changed. At PMIC poweroff the voltage for BUCK6/7 is cut immediately at the beginning of shut-down sequence. This causes LDO5/6 voltage monitoring to detect under voltage and force PMIC to emergency state instead of poweroff. Disable voltage monitoring for LDO5 and LDO6 at probe to avoid this. Signed-off-by: Matti Vaittinen Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit 36156f9241cb0f9e37d998052873ca7501ad4b36 Author: Johan Hovold Date: Mon Aug 27 10:21:45 2018 +0200 of: add helper to lookup compatible child node Add of_get_compatible_child() helper that can be used to lookup compatible child nodes. Several drivers currently use of_find_compatible_node() to lookup child nodes while failing to notice that the of_find_ functions search the entire tree depth-first (from a given start node) and therefore can match unrelated nodes. The fact that these functions also drop a reference to the node they start searching from (e.g. the parent node) is typically also overlooked, something which can lead to use-after-free bugs. Signed-off-by: Johan Hovold Signed-off-by: Rob Herring commit a618cf4800970d260871c159b7eec014a1da2e81 Author: Alexey Khoroshilov Date: Tue Aug 28 23:40:26 2018 +0300 gpio: dwapb: Fix error handling in dwapb_gpio_probe() If dwapb_gpio_add_port() fails in dwapb_gpio_probe(), gpio->clk is left undisabled. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov Signed-off-by: Linus Walleij commit 5bc5a671b1f4b3aa019264ce970d3683a9ffa761 Author: Richard Fitzgerald Date: Tue Aug 28 09:45:37 2018 +0100 pinctrl: madera: Fix possible NULL pointer with pdata config If we are being configured via pdata we don't necessarily have any gpio mappings being configured that way so pdata->gpio_config could be NULL. Signed-off-by: Richard Fitzgerald Signed-off-by: Linus Walleij commit 823dd71f58eb2133c24af85fad056a8dbb1a76e9 Author: Paul Burton Date: Sat Aug 25 10:53:28 2018 -0700 pinctrl: ingenic: Fix group & function error checking Commit a203728ac6bb ("pinctrl: core: Return selector to the pinctrl driver") and commit f913cfce4ee4 ("pinctrl: pinmux: Return selector to the pinctrl driver") modified the return values of pinctrl_generic_add_group() and pinmux_generic_add_function() respectively, but did so without updating their callers. This broke the pinctrl-ingenic driver, which treats non-zero return values from these functions as errors & fails to probe. For example on a MIPS Ci20: pinctrl-ingenic 10010000.pin-controller: Failed to register group uart0-hwflow pinctrl-ingenic: probe of 10010000.pin-controller failed with error 1 Without the pinctrl driver probed, other drivers go on to fail to probe too & the system is unusable. Fix this by modifying the error checks to treat only negative values as errors, matching the commits that introduced the breakage & similar changes made to other drivers. Signed-off-by: Paul Burton Fixes: a203728ac6bb ("pinctrl: core: Return selector to the pinctrl driver") Fixes: f913cfce4ee4 ("pinctrl: pinmux: Return selector to the pinctrl driver") Cc: Linus Walleij Cc: Paul Cercueil Cc: Tony Lindgren Cc: linux-gpio@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Linus Walleij commit 78d3a92edbfb02e8cb83173cad84c3f2d5e1f070 Author: Hans de Goede Date: Tue Aug 14 16:07:03 2018 +0200 gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall GpioInt ACPI event handlers may see there IRQ triggered immediately after requesting the IRQ (esp. level triggered ones). This means that they may run before any other (builtin) drivers have had a chance to register their OpRegion handlers, leading to errors like this: [ 1.133274] ACPI Error: No handler for Region [PMOP] ((____ptrval____)) [UserDefinedRegion] (20180531/evregion-132) [ 1.133286] ACPI Error: Region UserDefinedRegion (ID=141) has no handler (20180531/exfldio-265) [ 1.133297] ACPI Error: Method parse/execution failed \_SB.GPO2._L01, AE_NOT_EXIST (20180531/psparse-516) We already defer the manual initial trigger of edge triggered interrupts by running it from a late_initcall handler, this commit replaces this with deferring the entire acpi_gpiochip_request_interrupts() call till then, fixing the problem of some OpRegions not being registered yet. Note that this removes the need to have a list of edge triggered handlers which need to run, since the entire acpi_gpiochip_request_interrupts() call is now delayed, acpi_gpiochip_request_interrupt() can call these directly now. Acked-by: Mika Westerberg Signed-off-by: Hans de Goede Signed-off-by: Linus Walleij commit 993b9bc5c47fda86f8ab4e53d68c6fea5ff2764a Author: Andy Shevchenko Date: Mon Aug 13 19:00:27 2018 +0300 gpiolib: acpi: Switch to cansleep version of GPIO library call The commit ca876c7483b6 ("gpiolib-acpi: make sure we trigger edge events at least once on boot") added a initial value check for pin which is about to be locked as IRQ. Unfortunately, not all GPIO drivers can do that atomically. Thus, switch to cansleep version of the call. Otherwise we have a warning: ... WARNING: CPU: 2 PID: 1408 at drivers/gpio/gpiolib.c:2883 gpiod_get_value+0x46/0x50 ... RIP: 0010:gpiod_get_value+0x46/0x50 ... The change tested on Intel Broxton with Whiskey Cove PMIC GPIO controller. Fixes: ca876c7483b6 ("gpiolib-acpi: make sure we trigger edge events at least once on boot") Signed-off-by: Andy Shevchenko Cc: Hans de Goede Cc: Benjamin Tissoires Acked-by: Mika Westerberg Signed-off-by: Linus Walleij commit 0434ccdcf883e53ec7156a6843943e940dc1feb8 Author: Florian Westphal Date: Fri Aug 24 08:43:36 2018 +0200 netfilter: nf_tables: rework ct timeout set support Using a private template is problematic: 1. We can't assign both a zone and a timeout policy (zone assigns a conntrack template, so we hit problem 1) 2. Using a template needs to take care of ct refcount, else we'll eventually free the private template due to ->use underflow. This patch reworks template policy to instead work with existing conntrack. As long as such conntrack has not yet been placed into the hash table (unconfirmed) we can still add the timeout extension. The only caveat is that we now need to update/correct ct->timeout to reflect the initial/new state, otherwise the conntrack entry retains the default 'new' timeout. Side effect of this change is that setting the policy must now occur from chains that are evaluated *after* the conntrack lookup has taken place. No released kernel contains the timeout policy feature yet, so this change should be ok. Changes since v2: - don't handle 'ct is confirmed case' - after previous patch, no need to special-case tcp/dccp/sctp timeout anymore Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit ef39078d6342deaddacdd550c4197421bd83fb76 Author: Florian Westphal Date: Fri Aug 24 08:43:35 2018 +0200 netfilter: conntrack: place 'new' timeout in first location too tcp, sctp and dccp trackers re-use the userspace ctnetlink states to index their timeout arrays, which means timeout[0] is never used. Copy the 'new' state (syn-sent, dccp-request, ..) to 0 as well so external users can simply read it off timeouts[0] without need to differentiate dccp/sctp/tcp and udp/icmp/gre/generic. The alternative is to map all array accesses to 'i - 1', but that is a much more intrusive change. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit 1d8f574708a3fb6f18c85486d0c5217df893c0cf Author: Marc Zyngier Date: Fri Aug 24 15:08:29 2018 +0100 arm/arm64: smccc-1.1: Make return values unsigned long An unfortunate consequence of having a strong typing for the input values to the SMC call is that it also affects the type of the return values, limiting r0 to 32 bits and r{1,2,3} to whatever was passed as an input. Let's turn everything into "unsigned long", which satisfies the requirements of both architectures, and allows for the full range of return values. Reported-by: Julien Grall Signed-off-by: Marc Zyngier Signed-off-by: Will Deacon commit afce0cc9ad8aa510650e781a51e43c26e2a34cf6 Author: Julien Grall Date: Tue Aug 14 11:33:32 2018 +0100 Documentation/arm64/sve: Couple of improvements and typos - Fix mismatch between SVE registers (Z) and FPSIMD register (V) - Don't prefix the path for [3] with Linux to stay consistent with [1] and [2]. Signed-off-by: Julien Grall Signed-off-by: Will Deacon commit 166ac9d55b0ab70b644e429be1f217fe8393cbd7 Author: Sara Sharon Date: Wed Aug 29 08:57:02 2018 +0200 mac80211: avoid kernel panic when building AMSDU from non-linear SKB When building building AMSDU from non-linear SKB, we hit a kernel panic when trying to push the padding to the tail. Instead, put the padding at the head of the next subframe. This also fixes the A-MSDU subframes to not have the padding accounted in the length field and not have pad at all for the last subframe, both required by the spec. Fixes: 6e0456b54545 ("mac80211: add A-MSDU tx support") Signed-off-by: Sara Sharon Reviewed-by: Lorenzo Bianconi Signed-off-by: Johannes Berg commit 1f631c3201fe5491808df143d8fcba81b3197ffd Author: Yuan-Chi Pang Date: Wed Aug 29 09:30:08 2018 +0800 mac80211: mesh: fix HWMP sequence numbering to follow standard IEEE 802.11-2016 14.10.8.3 HWMP sequence numbering says: If it is a target mesh STA, it shall update its own HWMP SN to maximum (current HWMP SN, target HWMP SN in the PREQ element) + 1 immediately before it generates a PREP element in response to a PREQ element. Signed-off-by: Yuan-Chi Pang Signed-off-by: Johannes Berg commit 6537886cdc9a637711fd6da980dbb87c2c87c9aa Author: Michael Hennerich Date: Mon Aug 13 15:57:44 2018 +0200 gpio: adp5588: Fix sleep-in-atomic-context bug This fixes: [BUG] gpio: gpio-adp5588: A possible sleep-in-atomic-context bug in adp5588_gpio_write() [BUG] gpio: gpio-adp5588: A possible sleep-in-atomic-context bug in adp5588_gpio_direction_input() Reported-by: Jia-Ju Bai Signed-off-by: Michael Hennerich Signed-off-by: Linus Walleij commit b55326dc969ea2d704a008d9a97583b128f54f4f Author: Stephen Boyd Date: Thu Aug 16 13:06:46 2018 -0700 pinctrl: msm: Really mask level interrupts to prevent latching The interrupt controller hardware in this pin controller has two status enable bits. The first "normal" status enable bit enables or disables the summary interrupt line being raised when a gpio interrupt triggers and the "raw" status enable bit allows or prevents the hardware from latching an interrupt into the status register for a gpio interrupt. Currently we just toggle the "normal" status enable bit in the mask and unmask ops so that the summary irq interrupt going to the CPU's interrupt controller doesn't trigger for the masked gpio interrupt. For a level triggered interrupt, the flow would be as follows: the pin controller sees the interrupt, latches the status into the status register, raises the summary irq to the CPU, summary irq handler runs and calls handle_level_irq(), handle_level_irq() masks and acks the gpio interrupt, the interrupt handler runs, and finally unmask the interrupt. When the interrupt handler completes, we expect that the interrupt line level will go back to the deasserted state so the genirq code can unmask the interrupt without it triggering again. If we only mask the interrupt by clearing the "normal" status enable bit then we'll ack the interrupt but it will continue to show up as pending in the status register because the raw status bit is enabled, the hardware hasn't deasserted the line, and thus the asserted state latches into the status register again. When the hardware deasserts the interrupt the pin controller still thinks there is a pending unserviced level interrupt because it latched it earlier. This behavior causes software to see an extra interrupt for level type interrupts each time the interrupt is handled. Let's fix this by clearing the raw status enable bit for level type interrupts so that the hardware stops latching the status of the interrupt after we ack it. We don't do this for edge type interrupts because it seems that toggling the raw status enable bit for edge type interrupts causes spurious edge interrupts. Signed-off-by: Stephen Boyd Reviewed-by: Douglas Anderson Reviewed-by: Bjorn Andersson Signed-off-by: Linus Walleij commit b497fff6f59ec4ab2816439e7ab976a90b7bab5c Author: Wei Yongjun Date: Tue Jul 31 14:38:52 2018 +0000 usb: dwc3: pci: Fix return value check in dwc3_byt_enable_ulpi_refclock() In case of error, the function pcim_iomap() returns NULL pointer not ERR_PTR(). The IS_ERR() test in the return value check should be replaced with NULL test. Fixes: 7740d04d901d ("usb: dwc3: pci: Enable ULPI Refclk on platforms where the firmware does not") Reviewed-by: Hans de Goede Signed-off-by: Wei Yongjun Signed-off-by: Felipe Balbi commit dfe1a51d2a36647f74cbad478801efa7cf394376 Author: Yoshihiro Shimoda Date: Fri Aug 3 12:12:46 2018 +0900 usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 This patch fixes an issue that maxpacket size of ep0 is incorrect for SuperSpeed. Otherwise, CDC NCM class with SuperSpeed doesn't work correctly on this driver because its control read data size is more than 64 bytes. Reported-by: Junki Kato Fixes: 746bfe63bba3 ("usb: gadget: renesas_usb3: add support for Renesas USB3.0 peripheral controller") Cc: # v4.5+ Signed-off-by: Yoshihiro Shimoda Tested-by: Junki Kato Signed-off-by: Felipe Balbi commit c37bd52836296ecc9a0fc8060b819089aebdbcde Author: Anton Vasilyev Date: Tue Aug 7 14:44:48 2018 +0300 usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] There is no deallocation of fotg210->ep[i] elements, allocated at fotg210_udc_probe. The patch adds deallocation of fotg210->ep array elements and simplifies error path of fotg210_udc_probe(). Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Anton Vasilyev Signed-off-by: Felipe Balbi commit dec3c23c9aa1815f07d98ae0375b4cbc10971e13 Author: Alan Stern Date: Wed Aug 8 11:20:39 2018 -0400 USB: net2280: Fix erroneous synchronization change Commit f16443a034c7 ("USB: gadgetfs, dummy-hcd, net2280: fix locking for callbacks") was based on a serious misunderstanding. It introduced regressions into both the dummy-hcd and net2280 drivers. The problem in dummy-hcd was fixed by commit 7dbd8f4cabd9 ("USB: dummy-hcd: Fix erroneous synchronization change"), but the problem in net2280 remains. Namely: the ->disconnect(), ->suspend(), ->resume(), and ->reset() callbacks must be invoked without the private lock held; otherwise a deadlock will occur when the callback routine tries to interact with the UDC driver. This patch largely is a reversion of the relevant parts of f16443a034c7. It also drops the private lock around the calls to ->suspend() and ->resume() (something the earlier patch forgot to do). This is safe from races with device interrupts because it occurs within the interrupt handler. Finally, the patch changes where the ->disconnect() callback is invoked when net2280_pullup() turns the pullup off. Rather than making the callback from within stop_activity() at a time when dropping the private lock could be unsafe, the callback is moved to a point after the lock has already been dropped. Signed-off-by: Alan Stern Fixes: f16443a034c7 ("USB: gadgetfs, dummy-hcd, net2280: fix locking for callbacks") Reported-by: D. Ziesche Tested-by: D. Ziesche CC: Signed-off-by: Felipe Balbi commit 66174b6998a645c39867c3a301b4ee4611d6ca5b Author: Arnd Bergmann Date: Mon Aug 13 23:56:55 2018 +0200 usb: dwc3: of-simple: avoid unused function warnings An incorrect #ifdef caused a pair of harmless warnings when CONFIG_PM_SLEEP is disabled: drivers/usb/dwc3/dwc3-of-simple.c:223:12: error: 'dwc3_of_simple_resume' defined but not used [-Werror=unused-function] static int dwc3_of_simple_resume(struct device *dev) ^~~~~~~~~~~~~~~~~~~~~ drivers/usb/dwc3/dwc3-of-simple.c:213:12: error: 'dwc3_of_simple_suspend' defined but not used [-Werror=unused-function] static int dwc3_of_simple_suspend(struct device *dev) Since the #ifdef method is generally hard to get right, use a simpler __maybe_unused annotation here to let the compiler drop the unused functions silently. This also improves compile-time coverage. Fixes: 76251db86561 ("usb: dwc3: of-simple: reset host controller at suspend/resume") Signed-off-by: Arnd Bergmann Signed-off-by: Felipe Balbi commit 5b24109b0563d45094c470684c1f8cea1af269f8 Author: Daniel Borkmann Date: Tue Aug 28 16:15:35 2018 +0200 bpf: fix several offset tests in bpf_msg_pull_data While recently going over bpf_msg_pull_data(), I noticed three issues which are fixed in here: 1) When we attempt to find the first scatterlist element (sge) for the start offset, we add len to the offset before we check for start < offset + len, whereas it should come after when we iterate to the next sge to accumulate the offsets. For example, given a start offset of 12 with a sge length of 8 for the first sge in the list would lead us to determine this sge as the first sge thinking it covers first 16 bytes where start is located, whereas start sits in subsequent sges so we would end up pulling in the wrong data. 2) After figuring out the starting sge, we have a short-cut test in !msg->sg_copy[i] && bytes <= len. This checks whether it's not needed to make the page at the sge private where we can just exit by updating msg->data and msg->data_end. However, the length test is not fully correct. bytes <= len checks whether the requested bytes (end - start offsets) fit into the sge's length. The part that is missing is that start must not be sge length aligned. Meaning, the start offset into the sge needs to be accounted as well on top of the requested bytes as otherwise we can access the sge out of bounds. For example the sge could have length of 8, our requested bytes could have length of 8, but at a start offset of 4, so we also would need to pull in 4 bytes of the next sge, when we jump to the out label we do set msg->data to sg_virt(&sg[i]) + start - offset and msg->data_end to msg->data + bytes which would be oob. 3) The subsequent bytes < copy test for finding the last sge has the same issue as in point 2) but also it tests for less than rather than less or equal to. Meaning if the sge length is of 8 and requested bytes of 8 while having the start aligned with the sge, we would unnecessarily go and pull in the next sge as well to make it private. Fixes: 015632bb30da ("bpf: sk_msg program helper bpf_sk_msg_pull_data") Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Signed-off-by: Alexei Starovoitov commit 3f16503b7d2274ac8cbab11163047ac0b4c66cfe Merge: 050cdc6c9501 152395fd03d4 Author: Linus Torvalds Date: Tue Aug 28 16:11:34 2018 -0700 Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal Pull thermal fixes from Eduardo Valentin: "Minor fixes to OF thermal, qoriq, and rcar drivers" * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal: thermal: of-thermal: disable passive polling when thermal zone is disabled thermal: rcar_gen3_thermal: convert to SPDX identifiers thermal: rcar_thermal: convert to SPDX identifiers thermal: qoriq: Switch to SPDX identifier thermal: qoriq: Simplify the 'site' variable assignment thermal: qoriq: Use devm_thermal_zone_of_sensor_register() commit 450b6b9b169382205f88858541a8b79830262ce7 Author: Gustavo A. R. Silva Date: Thu Aug 23 18:06:54 2018 -0500 clk: npcm7xx: fix memory allocation One of the more common cases of allocation size calculations is finding the size of a structure that has a zero-sized array at the end, along with memory for some number of elements for that array. For example: struct foo { int stuff; void *entry[]; }; instance = kzalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL); Instead of leaving these open-coded and prone to type mistakes, we can now use the new struct_size() helper: instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL); Notice that, currently, there is a bug during the allocation: sizeof(npcm7xx_clk_data) should be sizeof(*npcm7xx_clk_data) Fix this bug by using struct_size() in kzalloc() This issue was detected with the help of Coccinelle. Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva Reviewed-by: Kees Cook Reviewed-by: Avi Fishman Signed-off-by: Stephen Boyd commit 6d3c8ce012cefbdd73a3bba3c7f9a44af1c6a0bb Author: Colin Ian King Date: Tue Aug 28 17:10:46 2018 +0100 x86/xen: remove redundant variable save_pud Variable save_pud is being assigned but is never used hence it is redundant and can be removed. Cleans up clang warning: variable 'save_pud' set but not used [-Wunused-but-set-variable] Signed-off-by: Colin Ian King Reviewed-by: Boris Ostrovsky Signed-off-by: Boris Ostrovsky commit 076e2cedd6ea4786569c35f8725b4efdc1ecf2f2 Author: Joe Jin Date: Tue Aug 28 07:56:08 2018 -0700 xen: export device state to sysfs Export device state to sysfs to allow for easier get device state. Signed-off-by: Joe Jin Reviewed-by: Boris Ostrovsky Cc: Boris Ostrovsky Cc: Juergen Gross Cc: Konrad Rzeszutek Wilk Signed-off-by: Boris Ostrovsky commit 47d80a68f10d3290204a12f7836a9a8190dfc327 Author: Palmer Dabbelt Date: Tue Aug 28 09:37:16 2018 -0700 RISC-V: Use a less ugly workaround for unused variable warnings Thanks to Christoph Hellwig for pointing out a cleaner way to do this, as my approach was quite ugly. CC: Christoph Hellwig Signed-off-by: Palmer Dabbelt commit 0ce5671c4450527f90d2bfb31302f78580587983 Author: Will Deacon Date: Fri Aug 24 11:22:55 2018 -0700 riscv: tlb: Provide definition of tlb_flush() before including tlb.h As of commit fd1102f0aade ("mm: mmu_notifier fix for tlb_end_vma"), asm-generic/tlb.h now calls tlb_flush() from a static inline function, so we need to make sure that it's declared before #including the asm-generic header in the arch header. Reported-by: Guenter Roeck Fixes: fd1102f0aade ("mm: mmu_notifier fix for tlb_end_vma") Signed-off-by: Will Deacon [groeck: Use forward declaration instead of moving inline function] Signed-off-by: Guenter Roeck Signed-off-by: Palmer Dabbelt commit 11f65ad111fa29de2d11929f773bf1e553d5b7c4 Author: Palmer Dabbelt Date: Mon Aug 20 15:47:57 2018 -0700 dt-bindings: riscv,cpu-intc: Cleanups from a missed review I managed to miss one of Rob's code reviews on the mailing list . The patch has already been merged, so I'm submitting a fixup. Sorry! Fixes: b67bc7cb4088 ("dt-bindings: interrupt-controller: RISC-V local interrupt controller") Cc: Rob Herring Cc: Christoph Hellwig Cc: Karsten Merker Signed-off-by: Palmer Dabbelt commit 5223c9c1cbfc0cd4d0a1b50758e0949af3290fa1 Author: Angelo Dureghello Date: Sat Aug 18 01:51:58 2018 +0200 spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE This patch fixes the dspi_eoq_write function used by the ColdFire mcf5441x family. The 16 bit cmd part must be re-set at each data transfer. Also, now that fifo_size variables are used for eoq_read/write, a proper fifo size must be set (16 slots for the ColdFire dspi module version). Signed-off-by: Angelo Dureghello Acked-by: Esben Haabendal Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit 1b1b1162745e5f9e5c6c095afc8081df3edabc50 Author: Rodrigo Vivi Date: Thu Aug 23 13:51:36 2018 -0700 drm/i915: Free write_buf that we allocated with kzalloc. We use kzalloc to allocate the write_buf that we use for i2c transfer on hdcp write. But it seems that we are forgetting to free the memory that is not needed after i2c transfer is completed. Reported-by: Brian J Wood Fixes: 2320175feb74 ("drm/i915: Implement HDCP for HDMI") Cc: Ramalingam C Cc: Sean Paul Cc: Jani Nikula Cc: Rodrigo Vivi Cc: # v4.17+ Signed-off-by: Rodrigo Vivi Reviewed-by: Chris Wilson Link: https://patchwork.freedesktop.org/patch/msgid/20180823205136.31310-1-rodrigo.vivi@intel.com (cherry picked from commit 62d3a8deaa10b8346d979d0dabde56c33b742afa) Signed-off-by: Rodrigo Vivi commit 5b2695fd4b20f9b8320e9ecbfc232842bacf5b6f Author: Ville Syrjälä Date: Thu Jul 19 21:21:57 2018 +0300 drm/i915: Fix glk/cnl display w/a #1175 The workaround was supposed to look at the plane destination coordinates. Currently it's looking at some mixture of src and dst coordinates that doesn't make sense. Fix it up. Signed-off-by: Ville Syrjälä Link: https://patchwork.freedesktop.org/patch/msgid/20180719182214.4323-2-ville.syrjala@linux.intel.com Fixes: 394676f05bee (drm/i915: Add WA for planes ending close to left screen edge) Reviewed-by: Imre Deak (cherry picked from commit b1f1c2c11fc6c6cd3e361061e30f9b2839897b28) Signed-off-by: Rodrigo Vivi commit 04b2d03a75652bda989de1595048f0501dc0c0a0 Author: Geert Uytterhoeven Date: Tue Aug 21 11:53:03 2018 +0200 spi: Fix double IDR allocation with DT aliases If the SPI bus number is provided by a DT alias, idr_alloc() is called twice, leading to: WARNING: CPU: 1 PID: 1 at drivers/spi/spi.c:2179 spi_register_controller+0x11c/0x5d8 couldn't get idr Fix this by moving the handling of fixed SPI bus numbers up, before the DT handling code fills in ctlr->bus_num. Fixes: 1a4327fbf4554d5b ("spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers") Signed-off-by: Geert Uytterhoeven Tested-by: Fabio Estevam Signed-off-by: Mark Brown commit 5ea752c6efdf5aa8a57aed816d453a8f479f1b0a Author: Danny Smith Date: Thu Aug 23 10:26:20 2018 +0200 ASoC: sigmadsp: safeload should not have lower byte limit Fixed range in safeload conditional to allow safeload to up to 20 bytes, without a lower limit. Signed-off-by: Danny Smith Acked-by: Lars-Peter Clausen Signed-off-by: Mark Brown commit 960cdd50ca9fdfeb82c2757107bcb7f93c8d7d41 Author: Pierre-Louis Bossart Date: Wed Aug 22 22:49:36 2018 -0500 ASoC: wm8804: Add ACPI support HID made of either Wolfson/CirrusLogic PCI ID + 8804 identifier. This helps enumerate the HifiBerry Digi+ HAT boards on the Up2 platform. The scripts at https://github.com/thesofproject/acpi-scripts can be used to add the ACPI initrd overlays. Signed-off-by: Pierre-Louis Bossart Acked-by: Charles Keepax Signed-off-by: Mark Brown commit 7509487785d7a2bf3606cf26710f0ca29e9ca94d Author: Shuming Fan Date: Fri Aug 24 10:52:19 2018 +0800 ASoC: rt5682: Change DAC/ADC volume scale The step of DAC/ADC volume scale changes from 0.375dB to 0.75dB Signed-off-by: Shuming Fan Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit ca917f9fe1a0fab3dde41bba4bbd173c5a3c5805 Author: Ryan Lee Date: Thu Aug 23 18:37:08 2018 -0700 ASoC: max98373: Added 10ms sleep after amp software reset Signed-off-by: Ryan Lee Signed-off-by: Mark Brown commit 6ddd9769db4fc11a98bd7e58be1764e47fdb8384 Author: Emily Deng Date: Tue Aug 28 20:52:40 2018 +0800 drm/amdgpu: Need to set moved to true when evict bo Fix the VMC page fault when the running sequence is as below: 1.amdgpu_gem_create_ioctl 2.ttm_bo_swapout->amdgpu_vm_bo_invalidate, as not called amdgpu_vm_bo_base_init, so won't called list_add_tail(&base->bo_list, &bo->va). Even the bo was evicted, it won't set the bo_base->moved. 3.drm_gem_open_ioctl->amdgpu_vm_bo_base_init, here only called list_move_tail(&base->vm_status, &vm->evicted), but not set the bo_base->moved. 4.amdgpu_vm_bo_map->amdgpu_vm_bo_insert_map, as the bo_base->moved is not set true, the function amdgpu_vm_bo_insert_map will call list_move(&bo_va->base.vm_status, &vm->moved) 5.amdgpu_cs_ioctl won't validate the swapout bo, as it is only in the moved list, not in the evict list. So VMC page fault occurs. Signed-off-by: Emily Deng Reviewed-by: Christian König Signed-off-by: Alex Deucher commit 2d59bb602314a4b2593fde267734266b5e872dd0 Author: Tony Lindgren Date: Mon Aug 27 19:18:21 2018 -0700 ARM: dts: omap4-droid4: Fix emmc errors seen on some devices Otherwise we can get the following errors occasionally on some devices: mmc1: tried to HW reset card, got error -110 mmcblk1: error -110 requesting status mmcblk1: recovery failed! print_req_error: I/O error, dev mmcblk1, sector 14329 ... I have one device that hits this error almost on every boot, and another one that hits it only rarely with the other ones I've used behave without problems. I'm not sure if the issue is related to a particular eMMC card model, but in case it is, both of the machines with issues have: # cat /sys/class/mmc_host/mmc1/mmc1:0001/manfid \ /sys/class/mmc_host/mmc1/mmc1:0001/oemid \ /sys/class/mmc_host/mmc1/mmc1:0001/name 0x000045 0x0100 SEM16G and the working ones have: 0x000011 0x0100 016G92 Note that "ti,non-removable" is different as omap_hsmmc_reg_get() does not call omap_hsmmc_disable_boot_regulators() if no_regulator_off_init is set. And currently we set no_regulator_off_init only for "ti,non-removable" and not for "non-removable". It seems that we should have "non-removable" with some other mmc generic property behave in the same way instead of having to use a non-generic property. But let's fix the issue first. Fixes: 7e2f8c0ae670 ("ARM: dts: Add minimal support for motorola droid 4 xt894") Cc: Marcel Partap Cc: Merlijn Wajer Cc: Michael Scott Cc: NeKit Cc: Pavel Machek Cc: Sebastian Reichel Signed-off-by: Tony Lindgren commit ea4d65f14f6aaa53e379b93c5544245ef081b3e7 Merge: ce32d59ee2cd 496f3347d834 Author: Tony Lindgren Date: Tue Aug 28 09:58:03 2018 -0700 Merge branch 'perm-fix' into omap-for-v4.19/fixes-v2 commit 496f3347d834aec91c38b45d6249ed00f58ad233 Author: Neeraj Dantu Date: Tue Aug 28 16:37:58 2018 +0000 ARM: dts: Fix file permission for am335x-osd3358-sm-red.dts Fix wrong mode for dts file added by commit bb3e3fbbac86 ("ARM: dts: Add DT support for Octavo Systems OSD3358-SM-RED based on TI AM335x"). Signed-off-by: Neeraj Dantu CC: Robert Nelson CC: Jason Kridner Signed-off-by: Tony Lindgren commit f86cf25a609107960cf05263e491463feaae1f99 Author: Gao Xiang Date: Tue Aug 28 11:39:48 2018 +0800 Revert "staging: erofs: disable compiling temporarile" This reverts commit 156c3df8d4db4e693c062978186f44079413d74d. Since XArray and the new mount apis aren't merged in 4.19-rc1 merge window, the BROKEN mark can be reverted directly without any problems. Fixes: 156c3df8d4db ("staging: erofs: disable compiling temporarile") Cc: Matthew Wilcox Cc: David Howells Reviewed-by: Chao Yu Signed-off-by: Gao Xiang Signed-off-by: Greg Kroah-Hartman commit b2dd9f2e5a8a4a6afa9d41411cdbfc2f5ceeba71 Author: Stefan Agner Date: Tue Aug 28 13:29:54 2018 +0200 HID: core: fix memory leak on probe The dynamically allocted collection stack does not get freed in all situations. Make sure to also free the collection stack when using the parser in hid_open_report(). Fixes: 08a8a7cf1459 ("HID: core: do not upper bound the collection stack") Signed-off-by: Stefan Agner Signed-off-by: Jiri Kosina commit e38c0ac55ee67cf3626cfbc2283f8873dc44d370 Author: Stefan Agner Date: Tue Aug 28 13:29:55 2018 +0200 HID: input: fix leaking custom input node name Make sure to free the custom input node name on disconnect. Cc: stable@vger.kernel.org # v4.18+ Fixes: c554bb045511 ("HID: input: append a suffix matching the application") Signed-off-by: Stefan Agner Signed-off-by: Jiri Kosina commit ee345492437043a79db058a3d4f029ebcb52089a Author: Sean O'Brien Date: Mon Aug 27 13:02:15 2018 -0700 HID: add support for Apple Magic Keyboards USB device Vendor 05ac (Apple) Device 026c (Magic Keyboard with Numeric Keypad) Bluetooth devices Vendor 004c (Apple) Device 0267 (Magic Keyboard) Device 026c (Magic Keyboard with Numeric Keypad) Support already exists for the Magic Keyboard over USB connection. Add support for the Magic Keyboard over Bluetooth connection, and for the Magic Keyboard with Numeric Keypad over Bluetooth and USB connection. Signed-off-by: Sean O'Brien Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina commit fb6acf76c3fdd97fea6995e64e2c665725f00fc5 Author: AceLan Kao Date: Tue Aug 21 16:55:13 2018 +0800 HID: i2c-hid: Fix flooded incomplete report after S3 on Rayd touchscreen The incomplete report flooded after S3 and touchscreen becomes malfunctioned. [ 1367.646244] i2c_hid i2c-CUST0000:00: i2c_hid_get_input: incomplete report (58/18785) [ 1367.649471] i2c_hid i2c-CUST0000:00: i2c_hid_get_input: incomplete report (58/28743) [ 1367.651092] i2c_hid i2c-CUST0000:00: i2c_hid_get_input: incomplete report (58/26757) [ 1367.652658] i2c_hid i2c-CUST0000:00: i2c_hid_get_input: incomplete report (58/52280) [ 1367.654287] i2c_hid i2c-CUST0000:00: i2c_hid_get_input: incomplete report (58/56059) Adding device ID, 04F3:30CC, to the quirk to re-send report description after resume. Cc: stable@vger.kernel.org Signed-off-by: AceLan Kao Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina commit e0ab8b26aa9661df0541a657e2b2416d90488809 Author: Andreas Bosch Date: Fri Aug 17 22:16:00 2018 +0200 HID: intel-ish-hid: Enable Sunrise Point-H ish driver Added PCI ID for Sunrise Point-H ISH. Signed-off-by: Andreas Bosch Acked-by: Srinivas Pandruvada Signed-off-by: Jiri Kosina commit b88d26d97c41680f7327e5fb8061ad0037877f40 Author: Haim Dreyfuss Date: Tue Aug 21 09:22:20 2018 +0300 nl80211: Pass center frequency in kHz instead of MHz freq_reg_info expects to get the frequency in kHz. Instead we accidently pass it in MHz. Thus, currently the function always return ERR rule. Fix that. Fixes: 50f32718e125 ("nl80211: Add wmm rule attribute to NL80211_CMD_GET_WIPHY dump command") Signed-off-by: Haim Dreyfuss Signed-off-by: Luca Coelho [fix kHz/MHz in commit message] Signed-off-by: Johannes Berg commit d3c89bbc7491d5e288ca2993e999d24ba9ff52ad Author: Haim Dreyfuss Date: Tue Aug 21 09:22:19 2018 +0300 nl80211: Fix nla_put_u8 to u16 for NL80211_WMMR_TXOP TXOP (also known as Channel Occupancy Time) is u16 and should be added using nla_put_u16 instead of u8, fix that. Fixes: 50f32718e125 ("nl80211: Add wmm rule attribute to NL80211_CMD_GET_WIPHY dump command") Signed-off-by: Haim Dreyfuss Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg commit 3a2af7cccbbaf2362db9053a946a6084e12bfa73 Author: Jinbum Park Date: Tue Jul 31 23:10:40 2018 +0900 mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom User controls @idx which to be used as index of hwsim_world_regdom_custom. So, It can be exploited via Spectre-like attack. (speculative execution) This kind of attack leaks address of hwsim_world_regdom_custom, It leads an attacker to bypass security mechanism such as KASLR. So sanitize @idx before using it to prevent attack. I leveraged strategy [1] to find and exploit this gadget. [1] https://github.com/jinb-park/linux-exploit/tree/master/exploit-remaining-spectre-gadget/ Signed-off-by: Jinbum Park [johannes: unwrap URL] Signed-off-by: Johannes Berg commit 20932750d9c78d307e4f2f18f9c6a32b82b1e0e8 Author: Emmanuel Grumbach Date: Mon Aug 20 13:56:07 2018 +0300 mac80211: don't update the PM state of a peer upon a multicast frame I changed the way mac80211 updates the PM state of the peer. I forgot that we could also have multicast frames from the peer and that those frame should of course not change the PM state of the peer: A peer goes to power save when it needs to scan, but it won't send the broadcast Probe Request with the PM bit set. This made us mark the peer as awake when it wasn't and then Intel's firmware would fail to transmit because the peer is asleep according to its database. The driver warned about this and it looked like this: WARNING: CPU: 0 PID: 184 at /usr/src/linux-4.16.14/drivers/net/wireless/intel/iwlwifi/mvm/tx.c:1369 iwl_mvm_rx_tx_cmd+0x53b/0x860 CPU: 0 PID: 184 Comm: irq/124-iwlwifi Not tainted 4.16.14 #1 RIP: 0010:iwl_mvm_rx_tx_cmd+0x53b/0x860 Call Trace: iwl_pcie_rx_handle+0x220/0x880 iwl_pcie_irq_handler+0x6c9/0xa20 ? irq_forced_thread_fn+0x60/0x60 ? irq_thread_dtor+0x90/0x90 The relevant code that spits the WARNING is: case TX_STATUS_FAIL_DEST_PS: /* the FW should have stopped the queue and not * return this status */ WARN_ON(1); info->flags |= IEEE80211_TX_STAT_TX_FILTERED; This fixes https://bugzilla.kernel.org/show_bug.cgi?id=199967. Fixes: 9fef65443388 ("mac80211: always update the PM state of a peer on MGMT / DATA frames") Cc: #4.16+ Signed-off-by: Emmanuel Grumbach Signed-off-by: Johannes Berg commit 38cb87ee47fb825f6c9d645c019f75b3905c0ab2 Author: Stanislaw Gruszka Date: Wed Aug 22 13:52:21 2018 +0200 cfg80211: make wmm_rule part of the reg_rule structure Make wmm_rule be part of the reg_rule structure. This simplifies the code a lot at the cost of having bigger memory usage. However in most cases we have only few reg_rule's and when we do have many like in iwlwifi we do not save memory as it allocates a separate wmm_rule for each channel anyway. This also fixes a bug reported in various places where somewhere the pointers were corrupted and we ended up doing a null-dereference. Fixes: 230ebaa189af ("cfg80211: read wmm rules from regulatory database") Signed-off-by: Stanislaw Gruszka [rephrase commit message slightly] Signed-off-by: Johannes Berg commit d7c863a2f65e48f442379f4ee1846d52e0c5d24d Author: Danek Duvall Date: Wed Aug 22 16:01:05 2018 -0700 mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X The mac80211_hwsim driver intends to say that it supports up to four STBC receive streams, but instead it ends up saying something undefined. The IEEE80211_VHT_CAP_RXSTBC_X macros aren't independent bits that can be ORed together, but values. In this case, _4 is the appropriate one to use. Signed-off-by: Danek Duvall Signed-off-by: Johannes Berg commit 67d1ba8a6dc83d90cd58b89fa6cbf9ae35a0cf7f Author: Danek Duvall Date: Wed Aug 22 16:01:04 2018 -0700 mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X The mod mask for VHT capabilities intends to say that you can override the number of STBC receive streams, and it does, but only by accident. The IEEE80211_VHT_CAP_RXSTBC_X aren't bits to be set, but values (albeit left-shifted). ORing the bits together gets the right answer, but we should use the _MASK macro here instead. Signed-off-by: Danek Duvall Signed-off-by: Johannes Berg commit 501ca81760c204ec59b73e4a00bee5971fc0f1b1 Author: John Fastabend Date: Fri Aug 24 17:37:00 2018 -0700 bpf: sockmap, decrement copied count correctly in redirect error case Currently, when a redirect occurs in sockmap and an error occurs in the redirect call we unwind the scatterlist once in the error path of bpf_tcp_sendmsg_do_redirect() and then again in sendmsg(). Then in the error path of sendmsg we decrement the copied count by the send size. However, its possible we partially sent data before the error was generated. This can happen if do_tcp_sendpages() partially sends the scatterlist before encountering a memory pressure error. If this happens we need to decrement the copied value (the value tracking how many bytes were actually sent to TCP stack) by the number of remaining bytes _not_ the entire send size. Otherwise we risk confusing userspace. Also we don't need two calls to free the scatterlist one is good enough. So remove the one in bpf_tcp_sendmsg_do_redirect() and then properly reduce copied by the number of remaining bytes which may in fact be the entire send size if no bytes were sent. To do this use bool to indicate if free_start_sg() should do mem accounting or not. Signed-off-by: John Fastabend Signed-off-by: Daniel Borkmann commit 04db0e5ec58167364a80fd33ddb4f3b67434eb85 Author: Chaitanya Kulkarni Date: Wed Aug 15 18:48:25 2018 -0700 nvmet: free workqueue object if module init fails Signed-off-by: Chaitanya Kulkarni Signed-off-by: Christoph Hellwig commit afd299ca996929f4f98ac20da0044c0cdc124879 Author: James Smart Date: Thu Aug 9 16:00:14 2018 -0700 nvme-fcloop: Fix dropped LS's to removed target port When a targetport is removed from the config, fcloop will avoid calling the LS done() routine thinking the targetport is gone. This leaves the initiator reset/reconnect hanging as it waits for a status on the Create_Association LS for the reconnect. Change the filter in the LS callback path. If tport null (set when failed validation before "sending to remote port"), be sure to call done. This was the main bug. But, continue the logic that only calls done if tport was set but there is no remoteport (e.g. case where remoteport has been removed, thus host doesn't expect a completion). Signed-off-by: James Smart Signed-off-by: Christoph Hellwig commit f1ed3df20d2d223e0852cc4ac1f19bba869a7e3c Author: Michal Wnukowski Date: Wed Aug 15 15:51:57 2018 -0700 nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event In many architectures loads may be reordered with older stores to different locations. In the nvme driver the following two operations could be reordered: - Write shadow doorbell (dbbuf_db) into memory. - Read EventIdx (dbbuf_ei) from memory. This can result in a potential race condition between driver and VM host processing requests (if given virtual NVMe controller has a support for shadow doorbell). If that occurs, then the NVMe controller may decide to wait for MMIO doorbell from guest operating system, and guest driver may decide not to issue MMIO doorbell on any of subsequent commands. This issue is purely timing-dependent one, so there is no easy way to reproduce it. Currently the easiest known approach is to run "Oracle IO Numbers" (orion) that is shipped with Oracle DB: orion -run advanced -num_large 0 -size_small 8 -type rand -simulate \ concat -write 40 -duration 120 -matrix row -testname nvme_test Where nvme_test is a .lun file that contains a list of NVMe block devices to run test against. Limiting number of vCPUs assigned to given VM instance seems to increase chances for this bug to occur. On test environment with VM that got 4 NVMe drives and 1 vCPU assigned the virtual NVMe controller hang could be observed within 10-20 minutes. That correspond to about 400-500k IO operations processed (or about 100GB of IO read/writes). Orion tool was used as a validation and set to run in a loop for 36 hours (equivalent of pushing 550M IO operations). No issues were observed. That suggest that the patch fixes the issue. Fixes: f9f38e33389c ("nvme: improve performance for virtual NVMe devices") Signed-off-by: Michal Wnukowski Reviewed-by: Keith Busch Reviewed-by: Sagi Grimberg [hch: updated changelog and comment a bit] Signed-off-by: Christoph Hellwig commit 3f6e138d41ddff196f452993528cfe75762ede0f Author: Stefan Agner Date: Mon Aug 27 21:30:42 2018 +0200 bpf: fix build error with clang Building the newly introduced BPF_PROG_TYPE_SK_REUSEPORT leads to a compile time error when building with clang: net/core/filter.o: In function `sk_reuseport_convert_ctx_access': ../net/core/filter.c:7284: undefined reference to `__compiletime_assert_7284' It seems that clang has issues resolving hweight_long at compile time. Since SK_FL_PROTO_MASK is a constant, we can use the interface for known constant arguments which works fine with clang. Fixes: 2dbb9b9e6df6 ("bpf: Introduce BPF_PROG_TYPE_SK_REUSEPORT") Signed-off-by: Stefan Agner Signed-off-by: Alexei Starovoitov commit 15c480efab01197c965ce0562a43ffedd852b8f9 Author: Daniel Borkmann Date: Fri Aug 24 22:08:51 2018 +0200 bpf, sockmap: fix psock refcount leak in bpf_tcp_recvmsg In bpf_tcp_recvmsg() we first took a reference on the psock, however once we find that there are skbs in the normal socket's receive queue we return with processing them through tcp_recvmsg(). Problem is that we leak the taken reference on the psock in that path. Given we don't really do anything with the psock at this point, move the skb_queue_empty() test before we fetch the psock to fix this case. Fixes: 8934ce2fd081 ("bpf: sockmap redirect ingress support") Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Signed-off-by: Alexei Starovoitov commit e06fa9c16ce4b740996189fa5610eabcee734e6c Author: Daniel Borkmann Date: Fri Aug 24 22:08:50 2018 +0200 bpf, sockmap: fix potential use after free in bpf_tcp_close bpf_tcp_close() we pop the psock linkage to a map via psock_map_pop(). A parallel update on the sock hash map can happen between psock_map_pop() and lookup_elem_raw() where we override the element under link->hash / link->key. In bpf_tcp_close()'s lookup_elem_raw() we subsequently only test whether an element is present, but we do not test whether the element is infact the element we were looking for. We lock the sock in bpf_tcp_close() during that time, so do we hold the lock in sock_hash_update_elem(). However, the latter locks the sock which is newly updated, not the one we're purging from the hash table. This means that while one CPU is doing the lookup from bpf_tcp_close(), another CPU is doing the map update in parallel, dropped our sock from the hlist and released the psock. Subsequently the first CPU will find the new sock and attempts to drop and release the old sock yet another time. Fix is that we need to check the elements for a match after lookup, similar as we do in the sock map. Note that the hash tab elems are freed via RCU, so access to their link->hash / link->key is fine since we're under RCU read side there. Fixes: e9db4ef6bf4c ("bpf: sockhash fix omitted bucket lock in sock_close") Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Signed-off-by: Alexei Starovoitov commit db193954ed9e35701b6e489fa4cc97b08589341b Author: John Pittman Date: Mon Aug 27 14:33:05 2018 -0400 block: bsg: move atomic_t ref_count variable to refcount API Currently, variable ref_count within the bsg_device struct is of type atomic_t. For variables being used as reference counters, the refcount API should be used instead of atomic. The newer refcount API works to prevent counter overflows and use-after-free bugs. So, move this varable from the atomic API to refcount, potentially avoiding the issues mentioned. Signed-off-by: John Pittman Signed-off-by: Jens Axboe commit 62d2a1940709198a522a43ff8be8b8f6b3654dec Author: Chengguang Xu Date: Tue Aug 28 07:31:11 2018 +0800 block: remove unnecessary condition check kmem_cache_destroy() can handle NULL pointer correctly, so there is no need to check e->icq_cache before calling kmem_cache_destroy(). Signed-off-by: Chengguang Xu Signed-off-by: Jens Axboe commit 53ae914d898e5dd5984d352d5fa0b23410f966a0 Author: Zhu Yanjun Date: Sat Aug 25 15:19:05 2018 +0800 net/rds: Use rdma_read_gids to get connection SGID/DGID in IPv6 In IPv4, the newly introduced rdma_read_gids is used to read the SGID/DGID for the connection which returns GID correctly for RoCE transport as well. In IPv6, rdma_read_gids is also used. The following are why rdma_read_gids is introduced. rdma_addr_get_dgid() for RoCE for client side connections returns MAC address, instead of DGID. rdma_addr_get_sgid() for RoCE doesn't return correct SGID for IPv6 and when more than one IP address is assigned to the netdevice. So the transport agnostic rdma_read_gids() API is provided by rdma_cm module. Signed-off-by: Zhu Yanjun Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller commit ad8619864f0c9bd89e14d957afa3fd8aaf0720da Author: Linus Walleij Date: Mon Aug 27 00:20:11 2018 +0200 net: dsa: Drop GPIO includes Commit 52638f71fcff ("dsa: Move gpio reset into switch driver") moved the GPIO handling into the switch drivers but forgot to remove the GPIO header includes. Signed-off-by: Linus Walleij Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 30935198b7d0be12b1c45c328b66a7fdefb16256 Author: Haiqing Bai Date: Mon Aug 27 09:32:26 2018 +0800 tipc: fix the big/little endian issue in tipc_dest In function tipc_dest_push, the 32bit variables 'node' and 'port' are stored separately in uppper and lower part of 64bit 'value'. Then this value is assigned to dst->value which is a union like: union { struct { u32 port; u32 node; }; u64 value; } This works on little-endian machines like x86 but fails on big-endian machines. The fix remove the 'value' stack parameter and even the 'value' member of the union in tipc_dest, assign the 'node' and 'port' member directly with the input parameter to avoid the endian issue. Fixes: a80ae5306a73 ("tipc: improve destination linked list") Signed-off-by: Zhenbo Gao Acked-by: Jon Maloy Signed-off-by: Haiqing Bai Signed-off-by: David S. Miller commit ca2b1d2d4271209060a1c9e8e1ffb06fbecc812b Merge: 84581bdae958 b7b4247d5539 Author: David S. Miller Date: Mon Aug 27 15:16:16 2018 -0700 Merge branch 'net-sched-fixes' Jiri Pirko says: ==================== net: sched: couple of small fixes Jiri Pirko (2): net: sched: fix extack error message when chain is failed to be created net: sched: return -ENOENT when trying to remove filter from non-existent chain ==================== Acked-by: Cong Wang Signed-off-by: David S. Miller commit b7b4247d553939ccf02ff597ec60f41a2f93ee8e Author: Jiri Pirko Date: Mon Aug 27 20:58:44 2018 +0200 net: sched: return -ENOENT when trying to remove filter from non-existent chain When chain 0 was implicitly created, removal of non-existent filter from chain 0 gave -ENOENT. Once chain 0 became non-implicit, the same call is giving -EINVAL. Fix this by returning -ENOENT in that case. Reported-by: Roman Mashak Fixes: f71e0ca4db18 ("net: sched: Avoid implicit chain 0 creation") Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller commit d5ed72a55bc0a321ef33d272e2b0bf0d2b06d1fe Author: Jiri Pirko Date: Mon Aug 27 20:58:43 2018 +0200 net: sched: fix extack error message when chain is failed to be created Instead "Cannot find" say "Cannot create". Fixes: c35a4acc2985 ("net: sched: cls_api: handle generic cls errors") Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller commit 84581bdae9587023cea1d139523f0ef0f28bd88d Author: Xin Long Date: Mon Aug 27 18:41:32 2018 +0800 erspan: set erspan_ver to 1 by default when adding an erspan dev After erspan_ver is introudced, if erspan_ver is not set in iproute, its value will be left 0 by default. Since Commit 02f99df1875c ("erspan: fix invalid erspan version."), it has broken the traffic due to the version check in erspan_xmit if users are not aware of 'erspan_ver' param, like using an old version of iproute. To fix this compatibility problem, it sets erspan_ver to 1 by default when adding an erspan dev in erspan_setup. Note that we can't do it in ipgre_netlink_parms, as this function is also used by ipgre_changelink. Fixes: 02f99df1875c ("erspan: fix invalid erspan version.") Reported-by: Jianlin Shi Signed-off-by: Xin Long Signed-off-by: David S. Miller commit 834539e69a5fe2aab33cc777ccfd4a4fcc5b9770 Author: Xin Long Date: Mon Aug 27 18:40:18 2018 +0800 sctp: remove useless start_fail from sctp_ht_iter in proc After changing rhashtable_walk_start to return void, start_fail would never be set other value than 0, and the checking for start_fail is pointless, so remove it. Fixes: 97a6ec4ac021 ("rhashtable: Change rhashtable_walk_start to return void") Signed-off-by: Xin Long Acked-by: Neil Horman Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller commit bab1be79a5169ac748d8292b20c86d874022d7ba Author: Xin Long Date: Mon Aug 27 18:38:31 2018 +0800 sctp: hold transport before accessing its asoc in sctp_transport_get_next As Marcelo noticed, in sctp_transport_get_next, it is iterating over transports but then also accessing the association directly, without checking any refcnts before that, which can cause an use-after-free Read. So fix it by holding transport before accessing the association. With that, sctp_transport_hold calls can be removed in the later places. Fixes: 626d16f50f39 ("sctp: export some apis or variables for sctp_diag and reuse some for proc") Reported-by: syzbot+fe62a0c9aa6a85c6de16@syzkaller.appspotmail.com Signed-off-by: Xin Long Acked-by: Neil Horman Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller commit 46cb52ad414ac829680d0bb8cc7090ac2b577ca7 Author: Linus Walleij Date: Sun Jul 15 22:09:29 2018 +0200 ata: ftide010: Add a quirk for SQ201 The DMA is broken on this specific device for some unknown reason (probably badly designed or plain broken interface electronics) and will only work with PIO. Other users of the same hardware does not have this problem. Add a specific quirk so that this Gemini device gets DMA turned off. Also fix up some code around passing the port information around in probe while we're at it. Signed-off-by: Linus Walleij Signed-off-by: Jens Axboe commit c31d02d1290e1e82a08015199e408228e152991f Author: Thiago Jung Bauermann Date: Tue Jul 24 23:57:25 2018 -0300 selftests: kselftest: Remove outdated comment Commit 3c07aaef6598 ("selftests: kselftest: change KSFT_SKIP=4 instead of KSFT_PASS") reverted commit 11867a77eb85 ("selftests: kselftest framework: change skip exit code to 0") but missed removing the comment which that commit added, so do that now. Signed-off-by: Thiago Jung Bauermann Signed-off-by: Shuah Khan (Samsung OSG) commit 2f4e7db0f7456d8312de88d321b889dbd10c18fd Author: Rex Zhu Date: Thu Aug 23 11:46:13 2018 +0800 drm/amdgpu: Remove duplicated power source update when ac/dc switch, driver will be notified by acpi event. then the power source will be updated. so don't need to get power source when set power state. Reviewed-by: Alex Deucher Signed-off-by: Rex Zhu Signed-off-by: Alex Deucher commit e7603dadd3cc2fa65924d9e8ce0c6f2964866da0 Author: SivapiriyanKumarasamy Date: Wed Aug 15 16:55:18 2018 -0400 drm/amd/display: Fix memory leak caused by missed dc_sink_release [Why] There is currently an intermittent hang from a memory leak in DTN stress testing. It is caused by unfreed memory during driver disable. [How] Do a dc_sink_release in the case that skips it incorrectly. Signed-off-by: SivapiriyanKumarasamy Reviewed-by: Aric Cyr Acked-by: Leo Li Signed-off-by: Alex Deucher commit 4a2de54dc1d7668fa364d8483420ba64b120963b Author: Christian König Date: Fri Aug 24 14:48:02 2018 +0200 drm/amdgpu: fix holding mn_lock while allocating memory We can't hold the mn_lock while allocating memory. Signed-off-by: Christian König Acked-by: Chunming Zhou Signed-off-by: Alex Deucher commit 72ef23de207bad349ddc648296f330e176ac175b Author: Rex Zhu Date: Thu Aug 23 15:41:57 2018 +0800 drm/amdgpu: Power on uvd block when hw_fini when hw_fini/suspend, smu only need to power on uvd block if uvd pg is supported, don't need to call uvd to do hw_init. v2: fix typo in patch descriptions and comments. Reviewed-by: Alex Deucher Tested-by: Michel Dänzer Signed-off-by: Rex Zhu Signed-off-by: Alex Deucher commit 2ab4d0e74256fc49b7b270f63c1d1e47c2455abc Author: Rex Zhu Date: Fri Aug 24 16:17:54 2018 +0800 drm/amdgpu: Update power state at the end of smu hw_init. For SI/Kv, the power state is managed by function amdgpu_pm_compute_clocks. when dpm enabled, we should call amdgpu_pm_compute_clocks to update current power state instand of set boot state. this change can fix the oops when kfd driver was enabled on Kv. Reviewed-by: Alex Deucher Tested-by: Michel Dänzer Signed-off-by: Rex Zhu Signed-off-by: Alex Deucher commit 6d39df146ff12fb5c71634ad135144d5423590ec Author: Rex Zhu Date: Thu Aug 23 15:30:45 2018 +0800 drm/amdgpu: Fix vce initialize failed on Kaveri/Mullins Forgot to add vce pg support via smu for Kaveri/Mullins. Fixes: 561a5c83eadd ("drm/amd/pp: Unify powergate_uvd/vce/mmhub to set_powergating_by_smu") v2: refine patch descriptions suggested by Michel Reviewed-by: Alex Deucher Tested-by: Michel Dänzer Signed-off-by: Rex Zhu Signed-off-by: Alex Deucher commit 8ef23364b654d44244400d79988e677e504b21ba Author: Rex Zhu Date: Fri Aug 24 17:26:23 2018 +0800 drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode This is required by gfx hw and can fix the rlc hang when do s3 stree test on Cz/St. Reviewed-by: Alex Deucher Signed-off-by: Hang Zhou Signed-off-by: Rex Zhu Signed-off-by: Alex Deucher commit fca5d959972c18839f0306f19df2f121623447dd Author: Felix Kuehling Date: Tue Aug 21 17:14:32 2018 -0400 drm/amdgpu: Adjust the VM size based on system memory size v2 Set the VM size based on system memory size between the ASIC-specific limits given by min_vm_size and max_bits. GFXv9 GPUs will keep their default VM size of 256TB (48 bit). Only older GPUs will adjust VM size depending on system memory size. This makes more VM space available for ROCm applications on GFXv8 GPUs that want to map all available VRAM and system memory in their SVM address space. v2: * Clarify comment * Round up memory size before >> 30 * Round up automatic vm_size to power of two Signed-off-by: Felix Kuehling Acked-by: Junwei Zhang Reviewed-by: Huang Rui Reviewed-by: Christian König Signed-off-by: Alex Deucher commit 88bc243a3f22b9938c0b53c577dee28025cdb920 Author: Anders Roxell Date: Fri Aug 24 14:49:41 2018 +0200 selftests: android: move config up a level 'make kselftest-merge' assumes that the config files for the tests are located under the 'main' test dir, like tools/testing/selftests/android/ and not in a subdir to android. Signed-off-by: Anders Roxell Signed-off-by: Shuah Khan (Samsung OSG) commit b0a84beb2e35536839ea289182684528f379b860 Author: Jens Axboe Date: Mon Aug 27 13:32:12 2018 -0600 blk-wbt: remove dead code We already note and mark discard and swap IO from bio_to_wbt_flags(). Signed-off-by: Jens Axboe commit 050cdc6c9501abcd64720b8cc3e7941efee9547d Merge: 908946c4bee7 98c8f125fd8a Author: Linus Torvalds Date: Mon Aug 27 11:59:39 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) ICE, E1000, IGB, IXGBE, and I40E bug fixes from the Intel folks. 2) Better fix for AB-BA deadlock in packet scheduler code, from Cong Wang. 3) bpf sockmap fixes (zero sized key handling, etc.) from Daniel Borkmann. 4) Send zero IPID in TCP resets and SYN-RECV state ACKs, to prevent attackers using it as a side-channel. From Eric Dumazet. 5) Memory leak in mediatek bluetooth driver, from Gustavo A. R. Silva. 6) Hook up rt->dst.input of ipv6 anycast routes properly, from Hangbin Liu. 7) hns and hns3 bug fixes from Huazhong Tan. 8) Fix RIF leak in mlxsw driver, from Ido Schimmel. 9) iova range check fix in vhost, from Jason Wang. 10) Fix hang in do_tcp_sendpages() with tls, from John Fastabend. 11) More r8152 chips need to disable RX aggregation, from Kai-Heng Feng. 12) Memory exposure in TCA_U32_SEL handling, from Kees Cook. 13) TCP BBR congestion control fixes from Kevin Yang. 14) hv_netvsc, ignore non-PCI devices, from Stephen Hemminger. 15) qed driver fixes from Tomer Tayar. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (77 commits) net: sched: Fix memory exposure from short TCA_U32_SEL qed: fix spelling mistake "comparsion" -> "comparison" vhost: correctly check the iova range when waking virtqueue qlge: Fix netdev features configuration. net: macb: do not disable MDIO bus at open/close time Revert "net: stmmac: fix build failure due to missing COMMON_CLK dependency" net: macb: Fix regression breaking non-MDIO fixed-link PHYs mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge i40e: fix condition of WARN_ONCE for stat strings i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled ixgbe: fix driver behaviour after issuing VFLR ixgbe: Prevent unsupported configurations with XDP ixgbe: Replace GFP_ATOMIC with GFP_KERNEL igb: Replace mdelay() with msleep() in igb_integrated_phy_loopback() igb: Replace GFP_ATOMIC with GFP_KERNEL in igb_sw_init() igb: Use an advanced ctx descriptor for launchtime e1000: ensure to free old tx/rx rings in set_ringparam() e1000: check on netif_running() before calling e1000_up() ixgb: use dma_zalloc_coherent instead of allocator/memset ice: Trivial formatting fixes ... commit 336d139f8718b1336c9d22f0e462611ae1229850 Author: Masahiro Yamada Date: Mon Aug 27 16:01:41 2018 +0900 mtd: rawnand: denali: do not pass zero maxchips to nand_scan() Commit 49aa76b16676 ("mtd: rawnand: do not execute nand_scan_ident() if maxchips is zero") gave a new meaning for calling nand_scan_ident() with maxchips=0. It is a special usage for some drivers such as docg4, but actually the Denali driver may pass maxchips=0 to nand_scan() when the driver is enabled but no NAND chip is found on the board for some reasons. If nand_scan_with_ids() is called with maxchips=0, nand_scan_ident() is skipped, then nand_set_defaults() is skipped as well. Thus, the driver must set chip->controller beforehand. Otherwise, nand_attach() causes NULL pointer dereference. In fact, the Denali controller knows the number of connected chips before calling nand_scan_ident(); if DEVICE_RESET fails, there is no chip in that chip select. Then, denali_reset_banks() sets the maxchips to the number of detected chips. If no chip is found, maxchips is zero. In this case, there is no point for calling nand_scan() because we know it will fail for sure. Let's make the probe function fail immediately. Fixes: 49aa76b16676 ("mtd: rawnand: do not execute nand_scan_ident() if maxchips is zero") Signed-off-by: Masahiro Yamada Acked-by: Miquel Raynal Signed-off-by: Boris Brezillon commit b2d7a075a1ccef2fb321d595802190c8e9b39004 Author: Juergen Gross Date: Tue Aug 21 17:37:55 2018 +0200 x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear Using only 32-bit writes for the pte will result in an intermediate L1TF vulnerable PTE. When running as a Xen PV guest this will at once switch the guest to shadow mode resulting in a loss of performance. Use arch_atomic64_xchg() instead which will perform the requested operation atomically with all 64 bits. Some performance considerations according to: https://software.intel.com/sites/default/files/managed/ad/dc/Intel-Xeon-Scalable-Processor-throughput-latency.pdf The main number should be the latency, as there is no tight loop around native_ptep_get_and_clear(). "lock cmpxchg8b" has a latency of 20 cycles, while "lock xchg" (with a memory operand) isn't mentioned in that document. "lock xadd" (with xadd having 3 cycles less latency than xchg) has a latency of 11, so we can assume a latency of 14 for "lock xchg". Signed-off-by: Juergen Gross Reviewed-by: Thomas Gleixner Reviewed-by: Jan Beulich Tested-by: Jason Andryuk Signed-off-by: Boris Ostrovsky commit 849c70dacb169da751b171c7d230206a72cf7391 Author: Todd Poynor Date: Thu Aug 9 20:20:56 2018 -0700 MAINTAINERS: Switch a maintainer for drivers/staging/gasket Todd Poynor takes over for John Joseph. Signed-off-by: John Joseph Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit 057d3ccf93a437080c4138cd6d74c4d7cf332131 Merge: 38cfb5a45ee0 6f2f39ad1a54 Author: Jens Axboe Date: Mon Aug 27 11:27:32 2018 -0600 Merge branch 'stable/for-jens-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen into for-linus Pull Xen block driver fixes from Konrad: "Fix for flushing out persistent pages at a deterministic rate" * 'stable/for-jens-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen: xen/blkback: remove unused pers_gnts_lock from struct xen_blkif_ring xen/blkback: move persistent grants flags to bool xen/blkfront: reorder tests in xlblk_init() xen/blkfront: cleanup stale persistent grants xen/blkback: don't keep persistent grants too long commit 38cfb5a45ee013bfab5d1ae4c4738815e744b440 Author: Jens Axboe Date: Sun Aug 26 10:10:05 2018 -0600 blk-wbt: improve waking of tasks We have two potential issues: 1) After commit 2887e41b910b, we only wake one process at the time when we finish an IO. We really want to wake up as many tasks as can queue IO. Before this commit, we woke up everyone, which could cause a thundering herd issue. 2) A task can potentially consume two wakeups, causing us to (in practice) miss a wakeup. Fix both by providing our own wakeup function, which stops __wake_up_common() from waking up more tasks if we fail to get a queueing token. With the strict ordering we have on the wait list, this wakes the right tasks and the right amount of tasks. Based on a patch from Jianchao Wang . Tested-by: Agarwal, Anchal Signed-off-by: Jens Axboe commit 061a5427530633de93ace4ef001b99961984af62 Author: Jens Axboe Date: Sun Aug 26 10:09:06 2018 -0600 blk-wbt: abstract out end IO completion handler Prep patch for calling the handler from a different context, no functional changes in this patch. Tested-by: Agarwal, Anchal Signed-off-by: Jens Axboe commit b9eb3b14f1dbf16bf27b6c1ffe6b8c00ec945c9b Author: Dan Carpenter Date: Mon Aug 27 12:23:01 2018 +0300 scsi: aacraid: fix a signedness bug The problem is that ->reset_state is a u8 but it can be set to -1 or -2 in aac_tmf_callback() and the error handling in aac_eh_target_reset() relies on it to be signed. [mkp: fixed typo] Fixes: 0d643ff3c353 ("scsi: aacraid: use aac_tmf_callback for reset fib") Signed-off-by: Dan Carpenter Signed-off-by: Martin K. Petersen commit d772a65d8a6c45c376a8200a38f7f82fb480af6a Author: Ming Lei Date: Mon Aug 27 15:24:43 2018 +0800 Revert "scsi: core: avoid host-wide host_busy counter for scsi_mq" This reverts commit 328728630d9f2bf14b82ca30b5e47489beefe361. There is fundamental issue in commit 328728630d9f2bf1 (scsi: core: avoid host-wide host_busy counter for scsi_mq) because SCSI's host busy counter may not be same with counter of blk-mq's inflight tags, especially in case of none io scheduler. We may switch to other approach for addressing this scsi_mq's performance issue, such as percpu counter or kind of ways, so revert this commit first for fixing this kind of issue in EH path, as reported by Jens. Cc: Omar Sandoval , Cc: "Martin K. Petersen" , Cc: James Bottomley , Cc: Christoph Hellwig , Cc: Don Brace Cc: Kashyap Desai Cc: Mike Snitzer Cc: Hannes Reinecke Cc: Laurence Oberman Cc: Bart Van Assche Cc: Jens Axboe Reported-by: Jens Axboe Signed-off-by: Ming Lei Signed-off-by: Martin K. Petersen commit f45b8934b90b1d0017d33f8529941ec5020e9e0e Author: Arnd Bergmann Date: Mon Aug 13 23:20:33 2018 +0200 staging: wilc1000: revert "fix TODO to compile spi and sdio components in single module" The TODO item named "make spi and sdio components coexist in one build" was apparently addressed a long time ago, but never removed from the TODO file. However, the new patch that tries to address it actually makes it worse again by duplicating the common parts of the driver into two separate modules rather than sharing them. This also introduces a build regression when one of the two is built-in while the other is a loadable module: drivers/staging/wilc1000/wilc_debugfs.o:(.data+0x10): undefined reference to `__this_module' Reverting the patch makes it build again. I'm leaving the TODO file modification though, as there is nothing left to do for this item. A related problem however still seems to exist: one still cannot have multiple concurrent instances of wilc1000 devices present in the system, as there are lots of shared global variables such as host_interface.c:static struct wilc_vif *periodic_rssi_vif; wilc_sdio.c:static struct wilc_sdio g_sdio; wilc_wlan.c:static enum chip_ps_states chip_ps_state = CHIP_WAKEDUP; wilc_wlan.c:static u32 pending_acks; wilc_wfi_cfgoperations.c:int wilc_connecting; In order to have multiple instances working (sdio, spi, or mixed), all such variables need to be dynamically allocated per instance and stored in 'struct wilc' or one of the structures referenced by it. Fixes: 9abc44ba4e2f ("staging: wilc1000: fix TODO to compile spi and sdio components in single module") Signed-off-by: Arnd Bergmann Signed-off-by: Greg Kroah-Hartman commit 23aa8e69f2c6ceb0bdca52f4450ad1f45675ca73 Author: Ming Lei Date: Mon Aug 27 15:24:42 2018 +0800 Revert "scsi: core: fix scsi_host_queue_ready" This reverts commit 265d59aacbce7e50bdc1f5d25033c38dd70b3767. There is fundamental issue in commit 328728630d9f2bf1 (scsi: core: avoid host-wide host_busy counter for scsi_mq) because SCSI's host busy counter may not be same with counter of blk-mq's inflight tags, especially in case of none io scheduler. So revert this commit first. Cc: Omar Sandoval , Cc: "Martin K. Petersen" , Cc: James Bottomley , Cc: Christoph Hellwig , Cc: Don Brace Cc: Kashyap Desai Cc: Mike Snitzer Cc: Hannes Reinecke Cc: Laurence Oberman Cc: Bart Van Assche Cc: Guenter Roeck Cc: Jens Axboe Reported-by: Jens Axboe Signed-off-by: Ming Lei Signed-off-by: Martin K. Petersen commit 4e8065aa6c6f50765290be27ab8a64a4e44cb009 Author: Geert Uytterhoeven Date: Thu Aug 23 23:23:06 2018 +0200 scsi: libata: Add missing newline at end of file With gcc 4.1.2: drivers/ata/libata-core.c:7396:33: warning: no newline at end of file Fixes: 2fa4a32613c9182b ("scsi: libsas: dynamically allocate and free ata host") Signed-off-by: Geert Uytterhoeven Signed-off-by: Martin K. Petersen commit cedefa8544c6be216b4710575065e3a11065f8d0 Author: Varun Prakash Date: Sat Aug 11 21:10:29 2018 +0530 scsi: target: iscsi: cxgbit: use pr_debug() instead of pr_info() DDP programming happens in data path and it can fail because of lack of resources so use pr_debug() instead of pr_info() for this case. Signed-off-by: Varun Prakash Reviewed-by: Mike Christie Signed-off-by: Martin K. Petersen commit eb53a3ea3e009578a388f106620b22b1707cf2f6 Author: Martin Wilck Date: Wed Aug 22 13:25:44 2018 +0200 scsi: hpsa: limit transfer length to 1MB, not 512kB e2c7b43 was supposed to limit transfer length to 1MB, but got the unit of max_sectors wrong. Fixes: e2c7b433f729 ("scsi: hpsa: limit transfer length to 1MB") Signed-off-by: Martin Wilck Signed-off-by: Martin K. Petersen commit 53e13ee087a80e8d4fc95436318436e5c2c1f8c2 Author: James Smart Date: Thu Aug 16 16:04:05 2018 -0700 scsi: lpfc: Correct MDS diag and nvmet configuration A recent change added some MDS processing in the lpfc_drain_txq routine that relies on the fcp_wq being allocated. For nvmet operation the fcp_wq is not allocated because it can only be an nvme-target. When the original MDS support was added LS_MDS_LOOPBACK was defined wrong, (0x16) it should have been 0x10 (decimal value used for hex setting). This incorrect value allowed MDS_LOOPBACK to be set simultaneously with LS_NPIV_FAB_SUPPORTED, causing the driver to crash when it accesses the non-existent fcp_wq. Correct the bad value setting for LS_MDS_LOOPBACK. Fixes: ae9e28f36a6c ("lpfc: Add MDS Diagnostic support.") Cc: # v4.12+ Signed-off-by: Dick Kennedy Signed-off-by: James Smart Tested-by: Ewan D. Milne Signed-off-by: Martin K. Petersen commit 9abd9990e9779dc9c548c3599aaca7e3505ab19d Author: James Smart Date: Tue Aug 14 12:55:05 2018 -0700 scsi: lpfc: Default fdmi_on to on Change default behavior for fdmi registration to on. [mkp: patch was mangled] Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen commit 68bdc630721c40e908d22cffe07b5ca225a69f6e Author: Varun Prakash Date: Sat Aug 11 21:14:08 2018 +0530 scsi: csiostor: fix incorrect port capabilities - use be32_to_cpu() instead of ntohs() for 32 bit port capabilities. - add a new function fwcaps32_to_caps16() to convert 32 bit port capabilities to 16 bit port capabilities. Signed-off-by: Varun Prakash Signed-off-by: Martin K. Petersen commit 89809b028b6f54187b7d81a0c69b35d394c52e62 Author: Varun Prakash Date: Sat Aug 11 21:03:58 2018 +0530 scsi: csiostor: add a check for NULL pointer after kmalloc() Reported-by: Colin Ian King Signed-off-by: Varun Prakash Signed-off-by: Martin K. Petersen commit a7ccd92c8d2ac4eb168b621e086be2dc9b8344f6 Author: John Pittman Date: Thu Aug 23 15:49:18 2018 -0400 scsi: documentation: add scsi_mod.use_blk_mq to scsi-parameters Kernel line argument scsi_mod.use_blk_mq is missing from file Documentation/scsi/scsi-parameters.txt. Add this option, providing mention of config setting and format. [mkp: clarified where to look] Signed-off-by: John Pittman Signed-off-by: Martin K. Petersen commit 3fba68fa35a2cbda157c6f49f26eefccb2e10043 Author: Geert Uytterhoeven Date: Tue Aug 21 13:44:07 2018 +0200 scsi: core: Update SCSI_MQ_DEFAULT help text to match default The default was changed, but the help text was not updated. Fix grammar (s/the option/this option/) while at it. [mkp: drop "new" as suggested by John Garry] Fixes: d5038a13eca72fb2 ("scsi: core: switch to scsi-mq by default") Signed-off-by: Geert Uytterhoeven Reviewed-by: Ming Lei Signed-off-by: Martin K. Petersen commit 6f2f39ad1a54978394851c05e327419ebeb7227e Author: Juergen Gross Date: Mon Aug 13 16:01:14 2018 +0200 xen/blkback: remove unused pers_gnts_lock from struct xen_blkif_ring pers_gnts_lock isn't being used anywhere. Remove it. Signed-off-by: Juergen Gross Reviewed-by: Roger Pau Monné Signed-off-by: Konrad Rzeszutek Wilk commit d77ff24e7fa2258877fa0b87efa06b9a58a37aab Author: Juergen Gross Date: Mon Aug 13 16:01:13 2018 +0200 xen/blkback: move persistent grants flags to bool The struct persistent_gnt flags member is meant to be a bitfield of different flags. There is only PERSISTENT_GNT_ACTIVE flag left, so convert it to a bool named "active". Signed-off-by: Juergen Gross Reviewed-by: Roger Pau Monné Signed-off-by: Konrad Rzeszutek Wilk commit 4bcddbae019df2614ea36976ba3d36313f93c6d3 Author: Juergen Gross Date: Mon Aug 13 16:01:12 2018 +0200 xen/blkfront: reorder tests in xlblk_init() In case we don't want pv block devices we should not test parameters for sanity and eventually print out error messages. So test precluding conditions before checking parameters. Signed-off-by: Juergen Gross Reviewed-by: Roger Pau Monné Signed-off-by: Konrad Rzeszutek Wilk commit a46b53672b2c2e3770b38a4abf90d16364d2584b Author: Juergen Gross Date: Mon Aug 13 16:01:11 2018 +0200 xen/blkfront: cleanup stale persistent grants Add a periodic cleanup function to remove old persistent grants which are no longer in use on the backend side. This avoids starvation in case there are lots of persistent grants for a device which no longer is involved in I/O business. Signed-off-by: Juergen Gross Reviewed-by: Roger Pau Monné Signed-off-by: Konrad Rzeszutek Wilk commit 973e5405f2f67ddbb2bf07b3ffc71908a37fea8e Author: Juergen Gross Date: Mon Aug 13 16:01:10 2018 +0200 xen/blkback: don't keep persistent grants too long Persistent grants are allocated until a threshold per ring is being reached. Those grants won't be freed until the ring is being destroyed meaning there will be resources kept busy which might no longer be used. Instead of freeing only persistent grants until the threshold is reached add a timestamp and remove all persistent grants not having been in use for a minute. Signed-off-by: Juergen Gross Reviewed-by: Roger Pau Monné Signed-off-by: Konrad Rzeszutek Wilk commit c27d0e9045bbbabffdde2bdba74e9971c4194ac4 Author: Vineet Gupta Date: Thu Aug 16 10:20:33 2018 -0700 ARC: sort Kconfig Signed-off-by: Vineet Gupta commit 1e3bece2ded71eb85ac297a43002a942964e381d Author: Eugeniy Paltsev Date: Mon Aug 6 19:44:23 2018 +0300 ARC: cleanup show_faulting_vma() - Remove unused variables - check return value of file_path Signed-off-by: Eugeniy Paltsev Signed-off-by: Vineet Gupta commit c83532fb0fe053d2e43e9387354cb1b52ba26427 Author: Alexey Brodkin Date: Thu Aug 2 11:50:16 2018 +0300 ARC: [plat-axs*]: Enable SWAP SWAP support on ARC was fixed earlier by commit 6e3761145a9b ("ARC: Fix CONFIG_SWAP") so now we may safely enable it on platforms that have external media like USB and SD-card. Note: it was already allowed for HSDK Signed-off-by: Alexey Brodkin Cc: stable@vger.kernel.org # 6e3761145a9b: ARC: Fix CONFIG_SWAP Signed-off-by: Vineet Gupta commit 5c0920897af59779546e9ea0e89c5db45c8aff33 Author: Alexey Brodkin Date: Thu Aug 2 13:19:37 2018 +0300 ARC: [plat-axs*/plat-hsdk]: Allow U-Boot to pass MAC-address to the kernel Otherwise kernel uses random MAC which is not very conveniet. With that change in place use might set desired MAC in U-Boot with "setenv ethaddr 11:22:33:44:55:66", save environment and then from boot to boot the same MAC will be used by the kernel. One other note for this to happen it's required to pass board's .dtb in U-Boot's "bootm" command like that: ------------------->8----------------- bootm 0x82000000 - 0x84000000 ------------------->8----------------- Here 0x82000000 is location of uImage while 0x80000000 is location of either axs10x.dtb or hsdk.dtb previously loaded from SD-card, USB storage or TFTP server. Signed-off-by: Alexey Brodkin Cc: Rob Herring Cc: stable@vger.kernel.org # 4.14 Cc: devicetree@vger.kernel.org Signed-off-by: Vineet Gupta commit 4051c323c59b535cfb7dc10b349544b4ad49c21e Author: Alexey Brodkin Date: Thu Aug 2 11:41:07 2018 +0300 ARC: configs: cleanup - Remove CONFIG_DEFAULT_HOSTNAME from defconfigs There's no reason to set the same hostname to all ARC boards by default. It usually gets overwritten by init scripts anyways. - Remove disabled CONFIG_DEVKMEM from defconfigs It is disabled by default Signed-off-by: Alexey Brodkin Signed-off-by: Vineet Gupta commit 908946c4bee705542f38bc06c0203a6d83e3700c Author: Jens Axboe Date: Mon Aug 27 08:37:46 2018 -0600 Fix up libata MAINTAINERS entry The email was botched in one entry, and I also forgot to update the location of the git tree. It'll be under the linux-block umbrella, just with different branches. Reported-by: Baruch Siach Fixes: 7634ccd2da97 ("libata: maintainership update") Signed-off-by: Jens Axboe Signed-off-by: Linus Torvalds commit f7c90c2aa4004808dff777ba6ae2c7294dd06851 Author: Juergen Gross Date: Tue Aug 21 17:37:54 2018 +0200 x86/xen: don't write ptes directly in 32-bit PV guests In some cases 32-bit PAE PV guests still write PTEs directly instead of using hypercalls. This is especially bad when clearing a PTE as this is done via 32-bit writes which will produce intermediate L1TF attackable PTEs. Change the code to use hypercalls instead. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich Signed-off-by: Boris Ostrovsky commit 4d982e25d0bdc83d8c64e66fdeca0b89240b3b85 Author: Theodore Ts'o Date: Mon Aug 27 09:22:45 2018 -0400 ext4: avoid divide by zero fault when deleting corrupted inline directories A specially crafted file system can trick empty_inline_dir() into reading past the last valid entry in a inline directory, and then run into the end of xattr marker. This will trigger a divide by zero fault. Fix this by using the size of the inline directory instead of dir->i_size. Also clean up error reporting in __ext4_check_dir_entry so that the message is clearer and more understandable --- and avoids the division by zero trap if the size passed in is zero. (I'm not sure why we coded it that way in the first place; printing offset % size is actually more confusing and less useful.) https://bugzilla.kernel.org/show_bug.cgi?id=200933 Signed-off-by: Theodore Ts'o Reported-by: Wen Xu Cc: stable@vger.kernel.org commit 5dfdd24eb3d39d815bc952ae98128e967c9bba49 Author: Johan Hovold Date: Tue Aug 21 11:59:53 2018 +0200 USB: serial: ti_usb_3410_5052: fix array underflow in completion handler Similarly to a recently reported bug in io_ti, a malicious USB device could set port_number to a negative value and we would underflow the port array in the interrupt completion handler. As these devices only have one or two ports, fix this by making sure we only consider the seventh bit when determining the port number (and ignore bits 0xb0 which are typically set to 0x30). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Signed-off-by: Johan Hovold commit 691a03cfe8ca483f9c48153b869d354e4ae3abef Author: Johan Hovold Date: Tue Aug 21 11:59:52 2018 +0200 USB: serial: io_ti: fix array underflow in completion handler As reported by Dan Carpenter, a malicious USB device could set port_number to a negative value and we would underflow the port array in the interrupt completion handler. As these devices only have one or two ports, fix this by making sure we only consider the seventh bit when determining the port number (and ignore bits 0xb0 which are typically set to 0x30). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Reported-by: Dan Carpenter Signed-off-by: Johan Hovold commit e3a5dc08715abba646324fd8456282bd77798e9c Author: Nikolas Nyby Date: Sat Aug 25 19:10:54 2018 -0400 x86/Kconfig: Fix trivial typo Fix a typo in the Kconfig help text: adverticed -> advertised. Signed-off-by: Nikolas Nyby Signed-off-by: Thomas Gleixner Cc: trivial@kernel.org Cc: tglx@linutronix.de Cc: x86@kernel.org Link: https://lkml.kernel.org/r/20180825231054.23813-1-nikolas@gnu.org commit cc51e5428ea54f575d49cfcede1d4cb3a72b4ec4 Author: Andi Kleen Date: Fri Aug 24 10:03:50 2018 -0700 x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ On Nehalem and newer core CPUs the CPU cache internally uses 44 bits physical address space. The L1TF workaround is limited by this internal cache address width, and needs to have one bit free there for the mitigation to work. Older client systems report only 36bit physical address space so the range check decides that L1TF is not mitigated for a 36bit phys/32GB system with some memory holes. But since these actually have the larger internal cache width this warning is bogus because it would only really be needed if the system had more than 43bits of memory. Add a new internal x86_cache_bits field. Normally it is the same as the physical bits field reported by CPUID, but for Nehalem and newerforce it to be at least 44bits. Change the L1TF memory size warning to use the new cache_bits field to avoid bogus warnings and remove the bogus comment about memory size. Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") Reported-by: George Anchev Reported-by: Christopher Snowhill Signed-off-by: Andi Kleen Signed-off-by: Thomas Gleixner Cc: x86@kernel.org Cc: linux-kernel@vger.kernel.org Cc: Michael Hocko Cc: vbabka@suse.cz Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180824170351.34874-1-andi@firstfloor.org commit 1ab534e85c93945f7862378d8c8adcf408205b19 Author: Andi Kleen Date: Fri Aug 24 10:03:51 2018 -0700 x86/spectre: Add missing family 6 check to microcode check The check for Spectre microcodes does not check for family 6, only the model numbers. Add a family 6 check to avoid ambiguity with other families. Fixes: a5b296636453 ("x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes") Signed-off-by: Andi Kleen Signed-off-by: Thomas Gleixner Cc: x86@kernel.org Cc: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180824170351.34874-2-andi@firstfloor.org commit 166cd4421b0dabd2e438f5384f4ecf930dc8ab08 Author: Geert Uytterhoeven Date: Thu Aug 23 23:43:45 2018 +0200 mtd: rawnand: docg4: Remove wrong __init annotations If gcc (e.g. 4.1.2) decides not to inline init_mtd_structs() and read_id_reg(), this will cause section mismatches, and crashes: WARNING: drivers/mtd/nand/raw/docg4.o(.text+0xc10): Section mismatch in reference from the function docg4_attach_chip() to the function .init.text:init_mtd_structs() The function docg4_attach_chip() references the function __init init_mtd_structs(). This is often because docg4_attach_chip lacks a __init annotation or the annotation of init_mtd_structs is wrong. WARNING: drivers/mtd/nand/raw/docg4.o(.text+0xc3e): Section mismatch in reference from the function docg4_attach_chip() to the function .init.text:read_id_reg() The function docg4_attach_chip() references the function __init read_id_reg(). This is often because docg4_attach_chip lacks a __init annotation or the annotation of read_id_reg is wrong. Fix this by dropping the now incorrect __init annotations from init_mtd_structs() and read_id_reg(). Fixes: 66a38478dcc5b5a3 ("mtd: rawnand: docg4: convert driver to nand_scan()") Signed-off-by: Geert Uytterhoeven Signed-off-by: Boris Brezillon commit d177c8b61d6b4ef360b1c2682e4d8e3bae01738b Author: Icenowy Zheng Date: Thu Jul 26 12:48:05 2018 +0800 arm64: allwinner: dts: h6: fix Pine H64 MMC bus width Currently the enabled MMC controllers on Pine H64 do not have bus-width set, which make them fall back to 1-bit mode and become quite slow. Fix this by add the corresponding bus-width properties. Fixes: ecbd611882a1 ("arm64: allwinner: h6: enable MMC0/2 on Pine H64") Signed-off-by: Icenowy Zheng Signed-off-by: Maxime Ripard commit b9543a2e39dc909e6b7ec901b6c7208d01d5c0dd Author: Fabio Estevam Date: Fri Jul 20 17:39:21 2018 -0300 ARM: imx_v6_v7_defconfig: Select CONFIG_DRM_PANEL_SEIKO_43WVF1G imx6sl-evk, imx6sll-evk and imx6sx-sdb boards use a Seiko 43WVF1G panel. Now that the DRM mxsfb driver is the one selected by default, let's also select CONFIG_DRM_PANEL_SEIKO_43WVF1G so that these boards continue to have a working display by default. Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo commit 0ffbc2824282793a3ebf04d4804dea15d5b211c6 Author: Fabio Estevam Date: Fri Jul 20 17:39:20 2018 -0300 ARM: mxs_defconfig: Select CONFIG_DRM_PANEL_SEIKO_43WVF1G imx23-evk and imx28-evk boards use a Seiko 43WVF1G panel. Now that the DRM mxsfb driver is the one selected by default, let's also select CONFIG_DRM_PANEL_SEIKO_43WVF1G so that these boards continue to have a working display by default. Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo commit 549644b8c3c125355a361def1e42f8319ac6ad6c Author: Fabio Estevam Date: Fri Jul 20 17:39:19 2018 -0300 ARM: dts: imx23-evk: Convert to the new display bindings imx23-evk board has a Seiko 43WVF1G parallel display. Instead of hardcoding the display timings in the device tree, use the "sii,43wvf1g" compatible instead. This aligns with the new mxsfb bindings scheme documented at: Documentation/devicetree/bindings/display/mxsfb.txt Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo commit cde305e9ce28d96d7f63e4fb5298291e90a91f8f Author: Fabio Estevam Date: Fri Jul 20 17:39:18 2018 -0300 ARM: dts: imx23-evk: Move regulators outside simple-bus It is recommended to place regulators outside simple-bus, so move them accordingly. Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo commit c1539840fc25d89f3fe51038144dc0233b333453 Author: Fabio Estevam Date: Fri Jul 20 17:39:17 2018 -0300 ARM: dts: imx28-evk: Convert to the new display bindings imx28-evk board has a Seiko 43WVF1G parallel display. Instead of hardcoding the display timings in the device tree, use the "sii,43wvf1g" compatible instead. This aligns with the new mxsfb bindings scheme documented at: Documentation/devicetree/bindings/display/mxsfb.txt Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo commit 90a96087b5fa835790a54c588184adfc867dbc12 Author: Fabio Estevam Date: Fri Jul 20 17:39:16 2018 -0300 ARM: dts: imx28-evk: Move regulators outside simple-bus It is recommended to place regulators outside simple-bus, so move them accordingly. Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo commit 538d6e9d597584e80514698e24321645debde78f Author: Leonard Crestez Date: Tue Jul 24 19:14:19 2018 +0300 Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" This reverts commit 1c86c9dd82f859b474474a7fee0d5195da2c9c1d. That commit followed the reference manual but unfortunately the imx7d manual is incorrect. Tested with ath9k pcie card and confirmed internally. Signed-off-by: Leonard Crestez Acked-by: Lucas Stach Fixes: 1c86c9dd82f8 ("ARM: dts: imx7d: Invert legacy PCI irq mapping") Signed-off-by: Shawn Guo commit b50282f3241acee880514212d88b6049fb5039c8 Author: Theodore Ts'o Date: Mon Aug 27 01:47:09 2018 -0400 ext4: check to make sure the rename(2)'s destination is not freed If the destination of the rename(2) system call exists, the inode's link count (i_nlinks) must be non-zero. If it is, the inode can end up on the orphan list prematurely, leading to all sorts of hilarity, including a use-after-free. https://bugzilla.kernel.org/show_bug.cgi?id=200931 Signed-off-by: Theodore Ts'o Reported-by: Wen Xu Cc: stable@vger.kernel.org commit 111b009f7e8bcdfc8d565b1f0e3ee5072bb7490b Author: Huang Shijie Date: Wed Aug 22 10:40:27 2018 +0800 dmaengine: mic_x100_dma: use devm_kzalloc to fix an issue The following patch introduced an issue. commit f6206f00d8c5 ("dmaengine: mic_x100_dma: use the new helper to simplify the code") This issue is : kfree(mic_dma_dev) ..... dma_async_device_unregister(mic_dma_dev->device); Free the memory, and use it again. So use devm_kzalloc to allocate mic_dma_dev to fix it. When the Devres try to release the resources, it will call release at the following order: dma_async_device_unregister(mic_dma_dev->device); ..... kfree(mic_dma_dev) Fixes: f6206f00d8c5 ("dmaengine: mic_x100_dma: use the new helper to simplify the code") Signed-off-by: Huang Shijie Signed-off-by: Vinod Koul commit 072ebb3bffe67d71d1f1e52add799f4491eab691 Author: Theodore Ts'o Date: Mon Aug 27 01:15:11 2018 -0400 ext4: add nonstring annotations to ext4.h This suppresses some false positives in gcc 8's -Wstringop-truncation Suggested by Miguel Ojeda (hopefully the __nonstring definition will eventually get accepted in the compiler-gcc.h header file). Signed-off-by: Theodore Ts'o Cc: Miguel Ojeda commit 8d6ccf5cebbc7ed1dee9986e36853a78dfb64084 Author: Sanyog Kale Date: Fri Jul 27 14:44:10 2018 +0530 soundwire: Fix acquiring bus lock twice during master release As part of sdw_stream_remove_master(), sdw_stream_remove_slave() is called which results in bus lock being acquired twice. So, fix it by performing specific Slave remove operations in sdw_release_master_stream() instead of calling sdw_stream_remove_slave(). Signed-off-by: Sanyog Kale Signed-off-by: Shreyas NC Acked-by: Pierre-Louis Bossart Signed-off-by: Vinod Koul commit 3fef1a2259c556cce34df2791688cb3001f81c92 Author: Shreyas NC Date: Fri Jul 27 14:44:09 2018 +0530 soundwire: Fix incorrect exit after configuring stream In sdw_stream_add_master() after the Master ports are configured, the stream is released incorrectly. So, fix it by avoiding stream release after configuring the Master for the stream. While at it, rename the label appropriately. Signed-off-by: Shreyas NC Acked-by: Pierre-Louis Bossart Signed-off-by: Vinod Koul commit 0aebe40bae6cf5652fdc3d05ecee15fbf5748194 Author: Shreyas NC Date: Fri Jul 27 14:44:08 2018 +0530 soundwire: Fix duplicate stream state assignment For a SoundWire stream it is expected that a Slave is added to the stream before Master is added. So, move the stream state to CONFIGURED after the first Slave is added and remove the stream state assignment for Master add. Along with these changes, add additional comments to explain the same. Signed-off-by: Shreyas NC Acked-by: Pierre-Louis Bossart Signed-off-by: Vinod Koul commit 08bcbed747eb87f00d2e2590b49607af1a9f4fe9 Author: Stu Hsieh Date: Thu Aug 9 10:15:49 2018 +0800 drm/mediatek: fix connection from RDMA2 to DSI1 This patch fix connection from RDMA2 to DSI1 Signed-off-by: Stu Hsieh Signed-off-by: CK Hu commit f265905c939e21a0c9e83540d4c2776c3e43c310 Author: Stu Hsieh Date: Thu Aug 9 10:15:48 2018 +0800 drm/mediatek: update some variable name from ovl to comp This patch update some variable name from ovl to comp Because RDMA would be first HW in ddp, the naming ovl should be change to comp. Signed-off-by: Stu Hsieh Signed-off-by: CK Hu commit 66b2cf9623facfad790b335fcfd717258a00896b Author: Stu Hsieh Date: Thu Aug 9 10:15:47 2018 +0800 drm/mediatek: use layer_nr function to get layer number to init plane This patch use layer_nr function to get layer number to init plane When plane init in crtc create, it use the number of OVL layer to init plane. That's OVL can read 4 memory address. For mt2712 third ddp, it use RDMA to read memory. RDMA can read 1 memory address, so it just init one plane. For compatibility, this patch use mtk_ddp_comp_layer_nr function to get layer number from their HW component in ddp for plane init. Signed-off-by: Stu Hsieh Signed-off-by: CK Hu commit 98b6d76f957ba80017a3118fe0e33030b4bc017b Author: Stu Hsieh Date: Thu Aug 9 10:15:46 2018 +0800 drm/mediatek: add function to return RDMA layer number This patch add function to return RDMA layer number RDMA always has one layer. Signed-off-by: Stu Hsieh Signed-off-by: CK Hu commit 1cbcb763ea5035e7ef01010ea68eb3b5143ad7cb Author: Stu Hsieh Date: Thu Aug 9 10:15:45 2018 +0800 drm/mediatek: add function to return OVL layer number This patch add function to return OVL layer number For now, MT8173, MT2712, MT2701 OVL all has 4 layer. Signed-off-by: Stu Hsieh Signed-off-by: CK Hu commit 650afd49572b56a5c58134d4acfeb77acc69d622 Author: Stu Hsieh Date: Thu Aug 9 10:15:44 2018 +0800 drm/mediatek: add function to get layer number for component This patch add function to get layer number for component Signed-off-by: Stu Hsieh Signed-off-by: CK Hu commit 94420a63cf784945061b7b5f38511b7a48f034eb Author: Stu Hsieh Date: Thu Aug 9 10:15:43 2018 +0800 drm/mediatek: add YUYV/UYVY color format support for RDMA This patch add YUYV/UYVY color format support for RDMA and transform matrix for YUYV/UYVY. Signed-off-by: Stu Hsieh Signed-off-by: CK Hu commit 55b53f6f7ccf0990ad83acf4fdb0436ff79fdfb6 Author: Stu Hsieh Date: Thu Aug 9 10:15:42 2018 +0800 drm/mediatek: add the comment about color format setting for OVL This patch add the comment about color format setting for OVL Signed-off-by: Stu Hsieh Signed-off-by: CK Hu commit b428391ed6bd5e3cb8ea9d1738ef4bd16af6cdb2 Author: Stu Hsieh Date: Thu Aug 9 10:15:41 2018 +0800 drm/mediatek: add RGB color format support for RDMA This patch add RGB color format support for RDMA, including RGB565, RGB888, RGBA8888 and ARGB8888. Signed-off-by: Stu Hsieh Signed-off-by: CK Hu commit 182add0b1b9170a1f8f2a049fe2e298222cf405a Author: Stu Hsieh Date: Thu Aug 9 10:15:40 2018 +0800 drm/mediatek: add memory mode and layer_config for RDMA This patch add memory mode for RDMA and layer_config for RDMA If use RDMA to read data from memory, it should set memory mode to RDMA Layer config set the data address and pitch to RDMA from plane setting. Signed-off-by: Stu Hsieh Signed-off-by: CK Hu commit 85186efc2a5975801cd4ba03a9143305e474b645 Author: Stu Hsieh Date: Thu Aug 9 10:15:39 2018 +0800 drm/mediatek: add connection from RDMA2 to DSI0 This patch add connection from RDMA2 to DSI0 Signed-off-by: Stu Hsieh Signed-off-by: CK Hu commit 0a14785ee32ad40458657edaf1025f71ebbc1147 Author: Stu Hsieh Date: Thu Aug 9 10:15:38 2018 +0800 drm/mediatek: add connection from RDMA1 to DSI0 This patch add connection from RDMA1 to DSI0 Signed-off-by: Stu Hsieh Signed-off-by: CK Hu commit 48d25d243bfb20a7230e9f226c560b71d989d962 Author: Stu Hsieh Date: Thu Aug 9 10:15:37 2018 +0800 drm/mediatek: add connection from RDMA0 to DSI1 This patch add connection from RDMA0 to DSI1 Signed-off-by: Stu Hsieh Signed-off-by: CK Hu commit 29d32e466e98e03378878e95339334971d0fdaf4 Author: Stu Hsieh Date: Thu Aug 9 10:15:36 2018 +0800 drm/mediatek: add connection from RDMA0 to DPI1 This patch add connection from RDMA0 to DPI1 Signed-off-by: Stu Hsieh Signed-off-by: CK Hu commit 8272806d21bf2a7fd74602cc7bade7d12f73ac4b Author: Thomas Zimmermann Date: Tue Jul 17 10:35:18 2018 +0200 drm/mediatek: Replace drm_dev_unref with drm_dev_put This patch unifies the naming of DRM functions for reference counting of struct drm_device. The resulting code is more aligned with the rest of the Linux kernel interfaces. Signed-off-by: Thomas Zimmermann Reviewed-by: Philipp Zabel Signed-off-by: CK Hu commit 2b7bd20d5605e0314d677ea21b462543e73e466c Author: Souptick Joarder Date: Sat Jul 28 19:08:45 2018 +0530 drm/mediatek: Convert drm_atomic_helper_suspend/resume() convert drm_atomic_helper_suspend/resume() to use drm_mode_config_helper_suspend/resume(). Signed-off-by: Souptick Joarder Signed-off-by: Ajit Negi Signed-off-by: CK Hu commit c7c09dc187f0323ad40b5b6c57a6db673a386a7f Author: Tobias Klauser Date: Fri Aug 24 11:29:27 2018 +0800 nios2: kconfig: remove duplicate DEBUG_STACK_USAGE symbol defintions DEBUG_STACK_USAGE is already defined in lib/Kconfig.debug Signed-off-by: Tobias Klauser Signed-off-by: Ley Foon Tan commit d49dbfade96d5b0863ca8a90122a805edd5ef50a Author: Gustavo A. R. Silva Date: Wed Aug 15 08:14:37 2018 -0500 hwmon: (nct6775) Fix potential Spectre v1 val can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: vers/hwmon/nct6775.c:2698 store_pwm_weight_temp_sel() warn: potential spectre issue 'data->temp_src' [r] Fix this by sanitizing val before using it to index data->temp_src Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva Signed-off-by: Guenter Roeck commit f196dec6d50abb2e65fb54a0621b2f1b4d922995 Author: Dan Carpenter Date: Tue Aug 14 13:07:47 2018 +0300 hwmon: (adt7475) Make adt7475_read_word() return errors The adt7475_read_word() function was meant to return negative error codes on failure. Signed-off-by: Dan Carpenter Reviewed-by: Tokunori Ikegami Signed-off-by: Guenter Roeck commit 9d19371df50a73301aec66a479b490587e889055 Author: Dan Carpenter Date: Tue Aug 14 12:12:36 2018 +0300 hwmon: (adt7475) Potential error pointer dereferences The adt7475_update_device() function returns error pointers. The problem is that in show_pwmfreq() we dereference it before the check. And then in pwm_use_point2_pwm_at_crit_show() there isn't a check at all. I don't know if it's required, but it silences a static checker warning and it's doesn't hurt anything to check. Signed-off-by: Dan Carpenter Reviewed-by: Tokunori Ikegami Signed-off-by: Guenter Roeck commit 3ad867001c91657c46dcf6656d52eb6080286fd5 Author: Lothar Felten Date: Tue Aug 14 09:09:37 2018 +0200 hwmon: (ina2xx) fix sysfs shunt resistor read access fix the sysfs shunt resistor read access: return the shunt resistor value, not the calibration register contents. update email address Signed-off-by: Lothar Felten Signed-off-by: Guenter Roeck commit 98c8f125fd8a6240ea343c1aa50a1be9047791b8 Author: Kees Cook Date: Sat Aug 25 22:58:01 2018 -0700 net: sched: Fix memory exposure from short TCA_U32_SEL Via u32_change(), TCA_U32_SEL has an unspecified type in the netlink policy, so max length isn't enforced, only minimum. This means nkeys (from userspace) was being trusted without checking the actual size of nla_len(), which could lead to a memory over-read, and ultimately an exposure via a call to u32_dump(). Reachability is CAP_NET_ADMIN within a namespace. Reported-by: Al Viro Cc: Jamal Hadi Salim Cc: Cong Wang Cc: Jiri Pirko Cc: "David S. Miller" Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook Acked-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 5b394b2ddf0347bef56e50c69a58773c94343ff3 Author: Linus Torvalds Date: Sun Aug 26 14:11:59 2018 -0700 Linux 4.19-rc1 commit b933d6ebf2d367647af870441341f76242259898 Merge: aba16dc5cf93 fd991a23c8f6 Author: Linus Torvalds Date: Sun Aug 26 13:39:05 2018 -0700 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer update from Thomas Gleixner: "New defines for the compat time* types so they can be shared between 32bit and 64bit builds. Not used yet, but merging them now allows the actual conversions to be merged through different maintainer trees without dependencies We still have compat interfaces for 32bit on 64bit even with the new 2038 safe timespec/val variants because pointer size is different. And for the old style timespec/val interfaces we need yet another 'compat' interface for both 32bit native and 32bit on 64bit" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: y2038: Provide aliases for compat helpers commit aba16dc5cf9318b4e0fe92f8261779cd9f1d2d77 Merge: c4726e774ed2 1df895190233 Author: Linus Torvalds Date: Sun Aug 26 11:48:42 2018 -0700 Merge branch 'ida-4.19' of git://git.infradead.org/users/willy/linux-dax Pull IDA updates from Matthew Wilcox: "A better IDA API: id = ida_alloc(ida, GFP_xxx); ida_free(ida, id); rather than the cumbersome ida_simple_get(), ida_simple_remove(). The new IDA API is similar to ida_simple_get() but better named. The internal restructuring of the IDA code removes the bitmap preallocation nonsense. I hope the net -200 lines of code is convincing" * 'ida-4.19' of git://git.infradead.org/users/willy/linux-dax: (29 commits) ida: Change ida_get_new_above to return the id ida: Remove old API test_ida: check_ida_destroy and check_ida_alloc test_ida: Convert check_ida_conv to new API test_ida: Move ida_check_max test_ida: Move ida_check_leaf idr-test: Convert ida_check_nomem to new API ida: Start new test_ida module target/iscsi: Allocate session IDs from an IDA iscsi target: fix session creation failure handling drm/vmwgfx: Convert to new IDA API dmaengine: Convert to new IDA API ppc: Convert vas ID allocation to new IDA API media: Convert entity ID allocation to new IDA API ppc: Convert mmu context allocation to new IDA API Convert net_namespace to new IDA API cb710: Convert to new IDA API rsxx: Convert to new IDA API osd: Convert to new IDA API sd: Convert to new IDA API ... commit c4726e774ed27680c418e138234dfd2b8e1e89ac Merge: d207ea8e74ff b04413330c77 Author: Linus Torvalds Date: Sun Aug 26 11:41:08 2018 -0700 Merge tag 'gcc-plugins-v4.19-rc1-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull gcc plugin fix from Kees Cook: "Lift gcc test into Kconfig. This is for better behavior when the kernel is built with Clang, reported by Stefan Agner" * tag 'gcc-plugins-v4.19-rc1-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: gcc-plugins: Disable when building under Clang commit d207ea8e74ff45be0838afa12bdd2492fa9dc8bc Merge: 2a8a2b7c49d6 66e5db4a1ccc Author: Linus Torvalds Date: Sun Aug 26 11:25:21 2018 -0700 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf updates from Thomas Gleixner: "Kernel: - Improve kallsyms coverage - Add x86 entry trampolines to kcore - Fix ARM SPE handling - Correct PPC event post processing Tools: - Make the build system more robust - Small fixes and enhancements all over the place - Update kernel ABI header copies - Preparatory work for converting libtraceevnt to a shared library - License cleanups" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (100 commits) tools arch: Update arch/x86/lib/memcpy_64.S copy used in 'perf bench mem memcpy' tools arch x86: Update tools's copy of cpufeatures.h perf python: Fix pyrf_evlist__read_on_cpu() interface perf mmap: Store real cpu number in 'struct perf_mmap' perf tools: Remove ext from struct kmod_path perf tools: Add gzip_is_compressed function perf tools: Add lzma_is_compressed function perf tools: Add is_compressed callback to compressions array perf tools: Move the temp file processing into decompress_kmodule perf tools: Use compression id in decompress_kmodule() perf tools: Store compression id into struct dso perf tools: Add compression id into 'struct kmod_path' perf tools: Make is_supported_compression() static perf tools: Make decompress_to_file() function static perf tools: Get rid of dso__needs_decompress() call in __open_dso() perf tools: Get rid of dso__needs_decompress() call in symbol__disassemble() perf tools: Get rid of dso__needs_decompress() call in read_object_code() tools lib traceevent: Change to SPDX License format perf llvm: Allow passing options to llc in addition to clang perf parser: Improve error message for PMU address filters ... commit 2a8a2b7c49d6eb5f3348892c4676267376cfd40b Merge: de3750351c0d 6a012288d690 Author: Linus Torvalds Date: Sun Aug 26 10:13:21 2018 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Thomas Gleixner: - Correct the L1TF fallout on 32bit and the off by one in the 'too much RAM for protection' calculation. - Add a helpful kernel message for the 'too much RAM' case - Unbreak the VDSO in case that the compiler desides to use indirect jumps/calls and emits retpolines which cannot be resolved because the kernel uses its own thunks, which does not work for the VDSO. Make it use the builtin thunks. - Re-export start_thread() which was unexported when the 32/64bit implementation was unified. start_thread() is required by modular binfmt handlers. - Trivial cleanups * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/speculation/l1tf: Suggest what to do on systems with too much RAM x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM x86/kvm/vmx: Remove duplicate l1d flush definitions x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit x86/process: Re-export start_thread() x86/mce: Add notifier_block forward declaration x86/vdso: Fix vDSO build if a retpoline is emitted commit de3750351c0de35472299506ace61a01f2bfc567 Merge: a9ce32337892 20b420dc4262 Author: Linus Torvalds Date: Sun Aug 26 09:55:28 2018 -0700 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq update from Thomas Gleixner: "A small set of updats/fixes for the irq subsystem: - Allow GICv3 interrupts to be configured as wake-up sources to enable wakeup from suspend - Make the error handling of the STM32 irqchip init function work - A set of small cleanups and improvements" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/gic-v3: Allow interrupt to be configured as wake-up sources irqchip/tango: Set irq handler and data in one go dt-bindings: irqchip: renesas-irqc: Document r8a774a1 support irqchip/s3c24xx: Remove unneeded comparison of unsigned long to 0 irqchip/stm32: Fix init error handling irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP commit a9ce323378927d6e181d8527b718f792b8dcb6f2 Merge: 2923b27e5424 b639186ffe91 Author: Linus Torvalds Date: Sun Aug 26 09:47:00 2018 -0700 Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull licking update from Thomas Gleixner: "Mark the switch cases which fall through to the next case with the proper comment so the fallthrough compiler checks can be enabled" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: futex: Mark expected switch fall-throughs commit 2923b27e54242acf27fd16b299e102117c82f52f Merge: 828bf6e904eb c953cc987ab8 Author: Linus Torvalds Date: Sat Aug 25 18:43:59 2018 -0700 Merge tag 'libnvdimm-for-4.19_dax-memory-failure' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm memory-failure update from Dave Jiang: "As it stands, memory_failure() gets thoroughly confused by dev_pagemap backed mappings. The recovery code has specific enabling for several possible page states and needs new enabling to handle poison in dax mappings. In order to support reliable reverse mapping of user space addresses: 1/ Add new locking in the memory_failure() rmap path to prevent races that would typically be handled by the page lock. 2/ Since dev_pagemap pages are hidden from the page allocator and the "compound page" accounting machinery, add a mechanism to determine the size of the mapping that encompasses a given poisoned pfn. 3/ Given pmem errors can be repaired, change the speculatively accessed poison protection, mce_unmap_kpfn(), to be reversible and otherwise allow ongoing access from the kernel. A side effect of this enabling is that MADV_HWPOISON becomes usable for dax mappings, however the primary motivation is to allow the system to survive userspace consumption of hardware-poison via dax. Specifically the current behavior is: mce: Uncorrected hardware memory error in user-access at af34214200 {1}[Hardware Error]: It has been corrected by h/w and requires no further action mce: [Hardware Error]: Machine check events logged {1}[Hardware Error]: event severity: corrected Memory failure: 0xaf34214: reserved kernel page still referenced by 1 users [..] Memory failure: 0xaf34214: recovery action for reserved kernel page: Failed mce: Memory error not recovered ...and with these changes: Injecting memory failure for pfn 0x20cb00 at process virtual address 0x7f763dd00000 Memory failure: 0x20cb00: Killing dax-pmd:5421 due to hardware memory corruption Memory failure: 0x20cb00: recovery action for dax page: Recovered Given all the cross dependencies I propose taking this through nvdimm.git with acks from Naoya, x86/core, x86/RAS, and of course dax folks" * tag 'libnvdimm-for-4.19_dax-memory-failure' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm: libnvdimm, pmem: Restore page attributes when clearing errors x86/memory_failure: Introduce {set, clear}_mce_nospec() x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses mm, memory_failure: Teach memory_failure() about dev_pagemap pages filesystem-dax: Introduce dax_lock_mapping_entry() mm, memory_failure: Collect mapping size in collect_procs() mm, madvise_inject_error: Let memory_failure() optionally take a page reference mm, dev_pagemap: Do not clear ->mapping on final put mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE pages filesystem-dax: Set page->index device-dax: Set page->index device-dax: Enable page_mapping() device-dax: Convert to vmf_insert_mixed and vm_fault_t commit 828bf6e904eb8fc8969333568802689fbbf07a40 Merge: b326272010b6 286e87718103 Author: Linus Torvalds Date: Sat Aug 25 18:13:10 2018 -0700 Merge tag 'libnvdimm-for-4.19_misc' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm updates from Dave Jiang: "Collection of misc libnvdimm patches for 4.19 submission: - Adding support to read locked nvdimm capacity. - Change test code to make DSM failure code injection an override. - Add support for calculate maximum contiguous area for namespace. - Add support for queueing a short ARS when there is on going ARS for nvdimm. - Allow NULL to be passed in to ->direct_access() for kaddr and pfn params. - Improve smart injection support for nvdimm emulation testing. - Fix test code that supports for emulating controller temperature. - Fix hang on error before devm_memremap_pages() - Fix a bug that causes user memory corruption when data returned to user for ars_status. - Maintainer updates for Ross Zwisler emails and adding Jan Kara to fsdax" * tag 'libnvdimm-for-4.19_misc' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm: libnvdimm: fix ars_status output length calculation device-dax: avoid hang on error before devm_memremap_pages() tools/testing/nvdimm: improve emulation of smart injection filesystem-dax: Do not request kaddr and pfn when not required md/dm-writecache: Don't request pointer dummy_addr when not required dax/super: Do not request a pointer kaddr when not required tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() libnvdimm, pmem: kaddr and pfn can be NULL to ->direct_access() acpi/nfit: queue issuing of ars when an uc error notification comes in libnvdimm: Export max available extent libnvdimm: Use max contiguous area for namespace size MAINTAINERS: Add Jan Kara for filesystem DAX MAINTAINERS: update Ross Zwisler's email address tools/testing/nvdimm: Fix support for emulating controller temperature tools/testing/nvdimm: Make DSM failure code injection an override acpi, nfit: Prefer _DSM over _LSR for namespace label reads libnvdimm: Introduce locked DIMM capacity support commit e75d039a54090470b7a42e803fd4f9398390f907 Author: Colin Ian King Date: Fri Aug 24 12:18:30 2018 +0100 qed: fix spelling mistake "comparsion" -> "comparison" Trivial fix to spelling mistake in DP_ERR error message Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit 2d66f997f0545c8f7fc5cf0b49af1decb35170e7 Author: Jason Wang Date: Fri Aug 24 16:53:13 2018 +0800 vhost: correctly check the iova range when waking virtqueue We don't wakeup the virtqueue if the first byte of pending iova range is the last byte of the range we just got updated. This will lead a virtqueue to wait for IOTLB updating forever. Fixing by correct the check and wake up the virtqueue in this case. Fixes: 6b1e6cc7855b ("vhost: new device IOTLB API") Reported-by: Peter Xu Signed-off-by: Jason Wang Reviewed-by: Peter Xu Tested-by: Peter Xu Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller commit 6750c87074c5b534d82fdaabb1deb45b8f1f57de Author: Manish Chopra Date: Thu Aug 23 13:20:52 2018 -0700 qlge: Fix netdev features configuration. qlge_fix_features() is not supposed to modify hardware or driver state, rather it is supposed to only fix requested fetures bits. Currently qlge_fix_features() also goes for interface down and up unnecessarily if there is not even any change in features set. This patch changes/fixes following - 1) Move reload of interface or device re-config from qlge_fix_features() to qlge_set_features(). 2) Reload of interface in qlge_set_features() only if relevant feature bit (NETIF_F_HW_VLAN_CTAG_RX) is changed. 3) Get rid of qlge_fix_features() since driver is not really required to fix any features bit. Signed-off-by: Manish Reviewed-by: Benjamin Poirier Signed-off-by: David S. Miller commit 0da70f808029476001109b6cb076737bc04cea2e Author: Anssi Hannula Date: Thu Aug 23 10:45:22 2018 +0300 net: macb: do not disable MDIO bus at open/close time macb_reset_hw() is called from macb_close() and indirectly from macb_open(). macb_reset_hw() zeroes the NCR register, including the MPE (Management Port Enable) bit. This will prevent accessing any other PHYs for other Ethernet MACs on the MDIO bus, which remains registered at macb_reset_hw() time, until macb_init_hw() is called from macb_open() which sets the MPE bit again. I.e. currently the MDIO bus has a short disruption at open time and is disabled at close time until the interface is opened again. Fix that by only touching the RE and TE bits when enabling and disabling RX/TX. v2: Make macb_init_hw() NCR write a single statement. Fixes: 6c36a7074436 ("macb: Use generic PHY layer") Signed-off-by: Anssi Hannula Reviewed-by: Claudiu Beznea Tested-by: Claudiu Beznea Signed-off-by: David S. Miller commit f7b9e8e111e0ce04ed7d1a1cb5b01b6e57775708 Author: Geert Uytterhoeven Date: Wed Aug 22 15:27:23 2018 +0200 Revert "net: stmmac: fix build failure due to missing COMMON_CLK dependency" This reverts commit bde4975310eb1982bd0bbff673989052d92fd481. All legacy clock implementations now implement clk_set_rate() (Some implementations may be dummies, though). Signed-off-by: Geert Uytterhoeven Acked-by: Arnd Bergmann Acked-by: Jose Abreu Signed-off-by: David S. Miller commit ab5f11055fdf8dfc3ddbd89e8e3cc550de41d1d3 Author: Ahmad Fatoum Date: Tue Aug 21 17:35:48 2018 +0200 net: macb: Fix regression breaking non-MDIO fixed-link PHYs commit 739de9a1563a ("net: macb: Reorganize macb_mii bringup") broke initializing macb on the EVB-KSZ9477 eval board. There, of_mdiobus_register was called even for the fixed-link representing the RGMII-link to the switch with the result that the driver attempts to enumerate PHYs on a non-existent MDIO bus: libphy: MACB_mii_bus: probed mdio_bus f0028000.ethernet-ffffffff: fixed-link has invalid PHY address mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 0 [snip] mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 31 The "MDIO" bus registration succeeds regardless, having claimed the reset GPIO, and calling of_phy_register_fixed_link later on fails because it tries to claim the same GPIO: macb f0028000.ethernet: broken fixed-link specification Fix this by registering the fixed-link before calling mdiobus_register. Fixes: 739de9a1563a ("net: macb: Reorganize macb_mii bringup") Signed-off-by: Ahmad Fatoum Signed-off-by: David S. Miller commit 602b74eda81311dbdb5dbab08c30f789f648ebdc Author: Ido Schimmel Date: Fri Aug 24 15:41:35 2018 +0300 mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge When a bridge device is removed, the VLANs are flushed from each configured port. This causes the ports to decrement the reference count on the associated FIDs (filtering identifier). If the reference count of a FID is 1 and it has a RIF (router interface), then this RIF is destroyed. However, if no port is member in the VLAN for which a RIF exists, then the RIF will continue to exist after the removal of the bridge. To reproduce: # ip link add name br0 type bridge vlan_filtering 1 # ip link set dev swp1 master br0 # ip link add link br0 name br0.10 type vlan id 10 # ip address add 192.0.2.0/24 dev br0.10 # ip link del dev br0 The RIF associated with br0.10 continues to exist. Fix this by iterating over all the bridge device uppers when it is destroyed and take care of destroying their RIFs. Fixes: 99f44bb3527b ("mlxsw: spectrum: Enable L3 interfaces on top of bridge devices") Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata Signed-off-by: David S. Miller commit b326272010b6656210193d7ab93fa184087e8ee1 Merge: 1bc276775d93 1aa55ca9b14a Author: Linus Torvalds Date: Sat Aug 25 14:12:36 2018 -0700 Merge tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC late updates from Olof Johansson: "A couple of late-merged changes that would be useful to get in this merge window: - Driver support for reset of audio complex on Meson platforms. The audio driver went in this merge window, and these changes have been in -next for a while (just not in our tree). - Power management fixes for IOMMU on Rockchip platforms, getting closer to kexec working on them, including Chromebooks. - Another pass updating "arm,psci" -> "psci" for some properties that have snuck in since last time it was done" * tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: iommu/rockchip: Move irq request past pm_runtime_enable iommu/rockchip: Handle errors returned from PM framework arm64: rockchip: Force CONFIG_PM on Rockchip systems ARM: rockchip: Force CONFIG_PM on Rockchip systems arm64: dts: Fix various entry-method properties to reflect documentation reset: imx7: Fix always writing bits as 0 reset: meson: add meson audio arb driver reset: meson: add dt-bindings for meson-axg audio arb commit 1bc276775d93faf42a3bb1c684cdb838ded8be56 Merge: b8dcdab36f53 d503ac531a52 Author: Linus Torvalds Date: Sat Aug 25 13:40:38 2018 -0700 Merge tag 'kbuild-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull more Kbuild updates from Masahiro Yamada: - add build_{menu,n,g,x}config targets for compile-testing Kconfig - fix and improve recursive dependency detection in Kconfig - fix parallel building of menuconfig/nconfig - fix syntax error in clang-version.sh - suppress distracting log from syncconfig - remove obsolete "rpm" target - remove VMLINUX_SYMBOL(_STR) macro entirely - fix microblaze build with CONFIG_DYNAMIC_FTRACE - move compiler test for dead code/data elimination to Kconfig - rename well-known LDFLAGS variable to KBUILD_LDFLAGS - misc fixes and cleanups * tag 'kbuild-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kbuild: rename LDFLAGS to KBUILD_LDFLAGS kbuild: pass LDFLAGS to recordmcount.pl kbuild: test dead code/data elimination support in Kconfig initramfs: move gen_initramfs_list.sh from scripts/ to usr/ vmlinux.lds.h: remove stale include export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR() Coccinelle: remove pci_alloc_consistent semantic to detect in zalloc-simple.cocci kbuild: make sorting initramfs contents independent of locale kbuild: remove "rpm" target, which is alias of "rpm-pkg" kbuild: Fix LOADLIBES rename in Documentation/kbuild/makefiles.txt kconfig: suppress "configuration written to .config" for syncconfig kconfig: fix "Can't open ..." in parallel build kbuild: Add a space after `!` to prevent parsing as file pattern scripts: modpost: check memory allocation results kconfig: improve the recursive dependency report kconfig: report recursive dependency involving 'imply' kconfig: error out when seeing recursive dependency kconfig: add build-only configurator targets scripts/dtc: consolidate include path options in Makefile commit b8dcdab36f5394a09b66516057cccf61a81a3877 Merge: db84abf5f807 c125311d96b1 Author: Linus Torvalds Date: Sat Aug 25 13:30:23 2018 -0700 Merge tag 'for-linus-20180825' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "A few small fixes for this merge window: - Locking imbalance fix for bcache (Shan Hai) - A few small fixes for wbt. One is a cleanup/prep, one is a fix for an existing issue, and the last two are fixes for changes that went into this merge window (me)" * tag 'for-linus-20180825' of git://git.kernel.dk/linux-block: blk-wbt: don't maintain inflight counts if disabled blk-wbt: fix has-sleeper queueing check blk-wbt: use wq_has_sleeper() for wq active check blk-wbt: move disable check into get_limit() bcache: release dc->writeback_lock properly in bch_writeback_thread() commit db84abf5f8075a739bfd73ddc432e6b8fe3ec4b6 Merge: 04faac10fcd2 6e5461d774bf Author: Linus Torvalds Date: Sat Aug 25 13:27:35 2018 -0700 Merge tag 'upstream-4.19-rc1-fix' of git://git.infradead.org/linux-ubifs Pull UBIFS fix from Richard Weinberger: "Remove an empty file from UBIFS source" * tag 'upstream-4.19-rc1-fix' of git://git.infradead.org/linux-ubifs: ubifs: Remove empty file.h commit 04faac10fcd2d0f7af8183fa02dea26919e29571 Merge: 1b2de5d039c8 7753e38286d2 Author: Linus Torvalds Date: Sat Aug 25 13:17:53 2018 -0700 Merge tag '4.19-rc-smb3' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fixes from Steve French: "Three small SMB3 fixes, one for stable" * tag '4.19-rc-smb3' of git://git.samba.org/sfrench/cifs-2.6: cifs: update internal module version number for cifs.ko to 2.12 cifs: check kmalloc before use cifs: check if SMB2 PDU size has been padded and suppress the warning cifs: create a define for how many iovs we need for an SMB2_open() commit 1b2de5d039c883c9d44ae5b2b6eca4ff9bd82dac Author: Linus Torvalds Date: Mon Jul 9 13:19:49 2018 -0700 mm/cow: don't bother write protecting already write-protected pages This is not normally noticeable, but repeated forks are unnecessarily expensive because they repeatedly dirty the parent page tables during the page table copy operation. It's trivial to just avoid write protecting the page table entry if it was already not writable. This patch was inspired by https://bugzilla.kernel.org/show_bug.cgi?id=200447 which points to an ancient "waste time re-doing fork" issue in the presence of lots of signals. That bug was fixed by Eric Biederman's signal handling series culminating in commit c3ad2c3b02e9 ("signal: Don't restart fork when signals come in"), but the unnecessary work for repeated forks is still work just fixing, particularly since the fix is trivial. Cc: Eric Biederman Cc: Oleg Nesterov Cc: Andrew Morton Signed-off-by: Linus Torvalds commit e0fcfe1f1acf2f129e0809ea89b9187e89e84246 Author: Colin Ian King Date: Sat Aug 25 12:24:31 2018 +0200 hpfs: remove unnecessary checks on the value of r when assigning error code At the point where r is being checked for different values, r is always going to be equal to 2 as the previous if statements jump to end or end1 if r is not 2. Hence the assignment to err can be simplified to just err an assignment without any checks on the value or r. Detected by CoverityScan, CID#1226737 ("Logically dead code") Signed-off-by: Colin Ian King Reviewed-by: Mikulas Patocka Signed-off-by: Linus Torvalds commit 7634ccd2da9734975cf7ce25139a7d4e8575b048 Author: Jens Axboe Date: Sat Aug 25 10:10:33 2018 -0600 libata: maintainership update Tejun Heo wrote: > > I asked Jens whether he could take care of the libata tree and he > thankfully agreed, so, from now on, Jens will be the libata > maintainer. > > Thanks a lot! Thanks for your work in this area. I still remember the first linux storage summit we did in Vancouver 2001, Tejun was invited to talk about his libata error handling work. Before that, it was basically a crap shoot if we recovered properly or not... A lot of water has flown under the bridge since then! Here's an "official" patch. Linus, can you apply it? Signed-off-by: Jens Axboe Signed-off-by: Linus Torvalds commit 3d7c82060d1fe65bde4023aac41a0b1bd7718e07 Author: Srikanth Jampala Date: Wed Aug 22 12:40:52 2018 +0530 crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Earlier used to post the current command without checking queue full after backlog submissions. So, post the current command only after confirming the space in queue after backlog submissions. Maintain host write index instead of reading device registers to get the next free slot to post the command. Return -ENOSPC in queue full case. Signed-off-by: Srikanth Jampala Reviewed-by: Gadam Sreerama Tested-by: Jha, Chandan Signed-off-by: Herbert Xu commit 0522236d4f9c5ab2e79889cb020d1acbe5da416e Author: Ondrej Mosnacek Date: Wed Aug 22 08:26:31 2018 +0200 crypto: vmx - Fix sleep-in-atomic bugs This patch fixes sleep-in-atomic bugs in AES-CBC and AES-XTS VMX implementations. The problem is that the blkcipher_* functions should not be called in atomic context. The bugs can be reproduced via the AF_ALG interface by trying to encrypt/decrypt sufficiently large buffers (at least 64 KiB) using the VMX implementations of 'cbc(aes)' or 'xts(aes)'. Such operations then trigger BUG in crypto_yield(): [ 891.863680] BUG: sleeping function called from invalid context at include/crypto/algapi.h:424 [ 891.864622] in_atomic(): 1, irqs_disabled(): 0, pid: 12347, name: kcapi-enc [ 891.864739] 1 lock held by kcapi-enc/12347: [ 891.864811] #0: 00000000f5d42c46 (sk_lock-AF_ALG){+.+.}, at: skcipher_recvmsg+0x50/0x530 [ 891.865076] CPU: 5 PID: 12347 Comm: kcapi-enc Not tainted 4.19.0-0.rc0.git3.1.fc30.ppc64le #1 [ 891.865251] Call Trace: [ 891.865340] [c0000003387578c0] [c000000000d67ea4] dump_stack+0xe8/0x164 (unreliable) [ 891.865511] [c000000338757910] [c000000000172a58] ___might_sleep+0x2f8/0x310 [ 891.865679] [c000000338757990] [c0000000006bff74] blkcipher_walk_done+0x374/0x4a0 [ 891.865825] [c0000003387579e0] [d000000007e73e70] p8_aes_cbc_encrypt+0x1c8/0x260 [vmx_crypto] [ 891.865993] [c000000338757ad0] [c0000000006c0ee0] skcipher_encrypt_blkcipher+0x60/0x80 [ 891.866128] [c000000338757b10] [c0000000006ec504] skcipher_recvmsg+0x424/0x530 [ 891.866283] [c000000338757bd0] [c000000000b00654] sock_recvmsg+0x74/0xa0 [ 891.866403] [c000000338757c10] [c000000000b00f64] ___sys_recvmsg+0xf4/0x2f0 [ 891.866515] [c000000338757d90] [c000000000b02bb8] __sys_recvmsg+0x68/0xe0 [ 891.866631] [c000000338757e30] [c00000000000bbe4] system_call+0x5c/0x70 Fixes: 8c755ace357c ("crypto: vmx - Adding CBC routines for VMX module") Fixes: c07f5d3da643 ("crypto: vmx - Adding support for XTS") Cc: stable@vger.kernel.org Signed-off-by: Ondrej Mosnacek Signed-off-by: Herbert Xu commit c2b24c36e0a30ebd8fc7d068da7f0451f2c05c76 Author: Ard Biesheuvel Date: Mon Aug 20 16:58:34 2018 +0200 crypto: arm64/aes-gcm-ce - fix scatterwalk API violation Commit 71e52c278c54 ("crypto: arm64/aes-ce-gcm - operate on two input blocks at a time") modified the granularity at which the AES/GCM code processes its input to allow subsequent changes to be applied that improve performance by using aggregation to process multiple input blocks at once. For this reason, it doubled the algorithm's 'chunksize' property to 2 x AES_BLOCK_SIZE, but retained the non-SIMD fallback path that processes a single block at a time. In some cases, this violates the skcipher scatterwalk API, by calling skcipher_walk_done() with a non-zero residue value for a chunk that is expected to be handled in its entirety. This results in a WARN_ON() to be hit by the TLS self test code, but is likely to break other user cases as well. Unfortunately, none of the current test cases exercises this exact code path at the moment. Fixes: 71e52c278c54 ("crypto: arm64/aes-ce-gcm - operate on two ...") Reported-by: Vakul Garg Signed-off-by: Ard Biesheuvel Tested-by: Vakul Garg Signed-off-by: Herbert Xu commit e5b954e8d11fdde55eed35017370a3a0d8837754 Author: Dave Watson Date: Wed Aug 15 10:29:42 2018 -0700 crypto: aesni - Use unaligned loads from gcm_context_data A regression was reported bisecting to 1476db2d12 "Move HashKey computation from stack to gcm_context". That diff moved HashKey computation from the stack, which was explicitly aligned in the asm, to a struct provided from the C code, depending on AESNI_ALIGN_ATTR for alignment. It appears some compilers may not align this struct correctly, resulting in a crash on the movdqa instruction when attempting to encrypt or decrypt data. Fix by using unaligned loads for the HashKeys. On modern hardware there is no perf difference between the unaligned and aligned loads. All other accesses to gcm_context_data already use unaligned loads. Reported-by: Mauro Rossi Fixes: 1476db2d12 ("Move HashKey computation from stack to gcm_context") Cc: Signed-off-by: Dave Watson Signed-off-by: Herbert Xu commit 65b2c12dcdb883fc015c0ec65d6c2f857e0456ac Author: Ganesh Goudar Date: Fri Aug 10 18:27:41 2018 +0530 crypto: chtls - fix null dereference chtls_free_uld() call chtls_free_uld() only for the initialized cdev, this fixes NULL dereference in chtls_free_uld() Signed-off-by: Ganesh Goudar Signed-off-by: Atul Gupta Signed-off-by: Herbert Xu commit 7fa885e2a22fd0f91a2c23d9275f5021f618ff5a Author: Ard Biesheuvel Date: Tue Aug 7 23:18:36 2018 +0200 crypto: arm64/sm4-ce - check for the right CPU feature bit ARMv8.2 specifies special instructions for the SM3 cryptographic hash and the SM4 symmetric cipher. While it is unlikely that a core would implement one and not the other, we should only use SM4 instructions if the SM4 CPU feature bit is set, and we currently check the SM3 feature bit instead. So fix that. Fixes: e99ce921c468 ("crypto: arm64 - add support for SM4...") Cc: Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu commit f1bf9e60a0779ec97de9ecdc353e1d01cdd73f43 Author: Horia Geantă Date: Mon Aug 6 15:29:55 2018 +0300 crypto: caam - fix DMA mapping direction for RSA forms 2 & 3 Crypto engine needs some temporary locations in external memory for running RSA decrypt forms 2 and 3 (CRT). These are named "tmp1" and "tmp2" in the PDB. Update DMA mapping direction of tmp1 and tmp2 from TO_DEVICE to BIDIRECTIONAL, since engine needs r/w access. Cc: # 4.13+ Fixes: 52e26d77b8b3 ("crypto: caam - add support for RSA key form 2") Fixes: 4a651b122adb ("crypto: caam - add support for RSA key form 3") Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu commit ad876a18048f43b1f66f5d474b7598538668c5de Author: Horia Geantă Date: Mon Aug 6 15:29:39 2018 +0300 crypto: caam/qi - fix error path in xts setkey xts setkey callback returns 0 on some error paths. Fix this by returning -EINVAL. Cc: # 4.12+ Fixes: b189817cf789 ("crypto: caam/qi - add ablkcipher and authenc algorithms") Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu commit cc98963dbaaea93d17608641b8d6942a5327fc31 Author: Horia Geantă Date: Mon Aug 6 15:29:09 2018 +0300 crypto: caam/jr - fix descriptor DMA unmapping Descriptor address needs to be swapped to CPU endianness before being DMA unmapped. Cc: # 4.8+ Fixes: 261ea058f016 ("crypto: caam - handle core endianness != caam endianness") Reported-by: Laurentiu Tudor Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu commit 757ab15c3f4968b5a29caf3fe8b67660ce84c3cd Author: Rafael J. Wysocki Date: Tue Aug 21 10:44:10 2018 +0200 cpuidle: menu: Retain tick when shallow state is selected The case addressed by commit 5ef499cd571c (cpuidle: menu: Handle stopped tick more aggressively) in the stopped tick case is present when the tick has not been stopped yet too. Namely, if only two CPU idle states, shallow state A with target residency significantly below the tick boundary and deep state B with target residency significantly above it, are available and the predicted idle duration is above the tick boundary, but below the target residency of state B, state A will be selected and the CPU may spend indefinite amount of time in it, which is not quite energy-efficient. However, if the tick has not been stopped yet and the governor is about to select a shallow idle state for the CPU even though the idle duration predicted by it is above the tick boundary, it should be fine to wake up the CPU early, so the tick can be retained then and the governor will have a chance to select a deeper state when it runs next time. [Note that when this really happens, it will make the idle duration predictor believe that the CPU might be idle longer than predicted, which will make it more likely to predict longer idle durations going forward, but that will also cause deeper idle states to be selected going forward, on average, which is what's needed here.] Fixes: 87c9fe6ee495 (cpuidle: menu: Avoid selecting shallow states with stopped tick) Reported-by: Leo Yan Cc: 4.17+ # 4.17+: 5ef499cd571c (cpuidle: menu: Handle ...) Signed-off-by: Rafael J. Wysocki commit ae923785bc3af418b913bda7f92d247255a7b541 Merge: ff0fadfffe68 07f3701387dc Author: David S. Miller Date: Fri Aug 24 23:40:38 2018 -0700 Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates 2018-08-24 This series contains fixes to e1000, igb, ixgb, ixgbe and i40e. YueHaibing from Huawei provides a change to use dma_zalloc_coherent() instead of calls to allocator followed by a memset for ixgb. Bo Chen provides a couple of fixes for e1000, first by adding a check to prevent a NULL pointer dereference. The second change is to clean up a possible resource leak on old transmit and receive rings when the device is not up. Jesus fixes an issue in the usage of an advanced transmit context descriptor for retrieving the timestamp of a packet for AF_PACKET if the IGB_TX_FLAGS_VLAN is not set in igb. Jia-Ju Bai provides several patches which replace GFP_ATOMIC with GFP_KERNEL, when using kzalloc() and kcalloc() which is not necessary. Also found an instance of mdelay() call which could be replaced with msleep(). Tony fixes ixgbe to allow MTU changes with XDP, by adding checks to ensure only supported values and return -EINVAL for when it is not supported. Sebastian fixed an issue that was not clearing VF mailbox memory and ensure queues are re-enabled correctly. Martyna fixes a transmit timeout when DCB is configured when bringing up an interface. Jake fixes a previous commit which accidentally reversed the check of the data pointer, so we can accurately count the size of the stats. ==================== Signed-off-by: David S. Miller commit 0519359784328bfa92bf0931bf0cff3b58c16932 Merge: 596766102a3a 2d17f460c5d7 Author: Linus Torvalds Date: Fri Aug 24 13:20:33 2018 -0700 Merge branch 'for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata Pull libata updates from Tejun Heo: "Nothing too interesting. Mostly ahci and ahci_platform changes, many around power management" * 'for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: (22 commits) ata: ahci_platform: enable to get and control reset ata: libahci_platform: add reset control support ata: add an extra argument to ahci_platform_get_resources() ata: sata_rcar: Add r8a77965 support ata: sata_rcar: exclude setting of PHY registers in Gen3 ata: sata_rcar: really mask all interrupts on Gen2 and later Revert "ata: ahci_platform: allow disabling of hotplug to save power" ata: libahci: Allow reconfigure of DEVSLP register ata: libahci: Correct setting of DEVSLP register ata: ahci: Enable DEVSLP by default on x86 with SLP_S0 ata: ahci: Support state with min power but Partial low power state Revert "ata: ahci_platform: convert kcalloc to devm_kcalloc" ata: sata_rcar: Add rudimentary Runtime PM support ata: sata_rcar: Provide a short-hand for &pdev->dev ata: Only output sg element mapped number in verbose debug ata: Guard ata_scsi_dump_cdb() by ATA_VERBOSE_DEBUG ata: ahci_platform: convert kcalloc to devm_kcalloc ata: ahci_platform: convert kzallloc to kcalloc ata: ahci_platform: correct parameter documentation for ahci_platform_shutdown libata: remove ata_sff_data_xfer_noirq() ... commit 596766102a3a37ba20c4d9a4130a8a4b42b34646 Merge: 9022ada8ab6f e4f8d81c738d Author: Linus Torvalds Date: Fri Aug 24 13:19:27 2018 -0700 Merge branch 'for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup Pull cgroup updates from Tejun Heo: "Just one commit from Steven to take out spin lock from trace event handlers" * 'for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: cgroup/tracing: Move taking of spin lock out of trace event handlers commit 9022ada8ab6f1f1a932a3c93815061042e6548a5 Merge: 18b8bfdfbae5 87915adc3f0a Author: Linus Torvalds Date: Fri Aug 24 13:16:36 2018 -0700 Merge branch 'for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq Pull workqueue updates from Tejun Heo: "Over the lockdep cross-release churn, workqueue lost some of the existing annotations. Johannes Berg restored it and also improved them" * 'for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: workqueue: re-add lockdep dependencies for flushing workqueue: skip lockdep wq dependency in cancel_work_sync() commit 18b8bfdfbae5821a7df691bc1e542bbab6c31e9c Merge: d972604f6f87 6488a7f35eea Author: Linus Torvalds Date: Fri Aug 24 13:10:38 2018 -0700 Merge tag 'iommu-updates-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull IOMMU updates from Joerg Roedel: - PASID table handling updates for the Intel VT-d driver. It implements a global PASID space now so that applications usings multiple devices will just have one PASID. - A new config option to make iommu passthroug mode the default. - New sysfs attribute for iommu groups to export the type of the default domain. - A debugfs interface (for debug only) usable by IOMMU drivers to export internals to user-space. - R-Car Gen3 SoCs support for the ipmmu-vmsa driver - The ARM-SMMU now aborts transactions from unknown devices and devices not attached to any domain. - Various cleanups and smaller fixes all over the place. * tag 'iommu-updates-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: (42 commits) iommu/omap: Fix cache flushes on L2 table entries iommu: Remove the ->map_sg indirection iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel iommu/arm-smmu-v3: Prevent any devices access to memory without registration iommu/ipmmu-vmsa: Don't register as BUS IOMMU if machine doesn't have IPMMU-VMSA iommu/ipmmu-vmsa: Clarify supported platforms iommu/ipmmu-vmsa: Fix allocation in atomic context iommu: Add config option to set passthrough as default iommu: Add sysfs attribyte for domain type iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register iommu/arm-smmu: Error out only if not enough context interrupts iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE iommu/io-pgtable-arm: Fix pgtable allocation in selftest iommu/vt-d: Remove the obsolete per iommu pasid tables iommu/vt-d: Apply per pci device pasid table in SVA iommu/vt-d: Allocate and free pasid table iommu/vt-d: Per PCI device pasid table interfaces iommu/vt-d: Add for_each_device_domain() helper iommu/vt-d: Move device_domain_info to header iommu/vt-d: Apply global PASID in SVA ... commit d972604f6f87478212f012af5560c4fd4bb2b01d Merge: 57bb8e37d71e d7a4303b8d1f Author: Linus Torvalds Date: Fri Aug 24 13:03:51 2018 -0700 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux Pull thermal management updates from Zhang Rui: - Add Daniel Lezcano as the reviewer of thermal framework and SoC driver changes (Daniel Lezcano). - Fix a bug in intel_dts_soc_thermal driver, which does not translate IO-APIC GSI (Global System Interrupt) into Linux irq number (Hans de Goede). - For device tree bindings, allow cooling devices sharing same trip point with same contribution value to share cooling map (Viresh Kumar). * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: dt-bindings: thermal: Allow multiple devices to share cooling map MAINTAINERS: Add Daniel Lezcano as designated reviewer for thermal Thermal: Intel SoC DTS: Translate IO-APIC GSI number to linux irq number commit 57bb8e37d71eac45b6ea9180698a9cc3db945e26 Merge: aa5b1054badb c037bd615885 Author: Linus Torvalds Date: Fri Aug 24 13:00:33 2018 -0700 Merge tag 'apparmor-pr-2018-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor Pull apparmor updates from John Johansen: "There is nothing major this time just four bug fixes and a patch to remove some dead code: Cleanups: - remove no-op permission check in policy_unpack Bug fixes: - fix an error code in __aa_create_ns() - fix failure to audit context info in build_change_hat - check buffer bounds when mapping permissions mask - fully initialize aa_perms struct when answering userspace query" * tag 'apparmor-pr-2018-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: apparmor: remove no-op permission check in policy_unpack apparmor: fix an error code in __aa_create_ns() apparmor: Fix failure to audit context info in build_change_hat apparmor: Fully initialize aa_perms struct when answering userspace query apparmor: Check buffer bounds when mapping permissions mask commit aa5b1054badb60191f6a09e7ef65beacf837c5d4 Merge: e1dbc5a41051 0f52b3a00c78 Author: Linus Torvalds Date: Fri Aug 24 09:34:23 2018 -0700 Merge tag 'powerpc-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: - An implementation for the newly added hv_ops->flush() for the OPAL hvc console driver backends, I forgot to apply this after merging the hvc driver changes before the merge window. - Enable all PCI bridges at boot on powernv, to avoid races when multiple children of a bridge try to enable it simultaneously. This is a workaround until the PCI core can be enhanced to fix the races. - A fix to query PowerVM for the correct system topology at boot before initialising sched domains, seen in some configurations to cause broken scheduling etc. - A fix for pte_access_permitted() on "nohash" platforms. - Two commits to fix SIGBUS when using remap_pfn_range() seen on Power9 due to a workaround when using the nest MMU (GPUs, accelerators). - Another fix to the VFIO code used by KVM, the previous fix had some bugs which caused guests to not start in some configurations. - A handful of other minor fixes. Thanks to: Aneesh Kumar K.V, Benjamin Herrenschmidt, Christophe Leroy, Hari Bathini, Luke Dashjr, Mahesh Salgaonkar, Nicholas Piggin, Paul Mackerras, Srikar Dronamraju. * tag 'powerpc-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/mce: Fix SLB rebolting during MCE recovery path. KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages powerpc/mm/radix: Only need the Nest MMU workaround for R -> RW transition powerpc/mm/books3s: Add new pte bit to mark pte temporarily invalid. powerpc/nohash: fix pte_access_permitted() powerpc/topology: Get topology for shared processors at boot powerpc64/ftrace: Include ftrace.h needed for enable/disable calls powerpc/powernv/pci: Work around races in PCI bridge enabling powerpc/fadump: cleanup crash memory ranges support powerpc/powernv: provide a console flush operation for opal hvc driver powerpc/traps: Avoid rate limit messages from show unhandled signals powerpc/64s: Fix PACA_IRQ_HARD_DIS accounting in idle_power4() commit e1dbc5a41051d4791160727829903ec5169c7152 Merge: 40c431a5a5c2 4ec84835900b Author: Linus Torvalds Date: Fri Aug 24 09:31:34 2018 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 updates from Martin Schwidefsky: - A couple of patches for the zcrypt driver: + Add two masks to determine which AP cards and queues are host devices, this will be useful for KVM AP device passthrough + Add-on patch to improve the parsing of the new apmask and aqmask + Some code beautification - Second try to reenable the GCC plugins, the first patch set had a patch to do this but the merge somehow missed this - Remove the s390 specific GCC version check and use the generic one - Three patches for kdump, two bug fixes and one cleanup - Three patches for the PCI layer, one bug fix and two cleanups * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390: remove gcc version check (4.3 or newer) s390/zcrypt: hex string mask improvements for apmask and aqmask. s390/zcrypt: AP bus support for alternate driver(s) s390/zcrypt: code beautify s390/zcrypt: switch return type to bool for ap_instructions_available() s390/kdump: Remove kzalloc_panic s390/kdump: Fix memleak in nt_vmcoreinfo s390/kdump: Make elfcorehdr size calculation ABI compliant s390/pci: remove fmb address from debug output s390/pci: remove stale rc s390/pci: fix out of bounds access during irq setup s390/zcrypt: fix ap_instructions_available() returncodes s390: reenable gcc plugins for real commit 40c431a5a5c2333079c67b03de6c0470e8306374 Merge: 4def1963608e f5d707ede37a Author: Linus Torvalds Date: Fri Aug 24 09:29:44 2018 -0700 Merge tag 'acpi-4.19-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI Kconfig fix from Rafael Wysocki: "Fix recent menuconfig breakage causing it to present ACPI-specific options incorrectly (Arnd Bergmann)" * tag 'acpi-4.19-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI: fix menuconfig presentation of ACPI submenu commit 4def1963608ed2b61aca5b52fdedb4ca2798820c Merge: 5e8704ac1cfa 82c9a927bc5d Author: Linus Torvalds Date: Fri Aug 24 09:25:39 2018 -0700 Merge branch 'userns-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull namespace fixes from Eric Biederman: "This is a set of four fairly obvious bug fixes: - a switch from d_find_alias to d_find_any_alias because the xattr code perversely takes a dentry - two mutex vs copy_to_user fixes from Jann Horn - a fix to use a sanitized size not the size userspace passed in from Christian Brauner" * 'userns-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: getxattr: use correct xattr length sys: don't hold uts_sem while accessing userspace memory userns: move user access out of the mutex cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() commit 5e8704ac1cfa9fceef94fcc457e18613b1589b34 Merge: 019cddc88f9e 3e20e97c2d55 Author: Linus Torvalds Date: Fri Aug 24 09:22:54 2018 -0700 Merge tag 'drm-next-2018-08-24' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "Just a couple of fixes" One MAINTAINERS address change, two panels fixes, and set of amdgpu fixes (build fixes, display fixes and some others)" * tag 'drm-next-2018-08-24' of git://anongit.freedesktop.org/drm/drm: drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 drm/amd/display: Don't build DCN1 when kcov is enabled Revert "drm/amdgpu/display: Replace CONFIG_DRM_AMD_DC_DCN1_0 with CONFIG_X86" drm/amdgpu/display: disable eDP fast boot optimization on DCE8 drm/amdgpu: fix amdgpu_amdkfd_remove_eviction_fence v3 drm/amdgpu: fix incorrect use of drm_file->pid drm/amdgpu: fix incorrect use of fcheck drm/powerplay: enable dpm under pass-through drm/amdgpu: access register without KIQ drm/amdgpu: set correct base for THM/NBIF/MP1 IP drm/amd/display: fix dentist did ranges drm/amd/display: make dp_ss_off optional drm/amd/display: fix dp_ss_control vbios flag parsing drm/amd/display: Do not retain link settings MAINTAINERS: drm-misc: Change seanpaul's email address drm/panel: simple: tv123wam: Add unprepare delay commit a296b16270ab8d3b1c2a41ca1dd4d2fc34b598d9 Author: Rex Zhu Date: Thu Aug 16 11:36:38 2018 +0800 drm/amd/display: Fix bug use wrong pp interface Used wrong pp interface, the original interface is exposed by dpm on SI and paritial CI. Pointed out by Francis David v2: dal only need to set min_dcefclk and min_fclk to smu. so use display_clock_voltage_request interface, instand of update all display configuration. Acked-by: Alex Deucher Signed-off-by: Rex Zhu Signed-off-by: Alex Deucher commit 019cddc88f9e4ae0de2c76802f7137210c2101aa Merge: d002924f934a 00efcdce67a3 Author: Linus Torvalds Date: Fri Aug 24 08:57:26 2018 -0700 Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull second i2c update from Wolfram Sang: "As promised, here is my 2nd pull request for I2C, containing: - removal of the attach_adapter callback, converting its last user - removal of any __deprecated usage within I2C - one email address update - some SPDX conversion" * 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: don't use any __deprecated handling anymore i2c: use SPDX identifier for Renesas drivers i2c: ocores: update my email address i2c: remove deprecated attach_adapter callback macintosh: therm_windtunnel: drop using attach_adapter commit 07f3701387dcab3a4fb0166098fb2754a1b927e1 Author: Jacob Keller Date: Mon Aug 20 08:12:27 2018 -0700 i40e: fix condition of WARN_ONCE for stat strings Commit 9b10df596bd4 ("i40e: use WARN_ONCE to replace the commented BUG_ON size check") introduced a warning check to make sure that the size of the stat strings was always the expected value. This code accidentally inverted the check of the data pointer. Fix this so that we accurately count the size of the stats we copied in. This fixes an erroneous WARN kernel splat that occurs when requesting ethtool statistics. Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Tested-by: Mauro S M Rodrigues Signed-off-by: Jeff Kirsher commit fa38e30ac73fbb01d7e5d0fd1b12d412fa3ac3ee Author: Martyna Szapar Date: Tue Aug 7 17:11:23 2018 -0700 i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled If interface is connected to switch port configured for DCB there are TX timeouts when bringing up interface. Problem started appearing after adding in i40e driver code mqprio hardware offload mode. In function i40e_vsi_configure_bw_alloc was added resetting BW rate which should be executing when mqprio qdisc is removed but was also when there was no mqprio qdisc added and DCB was enabled. In this patch was added additional check for DCB flag so now when DCB is enabled the correct DCB configs from before mqprio patch are restored. Signed-off-by: Martyna Szapar Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit 939b701ad63314f5aa90dcd3d866f73954945209 Author: Sebastian Basierski Date: Tue Jul 31 18:16:00 2018 +0200 ixgbe: fix driver behaviour after issuing VFLR Since VFLR doesn't clear VFMBMEM (VF Mailbox Memory) and is not re-enabling queues correctly we should fix this behavior. Signed-off-by: Sebastian Basierski Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit fabf1bce103aa8e3db27ff2cc55f8e0fb0abcc30 Author: Tony Nguyen Date: Mon Jul 30 15:52:48 2018 -0700 ixgbe: Prevent unsupported configurations with XDP These changes address comments by Jakub Kicinski on commit 38b7e7f8ae82 ("ixgbe: Do not allow LRO or MTU change with XDP"). Change the MTU check with XDP to allow any supported value and only reject those outside of the range as opposed to rejecting any change when XDP is active. In situations where MTU size is not supported, return -EINVAL instead of -EPERM. Add checks when enabling SRIOV, DCB, or adding L2FW offloaded device as they are not supported with XDP. CC: Jakub Kicinski Signed-off-by: Tony Nguyen Acked-by: Jakub Kicinski Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit 374f78f75be98c72876a4d0311b278cd226effba Author: Jia-Ju Bai Date: Fri Jul 27 16:22:31 2018 +0800 ixgbe: Replace GFP_ATOMIC with GFP_KERNEL ixgbe_fcoe_ddp_setup(), ixgbe_setup_fcoe_ddp_resources() and ixgbe_sw_init() are never called in atomic context. They call kmalloc(), dma_pool_alloc() and kzalloc() with GFP_ATOMIC, which is not necessary. GFP_ATOMIC can be replaced with GFP_KERNEL. This is found by a static analysis tool named DCNS written by myself. Signed-off-by: Jia-Ju Bai Acked-by: Sebastian Basierski Signed-off-by: Jeff Kirsher commit 69a64658de502c8ca383fe2c5a5208f00b5844cd Author: Jia-Ju Bai Date: Fri Jul 27 16:07:38 2018 +0800 igb: Replace mdelay() with msleep() in igb_integrated_phy_loopback() igb_integrated_phy_loopback() is never called in atomic context. It calls mdelay() to busily wait, which is not necessary. mdelay() can be replaced with msleep(). This is found by a static analysis tool named DCNS written by myself. Signed-off-by: Jia-Ju Bai Tested-by: Aaron Brown Signed-off-by: Jeff Kirsher commit 151356270b0761e455ed82bba3353fb494451555 Author: Jia-Ju Bai Date: Fri Jul 27 16:04:53 2018 +0800 igb: Replace GFP_ATOMIC with GFP_KERNEL in igb_sw_init() igb_sw_init() is never called in atomic context. It calls kzalloc() and kcalloc() with GFP_ATOMIC, which is not necessary. GFP_ATOMIC can be replaced with GFP_KERNEL. This is found by a static analysis tool named DCNS written by myself. Signed-off-by: Jia-Ju Bai Tested-by: Aaron Brown Signed-off-by: Jeff Kirsher commit a798fbac33c4cbfe7d539298623b7af6c3f9525a Author: Jesus Sanchez-Palencia Date: Thu Jul 26 10:20:38 2018 -0700 igb: Use an advanced ctx descriptor for launchtime On i210, Launchtime (TxTime) requires the usage of an "Advanced Transmit Context Descriptor" for retrieving the timestamp of a packet. The igb driver correctly builds such descriptor on the segmentation flow (i.e. igb_tso()) or on the checksum one (i.e. igb_tx_csum()), but the feature is broken for AF_PACKET if the IGB_TX_FLAGS_VLAN is not set, which happens due to an early return on igb_tx_csum(). This flag is only set by the kernel when a VLAN interface is used, thus we can't just rely on it. Here we are fixing this issue by checking if launchtime is enabled for the current tx_ring before performing the early return. Signed-off-by: Jesus Sanchez-Palencia Tested-by: Aaron Brown Signed-off-by: Jeff Kirsher commit ee400a3f1bfe7004a3e14b81c38ccc5583c26295 Author: Bo Chen Date: Mon Jul 23 09:01:30 2018 -0700 e1000: ensure to free old tx/rx rings in set_ringparam() In 'e1000_set_ringparam()', the tx_ring and rx_ring are updated with new value and the old tx/rx rings are freed only when the device is up. There are resource leaks on old tx/rx rings when the device is not up. This bug is reported by COD, a tool for testing kernel module binaries I am building. This patch fixes the bug by always calling 'kfree()' on old tx/rx rings in 'e1000_set_ringparam()'. Signed-off-by: Bo Chen Reviewed-by: Alexander Duyck Tested-by: Aaron Brown Signed-off-by: Jeff Kirsher commit cf1acec008f8d7761aa3fd7c4bca7e17b2d2512d Author: Bo Chen Date: Mon Jul 23 09:01:29 2018 -0700 e1000: check on netif_running() before calling e1000_up() When the device is not up, the call to 'e1000_up()' from the error handling path of 'e1000_set_ringparam()' causes a kernel oops with a null-pointer dereference. The null-pointer dereference is triggered in function 'e1000_alloc_rx_buffers()' at line 'buffer_info = &rx_ring->buffer_info[i]'. This bug was reported by COD, a tool for testing kernel module binaries I am building. This bug was also detected by KFI from Dr. Kai Cong. This patch fixes the bug by checking on 'netif_running()' before calling 'e1000_up()' in 'e1000_set_ringparam()'. Signed-off-by: Bo Chen Acked-by: Alexander Duyck Tested-by: Aaron Brown Signed-off-by: Jeff Kirsher commit a9910c0886470b659a6c3629d6467d5639c327e9 Author: YueHaibing Date: Thu Jul 19 22:04:07 2018 +0800 ixgb: use dma_zalloc_coherent instead of allocator/memset Use dma_zalloc_coherent instead of dma_alloc_coherent followed by memset 0. Signed-off-by: YueHaibing Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit 1aa55ca9b14af6cfd987ce4fdaf548f7067a5d07 Author: Marc Zyngier Date: Fri Aug 24 16:06:37 2018 +0100 iommu/rockchip: Move irq request past pm_runtime_enable Enabling the interrupt early, before power has been applied to the device, can result in an interrupt being delivered too early if: - the IOMMU shares an interrupt with a VOP - the VOP has a pending interrupt (after a kexec, for example) In these conditions, we end-up taking the interrupt without the IOMMU being ready to handle the interrupt (not powered on). Moving the interrupt request past the pm_runtime_enable() call makes sure we can at least access the IOMMU registers. Note that this is only a partial fix, and that the VOP interrupt will still be screaming until the VOP driver kicks in, which advocates for a more synchronized interrupt enabling/disabling approach. Fixes: 0f181d3cf7d98 ("iommu/rockchip: Add runtime PM support") Reviewed-by: Heiko Stuebner Signed-off-by: Marc Zyngier Signed-off-by: Olof Johansson commit 3fc7c5c0cff3150e471f5fd12f59971c6d2c6513 Author: Marc Zyngier Date: Fri Aug 24 16:06:36 2018 +0100 iommu/rockchip: Handle errors returned from PM framework pm_runtime_get_if_in_use can fail: either PM has been disabled altogether (-EINVAL), or the device hasn't been enabled yet (0). Sadly, the Rockchip IOMMU driver tends to conflate the two things by considering a non-zero return value as successful. This has the consequence of hiding other bugs, so let's handle this case throughout the driver, with a WARN_ON_ONCE so that we can try and work out what happened. Fixes: 0f181d3cf7d98 ("iommu/rockchip: Add runtime PM support") Reviewed-by: Heiko Stuebner Signed-off-by: Marc Zyngier Signed-off-by: Olof Johansson commit 7db7a8f5638a2ffe0c0c0d55b5186b6191fd6af7 Author: Marc Zyngier Date: Fri Aug 24 16:06:35 2018 +0100 arm64: rockchip: Force CONFIG_PM on Rockchip systems A number of the Rockchip-specific drivers (IOMMU, display controllers) are now assuming that CONFIG_PM is set, and may completely misbehave if that's not the case. Since there is hardly any reason for this configuration option not to be selected anyway, let's require it (in the same way Tegra already does). Signed-off-by: Marc Zyngier Signed-off-by: Olof Johansson commit d1558dfd9f22c99a5b8e1354ad881ee40749da89 Author: Marc Zyngier Date: Fri Aug 24 16:06:34 2018 +0100 ARM: rockchip: Force CONFIG_PM on Rockchip systems A number of the Rockchip-specific drivers (IOMMU, display controllers) are now assuming that CONFIG_PM is set, and may completely misbehave if that's not the case. Since there is hardly any reason for this configuration option not to be selected anyway, let's require it (in the same way Tegra already does). Signed-off-by: Marc Zyngier Signed-off-by: Olof Johansson commit e9880240e4f4efe40bb47aba3b6602cff2a76b1e Author: Amit Kucheria Date: Thu Aug 23 14:23:29 2018 +0530 arm64: dts: Fix various entry-method properties to reflect documentation The idle-states binding documentation[1] mentions that the 'entry-method' property is required on 64-bit platforms and must be set to "psci". commit a13f18f59d26 ("Documentation: arm: Fix typo in the idle-states bindings examples") attempted to fix this earlier but clearly more is needed. Fix the cpu-capacity.txt documentation that uses the incorrect value so we don't get copy-paste errors like these. Clarify the language in idle-states.txt by removing the reference to the psci bindings that might be causing this confusion. Finally, fix devicetrees of various boards to reflect current documentation. [1] Documentation/devicetree/bindings/arm/idle-states.txt (see idle-states node) Signed-off-by: Amit Kucheria Acked-by: Sudeep Holla Acked-by: Li Yang Signed-off-by: Olof Johansson commit 5920cce8569e36ffe966959833e0eeb80a91638c Merge: c37aad3612c4 26fce0557fa6 Author: Olof Johansson Date: Fri Aug 24 08:49:57 2018 -0700 Merge tag 'reset-fixes-for-4.18' of git://git.pengutronix.de/git/pza/linux into next/late Reset controller fixes for v4.18 This tag fixes reset assertion on i.MX7 for all non-inverted reset control bits. Currently only PCIE controller and PHY resets are used. * tag 'reset-fixes-for-4.18' of git://git.pengutronix.de/git/pza/linux: reset: imx7: Fix always writing bits as 0 Signed-off-by: Olof Johansson commit c37aad3612c4a9e01ca69ad07b8ca41dbd222c46 Merge: 29ed45fff058 d903779b58be Author: Olof Johansson Date: Fri Aug 24 08:49:48 2018 -0700 Merge tag 'reset-for-4.19-2' of git://git.pengutronix.de/git/pza/linux into next/late Reset controller changes for v4.19, part 2 This adds a single new driver for the Amlogic Meson Audio Memory Arbiter resets. * tag 'reset-for-4.19-2' of git://git.pengutronix.de/git/pza/linux: reset: meson: add meson audio arb driver reset: meson: add dt-bindings for meson-axg audio arb Signed-off-by: Olof Johansson commit d002924f934ad4d249f6716680433c912831d046 Merge: 33e17876ea4e 864d39df09b4 Author: Linus Torvalds Date: Fri Aug 24 08:45:19 2018 -0700 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio updates from Michael Tsirkin: "virtio, vhost: fixes, tweaks No new features but a bunch of tweaks such as switching balloon from oom notifier to shrinker" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: vhost/scsi: increase VHOST_SCSI_PREALLOC_PROT_SGLS to 2048 vhost: allow vhost-scsi driver to be built-in virtio: pci-legacy: Validate queue pfn virtio: mmio-v1: Validate queue PFN virtio_balloon: replace oom notifier with shrinker virtio-balloon: kzalloc the vb struct virtio-balloon: remove BUG() in init_vqs commit 00efcdce67a365ec1881a6fbf17f769d690244e9 Author: Sedat Dilek Date: Sun Aug 19 15:51:35 2018 +0200 i2c: don't use any __deprecated handling anymore This can be dropped with commit 771c035372a036f83353eef46dbb829780330234 ("deprecate the '__deprecated' attribute warnings entirely and for good") now in upstream. And we got rid of the last __deprecated use, too. Signed-off-by: Sedat Dilek [wsa: shortened commit message to reflect the current situation] Signed-off-by: Wolfram Sang commit 20b420dc42629f115a0339a2474aec419ea32ea0 Merge: f19f5c49bbc3 4110b5cbb014 Author: Thomas Gleixner Date: Fri Aug 24 16:06:42 2018 +0200 Merge tag 'irqchip-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent Pull irqchip updates for 4.19, take #2 from Marc Zyngier: - bcm7038: compilation fix for !SMP - stm32: fix teardown on probe error - s3c24xx: fix compilation warning - renesas-irqc: r8a774a1 support - tango: chained irq setup simplification - gic-v3: allow wake-up sources commit 6a012288d6906fee1dbc244050ade1dafe4a9c8d Author: Vlastimil Babka Date: Thu Aug 23 16:21:29 2018 +0200 x86/speculation/l1tf: Suggest what to do on systems with too much RAM Two users have reported [1] that they have an "extremely unlikely" system with more than MAX_PA/2 memory and L1TF mitigation is not effective. Make the warning more helpful by suggesting the proper mem=X kernel boot parameter to make it effective and a link to the L1TF document to help decide if the mitigation is worth the unusable RAM. [1] https://bugzilla.suse.com/show_bug.cgi?id=1105536 Suggested-by: Michal Hocko Signed-off-by: Vlastimil Babka Acked-by: Michal Hocko Cc: "H . Peter Anvin" Cc: Linus Torvalds Cc: Andi Kleen Cc: Dave Hansen Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/966571f0-9d7f-43dc-92c6-a10eec7a1254@suse.cz commit 6055af5e1c4f8654adb766f1bf93f0e4f7c4a4f4 Author: Wolfram Sang Date: Wed Aug 22 00:02:16 2018 +0200 i2c: use SPDX identifier for Renesas drivers Signed-off-by: Wolfram Sang Reviewed-by: Simon Horman Signed-off-by: Wolfram Sang commit 5d3a01a228c703dad971cad11f14c0512c4c2713 Author: Peter Korsgaard Date: Wed Aug 22 18:16:07 2018 +0200 i2c: ocores: update my email address The old @sunsite.dk address is no longer active, so update the references. Signed-off-by: Peter Korsgaard Signed-off-by: Wolfram Sang commit 0c36dd37d5b80b43f4e3dc5a1dbfe6dbd86e8f2a Author: Wolfram Sang Date: Tue Aug 21 17:02:40 2018 +0200 i2c: remove deprecated attach_adapter callback There aren't any users left. Remove this callback from the 2.4 times. Phew, finally, that took years to reach... Signed-off-by: Wolfram Sang commit 3e7bed52719de4b5b5fb900869e293eae0bc3f3e Author: Wolfram Sang Date: Tue Aug 21 17:02:39 2018 +0200 macintosh: therm_windtunnel: drop using attach_adapter As we now have deferred probing, we can use a custom mechanism and finally get rid of the legacy interface from the i2c core. Signed-off-by: Wolfram Sang Acked-by: Michael Ellerman commit b6fdfbff078975c53383fc146a2a54985eab6b6d Author: Misono Tomohiro Date: Fri Aug 24 11:35:28 2018 +0900 btrfs: Fix suspicious RCU usage warning in btrfs_debug_in_rcu Commit 672d599041c8 ("btrfs: Use wrapper macro for rcu string to remove duplicate code") replaces some open coded RCU string handling with macro. It turns out that btrfs_debug_in_rcu() is used for the first time and the macro lacks lock/unlock of RCU string for non-debug case (i.e. when the message is not printed), leading to suspicious RCU usage warning when CONFIG_PROVE_RCU is on. Fix this by adding a wrapper to call lock/unlock for the non-debug case too. Fixes: 672d599041c8 ("btrfs: Use wrapper macro for rcu string to remove duplicate code") Reported-by: David Howells Tested-by: David Howells Signed-off-by: Misono Tomohiro Reviewed-by: David Sterba Signed-off-by: David Sterba commit 6e5461d774bf42aae622ad0f3ff53e41962f886b Author: Richard Weinberger Date: Fri Aug 24 08:55:15 2018 +0200 ubifs: Remove empty file.h This empty file sneaked into the tree by mistake. Remove it. Fixes: 6eb61d587f45 ("ubifs: Pass struct ubifs_info to ubifs_assert()") Signed-off-by: Richard Weinberger commit 5e2e2f9f76e157063a656351728703cb02b068f1 Author: Dan Carpenter Date: Thu Aug 23 16:59:25 2018 +0300 PM / clk: signedness bug in of_pm_clk_add_clks() "count" needs to be signed for the error handling to work. I made "i" signed as well so they match. Fixes: 02113ba93ea4 (PM / clk: Add support for obtaining clocks from device-tree) Cc: 4.6+ # 4.6+ Signed-off-by: Dan Carpenter Signed-off-by: Rafael J. Wysocki commit ee4af50ca94f58afc3532662779b9cf80bbe27c8 Author: Jan Kara Date: Tue Aug 21 14:52:34 2018 +0200 udf: Fix mounting of Win7 created UDF filesystems Win7 is creating UDF filesystems with single partition with number 8192. Current partition descriptor scanning code does not handle this well as it incorrectly assumes that partition numbers will form mostly contiguous space of small numbers. This results in unmountable media due to errors like: UDF-fs: error (device dm-1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 UDF-fs: warning (device dm-1): udf_fill_super: No fileset found Fix the problem by handling partition descriptors in a way that sparse partition numbering does not matter. Reported-and-tested-by: jean-luc malet CC: stable@vger.kernel.org Fixes: 7b78fd02fb19530fd101ae137a1f46aa466d9bb6 Signed-off-by: Jan Kara commit 82c82ab658655befcb6aa47cbdb98dadce1a0cfe Author: Jan Kara Date: Tue Aug 21 12:00:08 2018 +0200 udf: Remove dead code from udf_find_fileset() Remove dead code and slightly simplify code in udf_find_fileset(). Signed-off-by: Jan Kara commit 10568f6c5761db24249c610c94d6e44d5505a0ba Author: Florian Westphal Date: Wed Aug 22 11:33:27 2018 +0200 netfilter: xt_checksum: ignore gso skbs Satish Patel reports a skb_warn_bad_offload() splat caused by -j CHECKSUM rules: -A POSTROUTING -p tcp -m tcp --sport 80 -j CHECKSUM The CHECKSUM target has never worked with GSO skbs, and the above rule makes no sense as kernel will handle checksum updates on transmit. Unfortunately, there are 3rd party tools that install such rules, so we cannot reject this from the config plane without potential breakage. Amend Kconfig text to clarify that the CHECKSUM target is only useful in virtualized environments, where old dhcp clients that use AF_PACKET used to discard UDP packets with a 'bad' header checksum and add a one-time warning in case such rule isn't restricted to UDP. v2: check IP6T_F_PROTO flag before cmp (Michal Kubecek) Reported-by: Satish Patel Reported-by: Markos Chandras Reported-by: Michal Kubecek Signed-off-by: Florian Westphal Reviewed-by: Michal Kubecek Signed-off-by: Pablo Neira Ayuso commit b0a182f875689647b014bc01d36b340217792852 Author: Vlastimil Babka Date: Thu Aug 23 15:44:18 2018 +0200 x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM Two users have reported [1] that they have an "extremely unlikely" system with more than MAX_PA/2 memory and L1TF mitigation is not effective. In fact it's a CPU with 36bits phys limit (64GB) and 32GB memory, but due to holes in the e820 map, the main region is almost 500MB over the 32GB limit: [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000081effffff] usable Suggestions to use 'mem=32G' to enable the L1TF mitigation while losing the 500MB revealed, that there's an off-by-one error in the check in l1tf_select_mitigation(). l1tf_pfn_limit() returns the last usable pfn (inclusive) and the range check in the mitigation path does not take this into account. Instead of amending the range check, make l1tf_pfn_limit() return the first PFN which is over the limit which is less error prone. Adjust the other users accordingly. [1] https://bugzilla.suse.com/show_bug.cgi?id=1105536 Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") Reported-by: George Anchev Reported-by: Christopher Snowhill Signed-off-by: Vlastimil Babka Signed-off-by: Thomas Gleixner Cc: "H . Peter Anvin" Cc: Linus Torvalds Cc: Andi Kleen Cc: Dave Hansen Cc: Michal Hocko Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180823134418.17008-1-vbabka@suse.cz commit ff0fadfffe681203bfe134e1041ab6ccb4aa3dff Merge: c08eebad4ac5 785e76d7a205 Author: David S. Miller Date: Thu Aug 23 22:41:55 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Daniel Borkmann says: ==================== pull-request: bpf 2018-08-24 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Fix BPF sockmap and tls where we get a hang in do_tcp_sendpages() when sndbuf is full due to missing calls into underlying socket's sk_write_space(), from John. 2) Two BPF sockmap fixes to reject invalid parameters on map creation and to fix a map element miscount on allocation failure. Another fix for BPF hash tables to use per hash table salt for jhash(), from Daniel. 3) Fix for bpftool's command line parsing in order to terminate on bad arguments instead of keeping looping in some border cases, from Quentin. 4) Fix error value of xdp_umem_assign_dev() in order to comply with expected bind ops error codes, from Prashant. ==================== Signed-off-by: David S. Miller commit 3e20e97c2d55fb18e4b06d16478edc757483b7db Merge: 8f13b60756a1 25da75043f86 Author: Dave Airlie Date: Fri Aug 24 13:40:58 2018 +1000 Merge tag 'drm-misc-next-fixes-2018-08-23-1' of git://anongit.freedesktop.org/drm/drm-misc into drm-next - Add quirk to Lenovo B50-80 to use 6 bpc instead of 8 (Feng) Signed-off-by: Dave Airlie From: Sean Paul Link: https://patchwork.freedesktop.org/patch/msgid/20180823205434.GA137644@art_vandelay commit 33e17876ea4edcd7f5c01efa78e8d02889261abf Merge: d475fac95779 2b7403035459 Author: Linus Torvalds Date: Thu Aug 23 19:20:12 2018 -0700 Merge branch 'akpm' (patches from Andrew) Merge yet more updates from Andrew Morton: - the rest of MM - various misc fixes and tweaks * emailed patches from Andrew Morton : (22 commits) mm: Change return type int to vm_fault_t for fault handlers lib/fonts: convert comments to utf-8 s390: ebcdic: convert comments to UTF-8 treewide: convert ISO_8859-1 text comments to utf-8 drivers/gpu/drm/gma500/: change return type to vm_fault_t docs/core-api: mm-api: add section about GFP flags docs/mm: make GFP flags descriptions usable as kernel-doc docs/core-api: split memory management API to a separate file docs/core-api: move *{str,mem}dup* to "String Manipulation" docs/core-api: kill trailing whitespace in kernel-api.rst mm/util: add kernel-doc for kvfree mm/util: make strndup_user description a kernel-doc comment fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds treewide: correct "differenciate" and "instanciate" typos fs/afs: use new return type vm_fault_t drivers/hwtracing/intel_th/msu.c: change return type to vm_fault_t mm: soft-offline: close the race against page allocation mm: fix race on soft-offlining free huge pages namei: allow restricted O_CREAT of FIFOs and regular files hfs: prevent crash on exit from failed search ... commit 2b7403035459c75e193c6b04a293e518a4212de0 Author: Souptick Joarder Date: Thu Aug 23 17:01:36 2018 -0700 mm: Change return type int to vm_fault_t for fault handlers Use new return type vm_fault_t for fault handler. For now, this is just documenting that the function returns a VM_FAULT value rather than an errno. Once all instances are converted, vm_fault_t will become a distinct type. Ref-> commit 1c8f422059ae ("mm: change return type to vm_fault_t") The aim is to change the return type of finish_fault() and handle_mm_fault() to vm_fault_t type. As part of that clean up return type of all other recursively called functions have been changed to vm_fault_t type. The places from where handle_mm_fault() is getting invoked will be change to vm_fault_t type but in a separate patch. vmf_error() is the newly introduce inline function in 4.17-rc6. [akpm@linux-foundation.org: don't shadow outer local `ret' in __do_huge_pmd_anonymous_page()] Link: http://lkml.kernel.org/r/20180604171727.GA20279@jordon-HP-15-Notebook-PC Signed-off-by: Souptick Joarder Reviewed-by: Matthew Wilcox Reviewed-by: Andrew Morton Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a99237afc12ba697159ca313525dc390737dd52f Author: Arnd Bergmann Date: Thu Aug 23 17:01:32 2018 -0700 lib/fonts: convert comments to utf-8 The font files contain bit masks for characters in the cp437 character set, and comments showing what character this is supposed to be. This only makes sense when the terminal used to view the files is set to the same codepage, but all other files in the kernel now use utf-8 encoding. This changes those comments to utf-8 as well, for consistency. Link: http://lkml.kernel.org/r/20180724111600.4158975-3-arnd@arndb.de Signed-off-by: Arnd Bergmann Cc: Greg Kroah-Hartman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8f2bc80c6ef8b940b86d0ab49743443a149acf7e Author: Arnd Bergmann Date: Thu Aug 23 17:01:29 2018 -0700 s390: ebcdic: convert comments to UTF-8 The ebcdic.c file contains tables for converting between ebcdic and PC codepage 437. I could however not identify which encoding was used for the comments. This seems to be some variation of ISO_8859-1 with non-UTF-8 escape characters. I have converted this to UTF-8 by manually removing the escape characters and then running it through recode, to get the same encoding that we use for the rest of the kernel. Link: http://lkml.kernel.org/r/20180724111600.4158975-2-arnd@arndb.de Signed-off-by: Arnd Bergmann Cc: Martin Schwidefsky Cc: Heiko Carstens Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3723c63247854c97fe044c12a40e29043e9bbc1b Author: Arnd Bergmann Date: Thu Aug 23 17:01:26 2018 -0700 treewide: convert ISO_8859-1 text comments to utf-8 Almost all files in the kernel are either plain text or UTF-8 encoded. A couple however are ISO_8859-1, usually just a few characters in a C comments, for historic reasons. This converts them all to UTF-8 for consistency. Link: http://lkml.kernel.org/r/20180724111600.4158975-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Acked-by: Simon Horman [IPVS portion] Acked-by: Jonathan Cameron [IIO] Acked-by: Michael Ellerman [powerpc] Acked-by: Rob Herring Cc: Joe Perches Cc: Arnd Bergmann Cc: Samuel Ortiz Cc: "David S. Miller" Cc: Rob Herring Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 0edf68137541a58984cc3a35a193558057f035cb Author: Souptick Joarder Date: Thu Aug 23 17:01:22 2018 -0700 drivers/gpu/drm/gma500/: change return type to vm_fault_t Use new return type vm_fault_t for fault handler. For now, this is just documenting that the function returns a VM_FAULT value rather than an errno. Once all instances are converted, vm_fault_t will become a distinct type. Ref-> 1c8f422059ae ("mm: change return type to vm_fault_t") Previously vm_insert_{pfn,mixed} returns err which driver mapped into VM_FAULT_* type. The new function vmf_insert_{pfn,mixed} will replace this inefficiency by returning VM_FAULT_* type. vmf_error() is the newly introduce inline function in 4.17-rc6. Link: http://lkml.kernel.org/r/20180713154541.GA3345@jordon-HP-15-Notebook-PC Signed-off-by: Souptick Joarder Reviewed-by: Matthew Wilcox Cc: David Airlie Cc: Arnd Bergmann Cc: Greg Kroah-Hartman Cc: Patrik Jakobsson Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 038a07a5420a59f1291dcf2a506f66335ec1cf9c Author: Mike Rapoport Date: Thu Aug 23 17:01:19 2018 -0700 docs/core-api: mm-api: add section about GFP flags Link: http://lkml.kernel.org/r/1532626360-16650-8-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Reviewed-by: Andrew Morton Cc: Jonathan Corbet Cc: Matthew Wilcox Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 263fade51f7bdd5ad7ebbfe82113a44c5ea4c36c Author: Mike Rapoport Date: Thu Aug 23 17:01:15 2018 -0700 docs/mm: make GFP flags descriptions usable as kernel-doc This patch adds DOC: headings for GFP flag descriptions and adjusts the formatting to fit sphinx expectations of paragraphs. Link: http://lkml.kernel.org/r/1532626360-16650-7-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Reviewed-by: Andrew Morton Cc: Jonathan Corbet Cc: Matthew Wilcox Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 41f35b395c52c938363d41ff8db6527ff1bd7759 Author: Mike Rapoport Date: Thu Aug 23 17:01:12 2018 -0700 docs/core-api: split memory management API to a separate file This is basically copy-paste of the memory management section from kernel-api.rst with some minor adjustments: * The "User Space Memory Access" is moved to the beginning * The get_user_pages_fast reference is now a part of "User Space Memory Access" * And, of course, headings are adjusted with section being promoted to chapters Link: http://lkml.kernel.org/r/1532626360-16650-6-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Reviewed-by: Andrew Morton Cc: Jonathan Corbet Cc: Matthew Wilcox Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 1595617655f376a3dfa9d5e13ed953effe3476cb Author: Mike Rapoport Date: Thu Aug 23 17:01:09 2018 -0700 docs/core-api: move *{str,mem}dup* to "String Manipulation" The string and memory duplication routines fit better to the "String Manipulation" section than to "The SLAB Cache". Link: http://lkml.kernel.org/r/1532626360-16650-5-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Reviewed-by: Andrew Morton Cc: Jonathan Corbet Cc: Matthew Wilcox Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7463f650be27887ede138b9c02dd1dcdf86f07d1 Author: Mike Rapoport Date: Thu Aug 23 17:01:05 2018 -0700 docs/core-api: kill trailing whitespace in kernel-api.rst Link: http://lkml.kernel.org/r/1532626360-16650-4-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Reviewed-by: Andrew Morton Cc: Jonathan Corbet Cc: Matthew Wilcox Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ff4dc77293ec7aafb022b9b40b14ee188d43c901 Author: Mike Rapoport Date: Thu Aug 23 17:01:02 2018 -0700 mm/util: add kernel-doc for kvfree Link: http://lkml.kernel.org/r/1532626360-16650-3-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Reviewed-by: Andrew Morton Cc: Jonathan Corbet Cc: Matthew Wilcox Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b86181f1ad94054ae953d81452329377abeec0a8 Author: Mike Rapoport Date: Thu Aug 23 17:00:59 2018 -0700 mm/util: make strndup_user description a kernel-doc comment Patch series "memory management documentation updates", v3. Here are several updates to the mm documentation. Aside from really minor changes in the first three patches, the updates are: * move the documentation of kstrdup and friends to "String Manipulation" section * split memory management API into a separate .rst file * adjust formating of the GFP flags description and include it in the reference documentation. This patch (of 7): The description of the strndup_user function misses '*' character at the beginning of the comment to be proper kernel-doc. Add the missing character. Link: http://lkml.kernel.org/r/1532626360-16650-2-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Reviewed-by: Andrew Morton Cc: Jonathan Corbet Cc: Matthew Wilcox Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a2036a1ef2ee91acab01a0ae4a534070691a42ec Author: Arnd Bergmann Date: Thu Aug 23 17:00:55 2018 -0700 fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds Without CONFIG_MMU, we get a build warning: fs/proc/vmcore.c:228:12: error: 'vmcoredd_mmap_dumps' defined but not used [-Werror=unused-function] static int vmcoredd_mmap_dumps(struct vm_area_struct *vma, unsigned long dst, The function is only referenced from an #ifdef'ed caller, so this uses the same #ifdef around it. Link: http://lkml.kernel.org/r/20180525213526.2117790-1-arnd@arndb.de Fixes: 7efe48df8a3d ("vmcore: append device dumps to vmcore as elf notes") Signed-off-by: Arnd Bergmann Cc: Ganesh Goudar Cc: "David S. Miller" Cc: Rahul Lakkireddy Cc: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3cc97bea600372885923a1c270d82523411a4c70 Author: Finn Thain Date: Thu Aug 23 17:00:52 2018 -0700 treewide: correct "differenciate" and "instanciate" typos Also add these typos to spelling.txt so checkpatch.pl will look for them. Link: http://lkml.kernel.org/r/88af06b9de34d870cb0afc46cfd24e0458be2575.1529471371.git.fthain@telegraphics.com.au Signed-off-by: Finn Thain Cc: Masahiro Yamada Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 0722f1862059767309b22e9469897eb9380d7a25 Author: Souptick Joarder Date: Thu Aug 23 17:00:48 2018 -0700 fs/afs: use new return type vm_fault_t Use new return type vm_fault_t for fault handler in struct vm_operations_struct. For now, this is just documenting that the function returns a VM_FAULT value rather than an errno. Once all instances are converted, vm_fault_t will become a distinct type. See 1c8f422059ae ("mm: change return type to vm_fault_t") for reference. Link: http://lkml.kernel.org/r/20180702152017.GA3780@jordon-HP-15-Notebook-PC Signed-off-by: Souptick Joarder Reviewed-by: Matthew Wilcox Cc: Matthew Wilcox Cc: David Howells Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 42df050930e7dade82b4d38959320aa05f4022e3 Author: Souptick Joarder Date: Thu Aug 23 17:00:45 2018 -0700 drivers/hwtracing/intel_th/msu.c: change return type to vm_fault_t Use new return type vm_fault_t for fault handler. For now, this is just documenting that the function returns a VM_FAULT value rather than an errno. Once all instances are converted, vm_fault_t will become a distinct type. See 1c8f422059ae ("mm: change return type to vm_fault_t") for reference. Link: http://lkml.kernel.org/r/20180702155801.GA4010@jordon-HP-15-Notebook-PC Signed-off-by: Souptick Joarder Cc: Alexander Shishkin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d4ae9916ea2947341180d2b538f48875ff393a86 Author: Naoya Horiguchi Date: Thu Aug 23 17:00:42 2018 -0700 mm: soft-offline: close the race against page allocation A process can be killed with SIGBUS(BUS_MCEERR_AR) when it tries to allocate a page that was just freed on the way of soft-offline. This is undesirable because soft-offline (which is about corrected error) is less aggressive than hard-offline (which is about uncorrected error), and we can make soft-offline fail and keep using the page for good reason like "system is busy." Two main changes of this patch are: - setting migrate type of the target page to MIGRATE_ISOLATE. As done in free_unref_page_commit(), this makes kernel bypass pcplist when freeing the page. So we can assume that the page is in freelist just after put_page() returns, - setting PG_hwpoison on free page under zone->lock which protects freelists, so this allows us to avoid setting PG_hwpoison on a page that is decided to be allocated soon. [akpm@linux-foundation.org: tweak set_hwpoison_free_buddy_page() comment] Link: http://lkml.kernel.org/r/1531452366-11661-3-git-send-email-n-horiguchi@ah.jp.nec.com Signed-off-by: Naoya Horiguchi Reported-by: Xishi Qiu Tested-by: Mike Kravetz Cc: Michal Hocko Cc: Cc: Mike Kravetz Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6bc9b56433b76e40d11099338d27fbc5cd2935ca Author: Naoya Horiguchi Date: Thu Aug 23 17:00:38 2018 -0700 mm: fix race on soft-offlining free huge pages Patch series "mm: soft-offline: fix race against page allocation". Xishi recently reported the issue about race on reusing the target pages of soft offlining. Discussion and analysis showed that we need make sure that setting PG_hwpoison should be done in the right place under zone->lock for soft offline. 1/2 handles free hugepage's case, and 2/2 hanldes free buddy page's case. This patch (of 2): There's a race condition between soft offline and hugetlb_fault which causes unexpected process killing and/or hugetlb allocation failure. The process killing is caused by the following flow: CPU 0 CPU 1 CPU 2 soft offline get_any_page // find the hugetlb is free mmap a hugetlb file page fault ... hugetlb_fault hugetlb_no_page alloc_huge_page // succeed soft_offline_free_page // set hwpoison flag mmap the hugetlb file page fault ... hugetlb_fault hugetlb_no_page find_lock_page return VM_FAULT_HWPOISON mm_fault_error do_sigbus // kill the process The hugetlb allocation failure comes from the following flow: CPU 0 CPU 1 mmap a hugetlb file // reserve all free page but don't fault-in soft offline get_any_page // find the hugetlb is free soft_offline_free_page // set hwpoison flag dissolve_free_huge_page // fail because all free hugepages are reserved page fault ... hugetlb_fault hugetlb_no_page alloc_huge_page ... dequeue_huge_page_node_exact // ignore hwpoisoned hugepage // and finally fail due to no-mem The root cause of this is that current soft-offline code is written based on an assumption that PageHWPoison flag should be set at first to avoid accessing the corrupted data. This makes sense for memory_failure() or hard offline, but does not for soft offline because soft offline is about corrected (not uncorrected) error and is safe from data lost. This patch changes soft offline semantics where it sets PageHWPoison flag only after containment of the error page completes successfully. Link: http://lkml.kernel.org/r/1531452366-11661-2-git-send-email-n-horiguchi@ah.jp.nec.com Signed-off-by: Naoya Horiguchi Reported-by: Xishi Qiu Suggested-by: Xishi Qiu Tested-by: Mike Kravetz Cc: Michal Hocko Cc: Cc: Mike Kravetz Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5 Author: Salvatore Mesoraca Date: Thu Aug 23 17:00:35 2018 -0700 namei: allow restricted O_CREAT of FIFOs and regular files Disallows open of FIFOs or regular files not owned by the user in world writable sticky directories, unless the owner is the same as that of the directory or the file is opened without the O_CREAT flag. The purpose is to make data spoofing attacks harder. This protection can be turned on and off separately for FIFOs and regular files via sysctl, just like the symlinks/hardlinks protection. This patch is based on Openwall's "HARDEN_FIFO" feature by Solar Designer. This is a brief list of old vulnerabilities that could have been prevented by this feature, some of them even allow for privilege escalation: CVE-2000-1134 CVE-2007-3852 CVE-2008-0525 CVE-2009-0416 CVE-2011-4834 CVE-2015-1838 CVE-2015-7442 CVE-2016-7489 This list is not meant to be complete. It's difficult to track down all vulnerabilities of this kind because they were often reported without any mention of this particular attack vector. In fact, before hardlinks/symlinks restrictions, fifos/regular files weren't the favorite vehicle to exploit them. [s.mesoraca16@gmail.com: fix bug reported by Dan Carpenter] Link: https://lkml.kernel.org/r/20180426081456.GA7060@mwanda Link: http://lkml.kernel.org/r/1524829819-11275-1-git-send-email-s.mesoraca16@gmail.com [keescook@chromium.org: drop pr_warn_ratelimited() in favor of audit changes in the future] [keescook@chromium.org: adjust commit subjet] Link: http://lkml.kernel.org/r/20180416175918.GA13494@beast Signed-off-by: Salvatore Mesoraca Signed-off-by: Kees Cook Suggested-by: Solar Designer Suggested-by: Kees Cook Cc: Al Viro Cc: Dan Carpenter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit dc2572791d3a41bab94400af2b6bca9d71ccd303 Author: Ernesto A. Fernández Date: Thu Aug 23 17:00:31 2018 -0700 hfs: prevent crash on exit from failed search hfs_find_exit() expects fd->bnode to be NULL after a search has failed. hfs_brec_insert() may instead set it to an error-valued pointer. Fix this to prevent a crash. Link: http://lkml.kernel.org/r/53d9749a029c41b4016c495fc5838c9dba3afc52.1530294815.git.ernesto.mnd.fernandez@gmail.com Signed-off-by: Ernesto A. Fernández Cc: Anatoly Trosinenko Cc: Viacheslav Dubeyko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit aba93a92f49a002e2251e1745994c762cee01843 Author: Ernesto A. Fernandez Date: Thu Aug 23 17:00:28 2018 -0700 hfsplus: prevent crash on exit from failed search hfs_find_exit() expects fd->bnode to be NULL after a search has failed. hfs_brec_insert() may instead set it to an error-valued pointer. Fix this to prevent a crash. Link: http://lkml.kernel.org/r/803590a35221fbf411b2c141419aea3233a6e990.1530294813.git.ernesto.mnd.fernandez@gmail.com Signed-off-by: Ernesto A. Fernandez Reported-by: Anatoly Trosinenko Reviewed-by: Vyacheslav Dubeyko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a7ec7a4193a2eb3b5341243fc0b621c1ac9e4ec4 Author: Ernesto A. Fernández Date: Thu Aug 23 17:00:25 2018 -0700 hfsplus: fix NULL dereference in hfsplus_lookup() An HFS+ filesystem can be mounted read-only without having a metadata directory, which is needed to support hardlinks. But if the catalog data is corrupted, a directory lookup may still find dentries claiming to be hardlinks. hfsplus_lookup() does check that ->hidden_dir is not NULL in such a situation, but mistakenly does so after dereferencing it for the first time. Reorder this check to prevent a crash. This happens when looking up corrupted catalog data (dentry) on a filesystem with no metadata directory (this could only ever happen on a read-only mount). Wen Xu sent the replication steps in detail to the fsdevel list: https://bugzilla.kernel.org/show_bug.cgi?id=200297 Link: http://lkml.kernel.org/r/20180712215344.q44dyrhymm4ajkao@eaf Signed-off-by: Ernesto A. Fernández Reported-by: Wen Xu Cc: Viacheslav Dubeyko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d475fac95779577afefbad312c8635c29fe4441c Author: Will Deacon Date: Fri Aug 24 00:23:04 2018 +0100 arm64: tlb: Provide forward declaration of tlb_flush() before including tlb.h As of commit fd1102f0aade ("mm: mmu_notifier fix for tlb_end_vma"), asm-generic/tlb.h now calls tlb_flush() from a static inline function, so we need to make sure that it's declared before #including the asm-generic header in the arch header. Signed-off-by: Will Deacon Acked-by: Nicholas Piggin Signed-off-by: Linus Torvalds commit d503ac531a5246e4d910f971b213807fea925956 Author: Masahiro Yamada Date: Fri Aug 24 08:20:39 2018 +0900 kbuild: rename LDFLAGS to KBUILD_LDFLAGS Commit a0f97e06a43c ("kbuild: enable 'make CFLAGS=...' to add additional options to CC") renamed CFLAGS to KBUILD_CFLAGS. Commit 222d394d30e7 ("kbuild: enable 'make AFLAGS=...' to add additional options to AS") renamed AFLAGS to KBUILD_AFLAGS. Commit 06c5040cdb13 ("kbuild: enable 'make CPPFLAGS=...' to add additional options to CPP") renamed CPPFLAGS to KBUILD_CPPFLAGS. For some reason, LDFLAGS was not renamed. Using a well-known variable like LDFLAGS may result in accidental override of the variable. Kbuild generally uses KBUILD_ prefixed variables for the internally appended options, so here is one more conversion to sanitize the naming convention. I did not touch Makefiles under tools/ since the tools build system is a different world. Signed-off-by: Masahiro Yamada Acked-by: Kirill A. Shutemov Reviewed-by: Palmer Dabbelt commit 87a32e624037e8b6e8538ed864dc9994853acc4d Author: Masahiro Yamada Date: Fri Aug 24 08:20:38 2018 +0900 kbuild: pass LDFLAGS to recordmcount.pl Since commit 0fbe9a245c60 ("microblaze: add endianness options to LDFLAGS instead of LD"), you cannot build the kernel for microblaze with CONFIG_DYNAMIC_FTRACE. Fixes: 0fbe9a245c60 ("microblaze: add endianness options to LDFLAGS instead of LD") Signed-off-by: Masahiro Yamada commit e85d1d65cd8a9083040e280d172eba762875f8f1 Author: Masahiro Yamada Date: Wed Aug 22 22:51:09 2018 +0900 kbuild: test dead code/data elimination support in Kconfig This config option should be enabled only when both the compiler and the linker support necessary flags. Add proper dependencies to Kconfig. Signed-off-by: Masahiro Yamada commit 53a01c9a5fcf74b7f855e70dd69742fb3cb84c83 Merge: 9157141c95bc 0af4c8be97a1 Author: Linus Torvalds Date: Thu Aug 23 16:03:58 2018 -0700 Merge tag 'nfs-for-4.19-1' of git://git.linux-nfs.org/projects/anna/linux-nfs Pull NFS client updates from Anna Schumaker: "These patches include adding async support for the v4.2 COPY operation. I think Bruce is planning to send the server patches for the next release, but I figured we could get the client side out of the way now since it's been in my tree for a while. This shouldn't cause any problems, since the server will still respond with synchronous copies even if the client requests async. Features: - Add support for asynchronous server-side COPY operations Stable bufixes: - Fix an off-by-one in bl_map_stripe() (v3.17+) - NFSv4 client live hangs after live data migration recovery (v4.9+) - xprtrdma: Fix disconnect regression (v4.18+) - Fix locking in pnfs_generic_recover_commit_reqs (v4.14+) - Fix a sleep in atomic context in nfs4_callback_sequence() (v4.9+) Other bugfixes and cleanups: - Optimizations and fixes involving NFS v4.1 / pNFS layout handling - Optimize lseek(fd, SEEK_CUR, 0) on directories to avoid locking - Immediately reschedule writeback when the server replies with an error - Fix excessive attribute revalidation in nfs_execute_ok() - Add error checking to nfs_idmap_prepare_message() - Use new vm_fault_t return type - Return a delegation when reclaiming one that the server has recalled - Referrals should inherit proto setting from parents - Make rpc_auth_create_args a const - Improvements to rpc_iostats tracking - Fix a potential reference leak when there is an error processing a callback - Fix rmdir / mkdir / rename nlink accounting - Fix updating inode change attribute - Fix error handling in nfsn4_sp4_select_mode() - Use an appropriate work queue for direct-write completion - Don't busy wait if NFSv4 session draining is interrupted" * tag 'nfs-for-4.19-1' of git://git.linux-nfs.org/projects/anna/linux-nfs: (54 commits) pNFS: Remove unwanted optimisation of layoutget pNFS/flexfiles: ff_layout_pg_init_read should exit on error pNFS: Treat RECALLCONFLICT like DELAY... pNFS: When updating the stateid in layoutreturn, also update the recall range NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence() NFSv4: Fix locking in pnfs_generic_recover_commit_reqs NFSv4: Fix a typo in nfs4_init_channel_attrs() NFSv4: Don't busy wait if NFSv4 session draining is interrupted NFS recover from destination server reboot for copies NFS add a simple sync nfs4_proc_commit after async COPY NFS handle COPY ERR_OFFLOAD_NO_REQS NFS send OFFLOAD_CANCEL when COPY killed NFS export nfs4_async_handle_error NFS handle COPY reply CB_OFFLOAD call race NFS add support for asynchronous COPY NFS COPY xdr handle async reply NFS OFFLOAD_CANCEL xdr NFS CB_OFFLOAD xdr NFS: Use an appropriate work queue for direct-write completion NFSv4: Fix error handling in nfs4_sp4_select_mode() ... commit 9157141c95bc3ffcdae93fde5d5aafee7ce6e39a Merge: 6f7948f566bf 108b833cde9c Author: Linus Torvalds Date: Thu Aug 23 16:00:10 2018 -0700 Merge tag 'nfsd-4.19-1' of git://linux-nfs.org/~bfields/linux Pull nfsd updates from Bruce Fields: "Chuck Lever fixed a problem with NFSv4.0 callbacks over GSS from multi-homed servers. The only new feature is a minor bit of protocol (change_attr_type) which the client doesn't even use yet. Other than that, various bugfixes and cleanup" * tag 'nfsd-4.19-1' of git://linux-nfs.org/~bfields/linux: (27 commits) sunrpc: Add comment defining gssd upcall API keywords nfsd: Remove callback_cred nfsd: Use correct credential for NFSv4.0 callback with GSS sunrpc: Extract target name into svc_cred sunrpc: Enable the kernel to specify the hostname part of service principals sunrpc: Don't use stack buffer with scatterlist rpc: remove unneeded variable 'ret' in rdma_listen_handler nfsd: use true and false for boolean values nfsd: constify write_op[] fs/nfsd: Delete invalid assignment statements in nfsd4_decode_exchange_id NFSD: Handle full-length symlinks NFSD: Refactor the generic write vector fill helper svcrdma: Clean up Read chunk path svcrdma: Avoid releasing a page in svc_xprt_release() nfsd: Mark expected switch fall-through sunrpc: remove redundant variables 'checksumlen','blocksize' and 'data' nfsd: fix leaked file lock with nfs exported overlayfs nfsd: don't advertise a SCSI layout for an unsupported request_queue nfsd: fix corrupted reply to badly ordered compound nfsd: clarify check_op_ordering ... commit 6f7948f566bf423ddf5ff58dc0198afcf37c0b64 Merge: b39d7efc11b9 99a24e02ccf6 Author: Linus Torvalds Date: Thu Aug 23 15:58:04 2018 -0700 Merge tag 'upstream-4.19-rc1' of git://git.infradead.org/linux-ubifs Pull UBI/UBIFS updates from Richard Weinberger: - Year 2038 preparations - New UBI feature to skip CRC checks of static volumes - A new Kconfig option to disable xattrs in UBIFS - Lots of fixes in UBIFS, found by our new test framework * tag 'upstream-4.19-rc1' of git://git.infradead.org/linux-ubifs: (21 commits) ubifs: Set default assert action to read-only ubifs: Allow setting assert action as mount parameter ubifs: Rework ubifs_assert() ubifs: Pass struct ubifs_info to ubifs_assert() ubifs: Turn two ubifs_assert() into a WARN_ON() ubi: expose the volume CRC check skip flag ubi: provide a way to skip CRC checks ubifs: Use kmalloc_array() ubifs: Check data node size before truncate Revert "UBIFS: Fix potential integer overflow in allocation" ubifs: Add comment on c->commit_sem ubifs: introduce Kconfig symbol for xattr support ubifs: use swap macro in swap_dirty_idx ubifs: tnc: use monotonic znode timestamp ubifs: use timespec64 for inode timestamps ubifs: xattr: Don't operate on deleted inodes ubifs: gc: Fix typo ubifs: Fix memory leak in lprobs self-check ubi: Initialize Fastmap checkmapping correctly ubifs: Fix synced_i_size calculation for xattr inodes ... commit b39d7efc11b93d9150d99a731db26fd36e2facd2 Merge: 06e386a1db54 8cdc43afbb2c Author: Linus Torvalds Date: Thu Aug 23 15:51:09 2018 -0700 Merge tag 'pwm/for-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm Pull pwm updates from Thierry Reding: "This contains mostly minor bug fixes as well as some new chip support for existing drivers" * tag 'pwm/for-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: pwm: mediatek: Add MT7628 support dt-bindings: pwm: Add MT7628 information dt-bindings: pwm: rcar: Add bindings for R-Car E3 support pwm: meson: Fix mux clock names pwm: stm32-lp: Remove useless loop in stm32_pwm_lp_remove() pwm: omap-dmtimer: Return -EPROBE_DEFER if no dmtimer platform data pwm: mxs: Switch to SPDX identifier dt-bindings: pwm: fsl-ftm: Add compatible string for i.MX8QM pwm: fsl-ftm: Enable support for the new SoC i.MX8QM pwm: fsl-ftm: Added the support of per-compatible data pwm: fsl-ftm: Added a dedicated IP interface clock pwm: cros-ec: Switch to SPDX identifier pwm: imx: Switch to SPDX identifier pwm: tiehrpwm: Fix disabling of output of PWMs pwm: tiehrpwm: Don't use emulation mode bits to control PWM output pwm: berlin: Don't use broken prescaler values commit 06e386a1db54ab6a671e103e929b590f7a88f0e3 Merge: 99897b1e9931 f39684524b39 Author: Linus Torvalds Date: Thu Aug 23 15:44:58 2018 -0700 Merge tag 'fbdev-v4.19' of https://github.com/bzolnier/linux Pull fbdev updates from Bartlomiej Zolnierkiewicz: "Mostly small fixes and cleanups for fb drivers (the biggest updates are for udlfb and pxafb drivers). This also adds deferred console takeover support to the console code and efifb driver. Summary: - add support for deferred console takeover, when enabled defers fbcon taking over the console from the dummy console until the first text is displayed on the console - together with the "quiet" kernel commandline option this allows fbcon to still be used together with a smooth graphical bootup (Hans de Goede) - improve console locking debugging code (Thomas Zimmermann) - copy the ACPI BGRT boot graphics to the framebuffer when deferred console takeover support is used in efifb driver (Hans de Goede) - update udlfb driver - fix lost console when the user unplugs a USB adapter, fix the screen corruption issue, fix locking and add some performance optimizations (Mikulas Patocka) - update pxafb driver - fix using uninitialized memory, switch to devm_* API, handle initialization errors and add support for lcd-supply regulator (Daniel Mack) - add support for boards booted with a DeviceTree in pxa3xx_gcu driver (Daniel Mack) - rename omap2 module to omap2fb.ko to avoid conflicts with omap1 driver (Arnd Bergmann) - enable ACPI-based enumeration for goldfishfb driver (Yu Ning) - fix goldfishfb driver to make user space Android code use 60 fps (Christoffer Dall) - print big fat warning when nomodeset kernel parameter is used in vgacon driver (Lyude Paul) - remove VLA usage from fsl-diu-fb driver (Kees Cook) - misc fixes (Julia Lawall, Geert Uytterhoeven, Fredrik Noring, Yisheng Xie, Dan Carpenter, Daniel Vetter, Anton Vasilyev, Randy Dunlap, Gustavo A. R. Silva, Colin Ian King, Fengguang Wu) - misc cleanups (Roman Kiryanov, Yisheng Xie, Colin Ian King)" * tag 'fbdev-v4.19' of https://github.com/bzolnier/linux: (54 commits) Documentation/fb: corrections for fbcon.txt fbcon: Do not takeover the console from atomic context dummycon: Stop exporting dummycon_[un]register_output_notifier fbcon: Only defer console takeover if the current console driver is the dummycon fbcon: Only allow FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER if fbdev is builtin fbdev: omap2: omapfb: fix ifnullfree.cocci warnings fbdev: omap2: omapfb: fix bugon.cocci warnings fbdev: omap2: omapfb: fix boolreturn.cocci warnings fb: amifb: fix build warnings when not builtin fbdev/core: Disable console-lock warnings when fb.lockless_register_fb is set console: Replace #if 0 with atomic var 'ignore_console_lock_warning' udlfb: use spin_lock_irq instead of spin_lock_irqsave udlfb: avoid prefetch udlfb: optimization - test the backing buffer udlfb: allow reallocating the framebuffer udlfb: set line_length in dlfb_ops_set_par udlfb: handle allocation failure udlfb: set optimal write delay udlfb: make a local copy of fb_ops udlfb: don't switch if we are switching to the same videomode ... commit 99897b1e99311e67056808531141c8e16c221d42 Merge: 1290290c922f 8a328ac1f9eb Author: Linus Torvalds Date: Thu Aug 23 15:37:24 2018 -0700 Merge tag 'sound-fix-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "No surprises here: a regression fix for virmidi code refactoring, three fixes for the new AC97 bus compat and runtime PM, and a usual HD-audio quirk" * tag 'sound-fix-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/realtek - Fix HP Headset Mic can't record ALSA: ac97: fix unbalanced pm_runtime_enable ALSA: ac97: fix check of pm_runtime_get_sync failure ALSA: ac97: fix device initialization in the compat layer ALSA: seq: virmidi: Fix discarding the unsubscribed output commit 1290290c922fdcefbce8984e6e44b8f4e3a169b5 Merge: 706a1ea65e6f 845b397a7771 Author: Linus Torvalds Date: Thu Aug 23 15:34:48 2018 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Pull more rdma updates from Jason Gunthorpe: "This is the SMC cleanup promised, a randconfig regression fix, and kernel oops fix. Summary: - Switch SMC over to rdma_get_gid_attr and remove the compat - Fix a crash in HFI1 with some BIOS's - Fix a randconfig failure" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: IB/ucm: fix UCM link error IB/hfi1: Invalid NUMA node information can cause a divide by zero RDMA/smc: Replace ib_query_gid with rdma_get_gid_attr commit 706a1ea65e6faaf853427a0e931f59d604dd45e3 Merge: d40acad1f197 48a8b97cfd80 Author: Linus Torvalds Date: Thu Aug 23 14:55:01 2018 -0700 Merge branch 'tlb-fixes' Merge fixes for missing TLB shootdowns. This fixes a couple of cases that involved us possibly freeing page table structures before the required TLB shootdown had been done. There are a few cleanup patches to make the code easier to follow, and to avoid some of the more problematic cases entirely when not necessary. To make this easier for backports, it undoes the recent lazy TLB patches, because the cleanups and fixes are more important, and Rik is ok with re-doing them later when things have calmed down. The missing TLB flush was only delayed, and the wrong ordering only happened under memory pressure (and in theory under a couple of other fairly theoretical situations), so this may have been all very unlikely to have hit people in practice. But getting the TLB shootdown wrong is _so_ hard to debug and see that I consider this a crticial fix. Many thanks to Jann Horn for having debugged this. * tlb-fixes: x86/mm: Only use tlb_remove_table() for paravirt mm: mmu_notifier fix for tlb_end_vma mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE mm/tlb: Remove tlb_remove_table() non-concurrent condition mm: move tlb_table_flush to tlb_flush_mmu_free x86/mm/tlb: Revert the recent lazy TLB patches commit d40acad1f1979194ecda83f77468751244b4b098 Merge: 0c4b0f815f20 75f2d3a0cef5 Author: Linus Torvalds Date: Thu Aug 23 14:52:23 2018 -0700 Merge tag 'for-linus-4.19b-rc1b-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fixes and cleanups from Juergen Gross: "Some cleanups, some minor fixes and a fix for a bug introduced in this merge window hitting 32-bit PV guests" * tag 'for-linus-4.19b-rc1b-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: x86/xen: enable early use of set_fixmap in 32-bit Xen PV guest xen: remove unused hypercall functions x86/xen: remove unused function xen_auto_xlated_memory_setup() xen/ACPI: don't upload Px/Cx data for disabled processors x86/Xen: further refine add_preferred_console() invocations xen/mcelog: eliminate redundant setting of interface version x86/Xen: mark xen_setup_gdt() __init commit 0c4b0f815f20304156f66d47d0c2a6e148f6ffaa Merge: 2ab054fd1f88 690d9163bf4b Author: Linus Torvalds Date: Thu Aug 23 14:23:08 2018 -0700 Merge tag 'mips_4.19_2' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux Pull MIPS fixes from Paul Burton: - Fix microMIPS build failures by adding a .insn directive to the barrier_before_unreachable() asm statement in order to convince the toolchain that the asm statement is a valid branch target rather than a bogus attempt to switch ISA. - Clean up our declarations of TLB functions that we overwrite with generated code in order to prevent the compiler making assumptions about alignment that cause microMIPS kernels built with GCC 7 & above to die early during boot. - Fix up a regression for MIPS32 kernels which slipped into the main MIPS pull for 4.19, causing CONFIG_32BIT=y kernels to contain inappropriate MIPS64 instructions. - Extend our existing workaround for MIPSr6 builds that end up using the __multi3 intrinsic to GCC 7 & below, rather than just GCC 7. * tag 'mips_4.19_2' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 MIPS: Workaround GCC __builtin_unreachable reordering bug compiler.h: Allow arch-specific asm/compiler.h MIPS: Avoid move psuedo-instruction whilst using MIPS_ISA_LEVEL MIPS: Consistently declare TLB functions MIPS: Export tlbmiss_handler_setup_pgd near its definition commit 2ab054fd1f88d7d22e6df7c34c41a2f9782c3f08 Merge: 2f34a64aeac4 5600779ea5f3 Author: Linus Torvalds Date: Thu Aug 23 14:09:37 2018 -0700 Merge tag 'for-linus' of git://github.com/openrisc/linux Pull OpenRISC update from Stafford Horne: "Just one change for 4.19: refactoring from Christoph Hellwig to use generic DMA facilities" * tag 'for-linus' of git://github.com/openrisc/linux: openrisc: use generic dma_noncoherent_ops openrisc: fix cache maintainance the the sync_single_for_device DMA operation openrisc: remove the no-op unmap_page and unmap_sg DMA operations openrisc: remove the sync_single_for_cpu DMA operation commit 2f34a64aeac4d87e8ed8275d9f1230e18a50079c Merge: ee090756962c afd3e3dad676 Author: Linus Torvalds Date: Thu Aug 23 14:02:22 2018 -0700 Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM device-tree updates from Olof Johansson: "Business as usual -- the bulk of our changes are to devicetree files with new hardware support, new SoCs and platforms, and new board types. New SoCs/platforms: - Raspberry Pi Compute Module (CM1) and IO board - i.MX6SSL from NXP - Renesas RZ/N1D SoC (R9A06G032), Dual Cortex-A7 with Ethernet, CAN and PLC interfaces - TI AM654 SoC, Quad Cortex-A53, safety subsystem with Cortex-R5 controllers, communication and PRU subsystem and lots of other interfaces (PCIe, USB3, etc). New boards and systems: - Several Atmel at91-based boards from Laird - Marvell Armada388-based Helios4 board from SolidRun - Samsung Aires-based phones (s5pv210) - Allwinner A64-based Pinebook laptop In addition to the above, there's the usual amount of new devices described on existing platforms, fixes and tweaks and new minor variants of boards/platforms" * tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (478 commits) arm64: dts: sdm845: Add tsens nodes arm64: dts: msm8996: thermal: Initialise via DT and add second controller arm64: dts: sprd: Add one suspend timer arm64: dts: sprd: Add SC27XX ADC device arm64: dts: sprd: Add SC27XX eFuse device arm64: dts: sprd: Add SC27XX vibrator device arm64: dts: sprd: Add SC27XX breathing light controller device arm64: dts: meson-axg: add spdif-dit codec arm64: dts: meson-axg: add lineout codec arm64: dts: meson-axg: add linein codec arm64: dts: meson-axg: add tdm interfaces arm64: dts: meson-axg: add tdmout formatters arm64: dts: meson-axg: add tdmin formatters arm64: dts: meson-axg: add spdifout arm64: dts: rockchip: add led support for Firefly-RK3399 arm64: dts: rockchip: remove deprecated Type-C PHY properties on rk3399 arm64: dts: rockchip: add power button support for Firefly-RK3399 ARM: dts: aspeed: Add coprocessor interrupt controller arm64: dts: meson-axg: add audio arb reset controller arm64: dts: meson-axg: add usb power regulator ... commit ee090756962c58b32af62b768ac7c58cc53af700 Merge: f3ea49621381 07d268f541de Author: Linus Torvalds Date: Thu Aug 23 14:00:05 2018 -0700 Merge tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC defconfig updates from Olof Johansson: "We keep these separate since some files are shared and conflict-prone, but there isn't really much to write about here. Some of the churnier pieces is for the Aspeed platforms, which did an overdue refresh of the defconfig, and enabled USB gadget and some drivers from there. Most of the rest are minor additions here and there to turn on drivers that are needed or useful on the various platforms" * tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (39 commits) ARM: multi_v7_defconfig: add CONFIG_UNIPHIER_THERMAL and CONFIG_SNI_AVE ARM: config: aspeed: Enable new FSI drivers ARM: config: multi_v5: Enable ASPEED drivers ARM: config: multi_v5: Refresh configuration ARM: config: aspeed: Update defconfig ARM: multi_v7_defconfig: Enable support for RZN1D-DB ARM: shmobile: defconfig: Disable /sbin/hotplug fork-bomb ARM: shmobile: defconfig: Enable support for RZN1D-DB ARM: shmobile: defconfig: Enable reset controller support ARM: shmobile: defconfig: Drop NET_VENDOR_=n arm64: defconfig: Enable more peripherals for Samsung Chromebook Plus. arm64: defconfig: Enable CONFIG_MTD_NAND_QCOM for IPQ8074 ARM: qcom_defconfig: Enable QCOM NAND related configs ARM: imx_v6_v7_defconfig: add DMATEST support ARM: mvebu_v7_defconfig: enable SFP support ARM: mvebu_v7_defconfig: sync defconfig ARM: multi_v7_defconfig: Add Marvell NAND controller support arm: configs: Add USB gadget to Aspeed G5 defconfig arm: configs: Add USB gadget to Aspeed G4 defconfig arm64: defconfig: enable HiSilicon PMU driver ... commit f3ea496213819c80ce9c49a9b65f9261da713d11 Merge: 9e259f9352d5 29ed45fff058 Author: Linus Torvalds Date: Thu Aug 23 13:52:46 2018 -0700 Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC driver updates from Olof Johansson: "Some of the larger changes this merge window: - Removal of drivers for Exynos5440, a Samsung SoC that never saw widespread use. - Uniphier support for USB3 and SPI reset handling - Syste control and SRAM drivers and bindings for Allwinner platforms - Qualcomm AOSS (Always-on subsystem) reset controller drivers - Raspberry Pi hwmon driver for voltage - Mediatek pwrap (pmic) support for MT6797 SoC" * tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (52 commits) drivers/firmware: psci_checker: stash and use topology_core_cpumask for hotplug tests soc: fsl: cleanup Kconfig menu soc: fsl: dpio: Convert DPIO documentation to .rst staging: fsl-mc: Remove remaining files staging: fsl-mc: Move DPIO from staging to drivers/soc/fsl staging: fsl-dpaa2: eth: move generic FD defines to DPIO soc: fsl: qe: gpio: Add qe_gpio_set_multiple usb: host: exynos: Remove support for Exynos5440 clk: samsung: Remove support for Exynos5440 soc: sunxi: Add the A13, A23 and H3 system control compatibles reset: uniphier: add reset control support for SPI cpufreq: exynos: Remove support for Exynos5440 ata: ahci-platform: Remove support for Exynos5440 soc: imx6qp: Use GENPD_FLAG_ALWAYS_ON for PU errata soc: mediatek: pwrap: add mt6351 driver for mt6797 SoCs soc: mediatek: pwrap: add pwrap driver for mt6797 SoCs soc: mediatek: pwrap: fix cipher init setting error dt-bindings: pwrap: mediatek: add pwrap support for MT6797 reset: uniphier: add USB3 core reset control dt-bindings: reset: uniphier: add USB3 core reset support ... commit 9e259f9352d52053058a234f7c062c4e4f56dc85 Merge: 5563ae9b39c5 f0fc40aff6fe Author: Linus Torvalds Date: Thu Aug 23 13:44:43 2018 -0700 Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM 32-bit SoC platform updates from Olof Johansson: "Most of the SoC updates in this cycle are cleanups and moves to more modern infrastructure: - Davinci was moved to common clock framework - OMAP1-based Amstrad E3 "Superphone" saw a bunch of cleanups to the keyboard interface (bitbanged AT keyboard via GPIO). - Removal of some stale code for Renesas platforms - Power management improvements for i.MX6LL" * tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (112 commits) ARM: uniphier: select RESET_CONTROLLER arm64: uniphier: select RESET_CONTROLLER ARM: uniphier: remove empty Makefile ARM: exynos: Clear global variable on init error path ARM: exynos: Remove outdated maintainer information ARM: shmobile: Always enable ARCH_TIMER on SoCs with A7 and/or A15 ARM: shmobile: r8a7779: hide unused r8a7779_platform_cpu_kill soc: r9a06g032: don't build SMP files for non-SMP config ARM: shmobile: Add the R9A06G032 SMP enabler driver ARM: at91: pm: configure wakeup sources for ULP1 mode ARM: at91: pm: add PMC fast startup registers defines ARM: at91: pm: Add ULP1 mode support ARM: at91: pm: Use ULP0 naming instead of slow clock ARM: hisi: handle of_iomap and fix missing of_node_put ARM: hisi: check of_iomap and fix missing of_node_put ARM: hisi: fix error handling and missing of_node_put ARM: mx5: Set the DBGEN bit in ARM_GPC register ARM: imx51: Configure M4IF to avoid visual artifacts ARM: imx: call imx6sx_cpuidle_init() conditionally for 6sll ARM: imx: fix i.MX6SLL build ... commit 5563ae9b39c5ba492be1b18f2d72fd43ba549915 Merge: 452938cbd8f8 7a3b1bf70b37 Author: Linus Torvalds Date: Thu Aug 23 13:37:01 2018 -0700 Merge tag 'riscv-for-linus-4.19-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux Pull RISC-V fixes from Palmer Dabbelt: "This contains a pair of fixes to the RISC-V port: - The removal of our compat.h, which didn't do anything. - Fixes to sys_riscv_flush_icache to ensure it actually shows up. We're going to just call this a bug in the ABI, as it was always supposed to be there. I've given these a simple build+boot test, both individually and as the actual tag" * tag 'riscv-for-linus-4.19-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux: riscv: Delete asm/compat.h RISC-V: Don't use a global include guard for uapi/asm/syscalls.h RISC-V: Define sys_riscv_flush_icache when SMP=n commit 7753e38286d2bd7380df8be843de83198e2ce492 Author: Steve French Date: Tue Aug 21 21:37:53 2018 -0500 cifs: update internal module version number for cifs.ko to 2.12 Signed-off-by: Steve French commit 126c97f4d0d1b5b956e8b0740c81a2b2a2ae548c Author: Nicholas Mc Guire Date: Thu Aug 23 12:24:02 2018 +0200 cifs: check kmalloc before use The kmalloc was not being checked - if it fails issue a warning and return -ENOMEM to the caller. Signed-off-by: Nicholas Mc Guire Fixes: b8da344b74c8 ("cifs: dynamic allocation of ntlmssp blob") Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky cc: Stable ` commit e6c47dd0da1e3a484e778046fc10da0b20606a86 Author: Ronnie Sahlberg Date: Wed Aug 22 12:19:24 2018 +1000 cifs: check if SMB2 PDU size has been padded and suppress the warning Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French commit 4d8dfafc5cb88fe294a9273a3ef75dd4f9fa1aa2 Author: Ronnie Sahlberg Date: Tue Aug 21 11:49:21 2018 +1000 cifs: create a define for how many iovs we need for an SMB2_open() Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French commit 452938cbd8f85a39c8a93553191c505a36b1beca Merge: 815f0ddb346c 9161a864ff88 Author: Linus Torvalds Date: Thu Aug 23 13:07:00 2018 -0700 Merge tag 'trace-v4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fixes from Steven Rostedt: "Masami found an off by one bug in the code that keeps "notrace" functions from being traced by kprobes. During my testing, I found that there's places that we may want to add kprobes to notrace, thus we may end up changing this code before 4.19 is released. The history behind this change is that we found that adding kprobes to various notrace functions caused the kernel to crashed. We took the safe route and decided not to allow kprobes to trace any notrace function. But because notrace is added to functions that just cause weird side effects to the function tracer, but are still safe, preventing kprobes for all notrace functios may be too much of a big hammer. One such place is __schedule() is marked notrace, to keep function tracer from doing strange recursive loops when it gets traced with NEED_RESCHED set. With this change, one can not add kprobes to the scheduler. Masami also added code to use gcov on ftrace" * tag 'trace-v4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing/kprobes: Fix to check notrace function with correct range tracing: Allow gcov profiling on only ftrace subsystem commit c08eebad4ac5992f87d783370fcffca5f28631c7 Merge: 0d092f06faa4 3968540ba61e Author: David S. Miller Date: Thu Aug 23 12:37:41 2018 -0700 Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue Jeff Kirsher says: ==================== Intel Wired LAN Driver Fixes 2018-08-23 This series contains bug fixes to the ice driver. Anirudh provides several fixes, starting with static analysis fixes by replacing a bitwise-and with a constant value and replace "magic" numbers with defines. Fixed the control queue processing by removing unnecessary read/writes to registers, as well as getting a accurate value for "pending". Added additional checks to avoid NULL pointer dereferences. Fixed up code formatting issues, by cleaning up code comments and coding style. Bruce cleans up a duplicate check for owner, within the same function. Also cleans up interrupt causes that are not handled or applicable. Fix checkpatch warning about the use of bool in structures due to the wasted space and size of bool, so convert struct members to u8 instead. Jake fixes a number of potential bugs in the reporting of stats via ethtool, by simply reporting all the queue statistics, even for the queues that are not activated. Fixed a compiler warning, as well as make the code a bit cleaner but just using order_base_2() for calculating the power-of-2. Preethi adds a check to avoid a NULL pointer dereference crash during initialization. Brett clarifies the code when it comes to port VLANs and regular VLANs, by renaming defines and field values to match their intended use and purpose. Jesse initializes a variable to avoid garbage values being returned to the caller. ==================== Signed-off-by: David S. Miller commit 48a8b97cfd804a965fbbe7be2d56a7984ef6bdb1 Author: Peter Zijlstra Date: Wed Aug 22 17:30:16 2018 +0200 x86/mm: Only use tlb_remove_table() for paravirt If we don't use paravirt; don't play unnecessary and complicated games to free page-tables. Suggested-by: Linus Torvalds Signed-off-by: Peter Zijlstra (Intel) Acked-by: Rik van Riel Signed-off-by: Linus Torvalds commit fd1102f0aadec7d18792b132e1d224290b2aecca Author: Nicholas Piggin Date: Thu Aug 23 18:47:09 2018 +1000 mm: mmu_notifier fix for tlb_end_vma The generic tlb_end_vma does not call invalidate_range mmu notifier, and it resets resets the mmu_gather range, which means the notifier won't be called on part of the range in case of an unmap that spans multiple vmas. ARM64 seems to be the only arch I could see that has notifiers and uses the generic tlb_end_vma. I have not actually tested it. [ Catalin and Will point out that ARM64 currently only uses the notifiers for KVM, which doesn't use the ->invalidate_range() callback right now, so it's a bug, but one that happens to not affect them. So not necessary for stable. - Linus ] Signed-off-by: Nicholas Piggin Acked-by: Catalin Marinas Acked-by: Will Deacon Signed-off-by: Linus Torvalds commit d86564a2f085b79ec046a5cba90188e612352806 Author: Peter Zijlstra Date: Wed Aug 22 17:30:15 2018 +0200 mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE Jann reported that x86 was missing required TLB invalidates when he hit the !*batch slow path in tlb_remove_table(). This is indeed the case; RCU_TABLE_FREE does not provide TLB (cache) invalidates, the PowerPC-hash where this code originated and the Sparc-hash where this was subsequently used did not need that. ARM which later used this put an explicit TLB invalidate in their __p*_free_tlb() functions, and PowerPC-radix followed that example. But when we hooked up x86 we failed to consider this. Fix this by (optionally) hooking tlb_remove_table() into the TLB invalidate code. NOTE: s390 was also needing something like this and might now be able to use the generic code again. [ Modified to be on top of Nick's cleanups, which simplified this patch now that tlb_flush_mmu_tlbonly() really only flushes the TLB - Linus ] Fixes: 9e52fc2b50de ("x86/mm: Enable RCU based page table freeing (CONFIG_HAVE_RCU_TABLE_FREE=y)") Reported-by: Jann Horn Signed-off-by: Peter Zijlstra (Intel) Acked-by: Rik van Riel Cc: Nicholas Piggin Cc: David Miller Cc: Will Deacon Cc: Martin Schwidefsky Cc: Michael Ellerman Cc: stable@kernel.org Signed-off-by: Linus Torvalds commit a6f572084fbee8b30f91465f4a085d7a90901c57 Author: Peter Zijlstra Date: Wed Aug 22 17:30:14 2018 +0200 mm/tlb: Remove tlb_remove_table() non-concurrent condition Will noted that only checking mm_users is incorrect; we should also check mm_count in order to cover CPUs that have a lazy reference to this mm (and could do speculative TLB operations). If removing this turns out to be a performance issue, we can re-instate a more complete check, but in tlb_table_flush() eliding the call_rcu_sched(). Fixes: 267239116987 ("mm, powerpc: move the RCU page-table freeing into generic code") Reported-by: Will Deacon Signed-off-by: Peter Zijlstra (Intel) Acked-by: Rik van Riel Acked-by: Will Deacon Cc: Nicholas Piggin Cc: David Miller Cc: Martin Schwidefsky Cc: Michael Ellerman Cc: stable@kernel.org Signed-off-by: Linus Torvalds commit db7ddef301128dad394f1c0f77027f86ee9a4edb Author: Nicholas Piggin Date: Thu Aug 23 18:47:08 2018 +1000 mm: move tlb_table_flush to tlb_flush_mmu_free There is no need to call this from tlb_flush_mmu_tlbonly, it logically belongs with tlb_flush_mmu_free. This makes future fixes simpler. [ This was originally done to allow code consolidation for the mmu_notifier fix, but it also ends up helping simplify the HAVE_RCU_TABLE_INVALIDATE fix. - Linus ] Signed-off-by: Nicholas Piggin Acked-by: Will Deacon Cc: Peter Zijlstra Cc: stable@kernel.org Signed-off-by: Linus Torvalds commit 82c9a927bc5df6e06b72d206d24a9d10cced4eb5 Author: Christian Brauner Date: Thu Jun 7 13:43:48 2018 +0200 getxattr: use correct xattr length When running in a container with a user namespace, if you call getxattr with name = "system.posix_acl_access" and size % 8 != 4, then getxattr silently skips the user namespace fixup that it normally does resulting in un-fixed-up data being returned. This is caused by posix_acl_fix_xattr_to_user() being passed the total buffer size and not the actual size of the xattr as returned by vfs_getxattr(). This commit passes the actual length of the xattr as returned by vfs_getxattr() down. A reproducer for the issue is: touch acl_posix setfacl -m user:0:rwx acl_posix and the compile: #define _GNU_SOURCE #include #include #include #include #include #include #include /* Run in user namespace with nsuid 0 mapped to uid != 0 on the host. */ int main(int argc, void **argv) { ssize_t ret1, ret2; char buf1[128], buf2[132]; int fret = EXIT_SUCCESS; char *file; if (argc < 2) { fprintf(stderr, "Please specify a file with " "\"system.posix_acl_access\" permissions set\n"); _exit(EXIT_FAILURE); } file = argv[1]; ret1 = getxattr(file, "system.posix_acl_access", buf1, sizeof(buf1)); if (ret1 < 0) { fprintf(stderr, "%s - Failed to retrieve " "\"system.posix_acl_access\" " "from \"%s\"\n", strerror(errno), file); _exit(EXIT_FAILURE); } ret2 = getxattr(file, "system.posix_acl_access", buf2, sizeof(buf2)); if (ret2 < 0) { fprintf(stderr, "%s - Failed to retrieve " "\"system.posix_acl_access\" " "from \"%s\"\n", strerror(errno), file); _exit(EXIT_FAILURE); } if (ret1 != ret2) { fprintf(stderr, "The value of \"system.posix_acl_" "access\" for file \"%s\" changed " "between two successive calls\n", file); _exit(EXIT_FAILURE); } for (ssize_t i = 0; i < ret2; i++) { if (buf1[i] == buf2[i]) continue; fprintf(stderr, "Unexpected different in byte %zd: " "%02x != %02x\n", i, buf1[i], buf2[i]); fret = EXIT_FAILURE; } if (fret == EXIT_SUCCESS) fprintf(stderr, "Test passed\n"); else fprintf(stderr, "Test failed\n"); _exit(fret); } and run: ./tester acl_posix On a non-fixed up kernel this should return something like: root@c1:/# ./t Unexpected different in byte 16: ffffffa0 != 00 Unexpected different in byte 17: ffffff86 != 00 Unexpected different in byte 18: 01 != 00 and on a fixed kernel: root@c1:~# ./t Test passed Cc: stable@vger.kernel.org Fixes: 2f6f0654ab61 ("userns: Convert vfs posix_acl support to use kuids and kgids") Link: https://bugzilla.kernel.org/show_bug.cgi?id=199945 Reported-by: Colin Watson Signed-off-by: Christian Brauner Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman commit 3968540ba61e9a19a0c4bda733db70952708d264 Author: Anirudh Venkataramanan Date: Thu Aug 9 06:29:03 2018 -0700 ice: Trivial formatting fixes 1) Add missing "\n" when printing link event error message. 2) Update dev_err statement in probe. 3) Add function description for ice_clear_pf_cfg. 4) Fix coding style for ice_acquire_nvm. 5) netdev->mtu is unsigned so use %u. Signed-off-by: Anirudh Venkataramanan Tested-by: Tony Brelinski Signed-off-by: Jeff Kirsher commit 43f8b22450f0a721915f1d2c7e3db6dd9573e76b Author: Bruce Allan Date: Thu Aug 9 06:29:02 2018 -0700 ice: Change struct members from bool to u8 Recent versions of checkpatch have a new warning based on a documented preference of Linus to not use bool in structures due to wasted space and the size of bool is implementation dependent. For more information, see the email thread at https://lkml.org/lkml/2017/11/21/384. Signed-off-by: Bruce Allan Signed-off-by: Anirudh Venkataramanan Tested-by: Tony Brelinski Signed-off-by: Jeff Kirsher commit dab0588fb616c1774bbf108eab1749dda4ac6942 Author: Jesse Brandeburg Date: Thu Aug 9 06:29:01 2018 -0700 ice: Fix potential return of uninitialized value In ice_vsi_setup_[tx|rx]_rings, err is uninitialized which can result in a garbage value return to the caller. Fix that. Signed-off-by: Jesse Brandeburg Signed-off-by: Anirudh Venkataramanan Tested-by: Tony Brelinski Signed-off-by: Jeff Kirsher commit c7f2c42b80ed6009f44e355aefc1e40db9485a9d Author: Anirudh Venkataramanan Date: Thu Aug 9 06:29:00 2018 -0700 ice: Fix a few null pointer dereference issues 1) When ice_ena_msix_range() fails to reserve vectors, a devm_kfree() warning was seen in the error flow path. So check pf->irq_tracker before use in ice_clear_interrupt_scheme(). 2) In ice_vsi_cfg(), check vsi->netdev before use. 3) In ice_get_link_status, check link_up before use. Signed-off-by: Anirudh Venkataramanan Tested-by: Tony Brelinski Signed-off-by: Jeff Kirsher commit c1dc2912059901f97345d9e10c96b841215fdc0f Author: Martin Willi Date: Wed Aug 22 10:27:17 2018 +0200 netfilter: xt_cluster: add dependency on conntrack module The cluster match requires conntrack for matching packets. If the netns does not have conntrack hooks registered, the match does not work at all. Implicitly load the conntrack hook for the family, exactly as many other extensions do. This ensures that the match works even if the hooks have not been registered by other means. Signed-off-by: Martin Willi Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit 3bcd7fa37f33cda8c5639a908e9eb42d856e5d8b Author: Bruce Allan Date: Thu Aug 9 06:28:59 2018 -0700 ice: Update to interrupts enabled in OICR Remove the following interrupt causes that are not applicable or not handled: - PFINT_OICR_HLP_RDY_M - PFINT_OICR_CPM_RDY_M - PFINT_OICR_GPIO_M - PFINT_OICR_STORM_DETECT_M Add the following interrupt cause that's actually handled in ice_misc_intr: - PFINT_OICR_PE_CRITERR_M Signed-off-by: Bruce Allan Signed-off-by: Anirudh Venkataramanan Tested-by: Tony Brelinski Signed-off-by: Jeff Kirsher commit 444c8263151afc06c01ac8ddcd1204624a7d4bb3 Author: Yue Haibing Date: Tue Aug 21 14:03:04 2018 +0000 netfilter: conntrack: remove duplicated include from nf_conntrack_proto_udp.c Remove duplicated include. Fixes: c779e849608a ("netfilter: conntrack: remove get_timeout() indirection") Signed-off-by: Yue Haibing Signed-off-by: Pablo Neira Ayuso commit 785e76d7a2051a9e28b9134d5388a45b16f5eb72 Author: Quentin Monnet Date: Thu Aug 23 17:46:25 2018 +0100 tools: bpftool: return from do_event_pipe() on bad arguments When command line parsing fails in the while loop in do_event_pipe() because the number of arguments is incorrect or because the keyword is unknown, an error message is displayed, but bpftool remains stuck in the loop. Make sure we exit the loop upon failure. Fixes: f412eed9dfde ("tools: bpftool: add simple perf event output reader") Signed-off-by: Quentin Monnet Reviewed-by: Jakub Kicinski Signed-off-by: Daniel Borkmann commit b04413330c773c808c4c6a6cdd278f8ee0f8b613 Author: Kees Cook Date: Wed Aug 22 23:02:31 2018 -0700 gcc-plugins: Disable when building under Clang Prior to doing compiler feature detection in Kconfig, attempts to build GCC plugins with Clang would fail the build, much in the same way missing GCC plugin headers would fail the build. However, now that this logic has been lifted into Kconfig, add an explicit test for GCC (instead of duplicating it in the feature-test script). Reported-by: Stefan Agner Signed-off-by: Kees Cook Reviewed-by: Masahiro Yamada commit 5d8778d803e21f235e9bc727b5bd619f02abb88b Author: Brett Creeley Date: Thu Aug 9 06:28:58 2018 -0700 ice: Set VLAN flags correctly In the struct ice_aqc_vsi_props the field port_vlan_flags is an overloaded term because it is used for both port VLANs (PVLANs) and regular VLANs. This is an issue and is very confusing especially when dealing with VFs because normal VLANs and port VLANs are not the same. To fix this the field was renamed to vlan_flags and all of the #define's labeled *_PVLAN_* were renamed to *_VLAN_* if they are not specific to port VLANs. Also in ice_vsi_manage_vlan_stripping, set the ICE_AQ_VSI_VLAN_MODE_ALL bit to allow the driver to add a VLAN tag to all packets it sends. Signed-off-by: Brett Creeley Signed-off-by: Anirudh Venkataramanan Tested-by: Tony Brelinski Signed-off-by: Jeff Kirsher commit 1eb43fc754485d772b1165118a8fb80c385f0492 Author: Jacob Keller Date: Thu Aug 9 06:28:57 2018 -0700 ice: Use order_base_2 to calculate higher power of 2 Currently, we use a combination of ilog2 and is_power_of_2() to calculate the next power of 2 for the qcount. This appears to be causing a warning on some combinations of GCC and the Linux kernel: MODPOST 1 modules WARNING: "____ilog2_NaN" [ice.ko] undefined! This appears to because because GCC realizes that qcount could be zero in some circumstances and thus attempts to link against the intentionally undefined ___ilog2_NaN function. The order_base_2 function is intentionally defined to return 0 when passed 0 as an argument, and thus will be safe to use here. This not only fixes the warning but makes the resulting code slightly cleaner, and is really what we should have used originally. Also update the comment to make it more clear that we are rounding up, not just incrementing the ilog2 of qcount unconditionally. Signed-off-by: Jacob Keller Signed-off-by: Anirudh Venkataramanan Tested-by: Tony Brelinski Signed-off-by: Jeff Kirsher commit 3d6b640efcc1b07709b42dd2e9609401c6f88633 Author: Anirudh Venkataramanan Date: Thu Aug 9 06:28:56 2018 -0700 ice: Fix bugs in control queue processing This patch is a consolidation of multiple bug fixes for control queue processing. 1) In ice_clean_adminq_subtask() remove unnecessary reads/writes to registers. The bits PFINT_FW_CTL, PFINT_MBX_CTL and PFINT_SB_CTL are not set when an interrupt arrives, which means that clearing them again can be omitted. 2) Get an accurate value in "pending" by re-reading the control queue head register from the hardware. 3) Fix a corner case involving lost control queue messages by checking for new control messages (using ice_ctrlq_pending) before exiting the cleanup routine. Signed-off-by: Anirudh Venkataramanan Tested-by: Tony Brelinski Signed-off-by: Jeff Kirsher commit b29bc220e2c7bd494a4605defcd93b18d5a8cf86 Author: Preethi Banala Date: Thu Aug 9 06:28:55 2018 -0700 ice: Clean control queues only when they are initialized Clean control queues only when they are initialized. One of the ways to validate if the basic initialization is done is by checking value of cq->sq.head and cq->rq.head variables that specify the register address. This patch adds a check to avoid NULL pointer dereference crash when tried to shutdown uninitialized control queue. Signed-off-by: Preethi Banala Signed-off-by: Anirudh Venkataramanan Tested-by: Tony Brelinski Signed-off-by: Jeff Kirsher commit f8ba7db850350319348b6d3c276f8ba19bc098ef Author: Jacob Keller Date: Thu Aug 9 06:28:54 2018 -0700 ice: Report stats for allocated queues via ethtool stats It is not safe to have the string table for statistics change order or size over the lifetime of a given netdevice. This is because of the nature of the 3-step process for obtaining stats. First, user space performs a request for the size of the strings table. Second it performs a separate request for the strings themselves, after allocating space for the table. Third, it requests the stats themselves, also allocating space for the table. If the size decreased, there is potential to see garbage data or stats values. In the worst case, we could potentially see stats values become mis-aligned with their strings, so that it looks like a statistic is being reported differently than it actually is. Even worse, if the size increased, there is potential that the strings table or stats table was not allocated large enough and the stats code could access and write to memory it should not, potentially resulting in undefined behavior and system crashes. It isn't even safe if the size always changes under the RTNL lock. This is because the calls take place over multiple user space commands, so it is not possible to hold the RTNL lock for the entire duration of obtaining strings and stats. Further, not all consumers of the ethtool API are the user space ethtool program, and it is possible that one assumes the strings will not change (valid under the current contract), and thus only requests the stats values when requesting stats in a loop. Finally, it's not possible in the general case to detect when the size changes, because it is quite possible that one value which could impact the stat size increased, while another decreased. This would result in the same total number of stats, but reordering them so that stats no longer line up with the strings they belong to. Since only size changes aren't enough, we would need some sort of hash or token to determine when the strings no longer match. This would require extending the ethtool stats commands, but there is no more space in the relevant structures. The real solution to resolve this would be to add a completely new API for stats, probably over netlink. In the ice driver, the only thing impacting the stats that is not constant is the number of queues. Instead of reporting stats for each used queue, report stats for each allocated queue. We do not change the number of queues allocated for a given netdevice, as we pass this into the alloc_etherdev_mq() function to set the num_tx_queues and num_rx_queues. This resolves the potential bugs at the slight cost of displaying many queue statistics which will not be activated. Signed-off-by: Jacob Keller Signed-off-by: Anirudh Venkataramanan Tested-by: Tony Brelinski Signed-off-by: Jeff Kirsher commit 5ab522443bd1dafa9e32d6f4b029128efda072de Author: Anirudh Venkataramanan Date: Thu Aug 9 06:28:53 2018 -0700 ice: Cleanup magic number Use define for the unit size shift of the Rx LAN context descriptor base address instead of the magic number 7. Signed-off-by: Anirudh Venkataramanan Tested-by: Tony Brelinski Signed-off-by: Jeff Kirsher commit c0203475765f827e7b2eaf0a87222d0766e2cc4b Author: Daniel Borkmann Date: Wed Aug 22 23:49:37 2018 +0200 bpf: use per htab salt for bucket hash All BPF hash and LRU maps currently have a known and global seed we feed into jhash() which is 0. This is suboptimal, thus fix it by generating a random seed upon hashtab setup time which we can later on feed into jhash() on lookup, update and deletions. Fixes: 0f8e4bd8a1fc8 ("bpf: add hashtable type of eBPF maps") Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Acked-by: Song Liu Reviewed-by: Eduardo Valentin commit 6efa6239e7f8777dccddcebb643e6d9a0304bf43 Author: Bruce Allan Date: Thu Aug 9 06:28:52 2018 -0700 ice: Remove unnecessary node owner check There is already a check for owner == ICE_SCHED_NODE_OWNER_LAN at the beginning of ice_sched_update_vsi_child_nodes. Remove the additional check to address the static analysis tool smatch issue "warn: we tested 'owner' before and it was 'false'". Signed-off-by: Bruce Allan Signed-off-by: Anirudh Venkataramanan Tested-by: Tony Brelinski Signed-off-by: Jeff Kirsher commit 4381147df9098706caa5cf9fda37e53b2fe4871f Author: Anirudh Venkataramanan Date: Thu Aug 9 06:28:51 2018 -0700 ice: Fix multiple static analyser warnings This patch fixes the following smatch errors: 1) Fix "odd binop '0x0 & 0xc'" when performing the bitwise-and with a constant value of zero (ICE_AQC_GSET_RSS_LUT_TABLE_SIZE_128_FLAG). Remove a similar bitwise-and with 0 in ice_add_marker_act() and use the right mask ICE_LG_ACT_GENERIC_OFFSET_M in the expression. 2) Fix a similar issue "odd binop '0x0 & 0x1800' in ice_req_irq_msix_misc. 3) Fix "odd binop '0x380000 & 0x7fff8'" in ice_add_marker_act(). Also, use a new define ICE_LG_ACT_GENERIC_OFF_RX_DESC_PROF_IDX instead of magic number '7'. 4) Fix warn: odd binop '0x0 & 0x18' in ice_set_dflt_vsi_ctx() by removing unnecessary logic to explicitly unset bits 3 and 4 in port_vlan_bits. These bits are unset already by the memset on ctxt->info. Reported-by: Dan Carpenter Signed-off-by: Anirudh Venkataramanan Tested-by: Tony Brelinski Signed-off-by: Jeff Kirsher commit b9b8a41adeff5666b402996020b698504c927353 Author: Dan Carpenter Date: Mon Aug 20 11:25:33 2018 +0300 btrfs: use after free in btrfs_quota_enable The issue here is that btrfs_commit_transaction() frees "trans" on both the error and the success path. So the problem would be if btrfs_commit_transaction() succeeds, and then qgroup_rescan_init() fails. That means that "ret" is non-zero and "trans" is non-NULL and it leads to a use after free inside the btrfs_end_transaction() macro. Fixes: 340f1aa27f36 ("btrfs: qgroups: Move transaction management inside btrfs_quota_enable/disable") Signed-off-by: Dan Carpenter Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit 801660b040d132f67fac6a95910ad307c5929b49 Author: Anand Jain Date: Mon Aug 6 18:12:37 2018 +0800 btrfs: btrfs_shrink_device should call commit transaction at the end Test case btrfs/164 reports use-after-free: [ 6712.084324] general protection fault: 0000 [#1] PREEMPT SMP .. [ 6712.195423] btrfs_update_commit_device_size+0x75/0xf0 [btrfs] [ 6712.201424] btrfs_commit_transaction+0x57d/0xa90 [btrfs] [ 6712.206999] btrfs_rm_device+0x627/0x850 [btrfs] [ 6712.211800] btrfs_ioctl+0x2b03/0x3120 [btrfs] Reason for this is that btrfs_shrink_device adds the resized device to the fs_devices::resized_devices after it has called the last commit transaction. So the list fs_devices::resized_devices is not empty when btrfs_shrink_device returns. Now the parent function btrfs_rm_device calls: btrfs_close_bdev(device); call_rcu(&device->rcu, free_device_rcu); and then does the transactio ncommit. It goes through the fs_devices::resized_devices in btrfs_update_commit_device_size and leads to use-after-free. Fix this by making sure btrfs_shrink_device calls the last needed btrfs_commit_transaction before the return. This is consistent with what the grow counterpart does and this makes sure the on-disk state is persistent when the function returns. Reported-by: Lu Fengqi Tested-by: Lu Fengqi Signed-off-by: Anand Jain Reviewed-by: David Sterba [ update changelog ] Signed-off-by: David Sterba commit a5b7f4295eeae8b05ca91f6d145cd8773b08de9e Author: Lu Fengqi Date: Thu Aug 9 09:46:04 2018 +0800 btrfs: fix qgroup_free wrong num_bytes in btrfs_subvolume_reserve_metadata After btrfs_qgroup_reserve_meta_prealloc(), num_bytes will be assigned again by btrfs_calc_trans_metadata_size(). Once block_rsv fails, we can't properly free the num_bytes of the previous qgroup_reserve. Use a separate variable to store the num_bytes of the qgroup_reserve. Delete the comment for the qgroup_reserved that does not exist and add a comment about use_global_rsv. Fixes: c4c129db5da8 ("btrfs: drop unused parameter qgroup_reserved") CC: stable@vger.kernel.org # 4.18+ Signed-off-by: Lu Fengqi Reviewed-by: David Sterba Signed-off-by: David Sterba commit de02b9f6bb65a6a1848f346f7a3617b7a9b930c0 Author: Filipe Manana Date: Fri Aug 17 09:38:59 2018 +0100 Btrfs: fix data corruption when deduplicating between different files If we deduplicate extents between two different files we can end up corrupting data if the source range ends at the size of the source file, the source file's size is not aligned to the filesystem's block size and the destination range does not go past the size of the destination file size. Example: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ xfs_io -f -c "pwrite -S 0x6b 0 2518890" /mnt/foo # The first byte with a value of 0xae starts at an offset (2518890) # which is not a multiple of the sector size. $ xfs_io -c "pwrite -S 0xae 2518890 102398" /mnt/foo # Confirm the file content is full of bytes with values 0x6b and 0xae. $ od -t x1 /mnt/foo 0000000 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b * 11467540 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ae ae ae ae ae ae 11467560 ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae * 11777540 ae ae ae ae ae ae ae ae 11777550 # Create a second file with a length not aligned to the sector size, # whose bytes all have the value 0x6b, so that its extent(s) can be # deduplicated with the first file. $ xfs_io -f -c "pwrite -S 0x6b 0 557771" /mnt/bar # Now deduplicate the entire second file into a range of the first file # that also has all bytes with the value 0x6b. The destination range's # end offset must not be aligned to the sector size and must be less # then the offset of the first byte with the value 0xae (byte at offset # 2518890). $ xfs_io -c "dedupe /mnt/bar 0 1957888 557771" /mnt/foo # The bytes in the range starting at offset 2515659 (end of the # deduplication range) and ending at offset 2519040 (start offset # rounded up to the block size) must all have the value 0xae (and not # replaced with 0x00 values). In other words, we should have exactly # the same data we had before we asked for deduplication. $ od -t x1 /mnt/foo 0000000 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b * 11467540 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ae ae ae ae ae ae 11467560 ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae * 11777540 ae ae ae ae ae ae ae ae 11777550 # Unmount the filesystem and mount it again. This guarantees any file # data in the page cache is dropped. $ umount /dev/sdb $ mount /dev/sdb /mnt $ od -t x1 /mnt/foo 0000000 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b * 11461300 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 00 11461320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 * 11470000 ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae * 11777540 ae ae ae ae ae ae ae ae 11777550 # The bytes in range 2515659 to 2519040 have a value of 0x00 and not a # value of 0xae, data corruption happened due to the deduplication # operation. So fix this by rounding down, to the sector size, the length used for the deduplication when the following conditions are met: 1) Source file's range ends at its i_size; 2) Source file's i_size is not aligned to the sector size; 3) Destination range does not cross the i_size of the destination file. Fixes: e1d227a42ea2 ("btrfs: Handle unaligned length in extent_same") CC: stable@vger.kernel.org # 4.2+ Signed-off-by: Filipe Manana Signed-off-by: David Sterba commit d4682ba03ef618b6ef4be7cedc7aacaf505d3a58 Author: Filipe Manana Date: Mon Jun 11 19:24:28 2018 +0100 Btrfs: sync log after logging new name When we add a new name for an inode which was logged in the current transaction, we update the inode in the log so that its new name and ancestors are added to the log. However when we do this we do not persist the log, so the changes remain in memory only, and as a consequence, any ancestors that were created in the current transaction are updated such that future calls to btrfs_inode_in_log() return true. This leads to a subsequent fsync against such new ancestor directories returning immediately, without persisting the log, therefore after a power failure the new ancestor directories do not exist, despite fsync being called against them explicitly. Example: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ mkdir /mnt/A $ mkdir /mnt/B $ mkdir /mnt/A/C $ touch /mnt/B/foo $ xfs_io -c "fsync" /mnt/B/foo $ ln /mnt/B/foo /mnt/A/C/foo $ xfs_io -c "fsync" /mnt/A After the power failure, directory "A" does not exist, despite the explicit fsync on it. Instead of fixing this by changing the behaviour of the explicit fsync on directory "A" to persist the log instead of doing nothing, make the logging of the new file name (which happens when creating a hard link or renaming) persist the log. This approach not only is simpler, not requiring addition of new fields to the inode in memory structure, but also gives us the same behaviour as ext4, xfs and f2fs (possibly other filesystems too). A test case for fstests follows soon. Fixes: 12fcfd22fe5b ("Btrfs: tree logging unlink/rename fixes") Reported-by: Vijay Chidambaram Signed-off-by: Filipe Manana Signed-off-by: David Sterba commit c125311d96b1bfcce0f5930a4f0fdfe39ea14f7c Author: Jens Axboe Date: Thu Aug 23 09:34:46 2018 -0600 blk-wbt: don't maintain inflight counts if disabled A previous commit removed the ability to have per-rq flags. We used those flags to maintain inflight counts. Since we don't have those anymore, we have to always maintain inflight counts, even if wbt is disabled. This is clearly suboptimal. Add a queue quiesce around changing the wbt latency settings from sysfs to work around this. With that, we can reliably put the enabled check in our bio_to_wbt_flags(), since we know the WBT_TRACKED flag will be consistent for the lifetime of the request. Fixes: c1c80384c8f ("block: remove external dependency on wbt_flags") Reviewed-by: Josef Bacik Signed-off-by: Jens Axboe commit 0f52b3a00c789569d7ed822b5a6b30f59a8d4393 Author: Mahesh Salgaonkar Date: Thu Aug 23 10:26:08 2018 +0530 powerpc/mce: Fix SLB rebolting during MCE recovery path. The commit e7e81847478 ("powerpc/64s: move machine check SLB flushing to mm/slb.c") introduced a bug in reloading bolted SLB entries. Unused bolted entries are stored with .esid=0 in the slb_shadow area, and that value is now used directly as the RB input to slbmte, which means the RB[52:63] index field is set to 0, which causes SLB entry 0 to be cleared. Fix this by storing the index bits in the unused bolted entries, which directs the slbmte to the right place. The SLB shadow area is also used by the hypervisor, but PAPR is okay with that, from LoPAPR v1.1, 14.11.1.3 SLB Shadow Buffer: Note: SLB is filled sequentially starting at index 0 from the shadow buffer ignoring the contents of RB field bits 52-63 Fixes: e7e81847478b ("powerpc/64s: move machine check SLB flushing to mm/slb.c") Signed-off-by: Mahesh Salgaonkar Signed-off-by: Nicholas Piggin Reviewed-by: Nicholas Piggin Signed-off-by: Michael Ellerman commit 8cfbdbdc24815417a3ab35101ccf706b9a23ff17 Author: Paul Mackerras Date: Thu Aug 23 10:08:58 2018 +1000 KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages Commit 76fa4975f3ed ("KVM: PPC: Check if IOMMU page is contained in the pinned physical page", 2018-07-17) added some checks to ensure that guest DMA mappings don't attempt to map more than the guest is entitled to access. However, errors in the logic mean that legitimate guest requests to map pages for DMA are being denied in some situations. Specifically, if the first page of the range passed to mm_iommu_get() is mapped with a normal page, and subsequent pages are mapped with transparent huge pages, we end up with mem->pageshift == 0. That means that the page size checks in mm_iommu_ua_to_hpa() and mm_iommu_up_to_hpa_rm() will always fail for every page in that region, and thus the guest can never map any memory in that region for DMA, typically leading to a flood of error messages like this: qemu-system-ppc64: VFIO_MAP_DMA: -22 qemu-system-ppc64: vfio_dma_map(0x10005f47780, 0x800000000000000, 0x10000, 0x7fff63ff0000) = -22 (Invalid argument) The logic errors in mm_iommu_get() are: (a) use of 'ua' not 'ua + (i << PAGE_SHIFT)' in the find_linux_pte() call (meaning that find_linux_pte() returns the pte for the first address in the range, not the address we are currently up to); (b) use of 'pageshift' as the variable to receive the hugepage shift returned by find_linux_pte() - for a normal page this gets set to 0, leading to us setting mem->pageshift to 0 when we conclude that the pte returned by find_linux_pte() didn't match the page we were looking at; (c) comparing 'compshift', which is a page order, i.e. log base 2 of the number of pages, with 'pageshift', which is a log base 2 of the number of bytes. To fix these problems, this patch introduces 'cur_ua' to hold the current user address and uses that in the find_linux_pte() call; introduces 'pteshift' to hold the hugepage shift found by find_linux_pte(); and compares 'pteshift' with 'compshift + PAGE_SHIFT' rather than 'compshift'. The patch also moves the local_irq_restore to the point after the PTE pointer returned by find_linux_pte() has been dereferenced because otherwise the PTE could change underneath us, and adds a check to avoid doing the find_linux_pte() call once mem->pageshift has been reduced to PAGE_SHIFT, as an optimization. Fixes: 76fa4975f3ed ("KVM: PPC: Check if IOMMU page is contained in the pinned physical page") Cc: stable@vger.kernel.org # v4.12+ Signed-off-by: Paul Mackerras Signed-off-by: Michael Ellerman commit f08d08f3db55452d31ba4a37c702da6245876b96 Author: Aneesh Kumar K.V Date: Wed Aug 22 22:46:05 2018 +0530 powerpc/mm/radix: Only need the Nest MMU workaround for R -> RW transition The Nest MMU workaround is only needed for RW upgrades. Avoid doing that for other PTE updates. We also avoid clearing the PTE while marking it invalid. This is because other page table walkers will find this PTE none and can result in unexpected behaviour due to that. Instead we clear _PAGE_PRESENT and set the software PTE bit _PAGE_INVALID. pte_present() is already updated to check for both bits. This makes sure page table walkers will find the PTE present and things like pte_pfn(pte) returns the right value. Based on an original patch from Benjamin Herrenschmidt Signed-off-by: Aneesh Kumar K.V Reviewed-by: Nicholas Piggin Signed-off-by: Michael Ellerman commit 66e5db4a1ccc64f278653bc69dc406d184dc750a Merge: 5804b11034a2 78303650e4cd Author: Ingo Molnar Date: Thu Aug 23 10:29:19 2018 +0200 Merge tag 'perf-core-for-mingo-4.19-20180820' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/core improvements and fixes from Arnaldo Carvalho de Melo: LLVM/clang/eBPF: (Arnaldo Carvalho de Melo) - Allow passing options to llc in addition to to clang. Hardware tracing: (Jack Henschel) - Improve error message for PMU address filters, clarifying availability of that feature in hardware having hardware tracing such as Intel PT. Python interface: (Jiri Olsa) - Fix read_on_cpu() interface. ELF/DWARF libraries: (Jiri Olsa) - Fix handling of the combo compressed module file + decompressed associated debuginfo file. Build (Rasmus Villemoes) - Disable parallelism for 'make clean', avoiding multiple submakes deleting the same files and causing the build to fail on systems such as Yocto. Kernel ABI copies: (Arnaldo Carvalho de Melo) - Update tools's copy of x86's cpufeatures.h. - Update arch/x86/lib/memcpy_64.S copy used in 'perf bench mem memcpy'. Miscellaneous: (Steven Rostedt) - Change libtraceevent to SPDX License format. Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit 25da75043f8690fd083878447c91f289dfb63b87 Author: Kai-Heng Feng Date: Thu Aug 23 05:53:32 2018 +0000 drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 Another panel that reports "DFP 1.x compliant TMDS" but it supports 6bpc instead of 8 bpc. Apply 6 bpc quirk for the panel to fix it. BugLink: https://bugs.launchpad.net/bugs/1788308 Cc: # v4.8+ Signed-off-by: Kai-Heng Feng Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20180823055332.7723-1-kai.heng.feng@canonical.com commit f5d707ede37a962bc3cb9b3f8531a870dae29e46 Author: Arnd Bergmann Date: Tue Aug 21 22:37:33 2018 +0200 ACPI: fix menuconfig presentation of ACPI submenu My fix for a recursive Kconfig dependency caused another issue where the ACPI specific options end up in the top-level menu in 'menuconfig'. This was an unintended side-effect of having a silent option between 'menuconfig ACPI' and 'if ACPI'. Moving the ARCH_SUPPORTS_ACPI symbol ahead of the ACPI menu solves that problem and restores the previous presentation. Reported-by: Ard Biesheuvel Fixes: 2c870e61132c (arm64: fix ACPI dependencies) Signed-off-by: Arnd Bergmann Signed-off-by: Rafael J. Wysocki commit d2332f887ddfba50fee93b8e1736376517c2df0c Author: Sergei Shtylyov Date: Wed Aug 22 21:22:26 2018 +0300 mmc: renesas_sdhi_internal_dmac: mask DMAC interrupts I have encountered an interrupt storm during the eMMC chip probing (and the chip finally didn't get detected). It turned out that U-Boot left the SDHI DMA interrupts enabled while the Linux driver didn't use those. Masking those interrupts in renesas_sdhi_internal_dmac_request_dma() gets rid of both issues... Signed-off-by: Sergei Shtylyov Reviewed-by: Wolfram Sang Fixes: 2a68ea7896e3 ("mmc: renesas-sdhi: add support for R-Car Gen3 SDHI DMAC") Cc: stable@vger.kernel.org # v4.14+ Signed-off-by: Ulf Hansson commit 9faf870e559a710c44e747ba20383ea82d8ac5d2 Author: Sergei Shtylyov Date: Wed Aug 22 21:28:01 2018 +0300 mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS The DM_CM_RST register actually has bits 0-31 defaulting to 1s and bits 32-63 defaulting to 0s -- fix off-by-one in #define RST_RESERVED_BITS. Signed-off-by: Sergei Shtylyov Reviewed-by: Wolfram Sang Fixes: 2a68ea7896e3 ("mmc: renesas-sdhi: add support for R-Car Gen3 SDHI DMAC") Cc: stable@vger.kernel.org # v4.14+ Signed-off-by: Ulf Hansson commit 0d092f06faa46b95a8e07b9bb5737b7c0f1176ee Merge: 6bfde2e196d8 addb3ffbca66 Author: David S. Miller Date: Wed Aug 22 22:43:11 2018 -0700 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth Johan Hedberg says: ==================== pull request: bluetooth 2018-08-23 Here are two important Bluetooth fixes for the MediaTek and RealTek HCI drivers. Please let me know if there are any issues pulling, thanks. ==================== Signed-off-by: David S. Miller commit 6bfde2e196d8ddfea5317be986809abdb0be5a0c Merge: d23c4b6336ef 583e7281f1d8 Author: David S. Miller Date: Wed Aug 22 21:55:01 2018 -0700 Merge branch 'hns3-fixes' Huazhong Tan says: ==================== net: hns3: bug fix & optimization for HNS3 driver This patchset presents a bug fix found out when CONFIG_ARM64_64K_PAGES enable and an optimization for HNS3 driver. ==================== Signed-off-by: David S. Miller commit 583e7281f1d8234f3a3e483bd6fba7a72d24aa4e Author: Huazhong Tan Date: Thu Aug 23 11:37:16 2018 +0800 net: hns3: modify variable type in hns3_nic_reuse_page 'truesize' is supposed to be u32, not int, so fix it. Signed-off-by: Huazhong tan Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit 27a5959308559fa6afcaa4e6cd81d25bcb2dda7c Author: Huazhong Tan Date: Thu Aug 23 11:37:15 2018 +0800 net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES When enable the config item "CONFIG_ARM64_64K_PAGES", the size of PAGE_SIZE is 65536(64K). But the type of page_offset is u16, it will overflow. So change it to u32, when "CONFIG_ARM64_64K_PAGES" enabled. Fixes: 76ad4f0ee747 ("net: hns3: Add support of HNS3 Ethernet Driver for hip08 SoC") Signed-off-by: Huazhong Tan Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit d23c4b6336ef30898dcdff351f21e633e7a64930 Author: Hangbin Liu Date: Thu Aug 23 11:31:37 2018 +0800 net/ipv6: init ip6 anycast rt->dst.input as ip6_input Commit 6edb3c96a5f02 ("net/ipv6: Defer initialization of dst to data path") forgot to handle anycast route and init anycast rt->dst.input to ip6_forward. Fix it by setting anycast rt->dst.input back to ip6_input. Fixes: 6edb3c96a5f02 ("net/ipv6: Defer initialization of dst to data path") Signed-off-by: Hangbin Liu Reviewed-by: David Ahern Signed-off-by: David S. Miller commit 58ce660f911c9fae146a94245efb04b4af6f02a9 Merge: 12a7f8696b85 339379a2fb13 Author: David S. Miller Date: Wed Aug 22 21:47:36 2018 -0700 Merge branch 'hns-fixes' Huazhong Tan says: ==================== net: hns: bug fixes & optimization for HNS driver This patchset presents some bug fixes found out when CONFIG_ARM64_64K_PAGES enable and an optimization for HNS driver. ==================== Signed-off-by: David S. Miller commit 339379a2fb13decd1802b403370cc3cdf21d819f Author: Huazhong Tan Date: Thu Aug 23 11:10:13 2018 +0800 net: hns: use eth_get_headlen interface instead of hns_nic_get_headlen Update hns to drop the hns_nic_get_headlen function in favour of eth_get_headlen, and hence also removes now redundant hns_nic_get_headlen. Signed-off-by: Huazhong Tan Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit b1ccd4c0ab6ef499f47dd84ed4920502a7147bba Author: Huazhong Tan Date: Thu Aug 23 11:10:12 2018 +0800 net: hns: fix skb->truesize underestimation skb->truesize is not meant to be tracking amount of used bytes in a skb, but amount of reserved/consumed bytes in memory. For instance, if we use a single byte in last page fragment, we have to account the full size of the fragment. So skb_add_rx_frag needs to calculate the length of the entire buffer into turesize. Fixes: 9cbe9fd5214e ("net: hns: optimize XGE capability by reducing cpu usage") Signed-off-by: Huazhong tan Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit ac4a5b52f5970479f4b2d94a7f98dbf9eaf675ab Author: Huazhong Tan Date: Thu Aug 23 11:10:11 2018 +0800 net: hns: modify variable type in hns_nic_reuse_page 'truesize' is supposed to be u32, not int, so fix it. Signed-off-by: Huazhong tan Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit 3ed614dce3ca9912d22be215ff0f11104b69fe62 Author: Huazhong Tan Date: Thu Aug 23 11:10:10 2018 +0800 net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES When enable the config item "CONFIG_ARM64_64K_PAGES", the size of PAGE_SIZE is 65536(64K). But the type of length and page_offset are u16, they will overflow. So change them to u32. Fixes: 6fe6611ff275 ("net: add Hisilicon Network Subsystem hnae framework support") Signed-off-by: Huazhong Tan Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit 12a7f8696b85aaff3a76cd12a15b101b2af65404 Merge: 431280eebed9 8e995bf14fdb Author: David S. Miller Date: Wed Aug 22 21:45:32 2018 -0700 Merge branch 'tcp_bbr-PROBE_RTT-minor-bug-fixes' Kevin Yang says: ==================== tcp_bbr: PROBE_RTT minor bug fixes This series includes two minor bug fixes for the TCP BBR PROBE_RTT mechanism, and one preparatory patch: (1) A preparatory patch to reorganize the PROBE_RTT logic by refactoring (into its own function) the code to exit PROBE_RTT, since the next patch will be using that code in a new context. (2) Fix: When BBR restarts from idle and if BBR is in PROBE_RTT mode, BBR should check if it's time to exit PROBE_RTT. If yes, then BBR should exit PROBE_RTT mode and restore the cwnd to its full value. (3) Fix: Apply the PROBE_RTT cwnd cap even if the count of fully-ACKed packets is 0. ==================== Signed-off-by: David S. Miller commit 8e995bf14fdb7e33681d5c3312b602fa342b878a Author: Kevin Yang Date: Wed Aug 22 17:43:16 2018 -0400 tcp_bbr: apply PROBE_RTT cwnd cap even if acked==0 This commit fixes a corner case where TCP BBR would enter PROBE_RTT mode but not reduce its cwnd. If a TCP receiver ACKed less than one full segment, the number of delivered/acked packets was 0, so that bbr_set_cwnd() would short-circuit and exit early, without cutting cwnd to the value we want for PROBE_RTT. The fix is to instead make sure that even when 0 full packets are ACKed, we do apply all the appropriate caps, including the cap that applies in PROBE_RTT mode. Fixes: 0f8782ea1497 ("tcp_bbr: add BBR congestion control") Signed-off-by: Kevin Yang Signed-off-by: Neal Cardwell Reviewed-by: Yuchung Cheng Reviewed-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller commit 5490b32dce6932ea7ee8e3b2f76db2957c92af6e Author: Kevin Yang Date: Wed Aug 22 17:43:15 2018 -0400 tcp_bbr: in restart from idle, see if we should exit PROBE_RTT This patch fix the case where BBR does not exit PROBE_RTT mode when it restarts from idle. When BBR restarts from idle and if BBR is in PROBE_RTT mode, BBR should check if it's time to exit PROBE_RTT. If yes, then BBR should exit PROBE_RTT mode and restore the cwnd to its full value. Fixes: 0f8782ea1497 ("tcp_bbr: add BBR congestion control") Signed-off-by: Kevin Yang Signed-off-by: Neal Cardwell Reviewed-by: Yuchung Cheng Reviewed-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller commit fb99886224294b2291d267da41395022fa4200e2 Author: Kevin Yang Date: Wed Aug 22 17:43:14 2018 -0400 tcp_bbr: add bbr_check_probe_rtt_done() helper This patch add a helper function bbr_check_probe_rtt_done() to 1. check the condition to see if bbr should exit probe_rtt mode; 2. process the logic of exiting probe_rtt mode. Fixes: 0f8782ea1497 ("tcp_bbr: add BBR congestion control") Signed-off-by: Kevin Yang Signed-off-by: Neal Cardwell Signed-off-by: Yuchung Cheng Reviewed-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller commit 431280eebed9f5079553daf003011097763e71fd Author: Eric Dumazet Date: Wed Aug 22 13:30:45 2018 -0700 ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state tcp uses per-cpu (and per namespace) sockets (net->ipv4.tcp_sk) internally to send some control packets. 1) RST packets, through tcp_v4_send_reset() 2) ACK packets in SYN-RECV and TIME-WAIT state, through tcp_v4_send_ack() These packets assert IP_DF, and also use the hashed IP ident generator to provide an IPv4 ID number. Geoff Alexander reported this could be used to build off-path attacks. These packets should not be fragmented, since their size is smaller than IPV4_MIN_MTU. Only some tunneled paths could eventually have to fragment, regardless of inner IPID. We really can use zero IPID, to address the flaw, and as a bonus, avoid a couple of atomic operations in ip_idents_reserve() Signed-off-by: Eric Dumazet Reported-by: Geoff Alexander Tested-by: Geoff Alexander Signed-off-by: David S. Miller commit e500c6d349f7f36120886841c6f057ce248b48b2 Author: Cong Wang Date: Wed Aug 22 12:58:34 2018 -0700 addrconf: reduce unnecessary atomic allocations All the 3 callers of addrconf_add_mroute() assert RTNL lock, they don't take any additional lock either, so it is safe to convert it to GFP_KERNEL. Same for sit_add_v4_addrs(). Cc: David Ahern Signed-off-by: Cong Wang Reviewed-by: David Ahern Signed-off-by: David S. Miller commit 191672ca07a7c10c3b84d01019a33d59b4317997 Author: Arnd Bergmann Date: Wed Aug 22 17:25:44 2018 +0200 net_sched: fix unused variable warning in stmmac The new tcf_exts_for_each_action() macro doesn't reference its arguments when CONFIG_NET_CLS_ACT is disabled, which leads to a harmless warning in at least one driver: drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c: In function 'tc_fill_actions': drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c:64:6: error: unused variable 'i' [-Werror=unused-variable] Adding a cast to void lets us avoid this kind of warning. To be on the safe side, do it for all three arguments, not just the one that caused the warning. Fixes: 244cd96adb5f ("net_sched: remove list_head from tc_action") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller commit 93cfb6c17690c465509967aeb237717d10513a88 Author: Toke Høiland-Jørgensen Date: Wed Aug 22 12:29:43 2018 +0200 sch_cake: Fix TC filter flow override and expand it to hosts as well The TC filter flow mapping override completely skipped the call to cake_hash(); however that meant that the internal state was not being updated, which ultimately leads to deadlocks in some configurations. Fix that by passing the overridden flow ID into cake_hash() instead so it can react appropriately. In addition, the major number of the class ID can now be set to override the host mapping in host isolation mode. If both host and flow are overridden (or if the respective modes are disabled), flow dissection and hashing will be skipped entirely; otherwise, the hashing will be kept for the portions that are not set by the filter. Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: David S. Miller commit 3d0371b313b84ba7c16ebf2526a7a34f1c57b19e Author: Samuel Mendoza-Jonas Date: Wed Aug 22 14:57:44 2018 +1000 net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler The ncsi_pkg_info_all_nl() .dumpit handler is missing the NLM_F_MULTI flag, causing additional package information after the first to be lost. Also fixup a sanity check in ncsi_write_package_info() to reject out of range package IDs. Signed-off-by: Samuel Mendoza-Jonas Signed-off-by: David S. Miller commit 00e1cae78120ee19462e7f96135cd1cc59a086e7 Author: Wolfram Sang Date: Wed Aug 22 00:02:19 2018 +0200 net: ethernet: renesas: use SPDX identifier for Renesas drivers Signed-off-by: Wolfram Sang Acked-by: Sergei Shtylyov Reviewed-by: Simon Horman Signed-off-by: David S. Miller commit bd0dbb73e01306a1060e56f81e5fe287be936477 Author: Aneesh Kumar K.V Date: Wed Aug 22 22:46:04 2018 +0530 powerpc/mm/books3s: Add new pte bit to mark pte temporarily invalid. When splitting a huge pmd pte, we need to mark the pmd entry invalid. We can do that by clearing _PAGE_PRESENT bit. But then that will be taken as a swap pte. In order to differentiate between the two use a software pte bit when invalidating. For regular pte, due to bd5050e38aec ("powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang") we need to mark the pte entry invalid when relaxing access permission. Instead of marking pte_none which can result in different page table walk routines possibly skipping this pte entry, invalidate it but still keep it marked present. Signed-off-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman commit 810e9f86f36f59f1d6f6710220c49afe0c705f38 Author: Christophe Leroy Date: Tue Aug 21 13:03:23 2018 +0000 powerpc/nohash: fix pte_access_permitted() Commit 5769beaf180a8 ("powerpc/mm: Add proper pte access check helper for other platforms") replaced generic pte_access_permitted() by an arch specific one. The generic one is defined as (pte_present(pte) && (!(write) || pte_write(pte))) The arch specific one is open coded checking that _PAGE_USER and _PAGE_WRITE (_PAGE_RW) flags are set, but lacking to check that _PAGE_RO and _PAGE_PRIVILEGED are unset, leading to a useless test on targets like the 8xx which defines _PAGE_RW and _PAGE_USER as 0. Commit 5fa5b16be5b31 ("powerpc/mm/hugetlb: Use pte_access_permitted for hugetlb access check") replaced some tests performed with pte helpers by a call to pte_access_permitted(), leading to the same issue. This patch rewrites powerpc/nohash pte_access_permitted() using pte helpers. Fixes: 5769beaf180a8 ("powerpc/mm: Add proper pte access check helper for other platforms") Fixes: 5fa5b16be5b31 ("powerpc/mm/hugetlb: Use pte_access_permitted for hugetlb access check") Cc: stable@vger.kernel.org # v4.15+ Signed-off-by: Christophe Leroy Reviewed-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman commit c037bd615885f1d9d3bdb48531bace79fae1505d Author: John Johansen Date: Tue Aug 21 17:19:53 2018 -0700 apparmor: remove no-op permission check in policy_unpack The patch 736ec752d95e: "AppArmor: policy routines for loading and unpacking policy" from Jul 29, 2010, leads to the following static checker warning: security/apparmor/policy_unpack.c:410 verify_accept() warn: bitwise AND condition is false here security/apparmor/policy_unpack.c:413 verify_accept() warn: bitwise AND condition is false here security/apparmor/policy_unpack.c 392 #define DFA_VALID_PERM_MASK 0xffffffff 393 #define DFA_VALID_PERM2_MASK 0xffffffff 394 395 /** 396 * verify_accept - verify the accept tables of a dfa 397 * @dfa: dfa to verify accept tables of (NOT NULL) 398 * @flags: flags governing dfa 399 * 400 * Returns: 1 if valid accept tables else 0 if error 401 */ 402 static bool verify_accept(struct aa_dfa *dfa, int flags) 403 { 404 int i; 405 406 /* verify accept permissions */ 407 for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) { 408 int mode = ACCEPT_TABLE(dfa)[i]; 409 410 if (mode & ~DFA_VALID_PERM_MASK) 411 return 0; 412 413 if (ACCEPT_TABLE2(dfa)[i] & ~DFA_VALID_PERM2_MASK) 414 return 0; fixes: 736ec752d95e ("AppArmor: policy routines for loading and unpacking policy") Reported-by: Dan Carpenter Signed-off-by: John Johansen commit 8f13b60756a1e5ddc9aa8c6b14807264b6833e5b Merge: 4d1608eebcb2 9d1d02ff3678 Author: Dave Airlie Date: Thu Aug 23 11:24:45 2018 +1000 Merge branch 'drm-next-4.19' of git://people.freedesktop.org/~agd5f/linux into drm-next Fixes for 4.19: - Fix build when KCOV is enabled - Misc display fixes - A couple of SR-IOV fixes - Fence fixes for eviction handling for KFD - Misc other fixes Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20180822203813.2733-1-alexander.deucher@amd.com commit 4d1608eebcb2191b10ac3aa4ca743a38ac05e100 Merge: 3d63a3c14741 4acd8d01a239 Author: Dave Airlie Date: Thu Aug 23 11:23:31 2018 +1000 Merge tag 'drm-misc-next-fixes-2018-08-22' of git://anongit.freedesktop.org/drm/drm-misc into drm-next - Add an unprepare delay to the tv123wam panel (Sean) - Update seanpaul's email in MAINTAINERS (Sean) Signed-off-by: Dave Airlie From: Sean Paul Link: https://patchwork.freedesktop.org/patch/msgid/20180822193850.GA214158@art_vandelay commit 52a288c736669851f166544d4a0b93e1090d7e9b Author: Peter Zijlstra Date: Wed Aug 22 17:30:13 2018 +0200 x86/mm/tlb: Revert the recent lazy TLB patches Revert commits: 95b0e6357d3e x86/mm/tlb: Always use lazy TLB mode 64482aafe55f x86/mm/tlb: Only send page table free TLB flush to lazy TLB CPUs ac0315896970 x86/mm/tlb: Make lazy TLB mode lazier 61d0beb5796a x86/mm/tlb: Restructure switch_mm_irqs_off() 2ff6ddf19c0e x86/mm/tlb: Leave lazy TLB mode at page table free time In order to simplify the TLB invalidate fixes for x86 and unify the parts that need backporting. We'll try again later. Signed-off-by: Peter Zijlstra (Intel) Acked-by: Rik van Riel Signed-off-by: Linus Torvalds commit 815f0ddb346c196018d4d8f8f55c12b83da1de3f Author: Nick Desaulniers Date: Wed Aug 22 16:37:24 2018 -0700 include/linux/compiler*.h: make compiler-*.h mutually exclusive Commit cafa0010cd51 ("Raise the minimum required gcc version to 4.6") recently exposed a brittle part of the build for supporting non-gcc compilers. Both Clang and ICC define __GNUC__, __GNUC_MINOR__, and __GNUC_PATCHLEVEL__ for quick compatibility with code bases that haven't added compiler specific checks for __clang__ or __INTEL_COMPILER. This is brittle, as they happened to get compatibility by posing as a certain version of GCC. This broke when upgrading the minimal version of GCC required to build the kernel, to a version above what ICC and Clang claim to be. Rather than always including compiler-gcc.h then undefining or redefining macros in compiler-intel.h or compiler-clang.h, let's separate out the compiler specific macro definitions into mutually exclusive headers, do more proper compiler detection, and keep shared definitions in compiler_types.h. Fixes: cafa0010cd51 ("Raise the minimum required gcc version to 4.6") Reported-by: Masahiro Yamada Suggested-by: Eli Friedman Suggested-by: Joe Perches Signed-off-by: Nick Desaulniers Signed-off-by: Linus Torvalds commit 108b833cde9c9b93204e6a4e455829a67f9785c3 Author: Chuck Lever Date: Mon Aug 20 10:39:16 2018 -0400 sunrpc: Add comment defining gssd upcall API keywords During review, it was found that the target, service, and srchost keywords are easily conflated. Add an explainer. Signed-off-by: Chuck Lever Signed-off-by: J. Bruce Fields commit a26dd64f5477968d730cf92868b4092314b8e45e Author: Chuck Lever Date: Thu Aug 16 12:06:09 2018 -0400 nfsd: Remove callback_cred Clean up: The global callback_cred is no longer used, so it can be removed. Signed-off-by: Chuck Lever Signed-off-by: J. Bruce Fields commit cb25e7b293ec5cd82bc958a6c89dadeb198504b4 Author: Chuck Lever Date: Thu Aug 16 12:06:04 2018 -0400 nfsd: Use correct credential for NFSv4.0 callback with GSS I've had trouble when operating a multi-homed Linux NFS server with Kerberos using NFSv4.0. Lately, I've seen my clients reporting this (and then hanging): May 9 11:43:26 manet kernel: NFS: NFSv4 callback contains invalid cred The client-side commit f11b2a1cfbf5 ("nfs4: copy acceptor name from context to nfs_client") appears to be related, but I suspect this problem has been going on for some time before that. RFC 7530 Section 3.3.3 says: > For Kerberos V5, nfs/hostname would be a server principal in the > Kerberos Key Distribution Center database. This is the same > principal the client acquired a GSS-API context for when it issued > the SETCLIENTID operation ... In other words, an NFSv4.0 client expects that the server will use the same GSS principal for callback that the client used to establish its lease. For example, if the client used the service principal "nfs@server.domain" to establish its lease, the server is required to use "nfs@server.domain" when performing NFSv4.0 callback operations. The Linux NFS server currently does not. It uses a common service principal for all callback connections. Sometimes this works as expected, and other times -- for example, when the server is accessible via multiple hostnames -- it won't work at all. This patch scrapes the target name from the client credential, and uses that for the NFSv4.0 callback credential. That should be correct much more often. Signed-off-by: Chuck Lever Signed-off-by: J. Bruce Fields commit 9abdda5ddab8a899ca8c4b859ef0a7710f40e0dd Author: Chuck Lever Date: Thu Aug 16 12:05:59 2018 -0400 sunrpc: Extract target name into svc_cred NFSv4.0 callback needs to know the GSS target name the client used when it established its lease. That information is available from the GSS context created by gssproxy. Make it available in each svc_cred. Note this will also give us access to the real target service principal name (which is typically "nfs", but spec does not require that). Signed-off-by: Chuck Lever Signed-off-by: J. Bruce Fields commit a1a237775ec8fd2694b9f8e451821fd168e730d8 Author: Chuck Lever Date: Thu Aug 16 12:05:54 2018 -0400 sunrpc: Enable the kernel to specify the hostname part of service principals A multi-homed NFS server may have more than one "nfs" key in its keytab. Enable the kernel to pick the key it wants as a machine credential when establishing a GSS context. This is useful for GSS-protected NFSv4.0 callbacks, which are required by RFC 7530 S3.3.3 to use the same principal as the service principal the client used when establishing its lease. A complementary modification to rpc.gssd is required to fully enable this feature. Signed-off-by: Chuck Lever Signed-off-by: J. Bruce Fields commit 44090cc876926277329e1608bafc01b9f6da627f Author: Laura Abbott Date: Fri Aug 17 14:43:54 2018 -0700 sunrpc: Don't use stack buffer with scatterlist Fedora got a bug report from NFS: kernel BUG at include/linux/scatterlist.h:143! ... RIP: 0010:sg_init_one+0x7d/0x90 .. make_checksum+0x4e7/0x760 [rpcsec_gss_krb5] gss_get_mic_kerberos+0x26e/0x310 [rpcsec_gss_krb5] gss_marshal+0x126/0x1a0 [auth_rpcgss] ? __local_bh_enable_ip+0x80/0xe0 ? call_transmit_status+0x1d0/0x1d0 [sunrpc] call_transmit+0x137/0x230 [sunrpc] __rpc_execute+0x9b/0x490 [sunrpc] rpc_run_task+0x119/0x150 [sunrpc] nfs4_run_exchange_id+0x1bd/0x250 [nfsv4] _nfs4_proc_exchange_id+0x2d/0x490 [nfsv4] nfs41_discover_server_trunking+0x1c/0xa0 [nfsv4] nfs4_discover_server_trunking+0x80/0x270 [nfsv4] nfs4_init_client+0x16e/0x240 [nfsv4] ? nfs_get_client+0x4c9/0x5d0 [nfs] ? _raw_spin_unlock+0x24/0x30 ? nfs_get_client+0x4c9/0x5d0 [nfs] nfs4_set_client+0xb2/0x100 [nfsv4] nfs4_create_server+0xff/0x290 [nfsv4] nfs4_remote_mount+0x28/0x50 [nfsv4] mount_fs+0x3b/0x16a vfs_kern_mount.part.35+0x54/0x160 nfs_do_root_mount+0x7f/0xc0 [nfsv4] nfs4_try_mount+0x43/0x70 [nfsv4] ? get_nfs_version+0x21/0x80 [nfs] nfs_fs_mount+0x789/0xbf0 [nfs] ? pcpu_alloc+0x6ca/0x7e0 ? nfs_clone_super+0x70/0x70 [nfs] ? nfs_parse_mount_options+0xb40/0xb40 [nfs] mount_fs+0x3b/0x16a vfs_kern_mount.part.35+0x54/0x160 do_mount+0x1fd/0xd50 ksys_mount+0xba/0xd0 __x64_sys_mount+0x21/0x30 do_syscall_64+0x60/0x1f0 entry_SYSCALL_64_after_hwframe+0x49/0xbe This is BUG_ON(!virt_addr_valid(buf)) triggered by using a stack allocated buffer with a scatterlist. Convert the buffer for rc4salt to be dynamically allocated instead. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1615258 Signed-off-by: Laura Abbott Signed-off-by: J. Bruce Fields commit eb7e5cfced102e61814f6f3e4cb4acb9f9315760 Author: Andrey Grodzovsky Date: Wed Aug 22 10:07:35 2018 -0400 drm/amdgpu: Fix page fault and kasan warning on pci device remove. Problem: When executing echo 1 > /sys/class/drm/card0/device/remove kasan warning as bellow and page fault happen because adev->gart.pages already freed by the time amdgpu_gart_unbind is called. BUG: KASAN: user-memory-access in amdgpu_gart_unbind+0x98/0x180 [amdgpu] Write of size 8 at addr 0000000000003648 by task bash/1828 CPU: 2 PID: 1828 Comm: bash Tainted: G W O 4.18.0-rc1-dev+ #29 Hardware name: Gigabyte Technology Co., Ltd. AX370-Gaming/AX370-Gaming-CF, BIOS F3 06/19/2017 Call Trace: dump_stack+0x71/0xab kasan_report+0x109/0x390 amdgpu_gart_unbind+0x98/0x180 [amdgpu] ttm_tt_unbind+0x43/0x60 [ttm] ttm_bo_move_ttm+0x83/0x1c0 [ttm] ttm_bo_handle_move_mem+0xb97/0xd00 [ttm] ttm_bo_evict+0x273/0x530 [ttm] ttm_mem_evict_first+0x29c/0x360 [ttm] ttm_bo_force_list_clean+0xfc/0x210 [ttm] ttm_bo_clean_mm+0xe7/0x160 [ttm] amdgpu_ttm_fini+0xda/0x1d0 [amdgpu] amdgpu_bo_fini+0xf/0x60 [amdgpu] gmc_v8_0_sw_fini+0x36/0x70 [amdgpu] amdgpu_device_fini+0x2d0/0x7d0 [amdgpu] amdgpu_driver_unload_kms+0x6a/0xd0 [amdgpu] drm_dev_unregister+0x79/0x180 [drm] amdgpu_pci_remove+0x2a/0x60 [amdgpu] pci_device_remove+0x5b/0x100 device_release_driver_internal+0x236/0x360 pci_stop_bus_device+0xbf/0xf0 pci_stop_and_remove_bus_device_locked+0x16/0x30 remove_store+0xda/0xf0 kernfs_fop_write+0x186/0x220 __vfs_write+0xcc/0x330 vfs_write+0xe6/0x250 ksys_write+0xb1/0x140 do_syscall_64+0x77/0x1e0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f66ebbb32c0 Fix: Split gmc_v{6,7,8,9}_0_gart_fini to postpone amdgpu_gart_fini to after memory managers are shut down since gart unbind happens as part of this procedure Signed-off-by: Andrey Grodzovsky Reviewed-by: Junwei Zhang Acked-by: Huang Rui Signed-off-by: Alex Deucher commit 899fbc33fd775b9dfa363db28f322272920a2196 Merge: 2edd73a42e0e 9bd5196e5cf7 Author: Linus Torvalds Date: Wed Aug 22 14:14:15 2018 -0700 Merge tag 'platform-drivers-x86-v4.19-1' of git://git.infradead.org/linux-platform-drivers-x86 Pull x86 platform driver updates from Andy Shevchenko: - The driver for Silead touchscreen configurations has been renamed from silead_dmi to touchscreen_dmi since it starts supporting other touchscreens which require some DMI quirks It also gets expanded to cover cases for Chuwi Vi10, ONDA V891W, Connect Tablet 9, Onda V820w, and Cube KNote i1101 tablets. - Another bunch of changes is related to Mellanox platform code to allow user space to communicate with Mellanox for system control and monitoring purposes. The driver notifies user on hotplug device signal receiving. - ASUS WMI drivers recognize lid flip action on UX360, and correctly toggles airplane mode LED. In addition the keyboard backlight toggle gets support. - ThinkPad ACPI driver enables support for calculator key (on at least P52). It also has been fixed to support three characters model designators, which are used for modern laptops. Earlier the battery, marked as BAT1, on ThinkPad laptops has not been configured properly, which is fixed. On the opposite the multi-battery configurations now probed correctly. - Dell SMBIOS driver starts working on some Dell servers which do not support token interface. The regression with backlight detection has also been fixed. In order to support dock mode on some laptops, Intel virtual button driver has been fixed. The last but not least is the fix to Intel HID driver due to changes in Dell systems that prevented to use power button. * tag 'platform-drivers-x86-v4.19-1' of git://git.infradead.org/linux-platform-drivers-x86: (47 commits) platform/x86: acer-wmi: Silence "unsupported" message a bit platform/x86: intel_punit_ipc: fix build errors platform/x86: ideapad: Add Y520-15IKBM and Y720-15IKBM to no_hw_rfkill platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 platform/x86: acer-wmi: refactor function has_cap platform/x86: thinkpad_acpi: Fix multi-battery bug platform/x86: thinkpad_acpi: extend battery quirk coverage platform/x86: touchscreen_dmi: Add info for the Cube KNote i1101 tablet platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() platform/x86: mlx-platform: Remove unused define platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x systems Documentation/ABI: Add new attribute for mlxreg-io sysfs interfaces platform/x86: mlx-platform: Allow mlxreg-io driver activation for more systems platform/x86: mlx-platform: Add ASIC hotplug device configuration platform/mellanox: mlxreg-hotplug: Add hotplug hwmon uevent notification platform/mellanox: mlxreg-hotplug: Improve mechanism of ASIC health discovery platform/x86: mlx-platform: Add mlxreg-fan platform driver activation platform/x86: dell-laptop: Fix backlight detection platform/x86: toshiba_acpi: Fix defined but not used build warnings platform/x86: thinkpad_acpi: Support battery quirk ... commit 2edd73a42e0ec847770c8f7ae511d43c26e59b74 Author: Tony Luck Date: Wed Aug 22 13:39:21 2018 -0700 ia64: Fix allnoconfig section mismatch for ioc_init/ioc_iommu_info This has been broken for an embarassingly long time (since v4.4). Just needs a couple of __init tags on functions to make the sections match up. Signed-off-by: Tony Luck Signed-off-by: Linus Torvalds commit c45e6a037a536530bd25781ac7c989e52deb2a63 Author: Jens Axboe Date: Mon Aug 20 13:22:27 2018 -0600 blk-wbt: fix has-sleeper queueing check We need to do this inside the loop as well, or we can allow new IO to supersede previous IO. Tested-by: Anchal Agarwal Signed-off-by: Jens Axboe commit b78820937b4762b7d30b807d7156bec1d89e4dd3 Author: Jens Axboe Date: Mon Aug 20 13:20:50 2018 -0600 blk-wbt: use wq_has_sleeper() for wq active check We need the memory barrier before checking the list head, use the appropriate helper for this. The matching queue side memory barrier is provided by set_current_state(). Tested-by: Anchal Agarwal Signed-off-by: Jens Axboe commit ffa358dcaae1f2f00926484e712e06daa8953cb4 Author: Jens Axboe Date: Mon Aug 20 13:24:25 2018 -0600 blk-wbt: move disable check into get_limit() Check it in one place, instead of in multiple places. Tested-by: Anchal Agarwal Signed-off-by: Jens Axboe commit 45b74a65b9934d5e1520d97aa4e09cf2b8c69ac0 Merge: 433bcf67370b dbf2a4b1ffab Author: Linus Torvalds Date: Wed Aug 22 14:06:37 2018 -0700 Merge branch 'parisc-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull more parisc updates from Helge Deller: - fix boot failure of 64-bit kernel. It got broken by the unwind optimization commit in merge window. - fix 64-bit userspace support (static 64-bit applications only, e.g. we don't yet have 64-bit userspace support in glibc). - consolidate unwind initialization code. - add machine model description to stack trace. * 'parisc-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Add hardware description to stack traces parisc: Fix boot failure of 64-bit kernel parisc: Consolidate unwind initialization calls parisc: Update comments in syscall.S regarding wide userland parisc: Fix ptraced 64-bit applications to call 64-bit syscalls parisc: Restore possibility to execute 64-bit applications commit 3943b040f11ed0cc6d4585fd286a623ca8634547 Author: Shan Hai Date: Thu Aug 23 02:02:56 2018 +0800 bcache: release dc->writeback_lock properly in bch_writeback_thread() The writeback thread would exit with a lock held when the cache device is detached via sysfs interface, fix it by releasing the held lock before exiting the while-loop. Fixes: fadd94e05c02 (bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set) Signed-off-by: Shan Hai Signed-off-by: Coly Li Tested-by: Shenghui Wang Cc: stable@vger.kernel.org #4.17+ Signed-off-by: Jens Axboe commit 2f40c6eac74a2a60921cdec9e9a8a57e88e31434 Author: Emily Deng Date: Wed Aug 22 20:18:25 2018 +0800 amdgpu: fix multi-process hang issue SWDEV-146499: hang during multi vulkan process testing cause: the second frame's PREAMBLE_IB have clear-state and LOAD actions, those actions ruin the pipeline that is still doing process in the previous frame's work-load IB. fix: need insert pipeline sync if have context switch for SRIOV (because only SRIOV will report PREEMPTION flag to UMD) Signed-off-by: Monk Liu Signed-off-by: Emily Deng Reviewed-by: Christian König Signed-off-by: Alex Deucher commit d98ff24e8e9be3329eea7c84d5e244d0c1cd0ab3 Author: Christian König Date: Tue Aug 21 15:09:39 2018 +0200 drm/amdgpu: fix preamble handling At this point the command submission can still be interrupted. Signed-off-by: Christian König Acked-by: Alex Deucher Signed-off-by: Alex Deucher commit 433bcf67370bc170a345634aa1be4ee8ac905de9 Merge: b37211531194 35d231db53a6 Author: Linus Torvalds Date: Wed Aug 22 14:04:41 2018 -0700 Merge tag 'xtensa-20180820' of git://github.com/jcmvbkbc/linux-xtensa Pull Xtensa updates from Max Filippov: - switch xtensa arch to the generic noncoherent direct mapping operations - add support for DMA_ATTR_NO_KERNEL_MAPPING attribute - clean up users of platform/hardware.h in generic Xtensa code - fix assembly cache maintenance code for long cache lines - rework noMMU cache attributes initialization - add big-endian HiFi2 test_kc705_be CPU variant * tag 'xtensa-20180820' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: add test_kc705_be variant xtensa: clean up boot-elf/bootstrap.S xtensa: make bootparam parsing optional xtensa: drop variant IRQ support xtensa: drop unneeded platform/hardware.h headers xtensa: move PLATFORM_NR_IRQS to Kconfig xtensa: rework {CONFIG,PLATFORM}_DEFAULT_MEM_START xtensa: drop unused {CONFIG,PLATFORM}_DEFAULT_MEM_SIZE xtensa: rework noMMU cache attributes initialization xtensa: increase ranges in ___invalidate_{i,d}cache_all xtensa: limit offsets in __loop_cache_{all,page} xtensa: platform-specific handling of coherent memory xtensa: support DMA_ATTR_NO_KERNEL_MAPPING attribute xtensa: use generic dma_noncoherent_ops commit 8604ffcbf04f8f4f3f55a9e46e5ff948b2ed4290 Author: Christian König Date: Thu Aug 16 12:01:03 2018 +0200 drm/amdgpu: fix VM clearing for the root PD We need to figure out the address after validating the BO, not before. Signed-off-by: Christian König Reviewed-by: Felix Kuehling Reviewed-by: Junwei Zhang Reviewed-by: Huang Rui Signed-off-by: Alex Deucher commit b372115311942202346d93849991f07382783ef1 Merge: 5bed49adfe89 0027ff2a75f9 Author: Linus Torvalds Date: Wed Aug 22 13:52:44 2018 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull second set of KVM updates from Paolo Bonzini: "ARM: - Support for Group0 interrupts in guests - Cache management optimizations for ARMv8.4 systems - Userspace interface for RAS - Fault path optimization - Emulated physical timer fixes - Random cleanups x86: - fixes for L1TF - a new test case - non-support for SGX (inject the right exception in the guest) - fix lockdep false positive" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (49 commits) KVM: VMX: fixes for vmentry_l1d_flush module parameter kvm: selftest: add dirty logging test kvm: selftest: pass in extra memory when create vm kvm: selftest: include the tools headers kvm: selftest: unify the guest port macros tools: introduce test_and_clear_bit KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled KVM: vmx: Inject #UD for SGX ENCLS instruction in guest KVM: vmx: Add defines for SGX ENCLS exiting x86/kvm/vmx: Fix coding style in vmx_setup_l1d_flush() x86: kvm: avoid unused variable warning KVM: Documentation: rename the capability of KVM_CAP_ARM_SET_SERROR_ESR KVM: arm/arm64: Skip updating PTE entry if no change KVM: arm/arm64: Skip updating PMD entry if no change KVM: arm: Use true and false for boolean values KVM: arm/arm64: vgic: Do not use spin_lock_irqsave/restore with irq disabled KVM: arm/arm64: vgic: Move DEBUG_SPINLOCK_BUG_ON to vgic.h KVM: arm: vgic-v3: Add support for ICC_SGI0R and ICC_ASGI1R accesses KVM: arm64: vgic-v3: Add support for ICC_SGI0R_EL1 and ICC_ASGI1R_EL1 accesses KVM: arm/arm64: vgic-v3: Add core support for Group0 SGIs ... commit 5bed49adfe899667887db0739830190309c9011b Merge: fe6f0ed0dac7 1e7da865b8c0 Author: Linus Torvalds Date: Wed Aug 22 13:38:05 2018 -0700 Merge tag 'for-4.19/post-20180822' of git://git.kernel.dk/linux-block Pull more block updates from Jens Axboe: - Set of bcache fixes and changes (Coly) - The flush warn fix (me) - Small series of BFQ fixes (Paolo) - wbt hang fix (Ming) - blktrace fix (Steven) - blk-mq hardware queue count update fix (Jianchao) - Various little fixes * tag 'for-4.19/post-20180822' of git://git.kernel.dk/linux-block: (31 commits) block/DAC960.c: make some arrays static const, shrinks object size blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter blk-mq: init hctx sched after update ctx and hctx mapping block: remove duplicate initialization tracing/blktrace: Fix to allow setting same value pktcdvd: fix setting of 'ret' error return for a few cases block: change return type to bool block, bfq: return nbytes and not zero from struct cftype .write() method block, bfq: improve code of bfq_bfqq_charge_time block, bfq: reduce write overcharge block, bfq: always update the budget of an entity when needed block, bfq: readd missing reset of parent-entity service blk-wbt: fix IO hang in wbt_wait() block: don't warn for flush on read-only device bcache: add the missing comments for smp_mb()/smp_wmb() bcache: remove unnecessary space before ioctl function pointer arguments bcache: add missing SPDX header bcache: move open brace at end of function definitions to next line bcache: add static const prefix to char * array declarations bcache: fix code comments style ... commit fe6f0ed0dac7df01014ef17fdad45e3eaf21b949 Merge: 6faf05c2b2b4 6aa58d8ad20a Author: Linus Torvalds Date: Wed Aug 22 13:29:39 2018 -0700 Merge tag 'f2fs-for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs Pull f2fs updates from Jaegeuk Kim: "In this round, we've tuned f2fs to improve general performance by serializing block allocation and enhancing discard flows like fstrim which avoids user IO contention. And we've added fsync_mode=nobarrier which gives an option to user where it skips issuing cache_flush commands to underlying flash storage. And there are many bug fixes related to fuzzed images, revoked atomic writes, quota ops, and minor direct IO. Enhancements: - add fsync_mode=nobarrier which bypasses cache_flush command - enhance the discarding flow which avoids user IOs and issues in LBA order - readahead some encrypted blocks during GC - enable in-memory inode checksum to verify the blocks if F2FS_CHECK_FS is set - enhance nat_bits behavior - set -o discard by default - set REQ_RAHEAD to bio in ->readpages Bug fixes: - fix a corner case to corrupt atomic_writes revoking flow - revisit i_gc_rwsem to fix race conditions - fix some dio behaviors captured by xfstests - correct handling errors given by quota-related failures - add many sanity check flows to avoid fuzz test failures - add more error number propagation to their callers - fix several corner cases to continue fault injection w/ shutdown loop" * tag 'f2fs-for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: (89 commits) f2fs: readahead encrypted block during GC f2fs: avoid fi->i_gc_rwsem[WRITE] lock in f2fs_gc f2fs: fix performance issue observed with multi-thread sequential read f2fs: fix to skip verifying block address for non-regular inode f2fs: rework fault injection handling to avoid a warning f2fs: support fault_type mount option f2fs: fix to return success when trimming meta area f2fs: fix use-after-free of dicard command entry f2fs: support discard submission error injection f2fs: split discard command in prior to block layer f2fs: wake up gc thread immediately when gc_urgent is set f2fs: fix incorrect range->len in f2fs_trim_fs() f2fs: refresh recent accessed nat entry in lru list f2fs: fix avoid race between truncate and background GC f2fs: avoid race between zero_range and background GC f2fs: fix to do sanity check with block address in main area v2 f2fs: fix to do sanity check with inline flags f2fs: fix to reset i_gc_failures correctly f2fs: fix invalid memory access f2fs: fix to avoid broken of dnode block list ... commit 6faf05c2b2b4fe70d9068067437649401531de0a Author: Miklos Szeredi Date: Wed Aug 22 10:55:22 2018 +0200 ovl: set I_CREATING on inode being created ...otherwise there will be list corruption due to inode_sb_list_add() being called for inode already on the sb list. Signed-off-by: Miklos Szeredi Fixes: e950564b97fd ("vfs: don't evict uninitialized inode") Signed-off-by: Linus Torvalds commit 9b2e0388bec8ec5427403e23faff3b58dd1c3200 Author: John Fastabend Date: Wed Aug 22 08:37:37 2018 -0700 bpf: sockmap: write_space events need to be passed to TCP handler When sockmap code is using the stream parser it also handles the write space events in order to handle the case where (a) verdict redirects skb to another socket and (b) the sockmap then sends the skb but due to memory constraints (or other EAGAIN errors) needs to do a retry. But the initial code missed a third case where the skb_send_sock_locked() triggers an sk_wait_event(). A typically case would be when sndbuf size is exceeded. If this happens because we do not pass the write_space event to the lower layers we never wake up the event and it will wait for sndtimeo. Which as noted in ktls fix may be rather large and look like a hang to the user. To reproduce the best test is to reduce the sndbuf size and send 1B data chunks to stress the memory handling. To fix this pass the event from the upper layer to the lower layer. Signed-off-by: John Fastabend Signed-off-by: Daniel Borkmann commit 67db7cd249e71f64346f481b629724376d063e08 Author: John Fastabend Date: Wed Aug 22 08:37:32 2018 -0700 tls: possible hang when do_tcp_sendpages hits sndbuf is full case Currently, the lower protocols sk_write_space handler is not called if TLS is sending a scatterlist via tls_push_sg. However, normally tls_push_sg calls do_tcp_sendpage, which may be under memory pressure, that in turn may trigger a wait via sk_wait_event. Typically, this happens when the in-flight bytes exceed the sdnbuf size. In the normal case when enough ACKs are received sk_write_space() will be called and the sk_wait_event will be woken up allowing it to send more data and/or return to the user. But, in the TLS case because the sk_write_space() handler does not wake up the events the above send will wait until the sndtimeo is exceeded. By default this is MAX_SCHEDULE_TIMEOUT so it look like a hang to the user (especially this impatient user). To fix this pass the sk_write_space event to the lower layers sk_write_space event which in the TCP case will wake any pending events. I observed the above while integrating sockmap and ktls. It initially appeared as test_sockmap (modified to use ktls) occasionally hanging. To reliably reproduce this reduce the sndbuf size and stress the tls layer by sending many 1B sends. This results in every byte needing a header and each byte individually being sent to the crypto layer. Signed-off-by: John Fastabend Acked-by: Dave Watson Signed-off-by: Daniel Borkmann commit cd9b44f90763c3367e8dd0601849ffb028e8ba52 Merge: df2def49c57b 2a9d64810042 Author: Linus Torvalds Date: Wed Aug 22 12:34:08 2018 -0700 Merge branch 'akpm' (patches from Andrew) Merge more updates from Andrew Morton: - the rest of MM - procfs updates - various misc things - more y2038 fixes - get_maintainer updates - lib/ updates - checkpatch updates - various epoll updates - autofs updates - hfsplus - some reiserfs work - fatfs updates - signal.c cleanups - ipc/ updates * emailed patches from Andrew Morton : (166 commits) ipc/util.c: update return value of ipc_getref from int to bool ipc/util.c: further variable name cleanups ipc: simplify ipc initialization ipc: get rid of ids->tables_initialized hack lib/rhashtable: guarantee initial hashtable allocation lib/rhashtable: simplify bucket_table_alloc() ipc: drop ipc_lock() ipc/util.c: correct comment in ipc_obtain_object_check ipc: rename ipcctl_pre_down_nolock() ipc/util.c: use ipc_rcu_putref() for failues in ipc_addid() ipc: reorganize initialization of kern_ipc_perm.seq ipc: compute kern_ipc_perm.id under the ipc lock init/Kconfig: remove EXPERT from CHECKPOINT_RESTORE fs/sysv/inode.c: use ktime_get_real_seconds() for superblock stamp adfs: use timespec64 for time conversion kernel/sysctl.c: fix typos in comments drivers/rapidio/devices/rio_mport_cdev.c: remove redundant pointer md fork: don't copy inconsistent signal handler state to child signal: make get_signal() return bool signal: make sigkill_pending() return bool ... commit eb29429d81e31b191f3b2bd19cf820279cec6463 Author: Daniel Borkmann Date: Wed Aug 22 18:09:17 2018 +0200 bpf, sockmap: fix sock hash count in alloc_sock_hash_elem When we try to allocate a new sock hash entry and the allocation fails, then sock hash map fails to reduce the map element counter, meaning we keep accounting this element although it was never used. Fix it by dropping the element counter on error. Fixes: 81110384441a ("bpf: sockmap, add hash map support") Signed-off-by: Daniel Borkmann Acked-by: John Fastabend commit b845c898b2f1ea458d5453f0fa1da6e2dfce3bb4 Author: Daniel Borkmann Date: Tue Aug 21 15:55:00 2018 +0200 bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys Currently, it is possible to create a sock hash map with key size of 0 and have the kernel return a fd back to user space. This is invalid for hash maps (and kernel also hasn't been tested for zero key size support in general at this point). Thus, reject such configuration. Fixes: 81110384441a ("bpf: sockmap, add hash map support") Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Acked-by: Song Liu commit 2a9d6481004215da8e93edb588cf448f2af80303 Author: Manfred Spraul Date: Tue Aug 21 22:02:04 2018 -0700 ipc/util.c: update return value of ipc_getref from int to bool ipc_getref has still a return value of type "int", matching the atomic_t interface of atomic_inc_not_zero()/atomic_add_unless(). ipc_getref now uses refcount_inc_not_zero, which has a return value of type "bool". Therefore, update the return code to avoid implicit conversions. Link: http://lkml.kernel.org/r/20180712185241.4017-13-manfred@colorfullife.com Signed-off-by: Manfred Spraul Cc: Davidlohr Bueso Cc: Davidlohr Bueso Cc: Dmitry Vyukov Cc: Herbert Xu Cc: Kees Cook Cc: Michael Kerrisk Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 27c331a174614208d0b539019583990967ad9479 Author: Manfred Spraul Date: Tue Aug 21 22:02:00 2018 -0700 ipc/util.c: further variable name cleanups The varable names got a mess, thus standardize them again: id: user space id. Called semid, shmid, msgid if the type is known. Most functions use "id" already. idx: "index" for the idr lookup Right now, some functions use lid, ipc_addid() already uses idx as the variable name. seq: sequence number, to avoid quick collisions of the user space id key: user space key, used for the rhash tree Link: http://lkml.kernel.org/r/20180712185241.4017-12-manfred@colorfullife.com Signed-off-by: Manfred Spraul Cc: Dmitry Vyukov Cc: Davidlohr Bueso Cc: Davidlohr Bueso Cc: Herbert Xu Cc: Kees Cook Cc: Michael Kerrisk Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit eae04d25a713304c978d7c45dcab01b0e0811c74 Author: Davidlohr Bueso Date: Tue Aug 21 22:01:56 2018 -0700 ipc: simplify ipc initialization Now that we know that rhashtable_init() will not fail, we can get rid of a lot of the unnecessary cleanup paths when the call errored out. [manfred@colorfullife.com: variable name added to util.h to resolve checkpatch warning] Link: http://lkml.kernel.org/r/20180712185241.4017-11-manfred@colorfullife.com Signed-off-by: Davidlohr Bueso Signed-off-by: Manfred Spraul Cc: Dmitry Vyukov Cc: Herbert Xu Cc: Kees Cook Cc: Michael Kerrisk Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit dc2c8c84def6ce450c63529e08c1db100020994e Author: Davidlohr Bueso Date: Tue Aug 21 22:01:52 2018 -0700 ipc: get rid of ids->tables_initialized hack In sysvipc we have an ids->tables_initialized regarding the rhashtable, introduced in 0cfb6aee70bd ("ipc: optimize semget/shmget/msgget for lots of keys") It's there, specifically, to prevent nil pointer dereferences, from using an uninitialized api. Considering how rhashtable_init() can fail (probably due to ENOMEM, if anything), this made the overall ipc initialization capable of failure as well. That alone is ugly, but fine, however I've spotted a few issues regarding the semantics of tables_initialized (however unlikely they may be): - There is inconsistency in what we return to userspace: ipc_addid() returns ENOSPC which is certainly _wrong_, while ipc_obtain_object_idr() returns EINVAL. - After we started using rhashtables, ipc_findkey() can return nil upon !tables_initialized, but the caller expects nil for when the ipc structure isn't found, and can therefore call into ipcget() callbacks. Now that rhashtable initialization cannot fail, we can properly get rid of the hack altogether. [manfred@colorfullife.com: commit id extended to 12 digits] Link: http://lkml.kernel.org/r/20180712185241.4017-10-manfred@colorfullife.com Signed-off-by: Davidlohr Bueso Signed-off-by: Manfred Spraul Cc: Dmitry Vyukov Cc: Herbert Xu Cc: Kees Cook Cc: Michael Kerrisk Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 2d22ecf6db1c390974476758681ba4229018e774 Author: Davidlohr Bueso Date: Tue Aug 21 22:01:48 2018 -0700 lib/rhashtable: guarantee initial hashtable allocation rhashtable_init() may fail due to -ENOMEM, thus making the entire api unusable. This patch removes this scenario, however unlikely. In order to guarantee memory allocation, this patch always ends up doing GFP_KERNEL|__GFP_NOFAIL for both the tbl as well as alloc_bucket_spinlocks(). Upon the first table allocation failure, we shrink the size to the smallest value that makes sense and retry with __GFP_NOFAIL semantics. With the defaults, this means that from 64 buckets, we retry with only 4. Any later issues regarding performance due to collisions or larger table resizing (when more memory becomes available) is the least of our problems. Link: http://lkml.kernel.org/r/20180712185241.4017-9-manfred@colorfullife.com Signed-off-by: Davidlohr Bueso Signed-off-by: Manfred Spraul Acked-by: Herbert Xu Cc: Dmitry Vyukov Cc: Kees Cook Cc: Michael Kerrisk Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 93f976b5190df32793908d49165f78e67fcb66cf Author: Davidlohr Bueso Date: Tue Aug 21 22:01:45 2018 -0700 lib/rhashtable: simplify bucket_table_alloc() As of ce91f6ee5b3b ("mm: kvmalloc does not fallback to vmalloc for incompatible gfp flags") we can simplify the caller and trust kvzalloc() to just do the right thing. For the case of the GFP_ATOMIC context, we can drop the __GFP_NORETRY flag for obvious reasons, and for the __GFP_NOWARN case, however, it is changed such that the caller passes the flag instead of making bucket_table_alloc() handle it. This slightly changes the gfp flags passed on to nested_table_alloc() as it will now also use GFP_ATOMIC | __GFP_NOWARN. However, I consider this a positive consequence as for the same reasons we want nowarn semantics in bucket_table_alloc(). [manfred@colorfullife.com: commit id extended to 12 digits, line wraps updated] Link: http://lkml.kernel.org/r/20180712185241.4017-8-manfred@colorfullife.com Signed-off-by: Davidlohr Bueso Signed-off-by: Manfred Spraul Acked-by: Michal Hocko Cc: Dmitry Vyukov Cc: Herbert Xu Cc: Kees Cook Cc: Michael Kerrisk Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 82061c57ce93caa50fd01c11f8eb30ddc4c4bd75 Author: Davidlohr Bueso Date: Tue Aug 21 22:01:41 2018 -0700 ipc: drop ipc_lock() ipc/util.c contains multiple functions to get the ipc object pointer given an id number. There are two sets of function: One set verifies the sequence counter part of the id number, other functions do not check the sequence counter. The standard for function names in ipc/util.c is - ..._check() functions verify the sequence counter - ..._idr() functions do not verify the sequence counter ipc_lock() is an exception: It does not verify the sequence counter value, but this is not obvious from the function name. Furthermore, shm.c is the only user of this helper. Thus, we can simply move the logic into shm_lock() and get rid of the function altogether. [manfred@colorfullife.com: most of changelog] Link: http://lkml.kernel.org/r/20180712185241.4017-7-manfred@colorfullife.com Signed-off-by: Davidlohr Bueso Signed-off-by: Manfred Spraul Cc: Dmitry Vyukov Cc: Herbert Xu Cc: Kees Cook Cc: Michael Kerrisk Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 2e5ceb452c9b7f0a30c87bd61c01260e3d8464ad Author: Manfred Spraul Date: Tue Aug 21 22:01:37 2018 -0700 ipc/util.c: correct comment in ipc_obtain_object_check The comment that explains ipc_obtain_object_check is wrong: The function checks the sequence number, not the reference counter. Note that checking the reference counter would be meaningless: The reference counter is decreased without holding any locks, thus an object with kern_ipc_perm.deleted=true may disappear at the end of the next rcu grace period. Link: http://lkml.kernel.org/r/20180712185241.4017-6-manfred@colorfullife.com Signed-off-by: Manfred Spraul Reviewed-by: Davidlohr Bueso Cc: Davidlohr Bueso Cc: Dmitry Vyukov Cc: Herbert Xu Cc: Kees Cook Cc: Michael Kerrisk Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 4241c1a304078569f544d51eeaf8bc270b6e377a Author: Manfred Spraul Date: Tue Aug 21 22:01:34 2018 -0700 ipc: rename ipcctl_pre_down_nolock() Both the comment and the name of ipcctl_pre_down_nolock() are misleading: The function must be called while holdling the rw semaphore. Therefore the patch renames the function to ipcctl_obtain_check(): This name matches the other names used in util.c: - "obtain" function look up a pointer in the idr, without acquiring the object lock. - The caller is responsible for locking. - _check means that the sequence number is checked. Link: http://lkml.kernel.org/r/20180712185241.4017-5-manfred@colorfullife.com Signed-off-by: Manfred Spraul Reviewed-by: Davidlohr Bueso Cc: Davidlohr Bueso Cc: Dmitry Vyukov Cc: Herbert Xu Cc: Kees Cook Cc: Michael Kerrisk Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 39cfffd774a2e8818250360a3e028b5eac9d5392 Author: Manfred Spraul Date: Tue Aug 21 22:01:29 2018 -0700 ipc/util.c: use ipc_rcu_putref() for failues in ipc_addid() ipc_addid() is impossible to use: - for certain failures, the caller must not use ipc_rcu_putref(), because the reference counter is not yet initialized. - for other failures, the caller must use ipc_rcu_putref(), because parallel operations could be ongoing already. The patch cleans that up, by initializing the refcount early, and by modifying all callers. The issues is related to the finding of syzbot+2827ef6b3385deb07eaf@syzkaller.appspotmail.com: syzbot found an issue with reading kern_ipc_perm.seq, here both read and write to already released memory could happen. Link: http://lkml.kernel.org/r/20180712185241.4017-4-manfred@colorfullife.com Signed-off-by: Manfred Spraul Cc: Dmitry Vyukov Cc: Kees Cook Cc: Davidlohr Bueso Cc: Davidlohr Bueso Cc: Herbert Xu Cc: Michael Kerrisk Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit e2652ae6bd7492cdc0436817cbcd09282eb0bb03 Author: Manfred Spraul Date: Tue Aug 21 22:01:25 2018 -0700 ipc: reorganize initialization of kern_ipc_perm.seq ipc_addid() initializes kern_ipc_perm.seq after having called idr_alloc() (within ipc_idr_alloc()). Thus a parallel semop() or msgrcv() that uses ipc_obtain_object_check() may see an uninitialized value. The patch moves the initialization of kern_ipc_perm.seq before the calls of idr_alloc(). Notes: 1) This patch has a user space visible side effect: If /proc/sys/kernel/*_next_id is used (i.e.: checkpoint/restore) and if semget()/msgget()/shmget() fails in the final step of adding the id to the rhash tree, then .._next_id is cleared. Before the patch, is remained unmodified. There is no change of the behavior after a successful ..get() call: It always clears .._next_id, there is no impact to non checkpoint/restore code as that code does not use .._next_id. 2) The patch correctly documents that after a call to ipc_idr_alloc(), the full tear-down sequence must be used. The callers of ipc_addid() do not fullfill that, i.e. more bugfixes are required. The patch is a squash of a patch from Dmitry and my own changes. Link: http://lkml.kernel.org/r/20180712185241.4017-3-manfred@colorfullife.com Reported-by: syzbot+2827ef6b3385deb07eaf@syzkaller.appspotmail.com Signed-off-by: Manfred Spraul Cc: Dmitry Vyukov Cc: Kees Cook Cc: Davidlohr Bueso Cc: Michael Kerrisk Cc: Davidlohr Bueso Cc: Herbert Xu Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 615c999cd8a07b7c3c93bbdee89ef705d2ce52e1 Author: Manfred Spraul Date: Tue Aug 21 22:01:21 2018 -0700 ipc: compute kern_ipc_perm.id under the ipc lock ipc_addid() initializes kern_ipc_perm.id after having called ipc_idr_alloc(). Thus a parallel semctl() or msgctl() that uses e.g. MSG_STAT may use this unitialized value as the return code. The patch moves all accesses to kern_ipc_perm.id under the spin_lock(). The issues is related to the finding of syzbot+2827ef6b3385deb07eaf@syzkaller.appspotmail.com: syzbot found an issue with kern_ipc_perm.seq Link: http://lkml.kernel.org/r/20180712185241.4017-2-manfred@colorfullife.com Signed-off-by: Manfred Spraul Reviewed-by: Davidlohr Bueso Cc: Dmitry Vyukov Cc: Kees Cook Cc: Davidlohr Bueso Cc: Herbert Xu Cc: Michael Kerrisk Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 5cb366bb3a746f6b06ea086b322e21e345401c9d Author: Adrian Reber Date: Tue Aug 21 22:01:17 2018 -0700 init/Kconfig: remove EXPERT from CHECKPOINT_RESTORE The CHECKPOINT_RESTORE configuration option was introduced in 2012 and combined with EXPERT. CHECKPOINT_RESTORE is already enabled in many distribution kernels and also part of the defconfigs of various architectures. To make it easier for distributions to enable CHECKPOINT_RESTORE this removes EXPERT and moves the configuration option out of the EXPERT block. Link: http://lkml.kernel.org/r/20180712130733.11510-1-adrian@lisas.de Signed-off-by: Adrian Reber Acked-by: Oleg Nesterov Reviewed-by: Hendrik Brueckner Acked-by: Pavel Emelyanov Cc: Eric W. Biederman Cc: Andrei Vagin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3e811f053aec66e8a6d2a0ee3d031e7c988e3d15 Author: Arnd Bergmann Date: Tue Aug 21 22:01:13 2018 -0700 fs/sysv/inode.c: use ktime_get_real_seconds() for superblock stamp get_seconds() is deprecated in favor of ktime_get_real_seconds(), which returns a 64-bit timestamp. In the SYSV file system, the superblock timestamp is only 32 bits wide, and it is used to check whether a file system is clean, so the best solution seems to be to force a wraparound and explicitly convert it to an unsigned 32-bit value. This is independent of the inode timestamps that are also 32-bit wide on disk and that come from current_time(). Link: http://lkml.kernel.org/r/20180713145236.3152513-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Acked-by: Thomas Gleixner Reviewed-by: Andrew Morton Cc: Alexander Viro Cc: Christoph Hellwig Cc: David Howells Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d9edcbc42c77b719e03dedb2aff719ae19659a0f Author: Arnd Bergmann Date: Tue Aug 21 22:01:09 2018 -0700 adfs: use timespec64 for time conversion We just truncate the seconds to 32-bit in one place now, so this can trivially be converted over to using timespec64 consistently. Link: http://lkml.kernel.org/r/20180620100133.4035614-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 5f733e8a2dd130eaeed24cbaef49d349206cdb8b Author: Randy Dunlap Date: Tue Aug 21 22:01:06 2018 -0700 kernel/sysctl.c: fix typos in comments Fix a few typos/spellos in kernel/sysctl.c. Link: http://lkml.kernel.org/r/bb09a8b9-f984-6dd4-b07b-3ecaf200862e@infradead.org Signed-off-by: Randy Dunlap Acked-by: Kees Cook Cc: "Luis R. Rodriguez" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 0ba7f398f39ebc33a695058a8d12c4d795430ffa Author: Colin Ian King Date: Tue Aug 21 22:01:01 2018 -0700 drivers/rapidio/devices/rio_mport_cdev.c: remove redundant pointer md Pointer md is being assigned but is never used hence it is redundant and can be removed. Cleans up clang warning: warning: variable 'md' set but not used [-Wunused-but-set-variable] Link: http://lkml.kernel.org/r/20180711082346.5223-1-colin.king@canonical.com Signed-off-by: Colin Ian King Acked-by: Alexandre Bounine Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 06e62a46bbba20aa5286102016a04214bb446141 Author: Jann Horn Date: Tue Aug 21 22:00:58 2018 -0700 fork: don't copy inconsistent signal handler state to child Before this change, if a multithreaded process forks while one of its threads is changing a signal handler using sigaction(), the memcpy() in copy_sighand() can race with the struct assignment in do_sigaction(). It isn't clear whether this can cause corruption of the userspace signal handler pointer, but it definitely can cause inconsistency between different fields of struct sigaction. Take the appropriate spinlock to avoid this. I have tested that this patch prevents inconsistency between sa_sigaction and sa_flags, which is possible before this patch. Link: http://lkml.kernel.org/r/20180702145108.73189-1-jannh@google.com Signed-off-by: Jann Horn Acked-by: Michal Hocko Reviewed-by: Andrew Morton Cc: Rik van Riel Cc: "Peter Zijlstra (Intel)" Cc: Kees Cook Cc: Oleg Nesterov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 20ab7218d2507b2dbec9c053c2f1b96054e266b6 Author: Christian Brauner Date: Tue Aug 21 22:00:54 2018 -0700 signal: make get_signal() return bool make get_signal() already behaves like a boolean function. Let's actually declare it as such too. Link: http://lkml.kernel.org/r/20180602103653.18181-18-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f99e9d8c5c7f5539e6d97fd04a4ad213e52daac0 Author: Christian Brauner Date: Tue Aug 21 22:00:50 2018 -0700 signal: make sigkill_pending() return bool sigkill_pending() already behaves like a boolean function. Let's actually declare it as such too. Link: http://lkml.kernel.org/r/20180602103653.18181-17-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a19e2c01f71bb4b8442db450200a01a28db36a04 Author: Christian Brauner Date: Tue Aug 21 22:00:46 2018 -0700 signal: make legacy_queue() return bool legacy_queue() already behaves like a boolean function. Let's actually declare it as such too. Link: http://lkml.kernel.org/r/20180602103653.18181-16-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit acd14e62f075f44cd04e1ac2920a515f9b80146e Author: Christian Brauner Date: Tue Aug 21 22:00:42 2018 -0700 signal: make wants_signal() return bool wants_signal() already behaves like a boolean function. Let's actually declare it as such too. Link: http://lkml.kernel.org/r/20180602103653.18181-15-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8f11351eee9524c179361fcbf1538c993f2390e4 Author: Christian Brauner Date: Tue Aug 21 22:00:38 2018 -0700 signal: make flush_sigqueue_mask() void The return value of flush_sigqueue_mask() is never checked anywhere. Link: http://lkml.kernel.org/r/20180602103653.18181-14-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 67a48a24478841525ba73ec6d64caaf079cf3b7c Author: Christian Brauner Date: Tue Aug 21 22:00:34 2018 -0700 signal: make unhandled_signal() return bool unhandled_signal() already behaves like a boolean function. Let's actually declare it as such too. All callers treat it as such too. Link: http://lkml.kernel.org/r/20180602103653.18181-13-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 09ae854edb2d275d98a874c21c24c58cee4df14e Author: Christian Brauner Date: Tue Aug 21 22:00:30 2018 -0700 signal: make recalc_sigpending_tsk() return bool recalc_sigpending_tsk() already behaves like a boolean function. Let's actually declare it as such too. Link: http://lkml.kernel.org/r/20180602103653.18181-12-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 938696a82974c33b93be9657b72521bc84f5c587 Author: Christian Brauner Date: Tue Aug 21 22:00:27 2018 -0700 signal: make has_pending_signals() return bool has_pending_signals() already behaves like a boolean function. Let's actually declare it as such too. Link: http://lkml.kernel.org/r/20180602103653.18181-11-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6a0cdcd78892d4508e77cbec913eaf099ab4a8e9 Author: Christian Brauner Date: Tue Aug 21 22:00:23 2018 -0700 signal: make sig_ignored() return bool sig_ignored() already behaves like a boolean function. Let's actually declare it as such too. Link: http://lkml.kernel.org/r/20180602103653.18181-10-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 41aaa481197dc566f691d403e0247bb53a017770 Author: Christian Brauner Date: Tue Aug 21 22:00:19 2018 -0700 signal: make sig_task_ignored() return bool sig_task_ignored() already behaves like a boolean function. Let's actually declare it as such too. Link: http://lkml.kernel.org/r/20180602103653.18181-9-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit e4a8b4efbfdf8ce86b1d410cc96d2790a05f1fd5 Author: Christian Brauner Date: Tue Aug 21 22:00:15 2018 -0700 signal: make sig_handler_ignored() return bool sig_handler_ignored() already behaves like a boolean function. Let's actually declare it as such too. Link: http://lkml.kernel.org/r/20180602103653.18181-8-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 2a9b90940957d3c0f744011b02b4575323be5947 Author: Christian Brauner Date: Tue Aug 21 22:00:11 2018 -0700 signal: make kill_ok_by_cred() return bool kill_ok_by_cred() already behaves like a boolean function. Let's actually declare it as such too. Link: http://lkml.kernel.org/r/20180602103653.18181-7-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d8f993b3dba05ff354f9b9592afc44b1b3dbfd46 Author: Christian Brauner Date: Tue Aug 21 22:00:07 2018 -0700 signal: simplify rt_sigaction() The goto is not needed and does not add any clarity. Simply return -EINVAL on unexpected sigset_t struct size directly. Link: http://lkml.kernel.org/r/20180602103653.18181-6-christian@brauner.io Signed-off-by: Christian Brauner Acked-by: Oleg Nesterov Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b1d294c80393e7ba18b3c646fe9d8e6a206c7988 Author: Christian Brauner Date: Tue Aug 21 22:00:02 2018 -0700 signal: make do_sigpending() void do_sigpending() returned 0 unconditionally so it doesn't make sense to have it return at all. This allows us to simplify a bunch of syscall callers. Link: http://lkml.kernel.org/r/20180602103653.18181-5-christian@brauner.io Signed-off-by: Christian Brauner Acked-by: Al Viro Acked-by: Oleg Nesterov Reviewed-by: Andrew Morton Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6527de953354e550bf6d941fdcd1aaf832317e8d Author: Christian Brauner Date: Tue Aug 21 21:59:59 2018 -0700 signal: make may_ptrace_stop() return bool may_ptrace_stop() already behaves like a boolean function. Let's actually declare it as such too. Link: http://lkml.kernel.org/r/20180602103653.18181-4-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit bb17fcca078fc56ea7c7611cbe92687021cf6a31 Author: Christian Brauner Date: Tue Aug 21 21:59:55 2018 -0700 signal: make kill_as_cred_perm() return bool kill_as_cred_perm() already behaves like a boolean function. Let's actually declare it as such too. Link: http://lkml.kernel.org/r/20180602103653.18181-3-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Al Viro Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 52cba1a274818c3ee6299c1a1b476e7bc5037a2f Author: Christian Brauner Date: Tue Aug 21 21:59:51 2018 -0700 signal: make force_sigsegv() void Patch series "signal: refactor some functions", v3. This series refactors a bunch of functions in signal.c to simplify parts of the code. The greatest single change is declaring the static do_sigpending() helper as void which makes it possible to remove a bunch of unnecessary checks in the syscalls later on. This patch (of 17): force_sigsegv() returned 0 unconditionally so it doesn't make sense to have it return at all. In addition, there are no callers that check force_sigsegv()'s return value. Link: http://lkml.kernel.org/r/20180602103653.18181-2-christian@brauner.io Signed-off-by: Christian Brauner Reviewed-by: Andrew Morton Cc: Eric W. Biederman Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Morris Cc: Kees Cook Cc: Peter Zijlstra Cc: Stephen Smalley Cc: Al Viro Cc: Oleg Nesterov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f423420c23899469a3ba4e100def43ab26f2e0bf Author: Arnd Bergmann Date: Tue Aug 21 21:59:48 2018 -0700 fat: propagate 64-bit inode timestamps Now that we pass down 64-bit timestamps from VFS, we just need to convert that correctly into on-disk timestamps. To make that work correctly, this changes the last use of time_to_tm() in the kernel to time64_to_tm(), which also lets use remove that deprecated interfaces. Similarly, the time_t use in fat_time_fat2unix() truncates the timestamp on the way in, which can be avoided by using types that are wide enough to hold the intermediate values during the conversion. [hirofumi@mail.parknet.co.jp: remove useless temporary variable, needless long long] Link: http://lkml.kernel.org/r/20180619153646.3637529-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Acked-by: OGAWA Hirofumi Cc: Jeff Layton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 0afa9626667c3659ef8bd82d42a11e39fedf235c Author: OGAWA Hirofumi Date: Tue Aug 21 21:59:44 2018 -0700 fat: validate ->i_start before using On corrupted FATfs may have invalid ->i_start. To handle it, this checks ->i_start before using, and return proper error code. Link: http://lkml.kernel.org/r/87o9f8y1t5.fsf_-_@mail.parknet.co.jp Signed-off-by: OGAWA Hirofumi Reported-by: Anatoly Trosinenko Tested-by: Anatoly Trosinenko Cc: Alan Cox Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f663b5b38fffeb31841f8bfaf0ef87a445b0ffee Author: Wentao Wang Date: Tue Aug 21 21:59:41 2018 -0700 fat: add FITRIM ioctl for FAT file system Add FITRIM ioctl for FAT file system [witallwang@gmail.com: use u64s] Link: http://lkml.kernel.org/r/87h8l37hub.fsf@mail.parknet.co.jp [hirofumi@mail.parknet.co.jp: bug fixes, coding style fixes, add signal check] Link: http://lkml.kernel.org/r/87fu10anhj.fsf@mail.parknet.co.jp Signed-off-by: Wentao Wang Signed-off-by: OGAWA Hirofumi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a13f085d111e90469faf2d9965eb39b11c114d7e Author: Jann Horn Date: Tue Aug 21 21:59:37 2018 -0700 reiserfs: fix broken xattr handling (heap corruption, bad retval) This fixes the following issues: - When a buffer size is supplied to reiserfs_listxattr() such that each individual name fits, but the concatenation of all names doesn't fit, reiserfs_listxattr() overflows the supplied buffer. This leads to a kernel heap overflow (verified using KASAN) followed by an out-of-bounds usercopy and is therefore a security bug. - When a buffer size is supplied to reiserfs_listxattr() such that a name doesn't fit, -ERANGE should be returned. But reiserfs instead just truncates the list of names; I have verified that if the only xattr on a file has a longer name than the supplied buffer length, listxattr() incorrectly returns zero. With my patch applied, -ERANGE is returned in both cases and the memory corruption doesn't happen anymore. Credit for making me clean this code up a bit goes to Al Viro, who pointed out that the ->actor calling convention is suboptimal and should be changed. Link: http://lkml.kernel.org/r/20180802151539.5373-1-jannh@google.com Fixes: 48b32a3553a5 ("reiserfs: use generic xattr handlers") Signed-off-by: Jann Horn Acked-by: Jeff Mahoney Cc: Eric Biggers Cc: Al Viro Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8b73ce6a4bae4fe12bcb2c361c0da4183c2e1b6f Author: Arnd Bergmann Date: Tue Aug 21 21:59:34 2018 -0700 reiserfs: change j_timestamp type to time64_t This uses the deprecated time_t type but is write-only, and could be removed, but as Jeff explains, having a timestamp can be usefule for post-mortem analysis in crash dumps. In order to remove one of the last instances of time_t, this changes the type to time64_t, same as j_trans_start_time. Link: http://lkml.kernel.org/r/20180622133315.221210-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Cc: Jan Kara Cc: Jeff Mahoney Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 5b1d149c895b3229d70c0d4c69e14bdbe5fe8226 Author: Arnd Bergmann Date: Tue Aug 21 21:59:30 2018 -0700 reiserfs: remove obsolete print_time function Before linux-2.4.6, print_time() was used to pretty-print an inode time when running reiserfs in user space, after that it has become obsolete and is still a bit incorrect: It behaves differently on 32-bit and 64-bit machines, and uses a static buffer to hold a string, which could lead to undefined behavior if we ever called this from multiple places simultaneously. Since we always want to treat the timestamps as 'unsigned' anyway, simply printing them as an integer is both simpler and safer while avoiding the deprecated time_t type. Link: http://lkml.kernel.org/r/20180620142522.27639-3-arnd@arndb.de Signed-off-by: Arnd Bergmann Reviewed-by: Jan Kara Cc: Al Viro Cc: Jeff Mahoney Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 34d082604a7c8856051ff441fef0e22d93afd848 Author: Arnd Bergmann Date: Tue Aug 21 21:59:26 2018 -0700 reiserfs: use monotonic time for j_trans_start_time Using CLOCK_REALTIME time_t timestamps breaks on 32-bit systems in 2038, and gives surprising results with a concurrent settimeofday(). This changes the reiserfs journal timestamps to use ktime_get_seconds() instead, which makes it use a 64-bit CLOCK_MONOTONIC stamp. In the procfs output, the monotonic timestamp needs to be converted back to CLOCK_REALTIME to keep the existing ABI. Link: http://lkml.kernel.org/r/20180620142522.27639-2-arnd@arndb.de Signed-off-by: Arnd Bergmann Reviewed-by: Jan Kara Cc: Al Viro Cc: Jeff Mahoney Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f168d9fd634a4612d308d7dbe0a4d2a9b366c045 Author: Ernesto A. Fernández Date: Tue Aug 21 21:59:23 2018 -0700 hfsplus: drop ACL support The HFS+ Access Control Lists have not worked at all for the past five years, and nobody seems to have noticed. Besides, POSIX draft ACLs are not compatible with MacOS. Drop the feature entirely. Link: http://lkml.kernel.org/r/20180714190608.wtnmmtjqeyladkut@eaf Signed-off-by: Ernesto A. Fernández Acked-by: Christoph Hellwig Cc: Viacheslav Dubeyko Cc: Jan Kara Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit afd6c9e1f5287ad236adcf56db8c42fef65561fa Author: Ernesto A. Fernández Date: Tue Aug 21 21:59:19 2018 -0700 hfsplus: fix decomposition of Hangul characters Files created under macOS cannot be opened under linux if their names contain Korean characters, and vice versa. The Korean alphabet is special because its normalization is done without a table. The module deals with it correctly when composing, but forgets about it for the decomposition. Fix this using the Hangul decomposition function provided in the Unicode Standard. The code fits a bit awkwardly because it requires a buffer, while all the other normalizations are returned as pointers to the decomposition table. This is actually also a bug because reordering may still be needed, but for now leave it as it is. The patch will cause trouble for Hangul filenames already created by the module in the past. This shouldn't really be concern because its main purpose was always sharing with macOS. If a user actually needs to access such a file the nodecompose mount option should be enough. Link: http://lkml.kernel.org/r/20180717220951.p6qqrgautc4pxvzu@eaf Signed-off-by: Ernesto A. Fernández Reported-by: Ting-Chang Hou Tested-by: Ting-Chang Hou Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 31651c607151f1034cfb57e5a78678bea54c362b Author: Ernesto A. Fernández Date: Tue Aug 21 21:59:16 2018 -0700 hfsplus: avoid deadlock on file truncation After an extent is removed from the extent tree, the corresponding bits are also cleared from the block allocation file. This is currently done without releasing the tree lock. The problem is that the allocation file has extents of its own; if it is fragmented enough, some of them may be in the extent tree as well, and hfsplus_get_block() will try to take the lock again. To avoid deadlock, only hold the extent tree lock during the actual tree operations. Link: http://lkml.kernel.org/r/20180709202549.auxwkb6memlegb4a@eaf Signed-off-by: Ernesto A. Fernández Reported-by: Anatoly Trosinenko Cc: Viacheslav Dubeyko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7464726cb5998846306ed0a7d6714afb2e37b25d Author: Tetsuo Handa Date: Tue Aug 21 21:59:12 2018 -0700 hfsplus: don't return 0 when fill_super() failed syzbot is reporting NULL pointer dereference at mount_fs() [1]. This is because hfsplus_fill_super() is by error returning 0 when hfsplus_fill_super() detected invalid filesystem image, and mount_bdev() is returning NULL because dget(s->s_root) == NULL if s->s_root == NULL, and mount_fs() is accessing root->d_sb because IS_ERR(root) == false if root == NULL. Fix this by returning -EINVAL when hfsplus_fill_super() detected invalid filesystem image. [1] https://syzkaller.appspot.com/bug?id=21acb6850cecbc960c927229e597158cf35f33d0 Link: http://lkml.kernel.org/r/d83ce31a-874c-dd5b-f790-41405983a5be@I-love.SAKURA.ne.jp Signed-off-by: Tetsuo Handa Reported-by: syzbot Reviewed-by: Ernesto A. Fernández Reviewed-by: Andrew Morton Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c8ed98cd88a2b39f504e1ce6af42423c71ebe5b7 Author: Souptick Joarder Date: Tue Aug 21 21:59:08 2018 -0700 fs/nilfs2/file.c: use new return type vm_fault_t Use new return type vm_fault_t for page_mkwrite handler. Link: http://lkml.kernel.org/r/1529555928-2411-1-git-send-email-konishi.ryusuke@lab.ntt.co.jp Signed-off-by: Souptick Joarder Signed-off-by: Ryusuke Konishi Reviewed-by: Matthew Wilcox Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 21a1a52dbdd5c9dc17c546bbdb95038f53515d2c Author: Arnd Bergmann Date: Tue Aug 21 21:59:05 2018 -0700 nilfs2: use 64-bit superblock timstamps The mount time field in the superblock uses a 64-bit timestamp, but calling get_seconds() may truncate the current time to 32 bits. This changes it to ktime_get_real_seconds() to avoid the potential overflow. Link: http://lkml.kernel.org/r/20180620075041.4154396-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Acked-by: Ryusuke Konishi Cc: David Howells Cc: Jeff Layton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit cbf6898fd69455092c43cd573b38d42c86ddb1e0 Author: Ian Kent Date: Tue Aug 21 21:59:01 2018 -0700 autofs: add AUTOFS_EXP_FORCED flag The userspace automount(8) daemon is meant to perform a forced expire when sent a SIGUSR2. But since the expiration is routed through the kernel and the kernel doesn't send an expire request if the mount is busy this hasn't worked at least since autofs version 5. Add an AUTOFS_EXP_FORCED flag to allow implemention of the feature and bump the protocol version so user space can check if it's implemented if needed. Link: http://lkml.kernel.org/r/152937734715.21213.6594007182776598970.stgit@pluto.themaw.net Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit e5c85e1fe19c03777cbacf4b5a5167b2f5ff90fb Author: Ian Kent Date: Tue Aug 21 21:58:58 2018 -0700 autofs: make expire flags usage consistent with v5 params Make the usage of the expire flags consistent by naming the expire flags the same as it is named in the version 5 miscelaneous ioctl parameters and only check the bit flags when needed. Link: http://lkml.kernel.org/r/152937734046.21213.9454131988766280028.stgit@pluto.themaw.net Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 571bc35c42f3455bc55393f22cb97f7407a5a6d1 Author: Ian Kent Date: Tue Aug 21 21:58:54 2018 -0700 autofs: make autofs_expire_indirect() static autofs_expire_indirect() isn't used outside of fs/autofs/expire.c so make it static. Link: http://lkml.kernel.org/r/152937733512.21213.10509996499623738446.stgit@pluto.themaw.net Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 5d30517d67e349164838ad039f0f2d09dde15f59 Author: Ian Kent Date: Tue Aug 21 21:58:51 2018 -0700 autofs: make autofs_expire_direct() static autofs_expire_direct() isn't used outside of fs/autofs/expire.c so make it static. Link: http://lkml.kernel.org/r/152937732944.21213.11821977712410930973.stgit@pluto.themaw.net Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d1055565bdc27fd4dc90a91988b938b949662025 Author: Ian Kent Date: Tue Aug 21 21:58:48 2018 -0700 autofs: fix clearing AUTOFS_EXP_LEAVES in autofs_expire_indirect() The expire flag AUTOFS_EXP_LEAVES is cleared before the second call to should_expire() in autofs_expire_indirect() but the parameter passed in the second call is incorrect. Fortunately AUTOFS_EXP_LEAVES expire flag has not been used for a long time but might be needed in the future so fix it rather than remove the expire leaves functionality. Link: http://lkml.kernel.org/r/152937732410.21213.7447294898147765076.stgit@pluto.themaw.net Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 2fd9944f0fd41f7bc2f590169a9a758e1186b345 Author: Ian Kent Date: Tue Aug 21 21:58:44 2018 -0700 autofs: fix inconsistent use of now variable The global variable "now" in fs/autofs/expire.c is used in an inconsistent way, sometimes using jiffies directly, and sometimes using the "now" variable, and setting it isn't done consistently either. But the autofs dentry info last_used field is only updated during path walks or during expire so jiffies can be used directly and the global variable "now" removed. Link: http://lkml.kernel.org/r/152937731702.21213.7371321165189170865.stgit@pluto.themaw.net Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d4d79b8195bfc6d5d8f82f9189c1bc828cc7e03a Author: Ian Kent Date: Tue Aug 21 21:58:41 2018 -0700 autofs: fix directory and symlink access Depending on how it is configured the autofs user space daemon can leave in use mounts mounted at exit and re-connect to them at start up. But for this to work best the state of the autofs file system needs to be left intact over the restart. Also, at system shutdown, mounts in an autofs file system might be umounted exposing a mount point trigger for which subsequent access can lead to a hang. So recent versions of automount(8) now does its best to set autofs file system mounts catatonic at shutdown. When autofs file system mounts are catatonic it's currently possible to create and remove directories and symlinks which can be a problem at restart, as described above. So return EACCES in the directory, symlink and unlink methods if the autofs file system is catatonic. Link: http://lkml.kernel.org/r/152902119090.4144.9561910674530214291.stgit@pluto.themaw.net Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3f5c15d8a7d86fb642fe07df58c2065190f3e531 Author: Paul Menzel Date: Tue Aug 21 21:58:37 2018 -0700 init/main.c: log init process file name Add a log message to `run_init_process()`. This log message serves two purposes. 1. If the init process is not specified on the Linux Kernel command line, the user sees, what file was chosen. 2. The time stamps shows exactly, when the Linux kernel handed over control to the init process. Link: http://lkml.kernel.org/r/b1fc97fa-4aa9-1904-ddb5-859e78995c41@molgen.mpg.de Signed-off-by: Paul Menzel Reviewed-by: Andrew Morton Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3903bf940b1faec568a1bff0603f8470bdfc21c1 Author: Randy Dunlap Date: Tue Aug 21 21:58:34 2018 -0700 init/Kconfig: fix its typos Correct typos of "it's" to "its. Link: http://lkml.kernel.org/r/0ac627b6-5527-55f4-0489-1631aa34fc11@infradead.org Signed-off-by: Randy Dunlap Cc: Ingo Molnar Cc: Thomas Gleixner Cc: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6ad018e3ca9efd80a724e32c02ae7552fd0829f2 Author: Luc Van Oostenryck Date: Tue Aug 21 21:58:30 2018 -0700 init/: remove ineffective sparse disabling Sparse checking used to be disabled on init/do_mounts.c and a few related files because "Many of the syscalls used in this file expect some of the arguments to be __user pointers not __kernel pointers". However since 28128c61e ("kconfig.h: Include compiler types to avoid missed struct attributes") the checks are, in fact, not disabled anymore because of the more early include of "linux/compiler_types.h" So remove the now ineffective #undefery that was done to disable these warnings, as well as the associated comment. Link: http://lkml.kernel.org/r/20180617115355.53799-1-luc.vanoostenryck@gmail.com Signed-off-by: Luc Van Oostenryck Cc: Dominik Brodowski Cc: Al Viro Cc: Kees Cook Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 992991c03ca033f779aae1afb5b0c27bcb7139c3 Author: Davidlohr Bueso Date: Tue Aug 21 21:58:26 2018 -0700 fs/eventpoll.c: simplify ep_is_linked() callers Instead of having each caller pass the rdllink explicitly, just have ep_is_linked() pass it while the callers just need the epi pointer. This helper is all about the rdllink, and this change, furthermore, improves the function's self documentation. Link: http://lkml.kernel.org/r/20180727053432.16679-3-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Reviewed-by: Andrew Morton Cc: Al Viro Cc: Jason Baron Cc: Peter Zijlstra Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 679abf381a18e945457b01921f667cee9e656a7f Author: Davidlohr Bueso Date: Tue Aug 21 21:58:23 2018 -0700 fs/eventpoll.c: loosen irq safety in ep_poll() Similar to other calls, ep_poll() is not called with interrupts disabled, and we can therefore avoid the irq save/restore dance and just disable local irqs. In fact, the call should never be called in irq context at all, considering that the only path is epoll_wait(2) -> do_epoll_wait() -> ep_poll(). When running on a 2 socket 40-core (ht) IvyBridge a common pipe based epoll_wait(2) microbenchmark, the following performance improvements are seen: # threads vanilla dirty 1 1805587 2106412 2 1854064 2090762 4 1805484 2017436 8 1751222 1974475 16 1725299 1962104 32 1378463 1571233 64 787368 900784 Which is a pretty constantly near 15%. Also add a lockdep check such that we detect any mischief before deadlocking. Link: http://lkml.kernel.org/r/20180727053432.16679-2-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Reviewed-by: Andrew Morton Cc: Al Viro Cc: Peter Zijlstra Cc: Jason Baron Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 514056d506e44084369f5ce1c8186e4253901a05 Author: Davidlohr Bueso Date: Tue Aug 21 21:58:19 2018 -0700 fs/eventpoll.c: simply CONFIG_NET_RX_BUSY_POLL ifdefery ... 'tis easier on the eye. [akpm@linux-foundation.org: use inlines rather than macros] Link: http://lkml.kernel.org/r/20180725185620.11020-1-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Cc: Jason Baron Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 133712a2ec8493596565e9de3d25659d6e66a47e Author: Rob Herring Date: Tue Aug 21 21:58:16 2018 -0700 checkpatch: DT bindings should be a separate patch Devicetree bindings should be their own patch as documented in Documentation/devicetree/bindings/submitting-patches.txt section I.1. This is because bindings are logically independent from a driver implementation, they have a different maintainer (even though they often are applied via the same tree), and it makes for a cleaner history in the DT only tree created with git-filter-branch. [robh@kernel.org: add doc pointer to warning, simplify logic] Link: http://lkml.kernel.org/r/20180810170513.26284-1-robh@kernel.org [robh@kernel.org: v3] Link: http://lkml.kernel.org/r/20180810225049.20452-1-robh@kernel.org Link: http://lkml.kernel.org/r/20180809205032.22205-1-robh@kernel.org Signed-off-by: Rob Herring Acked-by: Joe Perches Cc: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 809e082e973da2c7b751dab9348853cb8cc3f25c Author: Joe Perches Date: Tue Aug 21 21:58:12 2018 -0700 checkpatch: warn on unnecessary int declarations On Sun, 2018-08-05 at 08:52 -0700, Linus Torvalds wrote: > "long unsigned int" isn't _technically_ wrong. But we normally > call that type "unsigned long". So add a checkpatch test for it. Link: http://lkml.kernel.org/r/7bbd97dc0a1e5896a0251fada7bb68bb33643f77.camel@perches.com Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6ad724e2a48fc24dd9788490d85a3490cb0117c1 Author: Michal Zylowski Date: Tue Aug 21 21:58:08 2018 -0700 checkpatch: check for space after "else" keyword Current checkpatch implementation permits notation like } else{ in kernel code. It looks like oversight and inconsistency in checkpatch rules (e.g. instruction like 'do' is tested). Add regex for checking space after 'else' keyword and trigger error if space is not present. Link: http://lkml.kernel.org/r/1533545753-8870-1-git-send-email-michal.zylowski@intel.com Signed-off-by: Michal Zylowski Acked-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 56294112791ac11c6fcdc6544f1381f9272202db Author: Joe Perches Date: Tue Aug 21 21:58:04 2018 -0700 checkpatch: fix SPDX license check with --root= checkpatch uses the in-kernel script spdxcheck.py to validate the specific license in a file or script. This check can currently fail for a couple reasons: o spdxcheck.py assumes the existence of git tree that may not exist for a bare source tree from something like a tarball o the spdxcheck.py must be run from the top level root directory So add a git existence test and set the subprocess subdirectory. Link: http://lkml.kernel.org/r/2b32864324ae9c92948b002ec4c0c22409ed98f1.camel@perches.com Signed-off-by: Joe Perches Reported-by: Charlemagne Lasse Tested-by: Charlemagne Lasse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 490b292c834c5e72057f4315ef915692cbd6defd Author: Joe Perches Date: Tue Aug 21 21:58:01 2018 -0700 checkpatch: warn when a patch doesn't have a description Potential patches should have a commit description. Emit a warning when there isn't one. [akpm@linux-foundation.org: s/else if/elsif/] Link: http://lkml.kernel.org/r/1b099f4d8373aa583a17011992676bf0f3f09eee.camel@perches.com Signed-off-by: Joe Perches Suggested-by: Prakruthi Deepak Heragu Reviewed-by: Greg Kroah-Hartman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 60f890105547f7a48ea1d67c5ae69966c7245b23 Author: Prakruthi Deepak Heragu Date: Tue Aug 21 21:57:57 2018 -0700 checkpatch: check for #if 0/#if 1 The #if 0 or #if 1 is used to toggle features. Warn if #if 0 or #if 1 is present and suggest that they can be removed. [akpm@linux-foundation.org: fix spacing around periods, per Joe\ Link: http://lkml.kernel.org/r/1532625218-24321-1-git-send-email-pheragu@codeaurora.org Signed-off-by: Abhijeet Dharmapurikar Signed-off-by: Prakruthi Deepak Heragu Acked-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 4cab63cea374c684eb0db352b40a09e3f7c45057 Author: Joe Perches Date: Tue Aug 21 21:57:50 2018 -0700 checkpatch: fix krealloc reuse test The current krealloc test does not function correctly when the temporary pointer return name contains the original pointer name. Fix that by maximally matching the return pointer name and the original pointer name and doing a separate comparison of the both names. Link: http://lkml.kernel.org/r/e617ecb8c019a9c4c56540a1bec16c8aed43a4e4.camel@perches.com Signed-off-by: Joe Perches Reported-by: Lars-Peter Clausen Cc: Manish Narani Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3b6e8ac9e740b71b07df4a1e89ba5841686d8e9f Author: Joe Perches Date: Tue Aug 21 21:57:47 2018 -0700 checkpatch: validate SPDX license with spdxcheck.py Use the existing scripts/spdxcheck.py to validate any SPDX-License-Identifier found in line 1 or 2 of patches or files. Miscellanea: o Properly indent the existing SPDX-License-Identifier block. Link: http://lkml.kernel.org/r/05b832407b24e0a27e419906187cd863bc1617c7.camel@perches.com Signed-off-by: Joe Perches Acked-by: Rob Herring Cc: Thomas Gleixner Cc: Greg Kroah-Hartman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8c8c45cfdd5d8dd555da0d13c1d53b48f99ffe6f Author: Joe Perches Date: Tue Aug 21 21:57:43 2018 -0700 checkpatch: fix macro argument reuse test Multiple line macro definitions where the arguments are separated by line continuations can cause checkpatch to emit invalid syntax regex tests. This can occur when a single argument is modified in a part of a patch. For example: (to not add a diff in the commit message) $ ./scripts/checkpatch.pl --git db023296f0115d2fe01fdabad54678f2b806da23 Unterminated \g... pattern in regex; And, the test does not work correctly when these arguments are all new as the initial patch line addition "+" is used in the argument name. Fix this by stripping the line continuations and any "+" from the list of arguments. Link: http://lkml.kernel.org/r/86cdb43a4db70670c102020093f7fb4eb3003e01.camel@perches.com Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit cd2614967d8b636911a39dd639aa5b87cf280945 Author: Geert Uytterhoeven Date: Tue Aug 21 21:57:40 2018 -0700 checkpatch: warn if missing author Signed-off-by Print a warning if none of the Signed-off-by lines cover the patch author. Non-ASCII quoted printable encoding in From: headers and (lack of) double quotes are handled. Split From: headers are not fully handled: only the first part is compared. [geert+renesas@glider.be: only encode UTF-8 quoted printable mail headers] Link: http://lkml.kernel.org/r/20180718145254.4770-1-geert+renesas@glider.be Link: http://lkml.kernel.org/r/20180712100323.26684-1-geert+renesas@glider.be Signed-off-by: Geert Uytterhoeven Acked-by: Joe Perches Acked-by: Linus Walleij Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 33aa4597dda21348590452656728af2553d2d572 Author: Geert Uytterhoeven Date: Tue Aug 21 21:57:36 2018 -0700 checkpatch: update section keywords As of commit bd721ea73e1f ("treewide: replace obsolete _refok by __ref"), __init_refok no longer exists, so it can be removed. While at it, add the modern variants that were still missing. Link: http://lkml.kernel.org/r/20180706084205.26367-1-geert+renesas@glider.be Signed-off-by: Geert Uytterhoeven Acked-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 5b57980de6b228696dfaf70ad50a8550fbb14fc7 Author: Joe Perches Date: Tue Aug 21 21:57:33 2018 -0700 checkpatch: improve runtime execution speed a little checkpatch repeatedly uses a runtime minimum version check that validates the minimum perl version required for a regex match by using a "$^V ge 5.10.0" runtime string match. Only perform that minimum version test once and store the result to reduce string matching time. This reduces runtime execution time for patches or files with high line counts. An example runtime improvement: new: $ time ./scripts/checkpatch.pl -f drivers/net/ethernet/intel/i40e/i40e_main.c > /dev/null real 0m11.856s user 0m11.831s sys 0m0.025s old: $ time ./scripts/checkpatch.pl -f drivers/net/ethernet/intel/i40e/i40e_main.c > /dev/null real 0m13.330s user 0m13.282s sys 0m0.049s Link: http://lkml.kernel.org/r/db21aa9703833bad65ab70cc4e8a78da5b399138.camel@perches.com Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 79682c0c00893c683678d85a402392b75e90311d Author: Joe Perches Date: Tue Aug 21 21:57:29 2018 -0700 checkpatch: add --fix for CONCATENATED_STRING and STRING_FRAGMENTS Add the ability to --fix these string issues. e.g.: printk(KERN_INFO"bar" "baz"QUX); converts to printk(KERN_INFO "barbaz" QUX); Link: http://lkml.kernel.org/r/a9fb505ccfedffc5869d08832a7ff05a21d85621.camel@perches.com Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d729593e492e1e4c7cd8a418ee227d0bd4d5f36d Author: Joe Perches Date: Tue Aug 21 21:57:26 2018 -0700 checkpatch: add a --strict test for structs with bool member definitions A struct with a bool member can have different sizes on various architectures because neither bool size nor alignment is standardized. So emit a message on the use of bool in structs only in .h files and not .c files. There is the real possibility that this test could have a false positive when a bool is declared as an automatic, so limit the test to .h files where the only false positive is for declarations in static inline functions. Link: http://lkml.kernel.org/r/95477c93db187bab6da8a8ba7c57836868446179.camel@perches.com Signed-off-by: Joe Perches Suggested-by: Peter Zijlstra Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit de9df3993cfffde468c1c226382f24cec7e9fedc Author: Christophe Leroy Date: Tue Aug 21 21:57:22 2018 -0700 lib/test_hexdump.c: fix failure on big endian cpu On a big endian cpu, test_hexdump fails as follows. The logs show that bytes are expected in reversed order. [...] test_hexdump: Len: 24 buflen: 130 strlen: 97 test_hexdump: Result: 97 'be32db7b 0a1893b2 70bac424 7d83349b a69c31ad 9c0face9 .2.{....p..$}.4...1.....' test_hexdump: Expect: 97 '7bdb32be b293180a 24c4ba70 9b34837d ad319ca6 e9ac0f9c .2.{....p..$}.4...1.....' test_hexdump: Len: 8 buflen: 130 strlen: 77 test_hexdump: Result: 77 'be32db7b0a1893b2 .2.{....' test_hexdump: Expect: 77 'b293180a7bdb32be .2.{....' test_hexdump: Len: 6 buflen: 131 strlen: 87 test_hexdump: Result: 87 'be32 db7b 0a18 .2.{..' test_hexdump: Expect: 87 '32be 7bdb 180a .2.{..' test_hexdump: Len: 24 buflen: 131 strlen: 97 test_hexdump: Result: 97 'be32db7b 0a1893b2 70bac424 7d83349b a69c31ad 9c0face9 .2.{....p..$}.4...1.....' test_hexdump: Expect: 97 '7bdb32be b293180a 24c4ba70 9b34837d ad319ca6 e9ac0f9c .2.{....p..$}.4...1.....' test_hexdump: Len: 32 buflen: 131 strlen: 101 test_hexdump: Result: 101 'be32db7b0a1893b2 70bac4247d83349b a69c31ad9c0face9 4cd1199943b1af0c .2.{....p..$}.4...1.....L...C...' test_hexdump: Expect: 101 'b293180a7bdb32be 9b34837d24c4ba70 e9ac0f9cad319ca6 0cafb1439919d14c .2.{....p..$}.4...1.....L...C...' test_hexdump: failed 801 out of 1184 tests This patch fixes it. Link: http://lkml.kernel.org/r/f3112437f62c2f48300535510918e8be1dceacfb.1533610877.git.christophe.leroy@c-s.fr Fixes: 64d1d77a44697 ("hexdump: introduce test suite") Signed-off-by: Christophe Leroy Reviewed-by: Andy Shevchenko Cc: Michael Ellerman Cc: rashmica Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit fd7338ef624fab2efbeb011c3e790693b4199c8e Author: Andy Shevchenko Date: Tue Aug 21 21:57:18 2018 -0700 lib/Kconfig: remove 'default n' for tests It seems contributors follow the style of Kconfig entries where explicit 'default n' is present. The default 'default' is 'n' already, thus, drop these lines from Kconfig to make it more clear. Link: http://lkml.kernel.org/r/20180719085131.79541-1-andriy.shevchenko@linux.intel.com Signed-off-by: Andy Shevchenko Acked-by: Coly Li Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d23599630b0fdecf3b676140a97619def16f2060 Author: Coly Li Date: Tue Aug 21 21:57:15 2018 -0700 bcache: use routines from lib/crc64.c for CRC64 calculation Now we have crc64 calculation in lib/crc64.c, it is unnecessary for bcache to use its own version. This patch changes bcache code to use crc64 routines in lib/crc64.c. Link: http://lkml.kernel.org/r/20180718165545.1622-3-colyli@suse.de Signed-off-by: Coly Li Reviewed-by: Hannes Reinecke Reviewed-by: Andy Shevchenko Cc: Michael Lyle Cc: Kent Overstreet Cc: Thomas Gleixner Cc: Kate Stewart Cc: Randy Dunlap Cc: Eric Biggers Cc: Greg Kroah-Hartman Cc: Noah Massey Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit feba04fd2cf8f6a74865338df2e3e1e94d6cfd13 Author: Coly Li Date: Tue Aug 21 21:57:11 2018 -0700 lib: add crc64 calculation routines Patch series "add crc64 calculation as kernel library", v5. This patchset adds basic implementation of crc64 calculation as a Linux kernel library. Since bcache already does crc64 by itself, this patchset also modifies bcache code to use the new crc64 library routine. Currently bcache is the only user of crc64 calculation, another potential user is bcachefs which is on the way to be in mainline kernel. Therefore it makes sense to make crc64 calculation to be a public library. bcache uses crc64 as storage checksum, if a change of crc lib routines results an inconsistent result, the unmatched checksum may make bcache 'think' the on-disk is corrupted, such a change should be avoided or detected as early as possible. Therefore a patch is being prepared which adds a crc test framework, to check consistency of different calculations. This patch (of 2): Add the re-write crc64 calculation routines for Linux kernel. The CRC64 polynomical arithmetic follows ECMA-182 specification, inspired by CRC paper of Dr. Ross N. Williams (see http://www.ross.net/crc/download/crc_v3.txt) and other public domain implementations. All the changes work in this way, - When Linux kernel is built, host program lib/gen_crc64table.c will be compiled to lib/gen_crc64table and executed. - The output of gen_crc64table execution is an array called as lookup table (a.k.a POLY 0x42f0e1eba9ea369) which contain 256 64-bit long numbers, this table is dumped into header file lib/crc64table.h. - Then the header file is included by lib/crc64.c for normal 64bit crc calculation. - Function declaration of the crc64 calculation routines is placed in include/linux/crc64.h Currently bcache is the only user of crc64_be(), another potential user is bcachefs which is on the way to be in mainline kernel. Therefore it makes sense to move crc64 calculation into lib/crc64.c as public code. [colyli@suse.de: fix review comments from v4] Link: http://lkml.kernel.org/r/20180726053352.2781-2-colyli@suse.de Link: http://lkml.kernel.org/r/20180718165545.1622-2-colyli@suse.de Signed-off-by: Coly Li Co-developed-by: Andy Shevchenko Signed-off-by: Andy Shevchenko Reviewed-by: Hannes Reinecke Cc: Greg Kroah-Hartman Cc: Andy Shevchenko Cc: Michael Lyle Cc: Kent Overstreet Cc: Thomas Gleixner Cc: Kate Stewart Cc: Eric Biggers Cc: Randy Dunlap Cc: Noah Massey Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b15f5f1ae18a70f2db0ec4b4e5fa525420a67270 Author: Colin Ian King Date: Tue Aug 21 21:57:07 2018 -0700 lib/test_debug_virtual.c: make struct pointer foo static The pointer foo is local to the source and does not need to be in global scope, so make it static. Cleans up sparse warning: symbol 'foo' was not declared. Should it be static? Link: http://lkml.kernel.org/r/20180624112206.5722-1-colin.king@canonical.com Signed-off-by: Colin Ian King Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 9144d75e22cad3c89e6b2ccab551db9ee28d250a Author: Chris Wilson Date: Tue Aug 21 21:57:03 2018 -0700 include/linux/bitops.h: introduce BITS_PER_TYPE net_dim.h has a rather useful extension to BITS_PER_BYTE to compute the number of bits in a type (BITS_PER_BYTE * sizeof(T)), so promote the macro to bitops.h, alongside BITS_PER_BYTE, for wider usage. Link: http://lkml.kernel.org/r/20180706094458.14116-1-chris@chris-wilson.co.uk Signed-off-by: Chris Wilson Reviewed-by: Jani Nikula Cc: Randy Dunlap Cc: Andy Gospodarek Cc: David S. Miller Cc: Thomas Gleixner Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ccf7a6d457a8bd618c77468c38842b3f9d82cef4 Author: Andy Shevchenko Date: Tue Aug 21 21:56:59 2018 -0700 lib/bitmap.c: drop unnecessary 0 check for u32 array operations nbits == 0 is safe to be supplied to the function body, so remove unnecessary checks in bitmap_to_arr32() and bitmap_from_arr32(). Link: http://lkml.kernel.org/r/20180531131914.44352-1-andriy.shevchenko@linux.intel.com Signed-off-by: Andy Shevchenko Acked-by: Yury Norov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 0fbd75fd7feedd9e38fc1d3a01317aa23b83d29e Author: Joe Perches Date: Tue Aug 21 21:56:55 2018 -0700 get_maintainer: allow option --mpath to read all files in There is an external use case for multiple private MAINTAINER style files in a separate directory. Allow it. --mpath has a default of "./MAINTAINERS". The value entered can be either a file or a directory. The behaviors are now: --mpath Read only the specific file as file --mpath Read all files in as files --mpath --find-maintainer-files Recurse through and read all files named MAINTAINERS Link: http://lkml.kernel.org/r/991b2f20112d53863cd79e61d908f1d26d3e1971.camel@perches.com Signed-off-by: Joe Perches Tested-by: Don Zickus Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 5f0baf95b1edfff5eb9b6f571febb859b047de97 Author: Joe Perches Date: Tue Aug 21 21:56:52 2018 -0700 get_maintainer.pl: add -mpath= for MAINTAINERS file location Add the ability to have an override for the location of the MAINTAINERS file. Miscellanea: o Properly indent a few lines with leading spaces Link: http://lkml.kernel.org/r/a86e69195076ed3c4c526fddc76b86c28e0a1e37.camel@perches.com Signed-off-by: Joe Perches Suggested-by: Don Zickus Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 31bb82c9caa9bd8fa8865fa28a7a81f67ddc0539 Author: Antonio Nino Diaz Date: Tue Aug 21 21:56:48 2018 -0700 get_maintainer: allow usage outside of kernel tree Add option '--no-tree' to get_maintainer.pl script to allow using this script in projects that aren't the Linux kernel if they use the same format for their MAINTAINERS file. This command is also available in checkpatch.pl, for example. Link: http://lkml.kernel.org/r/04452ac6-1575-f612-72c6-6ea88e70a9d5@arm.com Signed-off-by: Antonio Nino Diaz Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 92e641784055998879942d39c74d4f84fa750968 Author: Davidlohr Bueso Date: Tue Aug 21 21:56:45 2018 -0700 s/epoll: robustify irq safety with lockdep_assert_irqs_enabled() Sprinkle lockdep_assert_irqs_enabled() checks in the functions that do not save and restore interrupts when dealing with the ep->wq.lock. These are ep_scan_ready_list() and those called by epoll_ctl(): ep_insert, ep_modify and ep_remove. [akpm@linux-foundation.org: remove too-obvious comments] Link: http://lkml.kernel.org/r/20180721183127.3busfa335zlcjeox@linux-r8p5 Signed-off-by: Davidlohr Bueso Cc: Peter Zijlstra Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 304b18b8d6af796c8ece221d34c92aeb1559789b Author: Davidlohr Bueso Date: Tue Aug 21 21:56:41 2018 -0700 fs/epoll: loosen irq safety in epoll_insert() and epoll_remove() Both functions are similar to the context of ep_modify(), called via epoll_ctl(2). Just like ep_modify(), saving and restoring interrupts is an overkill in these calls as it will never be called with irqs disabled. While ep_remove() can be called directly from EPOLL_CTL_DEL, it can also be called when releasing the file, but this also complies with the above. Link: http://lkml.kernel.org/r/20180720172956.2883-3-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Cc: Jason Baron Cc: Al Viro Cc: Peter Zijlstra Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 002b343669c474151954266e7fcf727bf7faa851 Author: Davidlohr Bueso Date: Tue Aug 21 21:56:38 2018 -0700 fs/epoll: loosen irq safety in ep_scan_ready_list() Patch series "fs/epoll: loosen irq safety when possible". Both patches replace saving+restoring interrupts when taking the ep->lock (now the waitqueue lock), with just disabling local irqs. This shows immediate performance benefits in patch 1 for an epoll workload running on Xen. The main concern we need to have with this sort of changes in epoll is the ep_poll_callback() which is passed to the wait queue wakeup and is done very often under irq context, this patch does not touch this call. Patches have been tested pretty heavily with the customer workload, microbenchmarks, ltp testcases and two high level workloads that use epoll under the hood: nginx and libevent benchmarks. This patch (of 2): Saving and restoring interrupts in ep_scan_ready_list() is an overkill as it is never called with interrupts disabled. Loosen this to simply disabling local irqs such that archs where managing irqs is expensive or virtual environments. This patch yields some throughput improvements on a workload that is epoll intensive running on a single Xen DomU. 1 Job 7500 --> 8800 enq/s (+17%) 2 Jobs 14000 --> 15200 enq/s (+8%) 3 Jobs 20500 --> 22300 enq/s (+8%) 4 Jobs 25000 --> 28000 enq/s (+8-12)% On bare metal: For a 2-socket 40-core (ht) IvyBridge on a few workloads, unfortunately I don't have a xen environment and the results for Xen I do have (which numbers are in patch 1) I don't have the actual workload, so cannot compare them directly. 1) Different configurations were used for a epoll_wait (pipes io) microbench (http://linux-scalability.org/epoll/epoll-test.c) and shows around a 7-10% improvement in overall total number of times the epoll_wait() loops when using both regular and nested epolls, so very raw numbers, but measurable nonetheless. # threads vanilla dirty 1 1677717 1805587 2 1660510 1854064 4 1610184 1805484 8 1577696 1751222 16 1568837 1725299 32 1291532 1378463 64 752584 787368 Note that stddev is pretty small. 2) Another pipe test, which shows no real measurable improvement. (http://www.xmailserver.org/linux-patches/pipetest.c) Link: http://lkml.kernel.org/r/20180720172956.2883-2-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Cc: Jason Baron Cc: Al Viro Cc: Peter Zijlstra Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit e05a8e4d88d16e088d83ce679ac3343ac66c936b Author: Christoph Hellwig Date: Tue Aug 21 21:56:34 2018 -0700 sched/wait: assert the wait_queue_head lock is held in __wake_up_common Better ensure we actually hold the lock using lockdep than just commenting on it. Due to the various exported _locked interfaces it is far too easy to get the locking wrong. Link: http://lkml.kernel.org/r/20171214152344.6880-4-hch@lst.de Signed-off-by: Christoph Hellwig Acked-by: Ingo Molnar Cc: Al Viro Cc: Andrea Arcangeli Cc: Ingo Molnar Cc: Jason Baron Cc: Matthew Wilcox Cc: Mike Rapoport Cc: Peter Zijlstra Cc: Davidlohr Bueso Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c430d1e848ff1240d126e79780f3c26208b8aed9 Author: Matthew Wilcox Date: Tue Aug 21 21:56:30 2018 -0700 userfaultfd: use fault_wqh lock The userfaultfd code currently uses the unlocked waitqueue helpers for managing fault_wqh, but instead of holding the waitqueue lock for this waitqueue around these calls, it the waitqueue lock of fault_pending_wq, which is a different waitqueue instance. Given that the waitqueue is not exposed to the rest of the kernel this actually works ok at the moment, but prevents the userfaultfd locking rules from being enforced using lockdep. Switch to the internally locked waitqueue helpers instead. This means that the lock inside fault_wqh now nests inside the fault_pending_wqh lock, but that's not a problem since it was entirely unused before. [hch@lst.de: slight changelog updates] [rppt@linux.vnet.ibm.com: spotted changelog spellos] Link: http://lkml.kernel.org/r/20171214152344.6880-3-hch@lst.de Signed-off-by: Matthew Wilcox Signed-off-by: Christoph Hellwig Reviewed-by: Mike Rapoport Cc: Al Viro Cc: Andrea Arcangeli Cc: Ingo Molnar Cc: Jason Baron Cc: Peter Zijlstra Cc: Davidlohr Bueso Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ee8ef0a4b167c1f2605bc9b5701c603224673d53 Author: Christoph Hellwig Date: Tue Aug 21 21:56:26 2018 -0700 epoll: use the waitqueue lock to protect ep->wq Patch series "waitqueue lockdep annotation", v3. This series adds a strategic lockdep_assert_held to __wake_up_common to ensure callers really do hold the wait_queue_head lock when calling the unlocked wake_up variants. It turns out epoll did not do this for a fairly common path (hit all the time by systemd during bootup), so the second patch fixed this instance as well. This patch (of 3): The epoll code currently uses the unlocked waitqueue helpers for managing ep->wq, but instead of holding the waitqueue lock around these calls, it uses its own ep->lock spinlock. Given that the waitqueue is not exposed to the rest of the kernel this actually works ok at the moment, but prevents the epoll locking rules from being enforced using lockdep. Remove ep->lock and use the waitqueue lock to not only reduce the size of struct eventpoll but also to make sure we can assert locking invariants in the waitqueue code. Link: http://lkml.kernel.org/r/20171214152344.6880-2-hch@lst.de Signed-off-by: Christoph Hellwig Reviewed-by: Jason Baron Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Al Viro Cc: Andrea Arcangeli Cc: Mike Rapoport Cc: Jason Baron Cc: Ingo Molnar Cc: Matthew Wilcox Cc: Davidlohr Bueso Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 46e0c9be206fa7b11aca75da2d6b8535d0139752 Author: Ard Biesheuvel Date: Tue Aug 21 21:56:22 2018 -0700 kernel: tracepoints: add support for relative references To avoid the need for relocating absolute references to tracepoint structures at boot time when running relocatable kernels (which may take a disproportionate amount of space), add the option to emit these tables as relative references instead. Link: http://lkml.kernel.org/r/20180704083651.24360-7-ard.biesheuvel@linaro.org Acked-by: Michael Ellerman Acked-by: Ingo Molnar Acked-by: Steven Rostedt (VMware) Signed-off-by: Ard Biesheuvel Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Bjorn Helgaas Cc: Catalin Marinas Cc: James Morris Cc: James Morris Cc: Jessica Yu Cc: Josh Poimboeuf Cc: Kees Cook Cc: Nicolas Pitre Cc: Paul Mackerras Cc: Petr Mladek Cc: Russell King Cc: "Serge E. Hallyn" Cc: Sergey Senozhatsky Cc: Thomas Garnier Cc: Thomas Gleixner Cc: Will Deacon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c9d8b55fa0191623fccb9ed67d2ff8f9159e9a89 Author: Ard Biesheuvel Date: Tue Aug 21 21:56:18 2018 -0700 PCI: Add support for relative addressing in quirk tables Allow the PCI quirk tables to be emitted in a way that avoids absolute references to the hook functions. This reduces the size of the entries, and, more importantly, makes them invariant under runtime relocation (e.g., for KASLR) Link: http://lkml.kernel.org/r/20180704083651.24360-6-ard.biesheuvel@linaro.org Acked-by: Bjorn Helgaas Acked-by: Michael Ellerman Acked-by: Ingo Molnar Signed-off-by: Ard Biesheuvel Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: James Morris Cc: James Morris Cc: Jessica Yu Cc: Josh Poimboeuf Cc: Kees Cook Cc: Nicolas Pitre Cc: Paul Mackerras Cc: Petr Mladek Cc: Russell King Cc: "Serge E. Hallyn" Cc: Sergey Senozhatsky Cc: Steven Rostedt Cc: Thomas Garnier Cc: Thomas Gleixner Cc: Will Deacon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 1b1eeca7e4c19fa76d409d4c7b338dba21f2df45 Author: Ard Biesheuvel Date: Tue Aug 21 21:56:13 2018 -0700 init: allow initcall tables to be emitted using relative references Allow the initcall tables to be emitted using relative references that are only half the size on 64-bit architectures and don't require fixups at runtime on relocatable kernels. Link: http://lkml.kernel.org/r/20180704083651.24360-5-ard.biesheuvel@linaro.org Acked-by: James Morris Acked-by: Sergey Senozhatsky Acked-by: Petr Mladek Acked-by: Michael Ellerman Acked-by: Ingo Molnar Signed-off-by: Ard Biesheuvel Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Bjorn Helgaas Cc: Catalin Marinas Cc: James Morris Cc: Jessica Yu Cc: Josh Poimboeuf Cc: Kees Cook Cc: Nicolas Pitre Cc: Paul Mackerras Cc: Russell King Cc: "Serge E. Hallyn" Cc: Steven Rostedt Cc: Thomas Garnier Cc: Thomas Gleixner Cc: Will Deacon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7290d58095712a89f845e1bca05334796dd49ed2 Author: Ard Biesheuvel Date: Tue Aug 21 21:56:09 2018 -0700 module: use relative references for __ksymtab entries An ordinary arm64 defconfig build has ~64 KB worth of __ksymtab entries, each consisting of two 64-bit fields containing absolute references, to the symbol itself and to a char array containing its name, respectively. When we build the same configuration with KASLR enabled, we end up with an additional ~192 KB of relocations in the .init section, i.e., one 24 byte entry for each absolute reference, which all need to be processed at boot time. Given how the struct kernel_symbol that describes each entry is completely local to module.c (except for the references emitted by EXPORT_SYMBOL() itself), we can easily modify it to contain two 32-bit relative references instead. This reduces the size of the __ksymtab section by 50% for all 64-bit architectures, and gets rid of the runtime relocations entirely for architectures implementing KASLR, either via standard PIE linking (arm64) or using custom host tools (x86). Note that the binary search involving __ksymtab contents relies on each section being sorted by symbol name. This is implemented based on the input section names, not the names in the ksymtab entries, so this patch does not interfere with that. Given that the use of place-relative relocations requires support both in the toolchain and in the module loader, we cannot enable this feature for all architectures. So make it dependent on whether CONFIG_HAVE_ARCH_PREL32_RELOCATIONS is defined. Link: http://lkml.kernel.org/r/20180704083651.24360-4-ard.biesheuvel@linaro.org Signed-off-by: Ard Biesheuvel Acked-by: Jessica Yu Acked-by: Michael Ellerman Reviewed-by: Will Deacon Acked-by: Ingo Molnar Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Bjorn Helgaas Cc: Catalin Marinas Cc: James Morris Cc: James Morris Cc: Josh Poimboeuf Cc: Kees Cook Cc: Nicolas Pitre Cc: Paul Mackerras Cc: Petr Mladek Cc: Russell King Cc: "Serge E. Hallyn" Cc: Sergey Senozhatsky Cc: Steven Rostedt Cc: Thomas Garnier Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f922c4abdf7648523589abee9460c87f51630d2f Author: Ard Biesheuvel Date: Tue Aug 21 21:56:04 2018 -0700 module: allow symbol exports to be disabled To allow existing C code to be incorporated into the decompressor or the UEFI stub, introduce a CPP macro that turns all EXPORT_SYMBOL_xxx declarations into nops, and #define it in places where such exports are undesirable. Note that this gets rid of a rather dodgy redefine of linux/export.h's header guard. Link: http://lkml.kernel.org/r/20180704083651.24360-3-ard.biesheuvel@linaro.org Signed-off-by: Ard Biesheuvel Acked-by: Nicolas Pitre Acked-by: Michael Ellerman Reviewed-by: Will Deacon Acked-by: Ingo Molnar Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Bjorn Helgaas Cc: Catalin Marinas Cc: James Morris Cc: James Morris Cc: Jessica Yu Cc: Josh Poimboeuf Cc: Kees Cook Cc: Paul Mackerras Cc: Petr Mladek Cc: Russell King Cc: "Serge E. Hallyn" Cc: Sergey Senozhatsky Cc: Steven Rostedt Cc: Thomas Garnier Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 271ca788774aaef9ca4c372573122cc4548cd401 Author: Ard Biesheuvel Date: Tue Aug 21 21:56:00 2018 -0700 arch: enable relative relocations for arm64, power and x86 Patch series "add support for relative references in special sections", v10. This adds support for emitting special sections such as initcall arrays, PCI fixups and tracepoints as relative references rather than absolute references. This reduces the size by 50% on 64-bit architectures, but more importantly, it removes the need for carrying relocation metadata for these sections in relocatable kernels (e.g., for KASLR) that needs to be fixed up at boot time. On arm64, this reduces the vmlinux footprint of such a reference by 8x (8 byte absolute reference + 24 byte RELA entry vs 4 byte relative reference) Patch #3 was sent out before as a single patch. This series supersedes the previous submission. This version makes relative ksymtab entries dependent on the new Kconfig symbol HAVE_ARCH_PREL32_RELOCATIONS rather than trying to infer from kbuild test robot replies for which architectures it should be blacklisted. Patch #1 introduces the new Kconfig symbol HAVE_ARCH_PREL32_RELOCATIONS, and sets it for the main architectures that are expected to benefit the most from this feature, i.e., 64-bit architectures or ones that use runtime relocations. Patch #2 add support for #define'ing __DISABLE_EXPORTS to get rid of ksymtab/kcrctab sections in decompressor and EFI stub objects when rebuilding existing C files to run in a different context. Patches #4 - #6 implement relative references for initcalls, PCI fixups and tracepoints, respectively, all of which produce sections with order ~1000 entries on an arm64 defconfig kernel with tracing enabled. This means we save about 28 KB of vmlinux space for each of these patches. [From the v7 series blurb, which included the jump_label patches as well]: For the arm64 kernel, all patches combined reduce the memory footprint of vmlinux by about 1.3 MB (using a config copied from Ubuntu that has KASLR enabled), of which ~1 MB is the size reduction of the RELA section in .init, and the remaining 300 KB is reduction of .text/.data. This patch (of 6): Before updating certain subsystems to use place relative 32-bit relocations in special sections, to save space and reduce the number of absolute relocations that need to be processed at runtime by relocatable kernels, introduce the Kconfig symbol and define it for some architectures that should be able to support and benefit from it. Link: http://lkml.kernel.org/r/20180704083651.24360-2-ard.biesheuvel@linaro.org Signed-off-by: Ard Biesheuvel Acked-by: Michael Ellerman Reviewed-by: Will Deacon Acked-by: Ingo Molnar Cc: Arnd Bergmann Cc: Kees Cook Cc: Thomas Garnier Cc: Thomas Gleixner Cc: "Serge E. Hallyn" Cc: Bjorn Helgaas Cc: Benjamin Herrenschmidt Cc: Russell King Cc: Paul Mackerras Cc: Catalin Marinas Cc: Petr Mladek Cc: James Morris Cc: Nicolas Pitre Cc: Josh Poimboeuf Cc: Steven Rostedt Cc: Sergey Senozhatsky , Cc: James Morris Cc: Jessica Yu Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit bc63804619465ad98af6d9086dab601a653066fb Author: Colin Ian King Date: Tue Aug 21 21:55:56 2018 -0700 spelling.txt: add more spellings to spelling.txt Here are some of the more common spelling mistakes and typos that I've found while fixing up spelling mistakes in the kernel over the past 6 months. Link: http://lkml.kernel.org/r/20180629150603.1159-1-colin.king@canonical.com Signed-off-by: Colin Ian King Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a2e514453861dd39b53b7a50b6771bd3f9852078 Author: Dmitry Vyukov Date: Tue Aug 21 21:55:52 2018 -0700 kernel/hung_task.c: allow to set checking interval separately from timeout Currently task hung checking interval is equal to timeout, as the result hung is detected anywhere between timeout and 2*timeout. This is fine for most interactive environments, but this hurts automated testing setups (syzbot). In an automated setup we need to strictly order CPU lockup < RCU stall < workqueue lockup < task hung < silent loss, so that RCU stall is not detected as task hung and task hung is not detected as silent machine loss. The large variance in task hung detection timeout requires setting silent machine loss timeout to a very large value (e.g. if task hung is 3 mins, then silent loss need to be set to ~7 mins). The additional 3 minutes significantly reduce testing efficiency because usually we crash kernel within a minute, and this can add hours to bug localization process as it needs to do dozens of tests. Allow setting checking interval separately from timeout. This allows to set timeout to, say, 3 minutes, but checking interval to 10 secs. The interval is controlled via a new hung_task_check_interval_secs sysctl, similar to the existing hung_task_timeout_secs sysctl. The default value of 0 results in the current behavior: checking interval is equal to timeout. [akpm@linux-foundation.org: update hung_task_timeout_max's comment] Link: http://lkml.kernel.org/r/20180611111004.203513-1-dvyukov@google.com Signed-off-by: Dmitry Vyukov Cc: Paul E. McKenney Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Peter Zijlstra Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 91bc9aaf746ae41016bd6b61a48133e162542574 Author: Arnd Bergmann Date: Tue Aug 21 21:55:49 2018 -0700 kernel/crash_core.c: print timestamp using time64_t The get_seconds() call returns a 32-bit timestamp on some architectures, and will overflow in the future. The newer ktime_get_real_seconds() always returns a 64-bit timestamp that does not suffer from this problem. Link: http://lkml.kernel.org/r/20180618150329.941903-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Reviewed-by: Andrew Morton Cc: Dave Young Cc: Baoquan He Cc: "Kirill A. Shutemov" Cc: Petr Tesarik Cc: Marc-Andr Lureau Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 203583990cb675aeddff6d7623f68268068c078c Author: Rasmus Villemoes Date: Tue Aug 21 21:55:45 2018 -0700 linux/compiler.h: don't use bool Appararently, it's possible to have a non-trivial TU include a few headers, including linux/build_bug.h, without ending up with linux/types.h. So the 0day bot sent me config: um-x86_64_defconfig (attached as .config) >> include/linux/compiler.h:316:3: error: unknown type name 'bool'; did you mean '_Bool'? bool __cond = !(condition); \ for something I'm working on. Rather than contributing to the #include madness and including linux/types.h from compiler.h, just use int. Link: http://lkml.kernel.org/r/20180817101036.20969-1-linux@rasmusvillemoes.dk Signed-off-by: Rasmus Villemoes Cc: Christopher Li Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ce0a568d327968367f294ea2425fe2c6f4f33ed2 Author: Anna-Maria Gleixner Date: Tue Aug 21 21:55:42 2018 -0700 userns: use irqsave variant of refcount_dec_and_lock() The irqsave variant of refcount_dec_and_lock handles irqsave/restore when taking/releasing the spin lock. With this variant the call of local_irq_save/restore is no longer required. [bigeasy@linutronix.de: s@atomic_dec_and_lock@refcount_dec_and_lock@g] Link: http://lkml.kernel.org/r/20180703200141.28415-7-bigeasy@linutronix.de Signed-off-by: Anna-Maria Gleixner Signed-off-by: Sebastian Andrzej Siewior Acked-by: Peter Zijlstra (Intel) Cc: "Eric W. Biederman" Cc: Ingo Molnar Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit fc37191272a972d449bab3d8247cf52cadf5d4e6 Author: Sebastian Andrzej Siewior Date: Tue Aug 21 21:55:38 2018 -0700 userns: use refcount_t for reference counting instead atomic_t refcount_t type and corresponding API should be used instead of atomic_t wh en the variable is used as a reference counter. This avoids accidental refcounter overflows that might lead to use-after-free situations. Link: http://lkml.kernel.org/r/20180703200141.28415-6-bigeasy@linutronix.de Signed-off-by: Sebastian Andrzej Siewior Suggested-by: Peter Zijlstra Acked-by: Peter Zijlstra (Intel) Reviewed-by: Andrew Morton Cc: "Eric W. Biederman" Cc: Ingo Molnar Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 060288a7320b2837a8ff2af1b3643bdbd5e568f6 Author: Anna-Maria Gleixner Date: Tue Aug 21 21:55:35 2018 -0700 bdi: use irqsave variant of refcount_dec_and_lock() The irqsave variant of refcount_dec_and_lock handles irqsave/restore when taking/releasing the spin lock. With this variant the call of local_irq_save/restore is no longer required. [bigeasy@linutronix.de: s@atomic_dec_and_lock@refcount_dec_and_lock@g] Link: http://lkml.kernel.org/r/20180703200141.28415-5-bigeasy@linutronix.de Signed-off-by: Anna-Maria Gleixner Signed-off-by: Sebastian Andrzej Siewior Acked-by: Peter Zijlstra (Intel) Cc: Jens Axboe Cc: Ingo Molnar Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit e58dd0de5eadf145895b13451a1fef8ef03946eb Author: Sebastian Andrzej Siewior Date: Tue Aug 21 21:55:31 2018 -0700 bdi: use refcount_t for reference counting instead atomic_t refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This permits avoiding accidental refcounter overflows that might lead to use-after-free situations. Link: http://lkml.kernel.org/r/20180703200141.28415-4-bigeasy@linutronix.de Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Suggested-by: Peter Zijlstra Cc: Jens Axboe Cc: Ingo Molnar Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit cedc5b6aab493f6b1b1d381dccc0cc082da7d3d8 Author: Kees Cook Date: Tue Aug 21 21:55:28 2018 -0700 kernel.h: documentation for roundup() vs round_up() Things like 3619dec5103d ("dh key: fix rounding up KDF output length") expose the lack of explicit documentation for roundup() vs round_up(). At least we can try to document it better if anyone goes looking. Link: http://lkml.kernel.org/r/20180703041950.GA43464@beast Signed-off-by: Kees Cook Cc: Ingo Molnar Cc: Greg Kroah-Hartman Cc: Randy Dunlap Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 96c6a32ccb55a366054fd82cc63523bb7f7493d3 Author: Dmitry Vyukov Date: Tue Aug 21 21:55:24 2018 -0700 include/asm-generic/bug.h: clarify valid uses of WARN() Explicitly state that WARN*() should be used only for recoverable kernel issues/bugs and that it should not be used for any kind of invalid external inputs or transient conditions. Motivation: it's a very useful capability to be able to understand if a particular kernel splat means a kernel bug or simply an invalid user-space program. For the former one wants to notify kernel developers, while notifying kernel developers for the latter is annoying. Even a kernel developer may not know what to do with a WARNING in an unfamiliar subsystem. This is especially critical for any automated testing systems that may use panic_on_warn and mail kernel developers. The clear separation also serves as an additional documentation: is it a condition that must never occur because of additional checks/logic elsewhere? or is it simply a check for invalid inputs or unfortunate conditions? Use of pr_err() for user messages also leads to better error messages. "Something is wrong in file foo on line X" is not particularly useful message for end user. pr_err() forces developers to write more meaningful error messages for user. As of now we are almost there. We are doing systematic kernel testing with panic_on_warn and are not seeing massive amounts of false positives. But every now and then another WARN on ENOMEM or invalid inputs pops up and leads to a lengthy argument each time. The goal of this change is to officially document the rules. Link: http://lkml.kernel.org/r/20180620103716.61636-1-dvyukov@gmail.com Signed-off-by: Dmitry Vyukov Acked-by: Greg Kroah-Hartman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 23c85094fe1895caefdd19ef624ee687ec5f4507 Author: Omar Sandoval Date: Tue Aug 21 21:55:20 2018 -0700 proc/kcore: add vmcoreinfo note to /proc/kcore The vmcoreinfo information is useful for runtime debugging tools, not just for crash dumps. A lot of this information can be determined by other means, but this is much more convenient, and it only adds a page at most to the file. Link: http://lkml.kernel.org/r/fddbcd08eed76344863303878b12de1c1e2a04b6.1531953780.git.osandov@fb.com Signed-off-by: Omar Sandoval Cc: Alexey Dobriyan Cc: Bhupesh Sharma Cc: Eric Biederman Cc: James Morse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit eff4345e7fba0aac8665f00e8599b36946d9aaec Author: Omar Sandoval Date: Tue Aug 21 21:55:17 2018 -0700 crash_core: use VMCOREINFO_SYMBOL_ARRAY() for swapper_pg_dir This is preparation for allowing CRASH_CORE to be enabled for any architecture. swapper_pg_dir is always either an array or a macro expanding to NULL. In the latter case, VMCOREINFO_SYMBOL() won't work, as it tries to take the address of the given symbol: #define VMCOREINFO_SYMBOL(name) \ vmcoreinfo_append_str("SYMBOL(%s)=%lx\n", #name, (unsigned long)&name) Instead, use VMCOREINFO_SYMBOL_ARRAY(), which uses the value: #define VMCOREINFO_SYMBOL_ARRAY(name) \ vmcoreinfo_append_str("SYMBOL(%s)=%lx\n", #name, (unsigned long)name) This is the same thing for the array case but isn't an error for the macro case. Link: http://lkml.kernel.org/r/c05f9781ec204f40fc96f95086e7b6de6a3eb2c3.1532563124.git.osandov@fb.com Signed-off-by: Omar Sandoval Cc: Alexey Dobriyan Cc: Bhupesh Sharma Cc: Eric Biederman Cc: James Morse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit bf991c2231117d50a7645792b514354fc8d19dae Author: Omar Sandoval Date: Tue Aug 21 21:55:13 2018 -0700 proc/kcore: optimize multiple page reads The current code does a full search of the segment list every time for every page. This is wasteful, since it's almost certain that the next page will be in the same segment. Instead, check if the previous segment covers the current page before doing the list search. Link: http://lkml.kernel.org/r/fd346c11090cf93d867e01b8d73a6567c5ac6361.1531953780.git.osandov@fb.com Signed-off-by: Omar Sandoval Cc: Alexey Dobriyan Cc: Bhupesh Sharma Cc: Eric Biederman Cc: James Morse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 37e949bd5293ddb70acf236eedf2ae8caa1db57b Author: Omar Sandoval Date: Tue Aug 21 21:55:09 2018 -0700 proc/kcore: clean up ELF header generation Currently, the ELF file header, program headers, and note segment are allocated all at once, in some icky code dating back to 2.3. Programs tend to read the file header, then the program headers, then the note segment, all separately, so this is a waste of effort. It's cleaner and more efficient to handle the three separately. Link: http://lkml.kernel.org/r/19c92cbad0e11f6103ff3274b2e7a7e51a1eb74b.1531953780.git.osandov@fb.com Signed-off-by: Omar Sandoval Cc: Alexey Dobriyan Cc: Bhupesh Sharma Cc: Eric Biederman Cc: James Morse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3673fb08db73347332ab956d90090c1da6e610b7 Author: Omar Sandoval Date: Tue Aug 21 21:55:06 2018 -0700 proc/kcore: hold lock during read Now that we're using an rwsem, we can hold it during the entirety of read_kcore() and have a common return path. This is preparation for the next change. [akpm@linux-foundation.org: fix locking bug reported by Tetsuo Handa] Link: http://lkml.kernel.org/r/d7cfbc1e8a76616f3b699eaff9df0a2730380534.1531953780.git.osandov@fb.com Signed-off-by: Omar Sandoval Cc: Alexey Dobriyan Cc: Bhupesh Sharma Cc: Eric Biederman Cc: James Morse Cc: Tetsuo Handa Cc: Stephen Rothwell Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b66fb005c97544e9e589b2f2e60ccfe3808c6c3e Author: Omar Sandoval Date: Tue Aug 21 21:55:02 2018 -0700 proc/kcore: fix memory hotplug vs multiple opens race There's a theoretical race condition that will cause /proc/kcore to miss a memory hotplug event: CPU0 CPU1 // hotplug event 1 kcore_need_update = 1 open_kcore() open_kcore() kcore_update_ram() kcore_update_ram() // Walk RAM // Walk RAM __kcore_update_ram() __kcore_update_ram() kcore_need_update = 0 // hotplug event 2 kcore_need_update = 1 kcore_need_update = 0 Note that CPU1 set up the RAM kcore entries with the state after hotplug event 1 but cleared the flag for hotplug event 2. The RAM entries will therefore be stale until there is another hotplug event. This is an extremely unlikely sequence of events, but the fix makes the synchronization saner, anyways: we serialize the entire update sequence, which means that whoever clears the flag will always succeed in replacing the kcore list. Link: http://lkml.kernel.org/r/6106c509998779730c12400c1b996425df7d7089.1531953780.git.osandov@fb.com Signed-off-by: Omar Sandoval Cc: Alexey Dobriyan Cc: Bhupesh Sharma Cc: Eric Biederman Cc: James Morse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 0b172f845ff963ab15e2d861dc155e2ab13241e9 Author: Omar Sandoval Date: Tue Aug 21 21:54:59 2018 -0700 proc/kcore: replace kclist_lock rwlock with rwsem Now we only need kclist_lock from user context and at fs init time, and the following changes need to sleep while holding the kclist_lock. Link: http://lkml.kernel.org/r/521ba449ebe921d905177410fee9222d07882f0d.1531953780.git.osandov@fb.com Signed-off-by: Omar Sandoval Reviewed-by: Andrew Morton Cc: Alexey Dobriyan Cc: Bhupesh Sharma Cc: Eric Biederman Cc: James Morse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit bf53183164dbba00b342df7d2215b33007ed83ed Author: Omar Sandoval Date: Tue Aug 21 21:54:55 2018 -0700 proc/kcore: don't grab lock for memory hotplug notifier The memory hotplug notifier kcore_callback() only needs kclist_lock to prevent races with __kcore_update_ram(), but we can easily eliminate that race by using an atomic xchg() in __kcore_update_ram(). This is preparation for converting kclist_lock to an rwsem. Link: http://lkml.kernel.org/r/0a4bc89f4dbde8b5b2ea309f7b4fb6a85fe29df2.1531953780.git.osandov@fb.com Signed-off-by: Omar Sandoval Reviewed-by: Andrew Morton Cc: Alexey Dobriyan Cc: Bhupesh Sharma Cc: Eric Biederman Cc: James Morse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a8dd9c4df18edc873d244790d163564a5d17626b Author: Omar Sandoval Date: Tue Aug 21 21:54:51 2018 -0700 proc/kcore: don't grab lock for kclist_add() Patch series "/proc/kcore improvements", v4. This series makes a few improvements to /proc/kcore. It fixes a couple of small issues in v3 but is otherwise the same. Patches 1, 2, and 3 are prep patches. Patch 4 is a fix/cleanup. Patch 5 is another prep patch. Patches 6 and 7 are optimizations to ->read(). Patch 8 makes it possible to enable CRASH_CORE on any architecture, which is needed for patch 9. Patch 9 adds vmcoreinfo to /proc/kcore. This patch (of 9): kclist_add() is only called at init time, so there's no point in grabbing any locks. We're also going to replace the rwlock with a rwsem, which we don't want to try grabbing during early boot. While we're here, mark kclist_add() with __init so that we'll get a warning if it's called from non-init code. Link: http://lkml.kernel.org/r/98208db1faf167aa8b08eebfa968d95c70527739.1531953780.git.osandov@fb.com Signed-off-by: Omar Sandoval Reviewed-by: Andrew Morton Reviewed-by: Bhupesh Sharma Tested-by: Bhupesh Sharma Cc: Alexey Dobriyan Cc: Bhupesh Sharma Cc: Eric Biederman Cc: James Morse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit df865e8337c397471b95f51017fea559bc8abb4a Author: James Morse Date: Tue Aug 21 21:54:48 2018 -0700 fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries elf_kcore_store_hdr() uses __pa() to find the physical address of KCORE_RAM or KCORE_TEXT entries exported as program headers. This trips CONFIG_DEBUG_VIRTUAL's checks, as the KCORE_TEXT entries are not in the linear map. Handle these two cases separately, using __pa_symbol() for the KCORE_TEXT entries. Link: http://lkml.kernel.org/r/20180711131944.15252-1-james.morse@arm.com Signed-off-by: James Morse Cc: Alexey Dobriyan Cc: Omar Sandoval Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 36f062042b0fd9f8e41b97a472f52139886ca26f Author: Souptick Joarder Date: Tue Aug 21 21:54:44 2018 -0700 fs/proc/vmcore.c: use new typedef vm_fault_t Use new return type vm_fault_t for fault handler in struct vm_operations_struct. For now, this is just documenting that the function returns a VM_FAULT value rather than an errno. Once all instances are converted, vm_fault_t will become a distinct type. See 1c8f422059ae ("mm: change return type to vm_fault_t") for reference. Link: http://lkml.kernel.org/r/20180702153325.GA3875@jordon-HP-15-Notebook-PC Signed-off-by: Souptick Joarder Reviewed-by: Matthew Wilcox Cc: Ganesh Goudar Cc: Rahul Lakkireddy Cc: David S. Miller Cc: Alexey Dobriyan Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 9a27e97aaab9a25fac2e8976e98e42ab7f4a8fac Author: Alexey Dobriyan Date: Tue Aug 21 21:54:41 2018 -0700 proc: use "unsigned int" in /proc/stat hook Number of CPUs is never high enough to force 64-bit arithmetic. Save couple of bytes on x86_64. Link: http://lkml.kernel.org/r/20180627200710.GC18434@avx2 Signed-off-by: Alexey Dobriyan Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 891ae71dc4fbd2454a3fa569e115a7ca86630949 Author: Alexey Dobriyan Date: Tue Aug 21 21:54:37 2018 -0700 proc: spread "const" a bit Link: http://lkml.kernel.org/r/20180627200614.GB18434@avx2 Signed-off-by: Alexey Dobriyan Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f6d2f584d88616e27eeb603dc8c88ca16e00d682 Author: Alexey Dobriyan Date: Tue Aug 21 21:54:34 2018 -0700 proc: use macro in /proc/latency hook ->latency_record is defined as struct latency_record[LT_SAVECOUNT]; so use the same macro whie iterating. Link: http://lkml.kernel.org/r/20180627200534.GA18434@avx2 Signed-off-by: Alexey Dobriyan Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 41089b6d3e44a895076cc8ce56b08e463cb4f796 Author: Alexey Dobriyan Date: Tue Aug 21 21:54:30 2018 -0700 proc: save 2 atomic ops on write to "/proc/*/attr/*" Code checks if write is done by current to its own attributes. For that get/put pair is unnecessary as it can be done under RCU. Note: rcu_read_unlock() can be done even earlier since pointer to a task is not dereferenced. It depends if /proc code should look scary or not: rcu_read_lock(); task = pid_task(...); rcu_read_unlock(); if (!task) return -ESRCH; if (task != current) return -EACCESS: P.S.: rename "length" variable. Code like this length = -EINVAL; should not exist. Link: http://lkml.kernel.org/r/20180627200218.GF18113@avx2 Signed-off-by: Alexey Dobriyan Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a44937fe4ef6a1190576492017939df636f4e38e Author: Alexey Dobriyan Date: Tue Aug 21 21:54:27 2018 -0700 proc: put task earlier in /proc/*/fail-nth Link: http://lkml.kernel.org/r/20180627195427.GE18113@avx2 Signed-off-by: Alexey Dobriyan Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8d48b2e044218ba8b3f6b1d34e96a7474b6b0688 Author: Alexey Dobriyan Date: Tue Aug 21 21:54:23 2018 -0700 proc: smaller readlock section in readdir("/proc") Readdir context is thread local, so ->pos is thread local, move it out of readlock. Link: http://lkml.kernel.org/r/20180627195339.GD18113@avx2 Signed-off-by: Alexey Dobriyan Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 2cd36fb329487e9525db3ccdbac1e92053b646fa Author: Alexey Dobriyan Date: Tue Aug 21 21:54:20 2018 -0700 proc: test /proc/thread-self symlink Same story: I have WIP patch to make it faster, so better have a test as well. Link: http://lkml.kernel.org/r/20180627195209.GC18113@avx2 Signed-off-by: Alexey Dobriyan Cc: Shuah Khan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 61d47c4e71c1f080e7412315c8685bc682a8e53a Author: Alexey Dobriyan Date: Tue Aug 21 21:54:16 2018 -0700 proc: test /proc/self symlink There are plans to change how /proc/self result is calculated, for that a test is necessary. Use direct system call because of this whole getpid caching story. Link: http://lkml.kernel.org/r/20180627195103.GB18113@avx2 Signed-off-by: Alexey Dobriyan Cc: Shuah Khan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit bdf228a27278d398ad26a156f01811be405867f9 Author: Arnd Bergmann Date: Tue Aug 21 21:54:13 2018 -0700 fs/proc/uptime.c: use ktime_get_boottime_ts64 get_monotonic_boottime() is deprecated and uses the old timespec type. Let's convert /proc/uptime to use ktime_get_boottime_ts64(). Link: http://lkml.kernel.org/r/20180620081746.282742-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Acked-by: Thomas Gleixner Cc: Al Viro Cc: Deepa Dinamani Cc: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 2d6e4e822ad8174b59414903ae6b35660032c20a Author: Alexey Dobriyan Date: Tue Aug 21 21:54:09 2018 -0700 proc: fixup PDE allocation bloat 24074a35c5c975 ("proc: Make inline name size calculation automatic") started to put PDE allocations into kmalloc-256 which is unnecessary as ~40 character names are very rare. Put allocation back into kmalloc-192 cache for 64-bit non-debug builds. Put BUILD_BUG_ON to know when PDE size has gotten out of control. [adobriyan@gmail.com: fix BUILD_BUG_ON breakage on powerpc64] Link: http://lkml.kernel.org/r/20180703191602.GA25521@avx2 Link: http://lkml.kernel.org/r/20180617215732.GA24688@avx2 Signed-off-by: Alexey Dobriyan Cc: David Howells Cc: Al Viro Cc: Stephen Rothwell Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 5df66d306ec9b1952d3d183fe4e2ced1a7b2bddb Author: Oscar Salvador Date: Tue Aug 21 21:54:06 2018 -0700 mm: fix comment for NODEMASK_ALLOC Currently, NODEMASK_ALLOC allocates a nodemask_t with kmalloc when NODES_SHIFT is higher than 8, otherwise it declares it within the stack. The comment says that the reasoning behind this, is that nodemask_t will be 256 bytes when NODES_SHIFT is higher than 8, but this is not true. For example, NODES_SHIFT = 9 will give us a 64 bytes nodemask_t. Let us fix up the comment for that. Another thing is that it might make sense to let values lower than 128bytes be allocated in the stack. Although this all depends on the depth of the stack (and this changes from function to function), I think that 64 bytes is something we can easily afford. So we could even bump the limit by 1 (from > 8 to > 9). Link: http://lkml.kernel.org/r/20180820085516.9687-1-osalvador@techadventures.net Signed-off-by: Oscar Salvador Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c8bd134a4bddafe5917d163eea73873932c15e83 Author: Peter Kalauskas Date: Tue Aug 21 21:54:02 2018 -0700 drivers/block/zram/zram_drv.c: fix bug storing backing_dev The call to strlcpy in backing_dev_store is incorrect. It should take the size of the destination buffer instead of the size of the source buffer. Additionally, ignore the newline character (\n) when reading the new file_name buffer. This makes it possible to set the backing_dev as follows: echo /dev/sdX > /sys/block/zram0/backing_dev The reason it worked before was the fact that strlcpy() copies 'len - 1' bytes, which is strlen(buf) - 1 in our case, so it accidentally didn't copy the trailing new line symbol. Which also means that "echo -n /dev/sdX" most likely was broken. Signed-off-by: Peter Kalauskas Link: http://lkml.kernel.org/r/20180813061623.GC64836@rodete-desktop-imager.corp.google.com Acked-by: Minchan Kim Reviewed-by: Sergey Senozhatsky Cc: [4.14+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7e8a6304d5419cbf056a59de92939e5eef039c57 Author: Dennis Zhou (Facebook) Date: Tue Aug 21 21:53:58 2018 -0700 /proc/meminfo: add percpu populated pages count Currently, percpu memory only exposes allocation and utilization information via debugfs. This more or less is only really useful for understanding the fragmentation and allocation information at a per-chunk level with a few global counters. This is also gated behind a config. BPF and cgroup, for example, have seen an increase in use causing increased use of percpu memory. Let's make it easier for someone to identify how much memory is being used. This patch adds the "Percpu" stat to meminfo to more easily look up how much percpu memory is in use. This number includes the cost for all allocated backing pages and not just insight at the per a unit, per chunk level. Metadata is excluded. I think excluding metadata is fair because the backing memory scales with the numbere of cpus and can quickly outweigh the metadata. It also makes this calculation light. Link: http://lkml.kernel.org/r/20180807184723.74919-1-dennisszhou@gmail.com Signed-off-by: Dennis Zhou Acked-by: Tejun Heo Acked-by: Roman Gushchin Reviewed-by: Andrew Morton Acked-by: David Rientjes Acked-by: Vlastimil Babka Cc: Johannes Weiner Cc: Christoph Lameter Cc: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3d8b38eb81cac81395f6a823f6bf401b327268e6 Author: Roman Gushchin Date: Tue Aug 21 21:53:54 2018 -0700 mm, oom: introduce memory.oom.group For some workloads an intervention from the OOM killer can be painful. Killing a random task can bring the workload into an inconsistent state. Historically, there are two common solutions for this problem: 1) enabling panic_on_oom, 2) using a userspace daemon to monitor OOMs and kill all outstanding processes. Both approaches have their downsides: rebooting on each OOM is an obvious waste of capacity, and handling all in userspace is tricky and requires a userspace agent, which will monitor all cgroups for OOMs. In most cases an in-kernel after-OOM cleaning-up mechanism can eliminate the necessity of enabling panic_on_oom. Also, it can simplify the cgroup management for userspace applications. This commit introduces a new knob for cgroup v2 memory controller: memory.oom.group. The knob determines whether the cgroup should be treated as an indivisible workload by the OOM killer. If set, all tasks belonging to the cgroup or to its descendants (if the memory cgroup is not a leaf cgroup) are killed together or not at all. To determine which cgroup has to be killed, we do traverse the cgroup hierarchy from the victim task's cgroup up to the OOMing cgroup (or root) and looking for the highest-level cgroup with memory.oom.group set. Tasks with the OOM protection (oom_score_adj set to -1000) are treated as an exception and are never killed. This patch doesn't change the OOM victim selection algorithm. Link: http://lkml.kernel.org/r/20180802003201.817-4-guro@fb.com Signed-off-by: Roman Gushchin Acked-by: Michal Hocko Acked-by: Johannes Weiner Cc: David Rientjes Cc: Tetsuo Handa Cc: Tejun Heo Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 5989ad7b5ede38d605c588981f634c08252abfc3 Author: Roman Gushchin Date: Tue Aug 21 21:53:50 2018 -0700 mm, oom: refactor oom_kill_process() Patch series "introduce memory.oom.group", v2. This is a tiny implementation of cgroup-aware OOM killer, which adds an ability to kill a cgroup as a single unit and so guarantee the integrity of the workload. Although it has only a limited functionality in comparison to what now resides in the mm tree (it doesn't change the victim task selection algorithm, doesn't look at memory stas on cgroup level, etc), it's also much simpler and more straightforward. So, hopefully, we can avoid having long debates here, as we had with the full implementation. As it doesn't prevent any futher development, and implements an useful and complete feature, it looks as a sane way forward. This patch (of 2): oom_kill_process() consists of two logical parts: the first one is responsible for considering task's children as a potential victim and printing the debug information. The second half is responsible for sending SIGKILL to all tasks sharing the mm struct with the given victim. This commit splits oom_kill_process() with an intention to re-use the the second half: __oom_kill_process(). The cgroup-aware OOM killer will kill multiple tasks belonging to the victim cgroup. We don't need to print the debug information for the each task, as well as play with task selection (considering task's children), so we can't use the existing oom_kill_process(). Link: http://lkml.kernel.org/r/20171130152824.1591-2-guro@fb.com Link: http://lkml.kernel.org/r/20180802003201.817-3-guro@fb.com Signed-off-by: Roman Gushchin Acked-by: Michal Hocko Acked-by: Johannes Weiner Acked-by: David Rientjes Cc: Vladimir Davydov Cc: Tetsuo Handa Cc: David Rientjes Cc: Tejun Heo Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 1caed86022b9eb927283d8b2cdd7216baf43029e Author: Dmitry Safonov Date: Tue Aug 21 21:53:47 2018 -0700 tools/testing/selftests/vm/: add MAP_POPULATE test As with many other projects, we use some shmalloc allocator. At some point we need to make a part of allocated pages back private to process. And it should be populated straight away. Check that (MAP_PRIVATE | MAP_POPULATE) actually copies the private page. [akpm@linux-foundation.org: change message, per review discussion] Link: http://lkml.kernel.org/r/20180801233636.29354-1-dima@arista.com Signed-off-by: Dmitry Safonov Reviewed-by: Andrew Morton Cc: Dmitry Safonov <0x7f454c46@gmail.com> Cc: Hua Zhong Cc: Shuah Khan Cc: Stuart Ritchie Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 03e85f9d5f1f8c74f127c5f7a87575d74a78d248 Author: Oscar Salvador Date: Tue Aug 21 21:53:43 2018 -0700 mm/page_alloc: Introduce free_area_init_core_hotplug Currently, whenever a new node is created/re-used from the memhotplug path, we call free_area_init_node()->free_area_init_core(). But there is some code that we do not really need to run when we are coming from such path. free_area_init_core() performs the following actions: 1) Initializes pgdat internals, such as spinlock, waitqueues and more. 2) Account # nr_all_pages and # nr_kernel_pages. These values are used later on when creating hash tables. 3) Account number of managed_pages per zone, substracting dma_reserved and memmap pages. 4) Initializes some fields of the zone structure data 5) Calls init_currently_empty_zone to initialize all the freelists 6) Calls memmap_init to initialize all pages belonging to certain zone When called from memhotplug path, free_area_init_core() only performs actions #1 and #4. Action #2 is pointless as the zones do not have any pages since either the node was freed, or we are re-using it, eitherway all zones belonging to this node should have 0 pages. For the same reason, action #3 results always in manages_pages being 0. Action #5 and #6 are performed later on when onlining the pages: online_pages()->move_pfn_range_to_zone()->init_currently_empty_zone() online_pages()->move_pfn_range_to_zone()->memmap_init_zone() This patch does two things: First, moves the node/zone initializtion to their own function, so it allows us to create a small version of free_area_init_core, where we only perform: 1) Initialization of pgdat internals, such as spinlock, waitqueues and more 4) Initialization of some fields of the zone structure data These two functions are: pgdat_init_internals() and zone_init_internals(). The second thing this patch does, is to introduce free_area_init_core_hotplug(), the memhotplug version of free_area_init_core(): Currently, we call free_area_init_node() from the memhotplug path. In there, we set some pgdat's fields, and call calculate_node_totalpages(). calculate_node_totalpages() calculates the # of pages the node has. Since the node is either new, or we are re-using it, the zones belonging to this node should not have any pages, so there is no point to calculate this now. Actually, we re-set these values to 0 later on with the calls to: reset_node_managed_pages() reset_node_present_pages() The # of pages per node and the # of pages per zone will be calculated when onlining the pages: online_pages()->move_pfn_range()->move_pfn_range_to_zone()->resize_zone_range() online_pages()->move_pfn_range()->move_pfn_range_to_zone()->resize_pgdat_range() Also, since free_area_init_core/free_area_init_node will now only get called during early init, let us replace __paginginit with __init, so their code gets freed up. [osalvador@techadventures.net: fix section usage] Link: http://lkml.kernel.org/r/20180731101752.GA473@techadventures.net [osalvador@suse.de: v6] Link: http://lkml.kernel.org/r/20180801122348.21588-6-osalvador@techadventures.net Link: http://lkml.kernel.org/r/20180730101757.28058-5-osalvador@techadventures.net Signed-off-by: Oscar Salvador Reviewed-by: Pavel Tatashin Acked-by: Michal Hocko Acked-by: Vlastimil Babka Cc: Pasha Tatashin Cc: Aaron Lu Cc: Dan Williams Cc: David Hildenbrand Cc: Joonsoo Kim Cc: Mel Gorman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 0188dc98ad5c7c361d46175623471d4be0fb8610 Author: Oscar Salvador Date: Tue Aug 21 21:53:39 2018 -0700 mm/page_alloc: inline function to handle CONFIG_DEFERRED_STRUCT_PAGE_INIT Let us move the code between CONFIG_DEFERRED_STRUCT_PAGE_INIT to an inline function. Not having an ifdef in the function makes the code more readable. Link: http://lkml.kernel.org/r/20180730101757.28058-4-osalvador@techadventures.net Signed-off-by: Oscar Salvador Acked-by: Michal Hocko Reviewed-by: Pavel Tatashin Acked-by: Vlastimil Babka Cc: Aaron Lu Cc: Dan Williams Cc: David Hildenbrand Cc: Joonsoo Kim Cc: Mel Gorman Cc: Pasha Tatashin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7cc2a9596d77e598a476ec7819046a453378d4a6 Author: Pavel Tatashin Date: Tue Aug 21 21:53:36 2018 -0700 mm: remove __paginginit __paginginit is the same thing as __meminit except for platforms without sparsemem, there it is defined as __init. Remove __paginginit and use __meminit. Use __ref in one single function that merges __meminit and __init sections: setup_usemap(). Link: http://lkml.kernel.org/r/20180801122348.21588-4-osalvador@techadventures.net Signed-off-by: Pavel Tatashin Signed-off-by: Oscar Salvador Reviewed-by: Oscar Salvador Cc: Pasha Tatashin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c1093b746c0576ed81c4d568d1e39cab651d37e6 Author: Pavel Tatashin Date: Tue Aug 21 21:53:32 2018 -0700 mm: access zone->node via zone_to_nid() and zone_set_nid() zone->node is configured only when CONFIG_NUMA=y, so it is a good idea to have inline functions to access this field in order to avoid ifdef's in c files. Link: http://lkml.kernel.org/r/20180730101757.28058-3-osalvador@techadventures.net Signed-off-by: Pavel Tatashin Signed-off-by: Oscar Salvador Reviewed-by: Oscar Salvador Acked-by: Michal Hocko Acked-by: Vlastimil Babka Cc: Aaron Lu Cc: Dan Williams Cc: David Hildenbrand Cc: Joonsoo Kim Cc: Mel Gorman Cc: Pasha Tatashin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ace1db39768cdc58f6b157d99ae5958ad34ffff8 Author: Oscar Salvador Date: Tue Aug 21 21:53:29 2018 -0700 mm/page_alloc.c: move ifdefery out of free_area_init_core Patch series "Refactor free_area_init_core and add free_area_init_core_hotplug", v6. This patchset does three things: 1) Clean up/refactor free_area_init_core/free_area_init_node by moving the ifdefery out of the functions. 2) Move the pgdat/zone initialization in free_area_init_core to its own function. 3) Introduce free_area_init_core_hotplug, a small subset of free_area_init_core, which is only called from memhotlug code path. In this way, we have: free_area_init_core: called during early initialization free_area_init_core_hotplug: called whenever a new node is allocated/re-used (memhotplug path) This patch (of 5): Moving the #ifdefs out of the function makes it easier to follow. Link: http://lkml.kernel.org/r/20180730101757.28058-2-osalvador@techadventures.net Signed-off-by: Oscar Salvador Acked-by: Michal Hocko Reviewed-by: Pavel Tatashin Acked-by: Vlastimil Babka Cc: Pasha Tatashin Cc: Mel Gorman Cc: Aaron Lu Cc: Joonsoo Kim Cc: Dan Williams Cc: David Hildenbrand Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 89696701ea847786f88ccc1c580fb4c3c20c4a3a Author: Oscar Salvador Date: Tue Aug 21 21:53:24 2018 -0700 mm: remove zone_id() and make use of zone_idx() in is_dev_zone() is_dev_zone() is using zone_id() to check if the zone is ZONE_DEVICE. zone_id() looks pretty much the same as zone_idx(), and while the use of zone_idx() is quite spread in the kernel, zone_id() is only being used by is_dev_zone(). This patch removes zone_id() and makes is_dev_zone() use zone_idx() to check the zone, so we do not have two things with the same functionality around. Link: http://lkml.kernel.org/r/20180730133718.28683-1-osalvador@techadventures.net Signed-off-by: Oscar Salvador Acked-by: Michal Hocko Acked-by: Vlastimil Babka Reviewed-by: Pavel Tatashin Cc: Pasha Tatashin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 85f237a57f143c0c895dcb7cc53fa0174522ce07 Author: juviliu Date: Tue Aug 21 21:53:20 2018 -0700 Documentation/sysctl/vm.txt: update __vm_enough_memory()'s path __vm_enough_memory has moved to mm/util.c. Link: http://lkml.kernel.org/r/E18EDF4A4FA4A04BBFA824B6D7699E532A7E5913@EXMBX-SZMAIL013.tencent.com Signed-off-by: Juvi Liu Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8de7ecc6483bf94cef9f48c4c3511ef3e9ee6d40 Author: Shakeel Butt Date: Tue Aug 21 21:53:17 2018 -0700 memcg: reduce memcg tree traversals for stats collection Currently cgroup-v1's memcg_stat_show traverses the memcg tree ~17 times to collect the stats while cgroup-v2's memory_stat_show traverses the memcg tree thrice. On a large machine, a couple thousand memcgs is very normal and if the churn is high and memcgs stick around during to several reasons, tens of thousands of nodes in memcg tree can exist. This patch has refactored and shared the stat collection code between cgroup-v1 and cgroup-v2 and has reduced the tree traversal to just one. I ran a simple benchmark which reads the root_mem_cgroup's stat file 1000 times in the presense of 2500 memcgs on cgroup-v1. The results are: Without the patch: $ time ./read-root-stat-1000-times real 0m1.663s user 0m0.000s sys 0m1.660s With the patch: $ time ./read-root-stat-1000-times real 0m0.468s user 0m0.000s sys 0m0.467s Link: http://lkml.kernel.org/r/20180724224635.143944-1-shakeelb@google.com Signed-off-by: Shakeel Butt Acked-by: Michal Hocko Cc: Johannes Weiner Cc: Vladimir Davydov Cc: Greg Thelen Cc: Bruce Merry Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 1c4c3b99c03d3e72ac643b01edcb83c0c0aafd46 Author: Jiang Biao Date: Tue Aug 21 21:53:13 2018 -0700 mm: fix page_freeze_refs and page_unfreeze_refs in comments page_freeze_refs/page_unfreeze_refs have already been relplaced by page_ref_freeze/page_ref_unfreeze , but they are not modified in the comments. Link: http://lkml.kernel.org/r/1532590226-106038-1-git-send-email-jiang.biao2@zte.com.cn Signed-off-by: Jiang Biao Acked-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8c9a134cae6f8d66f35321b07baa202f75ef2199 Author: Kees Cook Date: Tue Aug 21 21:53:10 2018 -0700 mm: clarify CONFIG_PAGE_POISONING and usage The Kconfig text for CONFIG_PAGE_POISONING doesn't mention that it has to be enabled explicitly. This updates the documentation for that and adds a note about CONFIG_PAGE_POISONING to the "page_poison" command line docs. While here, change description of CONFIG_PAGE_POISONING_ZERO too, as it's not "random" data, but rather the fixed debugging value that would be used when not zeroing. Additionally removes a stray "bool" in the Kconfig. Link: http://lkml.kernel.org/r/20180725223832.GA43733@beast Signed-off-by: Kees Cook Reviewed-by: Andrew Morton Cc: Jonathan Corbet Cc: Laura Abbott Cc: Naoya Horiguchi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a670468f5e0b5fad4db6e4d195f15915dc2a35c1 Author: Andrew Morton Date: Tue Aug 21 21:53:06 2018 -0700 mm: zero out the vma in vma_init() Rather than in vm_area_alloc(). To ensure that the various oddball stack-based vmas are in a good state. Some of the callers were zeroing them out, others were not. Acked-by: Kirill A. Shutemov Cc: Russell King Cc: Dmitry Vyukov Cc: Oleg Nesterov Cc: Andrea Arcangeli Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a3bf6ce366496016990d8578af74673ea04178ff Author: Mike Rapoport Date: Tue Aug 21 21:53:03 2018 -0700 mm/mempool.c: add missing parameter description The kernel-doc for mempool_init function is missing the description of the pool parameter. Add it. Link: http://lkml.kernel.org/r/1532336274-26228-1-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Acked-by: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 258f669e7e88c18edbc23fe5ce00a476b924551f Author: Vlastimil Babka Date: Tue Aug 21 21:52:59 2018 -0700 mm: /proc/pid/smaps_rollup: convert to single value seq_file The /proc/pid/smaps_rollup file is currently implemented via the m_start/m_next/m_stop seq_file iterators shared with the other maps files, that iterate over vma's. However, the rollup file doesn't print anything for each vma, only accumulate the stats. There are some issues with the current code as reported in [1] - the accumulated stats can get skewed if seq_file start()/stop() op is called multiple times, if show() is called multiple times, and after seeks to non-zero position. Patch [1] fixed those within existing design, but I believe it is fundamentally wrong to expose the vma iterators to the seq_file mechanism when smaps_rollup shows logically a single set of values for the whole address space. This patch thus refactors the code to provide a single "value" at offset 0, with vma iteration to gather the stats done internally. This fixes the situations where results are skewed, and simplifies the code, especially in show_smap(), at the expense of somewhat less code reuse. [1] https://marc.info/?l=linux-mm&m=151927723128134&w=2 [vbabka@suse.c: use seq_file infrastructure] Link: http://lkml.kernel.org/r/bf4525b0-fd5b-4c4c-2cb3-adee3dd95a48@suse.cz Link: http://lkml.kernel.org/r/20180723111933.15443-5-vbabka@suse.cz Signed-off-by: Vlastimil Babka Reported-by: Daniel Colascione Reviewed-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f1547959d9efd0be6cac2a2fd32f05dd7144dd6c Author: Vlastimil Babka Date: Tue Aug 21 21:52:56 2018 -0700 mm: /proc/pid/smaps: factor out common stats printing To prepare for handling /proc/pid/smaps_rollup differently from /proc/pid/smaps factor out from show_smap() printing the parts of output that are common for both variants, which is the bulk of the gathered memory stats. [vbabka@suse.cz: add const, per Alexey] Link: http://lkml.kernel.org/r/b45f319f-cd04-337b-37f8-77f99786aa8a@suse.cz Link: http://lkml.kernel.org/r/20180723111933.15443-4-vbabka@suse.cz Signed-off-by: Vlastimil Babka Reviewed-by: Alexey Dobriyan Cc: Daniel Colascione Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8e68d689afe3284a5bc1663562d3e0a45d1c64fd Author: Vlastimil Babka Date: Tue Aug 21 21:52:52 2018 -0700 mm: /proc/pid/smaps: factor out mem stats gathering To prepare for handling /proc/pid/smaps_rollup differently from /proc/pid/smaps factor out vma mem stats gathering from show_smap() - it will be used by both. Link: http://lkml.kernel.org/r/20180723111933.15443-3-vbabka@suse.cz Signed-off-by: Vlastimil Babka Reviewed-by: Alexey Dobriyan Cc: Daniel Colascione Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 871305bb20280804882bd08b39a38ccf1b4b68f9 Author: Vlastimil Babka Date: Tue Aug 21 21:52:48 2018 -0700 mm: /proc/pid/*maps remove is_pid and related wrappers Patch series "cleanups and refactor of /proc/pid/smaps*". The recent regression in /proc/pid/smaps made me look more into the code. Especially the issues with smaps_rollup reported in [1] as explained in Patch 4, which fixes them by refactoring the code. Patches 2 and 3 are preparations for that. Patch 1 is me realizing that there's a lot of boilerplate left from times where we tried (unsuccessfuly) to mark thread stacks in the output. Originally I had also plans to rework the translation from /proc/pid/*maps* file offsets to the internal structures. Now the offset means "vma number", which is not really stable (vma's can come and go between read() calls) and there's an extra caching of last vma's address. My idea was that offsets would be interpreted directly as addresses, which would also allow meaningful seeks (see the ugly seek_to_smaps_entry() in tools/testing/selftests/vm/mlock2.h). However loff_t is (signed) long long so that might be insufficient somewhere for the unsigned long addresses. So the result is fixed issues with skewed /proc/pid/smaps_rollup results, simpler smaps code, and a lot of unused code removed. [1] https://marc.info/?l=linux-mm&m=151927723128134&w=2 This patch (of 4): Commit b76437579d13 ("procfs: mark thread stack correctly in proc//maps") introduced differences between /proc/PID/maps and /proc/PID/task/TID/maps to mark thread stacks properly, and this was also done for smaps and numa_maps. However it didn't work properly and was ultimately removed by commit b18cb64ead40 ("fs/proc: Stop trying to report thread stacks"). Now the is_pid parameter for the related show_*() functions is unused and we can remove it together with wrapper functions and ops structures that differ for PID and TID cases only in this parameter. Link: http://lkml.kernel.org/r/20180723111933.15443-2-vbabka@suse.cz Signed-off-by: Vlastimil Babka Reviewed-by: Alexey Dobriyan Cc: Daniel Colascione Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 431f42fdfdb36f06f43c711fc59be9b814d8fb22 Author: Michal Hocko Date: Tue Aug 21 21:52:45 2018 -0700 mm/oom_kill.c: clean up oom_reap_task_mm() Andrew has noticed some inconsistencies in oom_reap_task_mm. Notably - Undocumented return value. - comment "failed to reap part..." is misleading - sounds like it's referring to something which happened in the past, is in fact referring to something which might happen in the future. - fails to call trace_finish_task_reaping() in one case - code duplication. - Increases mmap_sem hold time a little by moving trace_finish_task_reaping() inside the locked region. So sue me ;) - Sharing the finish: path means that the trace event won't distinguish between the two sources of finishing. Add a short explanation for the return value and fix the rest by reorganizing the function a bit to have unified function exit paths. Link: http://lkml.kernel.org/r/20180724141747.GP28386@dhcp22.suse.cz Suggested-by: Andrew Morton Signed-off-by: Michal Hocko Reviewed-by: Andrew Morton Cc: Tetsuo Handa Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c3b78b11efbb2865433abf9d22c004ffe4a73f5c Author: Rodrigo Freire Date: Tue Aug 21 21:52:41 2018 -0700 mm, oom: describe task memory unit, larger PID pad The default page memory unit of OOM task dump events might not be intuitive and potentially misleading for the non-initiated when debugging OOM events: These are pages and not kBs. Add a small printk prior to the task dump informing that the memory units are actually memory _pages_. Also extends PID field to align on up to 7 characters. Reference https://lkml.org/lkml/2018/7/3/1201 Link: http://lkml.kernel.org/r/c795eb5129149ed8a6345c273aba167ff1bbd388.1530715938.git.rfreire@redhat.com Signed-off-by: Rodrigo Freire Acked-by: David Rientjes Acked-by: Rafael Aquini Cc: Michal Hocko Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit af5679fbc669f31f7ebd0d473bca76c24c07de30 Author: Michal Hocko Date: Tue Aug 21 21:52:37 2018 -0700 mm, oom: remove oom_lock from oom_reaper oom_reaper used to rely on the oom_lock since e2fe14564d33 ("oom_reaper: close race with exiting task"). We do not really need the lock anymore though. 212925802454 ("mm: oom: let oom_reap_task and exit_mmap run concurrently") has removed serialization with the exit path based on the mm reference count and so we do not really rely on the oom_lock anymore. Tetsuo was arguing that at least MMF_OOM_SKIP should be set under the lock to prevent from races when the page allocator didn't manage to get the freed (reaped) memory in __alloc_pages_may_oom but it sees the flag later on and move on to another victim. Although this is possible in principle let's wait for it to actually happen in real life before we make the locking more complex again. Therefore remove the oom_lock for oom_reaper paths (both exit_mmap and oom_reap_task_mm). The reaper serializes with exit_mmap by mmap_sem + MMF_OOM_SKIP flag. There is no synchronization with out_of_memory path now. [mhocko@kernel.org: oom_reap_task_mm should return false when __oom_reap_task_mm did] Link: http://lkml.kernel.org/r/20180724141747.GP28386@dhcp22.suse.cz Link: http://lkml.kernel.org/r/20180719075922.13784-1-mhocko@kernel.org Signed-off-by: Michal Hocko Suggested-by: David Rientjes Acked-by: David Rientjes Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 93065ac753e4443840a057bfef4be71ec766fde9 Author: Michal Hocko Date: Tue Aug 21 21:52:33 2018 -0700 mm, oom: distinguish blockable mode for mmu notifiers There are several blockable mmu notifiers which might sleep in mmu_notifier_invalidate_range_start and that is a problem for the oom_reaper because it needs to guarantee a forward progress so it cannot depend on any sleepable locks. Currently we simply back off and mark an oom victim with blockable mmu notifiers as done after a short sleep. That can result in selecting a new oom victim prematurely because the previous one still hasn't torn its memory down yet. We can do much better though. Even if mmu notifiers use sleepable locks there is no reason to automatically assume those locks are held. Moreover majority of notifiers only care about a portion of the address space and there is absolutely zero reason to fail when we are unmapping an unrelated range. Many notifiers do really block and wait for HW which is harder to handle and we have to bail out though. This patch handles the low hanging fruit. __mmu_notifier_invalidate_range_start gets a blockable flag and callbacks are not allowed to sleep if the flag is set to false. This is achieved by using trylock instead of the sleepable lock for most callbacks and continue as long as we do not block down the call chain. I think we can improve that even further because there is a common pattern to do a range lookup first and then do something about that. The first part can be done without a sleeping lock in most cases AFAICS. The oom_reaper end then simply retries if there is at least one notifier which couldn't make any progress in !blockable mode. A retry loop is already implemented to wait for the mmap_sem and this is basically the same thing. The simplest way for driver developers to test this code path is to wrap userspace code which uses these notifiers into a memcg and set the hard limit to hit the oom. This can be done e.g. after the test faults in all the mmu notifier managed memory and set the hard limit to something really small. Then we are looking for a proper process tear down. [akpm@linux-foundation.org: coding style fixes] [akpm@linux-foundation.org: minor code simplification] Link: http://lkml.kernel.org/r/20180716115058.5559-1-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Christian König # AMD notifiers Acked-by: Leon Romanovsky # mlx and umem_odp Reported-by: David Rientjes Cc: "David (ChunMing) Zhou" Cc: Paolo Bonzini Cc: Alex Deucher Cc: David Airlie Cc: Jani Nikula Cc: Joonas Lahtinen Cc: Rodrigo Vivi Cc: Doug Ledford Cc: Jason Gunthorpe Cc: Mike Marciniszyn Cc: Dennis Dalessandro Cc: Sudeep Dutt Cc: Ashutosh Dixit Cc: Dimitri Sivanich Cc: Boris Ostrovsky Cc: Juergen Gross Cc: "Jérôme Glisse" Cc: Andrea Arcangeli Cc: Felix Kuehling Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c2343d2761f86ae1b857f78c7cdb9f51e5fa1641 Author: Huang Ying Date: Tue Aug 21 21:52:29 2018 -0700 mm/swapfile.c: put_swap_page: share more between huge/normal code path In this patch, locking related code is shared between huge/normal code path in put_swap_page() to reduce code duplication. The `free_entries == 0` case is merged into the more general `free_entries != SWAPFILE_CLUSTER` case, because the new locking method makes it easy. The added lines is same as the removed lines. But the code size is increased when CONFIG_TRANSPARENT_HUGEPAGE=n. text data bss dec hex filename base: 24123 2004 340 26467 6763 mm/swapfile.o unified: 24485 2004 340 26829 68cd mm/swapfile.o Dig on step deeper with `size -A mm/swapfile.o` for base and unified kernel and compare the result, yields, -.text 17723 0 +.text 17835 0 -.orc_unwind_ip 1380 0 +.orc_unwind_ip 1480 0 -.orc_unwind 2070 0 +.orc_unwind 2220 0 -Total 26686 +Total 27048 The total difference is the same. The text segment difference is much smaller: 112. More difference comes from the ORC unwinder segments: (1480 + 2220) - (1380 + 2070) = 250. If the frame pointer unwinder is used, this costs nothing. Link: http://lkml.kernel.org/r/20180720071845.17920-9-ying.huang@intel.com Signed-off-by: "Huang, Ying" Reviewed-by: Daniel Jordan Acked-by: Dave Hansen Cc: Michal Hocko Cc: Johannes Weiner Cc: Shaohua Li Cc: Hugh Dickins Cc: Minchan Kim Cc: Rik van Riel Cc: Dan Williams Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b32d5f32b9dbe64970f41602066f7904df15f3e9 Author: Huang Ying Date: Tue Aug 21 21:52:24 2018 -0700 mm/swapfile.c: add __swap_entry_free_locked() The part of __swap_entry_free() with lock held is separated into a new function __swap_entry_free_locked(). Because we want to reuse that piece of code in some other places. Just mechanical code refactoring, there is no any functional change in this function. Link: http://lkml.kernel.org/r/20180720071845.17920-8-ying.huang@intel.com Signed-off-by: "Huang, Ying" Reviewed-by: Daniel Jordan Acked-by: Dave Hansen Cc: Michal Hocko Cc: Johannes Weiner Cc: Shaohua Li Cc: Hugh Dickins Cc: Minchan Kim Cc: Rik van Riel Cc: Dan Williams Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 5d5e8f19544a35ae1609bd96ae6b28c9fcd1baf6 Author: Huang Ying Date: Tue Aug 21 21:52:20 2018 -0700 mm, swap, get_swap_pages: use entry_size instead of cluster in parameter As suggested by Matthew Wilcox, it is better to use "int entry_size" instead of "bool cluster" as parameter to specify whether to operate for huge or normal swap entries. Because this improve the flexibility to support other swap entry size. And Dave Hansen thinks that this improves code readability too. So in this patch, the "bool cluster" parameter of get_swap_pages() is replaced by "int entry_size". And nr_swap_entries() trick is used to reduce the binary size when !CONFIG_TRANSPARENT_HUGE_PAGE. text data bss dec hex filename base 24215 2028 340 26583 67d7 mm/swapfile.o head 24123 2004 340 26467 6763 mm/swapfile.o Link: http://lkml.kernel.org/r/20180720071845.17920-7-ying.huang@intel.com Signed-off-by: "Huang, Ying" Suggested-by: Matthew Wilcox Acked-by: Dave Hansen Cc: Daniel Jordan Cc: Michal Hocko Cc: Johannes Weiner Cc: Shaohua Li Cc: Hugh Dickins Cc: Minchan Kim Cc: Rik van Riel Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a448f2d07f891ac65cc48017f17735ec73086bf0 Author: Huang Ying Date: Tue Aug 21 21:52:17 2018 -0700 mm/swapfile.c: unify normal/huge code path in put_swap_page() In this patch, the normal/huge code path in put_swap_page() and several helper functions are unified to avoid duplicated code, bugs, etc. and make it easier to review the code. The removed lines are more than added lines. And the binary size is kept exactly same when CONFIG_TRANSPARENT_HUGEPAGE=n. Link: http://lkml.kernel.org/r/20180720071845.17920-6-ying.huang@intel.com Signed-off-by: "Huang, Ying" Suggested-by: Dave Hansen Acked-by: Dave Hansen Reviewed-by: Daniel Jordan Cc: Michal Hocko Cc: Johannes Weiner Cc: Shaohua Li Cc: Hugh Dickins Cc: Minchan Kim Cc: Rik van Riel Cc: Dan Williams Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 33ee011e5656edef6a58952006c486d342b7bbb5 Author: Huang Ying Date: Tue Aug 21 21:52:13 2018 -0700 mm/swapfile.c: unify normal/huge code path in swap_page_trans_huge_swapped() As suggested by Dave, we should unify the code path for normal and huge swap support if possible to avoid duplicated code, bugs, etc. and make it easier to review code. In this patch, the normal/huge code path in swap_page_trans_huge_swapped() is unified, the added and removed lines are same. And the binary size is kept almost same when CONFIG_TRANSPARENT_HUGEPAGE=n. text data bss dec hex filename base: 24179 2028 340 26547 67b3 mm/swapfile.o unified: 24215 2028 340 26583 67d7 mm/swapfile.o Link: http://lkml.kernel.org/r/20180720071845.17920-5-ying.huang@intel.com Signed-off-by: "Huang, Ying" Suggested-and-acked-by: Dave Hansen Reviewed-by: Daniel Jordan Cc: Michal Hocko Cc: Johannes Weiner Cc: Shaohua Li Cc: Hugh Dickins Cc: Minchan Kim Cc: Rik van Riel Cc: Dan Williams Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit afa4711ef1399beb60964dcb2cd0369dfb0ac20a Author: Huang Ying Date: Tue Aug 21 21:52:09 2018 -0700 mm/swapfile.c: use swap_count() in swap_page_trans_huge_swapped() In swap_page_trans_huge_swapped(), to identify whether there's any page table mapping for a 4k sized swap entry, "si->swap_map[i] != SWAP_HAS_CACHE" is used. This works correctly now, because all users of the function will only call it after checking SWAP_HAS_CACHE. But as pointed out by Daniel, it is better to use "swap_count(map[i])" here, because it works for "map[i] == 0" case too. And this makes the implementation more consistent between normal and huge swap entry. Link: http://lkml.kernel.org/r/20180720071845.17920-4-ying.huang@intel.com Signed-off-by: "Huang, Ying" Suggested-and-reviewed-by: Daniel Jordan Acked-by: Dave Hansen Cc: Michal Hocko Cc: Johannes Weiner Cc: Shaohua Li Cc: Hugh Dickins Cc: Minchan Kim Cc: Rik van Riel Cc: Dan Williams Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit fe5266d5d5948abc6e71cdabb98e3f5cba811205 Author: Huang Ying Date: Tue Aug 21 21:52:05 2018 -0700 mm/swapfile.c: replace some #ifdef with IS_ENABLED() In mm/swapfile.c, THP (Transparent Huge Page) swap specific code is enclosed by #ifdef CONFIG_THP_SWAP/#endif to avoid code dilating when THP isn't enabled. But #ifdef/#endif in .c file hurt the code readability, so Dave suggested to use IS_ENABLED(CONFIG_THP_SWAP) instead and let compiler to do the dirty job for us. This has potential to remove some duplicated code too. From output of `size`, text data bss dec hex filename THP=y: 26269 2076 340 28685 700d mm/swapfile.o ifdef/endif: 24115 2028 340 26483 6773 mm/swapfile.o IS_ENABLED: 24179 2028 340 26547 67b3 mm/swapfile.o IS_ENABLED() based solution works quite well, almost as good as that of #ifdef/#endif. And from the diffstat, the removed lines are more than added lines. One #ifdef for split_swap_cluster() is kept. Because it is a public function with a stub implementation for CONFIG_THP_SWAP=n in swap.h. Link: http://lkml.kernel.org/r/20180720071845.17920-3-ying.huang@intel.com Signed-off-by: "Huang, Ying" Suggested-and-acked-by: Dave Hansen Reviewed-by: Daniel Jordan Reviewed-by: Andrew Morton Cc: Michal Hocko Cc: Johannes Weiner Cc: Shaohua Li Cc: Hugh Dickins Cc: Minchan Kim Cc: Rik van Riel Cc: Dan Williams Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 59d98bf3c2b9218ff4cdb2a70aa52fffedf1786c Author: Huang Ying Date: Tue Aug 21 21:52:01 2018 -0700 mm: swap: add comments to lock_cluster_or_swap_info() Patch series "swap: THP optimizing refactoring", v4. Now the THP (Transparent Huge Page) swap optimizing is implemented in the way like below, #ifdef CONFIG_THP_SWAP huge_function(...) { } #else normal_function(...) { } #endif general_function(...) { if (huge) return thp_function(...); else return normal_function(...); } As pointed out by Dave Hansen, this will, 1. Create a new, wholly untested code path for huge page 2. Create two places to patch bugs 3. Are not reusing code when possible This patchset is to address these problems via merging huge/normal code path/functions if possible. One concern is that this may cause code size to dilate when !CONFIG_TRANSPARENT_HUGEPAGE. The data shows that most refactoring will only cause quite slight code size increase. This patch (of 8): To improve code readability. Link: http://lkml.kernel.org/r/20180720071845.17920-2-ying.huang@intel.com Signed-off-by: "Huang, Ying" Suggested-and-acked-by: Dave Hansen Reviewed-by: Daniel Jordan Reviewed-by: Andrew Morton Cc: Michal Hocko Cc: Johannes Weiner Cc: Shaohua Li Cc: Hugh Dickins Cc: Minchan Kim Cc: Rik van Riel Cc: Dan Williams Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit e50ef89b0f58a2cb0e7d496a97b851e0dced62a6 Author: Kirill Tkhai Date: Tue Aug 21 21:51:57 2018 -0700 mm: struct shrinker: make flags of unsigned type Currently, there are two flags only, so unsigned is more then enough. Also, move int seeks to keep these fields together. Link: http://lkml.kernel.org/r/153199748720.21131.6476256940113102483.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Michal Hocko Cc: Vladimir Davydov Cc: Tetsuo Handa Cc: Chris Wilson Cc: Greg Kroah-Hartman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 92be775a3db343889ab159c44d55315c5ee0be4e Author: Kirill Tkhai Date: Tue Aug 21 21:51:53 2018 -0700 mm: struct shrink_control: keep int fields together Patch series "Reorderings in struct shrinker and struct shrink_control". These structures are intensively used during reclaim and, displace other data in cache, so there is no a reason they have int fields not grouped together. This patch (of 2): gfp_t is of unsigned type, so let's move nid to keep them together. Link: http://lkml.kernel.org/r/153199747930.21131.861043607301997810.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Michal Hocko Cc: Vladimir Davydov Cc: Tetsuo Handa Cc: Chris Wilson Cc: Greg Kroah-Hartman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8df4a44cc46bf9dcfb80a37a59ae5dea2232dc58 Author: Kirill Tkhai Date: Tue Aug 21 21:51:49 2018 -0700 mm: check shrinker is memcg-aware in register_shrinker_prepared() There is a sad BUG introduced in patch adding SHRINKER_REGISTERING. shrinker_idr business is only for memcg-aware shrinkers. Only such type of shrinkers have id and they must be finaly installed via idr_replace() in this function. For !memcg-aware shrinkers we never initialize shrinker->id field. But there are all types of shrinkers passed to idr_replace(), and every !memcg-aware shrinker with random ID (most probably, its id is 0) replaces memcg-aware shrinker pointed by the ID in IDR. This patch fixes the problem. Link: http://lkml.kernel.org/r/8ff8a793-8211-713a-4ed9-d6e52390c2fc@virtuozzo.com Fixes: 7e010df53c80 "mm: use special value SHRINKER_REGISTERING instead of list_empty() check" Signed-off-by: Kirill Tkhai Reported-by: Cc: Andrey Ryabinin Cc: Johannes Weiner Cc: Josef Bacik Cc: Mel Gorman Cc: Michal Hocko Cc: Tetsuo Handa Cc: Shakeel Butt Cc: Cc: Huang Ying Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 0633da48f0793aeba27f82d30605624416723a91 Author: Ian Kent Date: Tue Aug 21 21:51:45 2018 -0700 autofs: fix autofs_sbi() does not check super block type autofs_sbi() does not check the superblock magic number to verify it has been given an autofs super block. Link: http://lkml.kernel.org/r/153475422934.17131.7563724552005298277.stgit@pluto.themaw.net Reported-by: Signed-off-by: Ian Kent Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7b6924d94a60c6b8c1279ca003e8744e6cd9e8b1 Author: Jeremy Cline Date: Tue Jul 31 01:37:31 2018 +0000 fs/quota: Fix spectre gadget in do_quotactl 'type' is user-controlled, so sanitize it after the bounds check to avoid using it in speculative execution. This covers the following potential gadgets detected with the help of smatch: * fs/ext4/super.c:5741 ext4_quota_read() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/ext4/super.c:5778 ext4_quota_write() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/f2fs/super.c:1552 f2fs_quota_read() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/f2fs/super.c:1608 f2fs_quota_write() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/quota/dquot.c:412 mark_info_dirty() warn: potential spectre issue 'sb_dqopt(sb)->info' [w] * fs/quota/dquot.c:933 dqinit_needed() warn: potential spectre issue 'dquots' [r] * fs/quota/dquot.c:2112 dquot_commit_info() warn: potential spectre issue 'dqopt->ops' [r] * fs/quota/dquot.c:2362 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->files' [w] (local cap) * fs/quota/dquot.c:2369 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->ops' [w] (local cap) * fs/quota/dquot.c:2370 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->info' [w] (local cap) * fs/quota/quota.c:110 quota_getfmt() warn: potential spectre issue 'sb_dqopt(sb)->info' [r] * fs/quota/quota_v2.c:84 v2_check_quota_file() warn: potential spectre issue 'quota_magics' [w] * fs/quota/quota_v2.c:85 v2_check_quota_file() warn: potential spectre issue 'quota_versions' [w] * fs/quota/quota_v2.c:96 v2_read_file_info() warn: potential spectre issue 'dqopt->info' [r] * fs/quota/quota_v2.c:172 v2_write_file_info() warn: potential spectre issue 'dqopt->info' [r] Additionally, a quick inspection indicates there are array accesses with 'type' in quota_on() and quota_off() functions which are also addressed by this. Cc: Josh Poimboeuf Cc: stable@vger.kernel.org Signed-off-by: Jeremy Cline Signed-off-by: Jan Kara commit 64d9d13828c6c8e188bba63794eee923df3d69a9 Author: Jeremy Cline Date: Tue Jul 31 01:37:30 2018 +0000 fs/quota: Replace XQM_MAXQUOTAS usage with MAXQUOTAS XQM_MAXQUOTAS and MAXQUOTAS are, it appears, equivalent. Replace all usage of XQM_MAXQUOTAS and remove it along with the unused XQM_*QUOTA definitions. Signed-off-by: Jeremy Cline Signed-off-by: Jan Kara commit 87915adc3f0acdf03c776df42e308e5a155c19af Author: Johannes Berg Date: Wed Aug 22 11:49:04 2018 +0200 workqueue: re-add lockdep dependencies for flushing In flush_work(), we need to create a lockdep dependency so that the following scenario is appropriately tagged as a problem: work_function() { mutex_lock(&mutex); ... } other_function() { mutex_lock(&mutex); flush_work(&work); // or cancel_work_sync(&work); } This is a problem since the work might be running and be blocked on trying to acquire the mutex. Similarly, in flush_workqueue(). These were removed after cross-release partially caught these problems, but now cross-release was reverted anyway. IMHO the removal was erroneous anyway though, since lockdep should be able to catch potential problems, not just actual ones, and cross-release would only have caught the problem when actually invoking wait_for_completion(). Fixes: fd1a5b04dfb8 ("workqueue: Remove now redundant lock acquisitions wrt. workqueue flushes") Signed-off-by: Johannes Berg Signed-off-by: Tejun Heo commit d6e89786bed977f37f55ffca11e563f6d2b1e3b5 Author: Johannes Berg Date: Wed Aug 22 11:49:03 2018 +0200 workqueue: skip lockdep wq dependency in cancel_work_sync() In cancel_work_sync(), we can only have one of two cases, even with an ordered workqueue: * the work isn't running, just cancelled before it started * the work is running, but then nothing else can be on the workqueue before it Thus, we need to skip the lockdep workqueue dependency handling, otherwise we get false positive reports from lockdep saying that we have a potential deadlock when the workqueue also has other work items with locking, e.g. work1_function() { mutex_lock(&mutex); ... } work2_function() { /* nothing */ } other_function() { queue_work(ordered_wq, &work1); queue_work(ordered_wq, &work2); mutex_lock(&mutex); cancel_work_sync(&work2); } As described above, this isn't a problem, but lockdep will currently flag it as if cancel_work_sync() was flush_work(), which *is* a problem. Signed-off-by: Johannes Berg Signed-off-by: Tejun Heo commit 2d17f460c5d79fa9fc794e813377f3276acf81ce Author: Kunihiko Hayashi Date: Wed Aug 22 21:13:03 2018 +0900 ata: ahci_platform: enable to get and control reset Unlike SoC-specific driver, generic ahci_platform driver doesn't have any chances to control resets. This adds AHCI_PLATFORM_GET_RESETS to ahci_platform_get_resources() on the generic driver to enable reset control support. Suggested-by: Hans de Goede Cc: Thierry Reding Signed-off-by: Kunihiko Hayashi Reviewed-by: Hans de Goede Signed-off-by: Tejun Heo commit 9d2ab99573970838108add835442a03e23f8577b Author: Kunihiko Hayashi Date: Wed Aug 22 21:13:02 2018 +0900 ata: libahci_platform: add reset control support Add support to get and control a list of resets for the device as optional and shared. These resets must be kept de-asserted until the device is enabled. This is specified as shared because some SoCs like UniPhier series have common reset controls with all ahci controller instances. However, according to Thierry's view, https://www.spinics.net/lists/linux-ide/msg55357.html some hardware-specific drivers already use their own resets, and the common reset make a path to occur double controls of resets. The ahci_platform_get_resources() can get and control the reset only when the second argument includes AHCI_PLATFORM_GET_RESETS bit. Suggested-by: Hans de Goede Cc: Thierry Reding Signed-off-by: Kunihiko Hayashi Reviewed-by: Hans de Goede Signed-off-by: Tejun Heo commit 16af2d65842d343c2f95733c3993a0b5baab08f9 Author: Kunihiko Hayashi Date: Wed Aug 22 21:13:01 2018 +0900 ata: add an extra argument to ahci_platform_get_resources() Add an extra argument to ahci_platform_get_resources(), that is for the bitmap representing the resource to get in this function. Currently there is no resources to be defined, so all the callers set '0' to the argument. Suggested-by: Hans de Goede Cc: Thierry Reding Cc: Matthias Brugger Cc: Patrice Chotard Cc: Maxime Ripard Signed-off-by: Kunihiko Hayashi Reviewed-by: Hans de Goede Signed-off-by: Tejun Heo commit ce32d59ee2cd036f6e8a6ed17a06a0b0bec5c67c Author: Keerthy Date: Wed Jul 25 11:25:35 2018 +0530 arm: dts: am4372: setup rtc as system-power-controller RTC alarm2 is connected to pmic_en line and hence can be used to control the pmic enabling/disabling. Hence add the system-power-controller for rtc node. Signed-off-by: Keerthy Signed-off-by: Tony Lindgren commit f4efa74c09a7eddcc12cd13208f78743763f6e7a Author: Pavel Machek Date: Wed Aug 1 22:28:21 2018 +0200 ARM: dts: omap4-droid4: fix vibrations on Droid 4 Vibration GPIOs don't have anything to do with wakeup. Move it to normal section; this fixes vibrations on Droid 4. Fixes: a5effd968301 ("ARM: dts: omap4-droid4: Add vibrator") Signed-off-by: Pavel Machek Reviewed-by: Sebastian Reichel Signed-off-by: Tony Lindgren commit 4f3530f4a41d49c41015020cd9a5ed5c95b5d2db Author: Tony Lindgren Date: Wed Aug 8 01:07:06 2018 -0700 bus: ti-sysc: Fix no_console_suspend handling If no_console_suspend is set, we should keep console enabled during suspend. Lets fix this by only producing a warning if we can't idle hardware during suspend. Fixes: ef55f8215a78 ("bus: ti-sysc: Improve suspend and resume handling") Signed-off-by: Tony Lindgren commit 0027ff2a75f9dcf0537ac0a65c5840b0e21a4950 Author: Paolo Bonzini Date: Wed Aug 22 16:43:39 2018 +0200 KVM: VMX: fixes for vmentry_l1d_flush module parameter Two bug fixes: 1) missing entries in the l1d_param array; this can cause a host crash if an access attempts to reach the missing entry. Future-proof the get function against any overflows as well. However, the two entries VMENTER_L1D_FLUSH_EPT_DISABLED and VMENTER_L1D_FLUSH_NOT_REQUIRED must not be accepted by the parse function, so disable them there. 2) invalid values must be rejected even if the CPU does not have the bug, so test for them before checking boot_cpu_has(X86_BUG_L1TF) ... and a small refactoring, since the .cmd field is redundant with the index in the array. Reported-by: Bandan Das Cc: stable@vger.kernel.org Fixes: a7b9020b06ec6d7c3f3b0d4ef1a9eba12654f4f7 Signed-off-by: Paolo Bonzini commit 3b4cd0ff5407c14900bcda7ea4aeb43a65620deb Author: Peter Xu Date: Wed Aug 22 15:20:00 2018 +0800 kvm: selftest: add dirty logging test Test KVM dirty logging functionality. The test creates a standalone memory slot to test tracking the dirty pages since we can't really write to the default memory slot which still contains the guest ELF image. We have two threads running during the test: (1) the vcpu thread continuously dirties random guest pages by writting a iteration number to the first 8 bytes of the page (2) the host thread continuously fetches dirty logs for the testing memory region and verify each single bit of the dirty bitmap by checking against the values written onto the page Note that since the guest cannot calls the general userspace APIs like random(), it depends on the host to provide random numbers for the page indexes to dirty. Signed-off-by: Peter Xu Signed-off-by: Paolo Bonzini commit aee41be5933fdd1cd6fbd80b31954585e3520d98 Author: Peter Xu Date: Wed Aug 22 15:19:59 2018 +0800 kvm: selftest: pass in extra memory when create vm This information can be used to decide the size of the default memory slot, which will need to cover the extra pages with page tables. Signed-off-by: Peter Xu Signed-off-by: Paolo Bonzini commit bc8eb2fe2eefbcf66c947daebce7055a4110c66c Author: Peter Xu Date: Wed Aug 22 15:19:58 2018 +0800 kvm: selftest: include the tools headers Let the kvm selftest include the tools headers, then we can start to use things there like bitmap operations. Signed-off-by: Peter Xu Signed-off-by: Paolo Bonzini commit 4e18bccc2e5544f0be28fc1c4e6be47a469d6c60 Author: Peter Xu Date: Wed Aug 22 15:19:57 2018 +0800 kvm: selftest: unify the guest port macros Most of the tests are using the same way to do guest to host sync but the code is mostly duplicated. Generalize the guest port macros into the common header file and use it in different tests. Meanwhile provide "struct guest_args" and a helper "guest_args_read()" to hide the register details when playing with these port operations on RDI and RSI. Signed-off-by: Peter Xu Signed-off-by: Paolo Bonzini commit 07a262cc7c586e3f385a61b8870b0913bf31309a Author: Peter Xu Date: Wed Aug 22 15:19:56 2018 +0800 tools: introduce test_and_clear_bit We have test_and_set_bit but not test_and_clear_bit. Add it. Signed-off-by: Peter Xu Signed-off-by: Paolo Bonzini commit 024d83cadc6b2af027e473720f3c3da97496c318 Author: Thomas Gleixner Date: Sun Aug 12 20:41:45 2018 +0200 KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled Mikhail reported the following lockdep splat: WARNING: possible irq lock inversion dependency detected CPU 0/KVM/10284 just changed the state of lock: 000000000d538a88 (&st->lock){+...}, at: speculative_store_bypass_update+0x10b/0x170 but this lock was taken by another, HARDIRQ-safe lock in the past: (&(&sighand->siglock)->rlock){-.-.} and interrupts could create inverse lock ordering between them. Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&st->lock); local_irq_disable(); lock(&(&sighand->siglock)->rlock); lock(&st->lock); lock(&(&sighand->siglock)->rlock); *** DEADLOCK *** The code path which connects those locks is: speculative_store_bypass_update() ssb_prctl_set() do_seccomp() do_syscall_64() In svm_vcpu_run() speculative_store_bypass_update() is called with interupts enabled via x86_virt_spec_ctrl_set_guest/host(). This is actually a false positive, because GIF=0 so interrupts are disabled even if IF=1; however, we can easily move the invocations of x86_virt_spec_ctrl_set_guest/host() into the interrupt disabled region to cure it, and it's a good idea to keep the GIF=0/IF=1 area as small and self-contained as possible. Fixes: 1f50ddb4f418 ("x86/speculation: Handle HT correctly on AMD") Reported-by: Mikhail Gavrilov Signed-off-by: Thomas Gleixner Tested-by: Mikhail Gavrilov Cc: Joerg Roedel Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Matthew Wilcox Cc: Borislav Petkov Cc: Konrad Rzeszutek Wilk Cc: Tom Lendacky Cc: kvm@vger.kernel.org Cc: x86@kernel.org Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini commit 0b665d30402819830caa21aa23942f70f36a7e72 Author: Sean Christopherson Date: Tue Aug 14 09:33:34 2018 -0700 KVM: vmx: Inject #UD for SGX ENCLS instruction in guest Virtualization of Intel SGX depends on Enclave Page Cache (EPC) management that is not yet available in the kernel, i.e. KVM support for exposing SGX to a guest cannot be added until basic support for SGX is upstreamed, which is a WIP[1]. Until SGX is properly supported in KVM, ensure a guest sees expected behavior for ENCLS, i.e. all ENCLS #UD. Because SGX does not have a true software enable bit, e.g. there is no CR4.SGXE bit, the ENCLS instruction can be executed[1] by the guest if SGX is supported by the system. Intercept all ENCLS leafs (via the ENCLS- exiting control and field) and unconditionally inject #UD. [1] https://www.spinics.net/lists/kvm/msg171333.html or https://lkml.org/lkml/2018/7/3/879 [2] A guest can execute ENCLS in the sense that ENCLS will not take an immediate #UD, but no ENCLS will ever succeed in a guest without explicit support from KVM (map EPC memory into the guest), unless KVM has a *very* egregious bug, e.g. accidentally mapped EPC memory into the guest SPTEs. In other words this patch is needed only to prevent the guest from seeing inconsistent behavior, e.g. #GP (SGX not enabled in Feature Control MSR) or #PF (leaf operand(s) does not point at EPC memory) instead of #UD on ENCLS. Intercepting ENCLS is not required to prevent the guest from truly utilizing SGX. Signed-off-by: Sean Christopherson Message-Id: <20180814163334.25724-3-sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini commit 802ec461670773b433b678b27145050262df5994 Author: Sean Christopherson Date: Tue Aug 14 09:33:33 2018 -0700 KVM: vmx: Add defines for SGX ENCLS exiting Hardware support for basic SGX virtualization adds a new execution control (ENCLS_EXITING), VMCS field (ENCLS_EXITING_BITMAP) and exit reason (ENCLS), that enables a VMM to intercept specific ENCLS leaf functions, e.g. to inject faults when the VMM isn't exposing SGX to a VM. When ENCLS_EXITING is enabled, the VMM can set/clear bits in the bitmap to intercept/allow ENCLS leaf functions in non-root, e.g. setting bit 2 in the ENCLS_EXITING_BITMAP will cause ENCLS[EINIT] to VMExit(ENCLS). Note: EXIT_REASON_ENCLS was previously added by commit 1f5199927034 ("KVM: VMX: add missing exit reasons"). Signed-off-by: Sean Christopherson Message-Id: <20180814163334.25724-2-sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini commit d806afa495e2e2a1a726e26c5e44f27818e804c1 Author: Yi Wang Date: Thu Aug 16 13:42:39 2018 +0800 x86/kvm/vmx: Fix coding style in vmx_setup_l1d_flush() Substitute spaces with tab. No functional changes. Signed-off-by: Yi Wang Reviewed-by: Jiang Biao Message-Id: <1534398159-48509-1-git-send-email-wang.yi59@zte.com.cn> Cc: stable@vger.kernel.org # L1TF Signed-off-by: Paolo Bonzini commit 7288bde1f9df6c1475675419bdd7725ce84dec56 Author: Arnd Bergmann Date: Mon Aug 20 23:37:50 2018 +0200 x86: kvm: avoid unused variable warning Removing one of the two accesses of the maxphyaddr variable led to a harmless warning: arch/x86/kvm/x86.c: In function 'kvm_set_mmio_spte_mask': arch/x86/kvm/x86.c:6563:6: error: unused variable 'maxphyaddr' [-Werror=unused-variable] Removing the #ifdef seems to be the nicest workaround, as it makes the code look cleaner than adding another #ifdef. Fixes: 28a1f3ac1d0c ("kvm: x86: Set highest physical address bits in non-present/reserved SPTEs") Signed-off-by: Arnd Bergmann Cc: stable@vger.kernel.org # L1TF Signed-off-by: Paolo Bonzini commit df2def49c57b4146520a1f4ca37bc3f494e2cd67 Merge: dfec4a8478e8 d1f3ab5b13c0 Author: Linus Torvalds Date: Wed Aug 22 07:44:50 2018 -0700 Merge tag 'acpi-4.19-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull more ACPI updates from Rafael Wysocki: "These update the ACPICA code in the kernel to the most recent upstream revision (which includes a regression fix and other improvements), make ACPICA clear the status of all ACPI events when entering sleep states (to restore the previous behavior) and update the ACPI operation region driver for the CrystalCove PMIC. Specifics: - Update the ACPICA code in the kernel to upstream revision 20180810 including: * Fix for AML parser regression causing it to mishandle opcodes that open a scope upon parse failures (Erik Schmauss) * Fix for a reference counting issue on large systems (Erik Schmauss) * Fix to discard values coming from register reads that have failed (Erik Schmauss) * Two acpiexec fixes (Bob Moore, Erik Schmauss) * Debugger cleanup (Bob Moore) * Cleanup of duplicate table error message (Bob Moore) * Cleanup of hex detection in the utilities (Erik Schmauss) - Make ACPICA clear the status of all ACPI events when entering sleep states again to avoid functional regressions (Rafael Wysocki) - Update the ACPI operation region driver for the CrystalCove PMIC to cover all of the known operation region fields (Hans de Goede)" * tag 'acpi-4.19-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI / PMIC: CrystalCove: Extend PMOP support to support all possible fields ACPICA: Clear status of all events when entering sleep states ACPICA: Update version to 20180810 ACPICA: acpiexec: fix a small memory leak regression ACPICA: Reference Counts: increase max to 0x4000 for large servers ACPICA: Reference count: add additional debugging details ACPICA: acpi_exec: fixing -fi option ACPICA: Debugger: Cleanup interface to the AML disassembler ACPICA: AML Parser: skip opcodes that open a scope upon parse failure ACPICA: Utilities: split hex detection into smaller functions ACPICA: Update an error message for a duplicate table ACPICA: ACPICA: add status check for acpi_hw_read before assigning return value ACPICA: AML Parser: ignore all exceptions resulting from incorrect AML during table load commit dfec4a8478e8e81483a94b663f13153bb7796800 Merge: 159127ea8318 01ac7c4c2e03 Author: Linus Torvalds Date: Wed Aug 22 07:42:36 2018 -0700 Merge tag 'pm-4.19-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull more power management updates from Rafael Wysocki: "These fix the main idle loop and the menu cpuidle governor, clean up the latter, fix a mistake in the PCI bus type's support for system suspend and resume, fix the ondemand and conservative cpufreq governors, address a build issue in the system wakeup framework and make the ACPI C-states desciptions less confusing. Specifics: - Make the idle loop handle stopped scheduler tick correctly (Rafael Wysocki). - Prevent the menu cpuidle governor from letting CPUs spend too much time in shallow idle states when it is invoked with scheduler tick stopped and clean it up somewhat (Rafael Wysocki). - Avoid invoking the platform firmware to make the platform enter the ACPI S3 sleep state with suspended PCIe root ports which may confuse the firmware and cause it to crash (Rafael Wysocki). - Fix sysfs-related race in the ondemand and conservative cpufreq governors which may cause the system to crash if the governor module is removed during an update of CPU frequency limits (Henry Willard). - Select SRCU when building the system wakeup framework to avoid a build issue in it (zhangyi). - Make the descriptions of ACPI C-states vendor-neutral to avoid confusion (Prarit Bhargava)" * tag 'pm-4.19-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpuidle: menu: Handle stopped tick more aggressively sched: idle: Avoid retaining the tick when it has been stopped PCI / ACPI / PM: Resume all bridges on suspend-to-RAM cpuidle: menu: Update stale polling override comment cpufreq: governor: Avoid accessing invalid governor_data x86/ACPI/cstate: Make APCI C1 FFH MWAIT C-state description vendor-neutral cpuidle: menu: Fix white space PM / sleep: wakeup: Fix build error caused by missing SRCU support commit 159127ea8318974b76542f62d6d23ec8bec91a28 Merge: 9617ba395f05 a2eed33dcdb7 Author: Linus Torvalds Date: Wed Aug 22 07:40:33 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide Pull IDE updates from David Miller: - Remove redundant variables (Colin Ian King) - Expected switch fall-through annotations (Gustavo A. R. Silva) * git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide: ide: mark expected switch fall-throughs ide-tape: remove redundant variable buffer_size ide: remove redundant variables queue_run_ms and left commit 9617ba395f05f2f836d078363463f8978b0f73bc Merge: 20a9e57a09d3 c84ca616b126 Author: Linus Torvalds Date: Wed Aug 22 07:38:21 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc Pull sparc updates from David Miller: "Nothing super serious: - Convert sparc32 over to NO_BOOTMEM (Mike Rapoport) - Use dma_noncoherent_ops on sparc32 (Christoph Hellwig) - Fix kbuild defconfig handling on sparc32 (Masahiro Yamada)" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc: fix KBUILD_DEFCONFIG for ARCH=sparc32 sparc32: split ramdisk detection and reservation to a helper function sparc32: switch to NO_BOOTMEM sparc: mm/init_32: kill trailing whitespace sparc: use generic dma_noncoherent_ops commit f6f57a46435d7253a52a1a07a58183678ad266a0 Author: Masahiro Yamada Date: Tue Aug 21 00:29:51 2018 +0900 initramfs: move gen_initramfs_list.sh from scripts/ to usr/ scripts/gen_initramfs_list.sh is only invoked from usr/Makefile. Move it so that all tools to create initramfs are self-contained in the usr/ directory. Signed-off-by: Masahiro Yamada commit 7953002a7c6561c93defd19c81737012ef5a10dc Author: Masahiro Yamada Date: Tue Aug 21 00:06:24 2018 +0900 vmlinux.lds.h: remove stale include This is unneeded since commit a62143850053 ("vmlinux.lds.h: remove no-op macro VMLINUX_SYMBOL()"). Signed-off-by: Masahiro Yamada commit c4df32c80d04987023844c1fb13734a872c8f2e2 Author: Masahiro Yamada Date: Sun Aug 19 07:34:47 2018 +0900 export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR() With the special case handling for Blackfin and Metag was removed by commit 94e58e0ac312 ("export.h: remove code for prefixing symbols with underscore"), VMLINUX_SYMBOL() is no-op. Replace the remaining usages, then remove the definition of VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR(). Signed-off-by: Masahiro Yamada commit 6fbd856950b41345ad5c893613efebdc0c356bc7 Author: zhong jiang Date: Sat Aug 18 21:51:12 2018 +0800 Coccinelle: remove pci_alloc_consistent semantic to detect in zalloc-simple.cocci Because pci_alloc_consistent has been deprecated. We prefer to use dma_alloc_coherent directly. Therefore, we should remove pci_alloc_consistent to increase the confidence. Acked-by: Julia Lawall Acked-by: Himanshu Jha Signed-off-by: zhong jiang Signed-off-by: Masahiro Yamada commit f55f2328bb28a8517620518c5d124f5194673309 Author: Andrzej Pietrasiewicz Date: Fri Aug 17 14:03:19 2018 +0200 kbuild: make sorting initramfs contents independent of locale Some LANG values (e.g. pl_PL.UTF-8) cause the sort command to output files before their parent directories, which makes them inaccessible for the kernel. In other words, when the kernel populates the rootfs, it is unable to create files whose parent directories have not been yet created. This patch makes sorting use the default (LANG=C) locale, which results in correctly laid out initramfs images (parent directories before files). Signed-off-by: Andrzej Pietrasiewicz Signed-off-by: Masahiro Yamada commit dd5806ede3d71b7577d1d9ec853755709b6b40fa Author: Masahiro Yamada Date: Fri Aug 17 11:37:21 2018 +0900 kbuild: remove "rpm" target, which is alias of "rpm-pkg" As commit ebaad7d36406 ("kbuild: rpm: prompt to use "rpm-pkg" if "rpm" target is used") noticed, the "rpm" target is now removed. I assume people have already migrated to "rpm-pkg". Signed-off-by: Masahiro Yamada commit c86b1f934215796b2a8e74b76eed733d104e21fc Author: Michal Suchanek Date: Thu Aug 16 19:05:55 2018 +0200 kbuild: Fix LOADLIBES rename in Documentation/kbuild/makefiles.txt Fixes: 8377bd2b9ee1 ("kbuild: Rename HOST_LOADLIBES to KBUILD_HOSTLDLIBS") Signed-off-by: Michal Suchanek Acked-by: Laura Abbott Signed-off-by: Masahiro Yamada commit 9a9ddcf478319bff313837ca235c557d16133b3d Author: Masahiro Yamada Date: Thu Aug 16 16:48:26 2018 +0900 kconfig: suppress "configuration written to .config" for syncconfig The top-level Makefile invokes "make syncconfig" when necessary. Then, Kconfig displays the following message when .config is updated. # # configuration written to .config # It is distracting because "make syncconfig" happens during the build stage, and does nothing important in most cases. Suggested-by: Linus Torvalds Signed-off-by: Masahiro Yamada commit 98a4afbfafd226636cd6bb6a1208b3693daff2b1 Author: Masahiro Yamada Date: Thu Aug 16 13:36:48 2018 +0900 kconfig: fix "Can't open ..." in parallel build If you run "make menuconfig" or "make nconfig" with -j option in a fresh source tree, you will see several "Can't open ..." messages: $ make -j8 menuconfig HOSTCC scripts/basic/fixdep YACC scripts/kconfig/zconf.tab.c LEX scripts/kconfig/zconf.lex.c /bin/sh: 1: .: Can't open scripts/kconfig/.mconf-cfg /bin/sh: 1: .: Can't open scripts/kconfig/.mconf-cfg /bin/sh: 1: .: Can't open scripts/kconfig/.mconf-cfg /bin/sh: 1: .: HOSTCC scripts/kconfig/lxdialog/checklist.o Can't open scripts/kconfig/.mconf-cfg /bin/sh: 1: .: Can't open scripts/kconfig/.mconf-cfg /bin/sh: 1: .: Can't open scripts/kconfig/.mconf-cfg /bin/sh: 1: .: Can't open scripts/kconfig/.mconf-cfg HOSTCC scripts/kconfig/lxdialog/inputbox.o /bin/sh: 1: .: Can't open scripts/kconfig/.mconf-cfg /bin/sh: 1: .: Can't open scripts/kconfig/.mconf-cfg /bin/sh: 1: .: Can't open scripts/kconfig/.mconf-cfg UPD scripts/kconfig/.mconf-cfg /bin/sh: 1: .: Can't open scripts/kconfig/.mconf-cfg HOSTCC scripts/kconfig/lxdialog/menubox.o HOSTCC scripts/kconfig/lxdialog/textbox.o HOSTCC scripts/kconfig/lxdialog/util.o HOSTCC scripts/kconfig/lxdialog/yesno.o HOSTCC scripts/kconfig/mconf.o HOSTCC scripts/kconfig/zconf.tab.o HOSTLD scripts/kconfig/mconf Correct dependencies to fix this problem. Fixes: 1c5af5cf9308 ("kconfig: refactor ncurses package checks for building mconf and nconf") Cc: linux-stable # v4.18 Reported-by: Borislav Petkov Signed-off-by: Masahiro Yamada Tested-by: Borislav Petkov commit b5f8cb9e908f46feaa5d0ddbf3e2e1b8d85d1a65 Author: Michael Forney Date: Wed Aug 15 17:13:50 2018 -0700 kbuild: Add a space after `!` to prevent parsing as file pattern Some shells use !(pattern|...|pattern) to match file names not containing the specified patterns. This may result in output like $ ./scripts/clang-version.sh gcc ./scripts/clang-version.sh[18]: COPYING: not found printf: %d __clang_major__: conversion error printf: %d __clang_minor__: conversion error printf: %d __clang_patchlevel__: conversion error 00000 $ and set CONFIG_CLANG_VERSION to the invalid value '00000'. POSIX says[0] If the pipeline begins with the reserved word ! and command1 is a subshell command, the application shall ensure that the ( operator at the beginning of command1 is separated from the ! by one or more characters. The behavior of the reserved word ! immediately followed by the ( operator is unspecified. So, just add a to prevent this. [0] http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_09_02 Signed-off-by: Michael Forney Signed-off-by: Masahiro Yamada commit 1f3aa9002dc6a0d59a4b599b4fc8f01cf43ef014 Author: Randy Dunlap Date: Wed Aug 15 12:30:38 2018 -0700 scripts: modpost: check memory allocation results Fix missing error check for memory allocation functions in scripts/mod/modpost.c. Fixes kernel bugzilla #200319: https://bugzilla.kernel.org/show_bug.cgi?id=200319 Signed-off-by: Randy Dunlap Cc: Yuexing Wang Signed-off-by: Masahiro Yamada commit f498926c47aa7d4f1b6d08af2ba16f3cf8fcb151 Author: Masahiro Yamada Date: Wed Aug 15 14:59:45 2018 +0900 kconfig: improve the recursive dependency report This commit improves the messages of the recursive dependency. Currently, sym->dir_dep.expr is not checked. Hence, any dependency in property visibility is regarded as the dependency of the symbol. [Test Code 1] config A bool "a" depends on B config B bool "b" depends on A [Test Code 2] config A bool "a" if B config B bool "b" depends on A For both cases above, the same message is displayed: symbol B depends on A symbol A depends on B This commit changes the message for the latter, like this: symbol B depends on A symbol A prompt is visible depending on B Also, 'select' and 'imply' are distinguished. Signed-off-by: Masahiro Yamada Tested-by: Dirk Gouders commit 5e8c5299d31519e0327be1020f309fa62dc53036 Author: Masahiro Yamada Date: Wed Aug 15 14:59:44 2018 +0900 kconfig: report recursive dependency involving 'imply' Currently, Kconfig does not complain about the recursive dependency where 'imply' keywords are involved. [Test Code] config A bool "a" config B bool "b" imply A depends on A In the code above, Kconfig cannot calculate the symbol values correctly due to the circular dependency. For example, allyesconfig followed by syncconfig results in an odd behavior because CONFIG_B becomes visible in syncconfig. $ make allyesconfig scripts/kconfig/conf --allyesconfig Kconfig # # configuration written to .config # $ cat .config # # Automatically generated file; DO NOT EDIT. # Main menu # CONFIG_A=y $ make syncconfig scripts/kconfig/conf --syncconfig Kconfig * * Restart config... * * * Main menu * a (A) [Y/n/?] y b (B) [N/y/?] (NEW) To detect this correctly, sym_check_expr_deps() should recurse to not only sym->rev_dep.expr but also sym->implied.expr . At this moment, sym_check_print_recursive() cannot distinguish 'select' and 'imply' since it does not know the precise context where the recursive dependency has been hit. This will be solved by the next commit. In fact, even the document and the unit-test are confused. Using 'imply' does not solve recursive dependency since 'imply' addresses the unmet direct dependency, which 'select' could cause. Signed-off-by: Masahiro Yamada Tested-by: Dirk Gouders commit f1575595d15657bd78c139978107deabec5a3959 Author: Masahiro Yamada Date: Wed Aug 15 14:59:43 2018 +0900 kconfig: error out when seeing recursive dependency Originally, recursive dependency was a fatal error for Kconfig because Kconfig cannot compute symbol values in such a situation. Commit d595cea62403 ("kconfig: print more info when we see a recursive dependency") changed it to a warning, which I guess was not intentional. Get it back to an error again. Also, rename the unit test directory "warn_recursive_dep" to "err_recursive_dep" so that it matches to the behavior. Signed-off-by: Masahiro Yamada Tested-by: Dirk Gouders commit 4bf6a9af0e9107926d1fb0112e7f9acb0d798cb4 Author: Randy Dunlap Date: Tue Aug 14 17:36:49 2018 -0700 kconfig: add build-only configurator targets Add build-only targets for build_menuconfig, build_nconfig, build_xconfig, and build_gconfig. (targets must end in "config" to qualify in top-level Makefile) This allows these target to be built without execution (e.g., to look for errors or warnings) and/or to be built and checked by sparse. Signed-off-by: Randy Dunlap Signed-off-by: Masahiro Yamada commit e3fd9b5384f37e55261ebd261ad97951a44ece50 Author: Masahiro Yamada Date: Wed Jul 4 10:59:23 2018 +0900 scripts/dtc: consolidate include path options in Makefile It is tedious to specify extra compiler options for every file. HOST_EXTRACFLAGS is useful to add options to all files in a directory. -I$(src)/libfdt is needed for all the files in this directory to include libfdt_env.h etc. from scripts/dtc/libfdt/. On the other hand, -I$(src) is used to include check-in headers from generated C files. Thus, I added it only to dtc-lexer.lex.o and dtc-parser.tab.o . Signed-off-by: Masahiro Yamada Reviewed-by: Rob Herring commit 20a9e57a09d32c9149e065b73b714b9681349619 Merge: ad1d69735878 4bdf61ccbe76 Author: Linus Torvalds Date: Wed Aug 22 06:24:26 2018 -0700 Merge tag 'for-4.19' of git://git.sourceforge.jp/gitroot/uclinux-h8/linux Pull arch/h8300 updates from Yoshinori Sato. * tag 'for-4.19' of git://git.sourceforge.jp/gitroot/uclinux-h8/linux: h8300: fix IRQ no arch/h8300: add a defconfig target arch/h8300: eliminate kgbd.c warning arch/h8300: eliminate ptrace.h warnings h8300:let the checker know that size_t is ulong h8300: Don't include linux/kernel.h in asm/atomic.h h8300: remove unnecessary of_platform_populate call h8300: Correct signature of test_bit() h8300: irqchip: fix warning h8300: switch to NO_BOOTMEM h8300: gcc-8.1 fix h8300: Add missing output register. commit fd991a23c8f6ef30692f77409602ccf3614353b2 Author: Arnd Bergmann Date: Tue Aug 21 22:33:00 2018 +0200 y2038: Provide aliases for compat helpers As part of the system call rework for 64-bit time_t, we are restructuring the way that compat syscalls deal with 32-bit time_t, reusing the implementation for 32-bit architectures. Christoph Hellwig suggested a rename of the associated types and interfaces to avoid the confusing usage of the 'compat' prefix for 32-bit architectures. To prepare for doing that in linux-4.20, add a set of macros that allows to convert subsystems separately to the new names and avoids some of the nastier merge conflicts. Signed-off-by: Arnd Bergmann Signed-off-by: Thomas Gleixner Acked-by: Christoph Hellwig Cc: y2038@lists.linaro.org Cc: John Stultz Cc: Deepa Dinamani Link: https://lkml.kernel.org/r/20180821203329.2089473-1-arnd@arndb.de commit 688e0581dbe0fa851188dd4fef887ea0c55aab13 Author: Dongjiu Geng Date: Mon Aug 20 17:39:25 2018 -0400 KVM: Documentation: rename the capability of KVM_CAP_ARM_SET_SERROR_ESR In the documentation description, this capability's name is KVM_CAP_ARM_SET_SERROR_ESR, but in the header file this capability's name is KVM_CAP_ARM_INJECT_SERROR_ESR, so change the documentation description to make it same. Signed-off-by: Dongjiu Geng Reported-by: Andrew Jones Reviewed-by: Andrew Jones Signed-off-by: Paolo Bonzini commit 631989303b06b8fdb15ec3b88aee2d25e80d4cec Merge: ad1d69735878 976d34e2dab1 Author: Paolo Bonzini Date: Wed Aug 22 14:07:56 2018 +0200 Merge tag 'kvmarm-for-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD KVM/arm updates for 4.19 - Support for Group0 interrupts in guests - Cache management optimizations for ARMv8.4 systems - Userspace interface for RAS, allowing error retrival and injection - Fault path optimization - Emulated physical timer fixes - Random cleanups commit 9bd5196e5cf7431d0118d86d7d784405663e763e Author: Benjamin Herrenschmidt Date: Thu Aug 16 09:27:10 2018 +1000 platform/x86: acer-wmi: Silence "unsupported" message a bit This driver prints that "Unsupported machine..." message on every boot on ThinkPad X1 Carbon laptops (and I assume a number of other systems), which causes graphical boots to "glitch" a bit and is rather annoying ... Make it a pr_debug instead. Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Andy Shevchenko commit 4bdf61ccbe76ee0c14bf228e7277072179b36ba3 Author: Yoshinori Sato Date: Wed Jul 11 18:39:09 2018 +0900 h8300: fix IRQ no Old timer handler use 24 (Compare match A). But current timer handler use 26 (Overflow). Signed-off-by: Yoshinori Sato commit 7b291be81fde312868b9fd2f6a0419b76737f230 Author: Randy Dunlap Date: Wed Jul 18 23:04:29 2018 -0700 arch/h8300: add a defconfig target Make the "defconfig" target valid for arch/h8300. Currently "make ARCH=h8300 defconfig" produces: *** Can't find default configuration "arch/h8300/defconfig"! ../scripts/kconfig/Makefile:87: recipe for target 'defconfig' failed By adding a value for KBUILD_DEFCONFIG, "make ARCH=h8300 defconfig" successfully produces a kernel .config file: *** Default configuration is based on 'edosk2674_defconfig' This is useful for Kconfig editing/testing. Signed-off-by: Randy Dunlap Cc: Yoshinori Sato Cc: uclinux-h8-devel@lists.sourceforge.jp (moderated for non-subscribers) Signed-off-by: Yoshinori Sato commit ce156febeed1d2731fe6e325a842cb4640931d22 Author: Randy Dunlap Date: Thu Jul 19 19:36:06 2018 -0700 arch/h8300: eliminate kgbd.c warning Drop the "const" qualifier from arch_kgdb_ops to eliminate the gcc warning (gcc version is 8.1.0). arch/h8300/kernel/kgdb.c:132:24: error: conflicting type qualifiers for 'arch_kgdb_ops' const struct kgdb_arch arch_kgdb_ops = { In file included from ../arch/h8300/kernel/kgdb.c:12: ../include/linux/kgdb.h:284:26: note: previous declaration of 'arch_kgdb_ops' was here extern struct kgdb_arch arch_kgdb_ops; Signed-off-by: Randy Dunlap Cc: Yoshinori Sato Cc: uclinux-h8-devel@lists.sourceforge.jp Signed-off-by: Yoshinori Sato commit cfa2d688e2cc286e97cf134e7f1c1ebb697c1c74 Author: Randy Dunlap Date: Thu Jul 19 19:34:53 2018 -0700 arch/h8300: eliminate ptrace.h warnings Add a "struct task_struct;" stub to arch/h8300's ptrace.h header to eliminate gcc warnings (gcc version is 8.1.0). ../arch/h8300/include/asm/ptrace.h:32:34: warning: 'struct task_struct' declared inside parameter list will not be visible outside of this definition or declaration extern long h8300_get_reg(struct task_struct *task, int regno); ../arch/h8300/include/asm/ptrace.h:33:33: warning: 'struct task_struct' declared inside parameter list will not be visible outside of this definition or declaration extern int h8300_put_reg(struct task_struct *task, int regno, Signed-off-by: Randy Dunlap Cc: Yoshinori Sato Cc: uclinux-h8-devel@lists.sourceforge.jp Signed-off-by: Yoshinori Sato commit 1b803a357d520164404c6262710049b09b93ed5a Author: Luc Van Oostenryck Date: Wed May 30 23:03:43 2018 +0200 h8300:let the checker know that size_t is ulong All 64bit archs use unsigned long for size_t and most 32bit archs use 'unsigned int'. By default, this is what is assumed by sparse. However, on h8300 (a 32bit arch) size_t is unsigned long which can led sparse to emit wrong warnings. Fix this by passing to sparse the flag -msize-long, telling it that size_t is unsigned long. Signed-off-by: Luc Van Oostenryck Signed-off-by: Yoshinori Sato commit 9819d4e47e88af3d7f082af61b55cb381f23f1a1 Author: Will Deacon Date: Fri Jun 1 17:06:21 2018 +0100 h8300: Don't include linux/kernel.h in asm/atomic.h linux/kernel.h isn't needed by asm/atomic.h and will result in circular dependencies when the asm-generic atomic bitops are built around the tomic_long_t interface. Remove the broad include and replace it with linux/compiler.h for READ_ONCE etc and asm/irqflags.h for arch_local_irq_save etc. Cc: Yoshinori Sato Signed-off-by: Will Deacon Signed-off-by: Yoshinori Sato commit ec3d5f1658f44538907b149d6396453e0ceedc60 Author: Rob Herring Date: Tue Jun 19 15:40:54 2018 -0600 h8300: remove unnecessary of_platform_populate call The DT core will call of_platform_populate, so it is not necessary for arch specific code to call it unless there are custom match entries, auxdata or parent device. Neither of those apply here, so remove the call. Cc: Yoshinori Sato Cc: uclinux-h8-devel@lists.sourceforge.jp Signed-off-by: Rob Herring Signed-off-by: Yoshinori Sato commit 5743ee22bf3f8842f2330925434a727e1044e2a1 Author: Geert Uytterhoeven Date: Thu Jun 21 21:24:44 2018 +0200 h8300: Correct signature of test_bit() mm/filemap.c: In function 'clear_bit_unlock_is_negative_byte': mm/filemap.c:1181:30: warning: passing argument 2 of 'test_bit' discards 'volatile' qualifier from pointer target type [-Wdiscarded-qualifiers] return test_bit(PG_waiters, mem); ^~~ In file included from include/linux/bitops.h:38, from include/linux/kernel.h:11, from include/linux/list.h:9, from include/linux/wait.h:7, from include/linux/wait_bit.h:8, from include/linux/fs.h:6, from include/linux/dax.h:5, from mm/filemap.c:14: arch/h8300/include/asm/bitops.h:69:57: note: expected 'const long unsigned int *' but argument is of type 'volatile void *' static inline int test_bit(int nr, const unsigned long *addr) ~~~~~~~~~~~~~~~~~~~~~^~~~ Make the bitmask pointed to by the "addr" parameter volatile to fix this, like is done on other architectures. Signed-off-by: Geert Uytterhoeven Signed-off-by: Yoshinori Sato commit 558e6694cd4da8db31c2d4850c4823efa5dc77e9 Author: Yoshinori Sato Date: Mon Aug 13 10:07:46 2018 +0900 h8300: irqchip: fix warning Var "addr" type incorrect. It have interrupt controler register address. Type of void __iomem is correct. Signed-off-by: Yoshinori Sato commit c489dfefe739d37dde1cd7b26cd324607cedd934 Author: Rob Herring Date: Fri Mar 16 16:33:06 2018 -0500 h8300: switch to NO_BOOTMEM Commit 0fa1c579349f ("of/fdt: use memblock_virt_alloc for early alloc") inadvertently switched the DT unflattening allocations from memblock to bootmem which doesn't work because the unflattening happens before bootmem is initialized. Swapping the order of bootmem init and unflattening could also fix this, but removing bootmem is desired. So enable NO_BOOTMEM on h8300 like other architectures have done. Fixes: 0fa1c579349f ("of/fdt: use memblock_virt_alloc for early alloc") Cc: Yoshinori Sato Cc: uclinux-h8-devel@lists.sourceforge.jp Signed-off-by: Rob Herring Signed-off-by: Yoshinori Sato commit 811d1b0e65bed442050d62a48c39263f4c5b2d68 Author: Yoshinori Sato Date: Fri Jul 13 16:36:21 2018 +0900 h8300: gcc-8.1 fix Since gcc 8.1 does not generate an assignment statement to er 0, we had to explicitly write it. Signed-off-by: Yoshinori Sato commit 686320e94da368f5efc2003ba5de9353cf774602 Author: Yoshinori Sato Date: Thu Jul 12 23:31:45 2018 +0900 h8300: Add missing output register. Signed-off-by: Yoshinori Sato commit 1df895190233fcc30d46beca4550bcafb7b959a6 Author: Matthew Wilcox Date: Mon Jun 18 19:11:56 2018 -0400 ida: Change ida_get_new_above to return the id This calling convention makes more sense for the implementation as well as the callers. It even shaves 32 bytes off the compiled code size. Signed-off-by: Matthew Wilcox commit b03f8e43c9261878bf29d8cc1c3ba458cc98287e Author: Matthew Wilcox Date: Mon Jun 18 19:02:48 2018 -0400 ida: Remove old API Delete ida_pre_get(), ida_get_new(), ida_get_new_above() and ida_remove() from the public API. Some of these functions still exist as internal helpers, but they should not be called by consumers. Signed-off-by: Matthew Wilcox commit f272668deb9108b6118a85ffd73886b9a92c1002 Author: Matthew Wilcox Date: Mon Jun 18 18:39:28 2018 -0400 test_ida: check_ida_destroy and check_ida_alloc Move these tests from the userspace test-suite to the kernel test-suite. Also convert check_ida_random to the new API. Signed-off-by: Matthew Wilcox commit 5c78b0b1ebe16fbae39a1cada79ab067965828f5 Author: Matthew Wilcox Date: Mon Jun 18 18:10:32 2018 -0400 test_ida: Convert check_ida_conv to new API Move as much as possible to kernel space; leave the parts in user space that rely on checking memory allocation failures to detect the transition between an exceptional entry and a bitmap. Signed-off-by: Matthew Wilcox commit 161b47e31f9912947a3a72dcb161c79978a1fe04 Author: Matthew Wilcox Date: Mon Jun 18 17:25:20 2018 -0400 test_ida: Move ida_check_max Convert to new API and move to kernel space. Signed-off-by: Matthew Wilcox commit 0a3856392cff1542170b5bc37211c9a21fd0c3f6 Author: Matthew Wilcox Date: Mon Jun 18 17:23:37 2018 -0400 test_ida: Move ida_check_leaf Convert to new API and move to kernel space. Take the opportunity to test the situation a little more thoroughly (ie at different offsets). Signed-off-by: Matthew Wilcox commit 06b01113664feda7647962008e901fa540ecbf6f Author: Matthew Wilcox Date: Mon Jun 18 17:06:58 2018 -0400 idr-test: Convert ida_check_nomem to new API We can't move this test to kernel space because there's no way to force kmalloc to fail. But we can use the new API and check this works when the test is in userspace. Signed-off-by: Matthew Wilcox commit 8ab8ba38d48867aac01812e18f48fc9173ccd400 Author: Matthew Wilcox Date: Mon Jun 18 16:59:29 2018 -0400 ida: Start new test_ida module Start transitioning the IDA tests into kernel space. Framework heavily cribbed from test_xarray.c. Signed-off-by: Matthew Wilcox commit 31ff0ceeb266a4ac96f3fc8cebb85df862a22f92 Author: Matthew Wilcox Date: Tue Jun 19 01:23:04 2018 -0400 target/iscsi: Allocate session IDs from an IDA Since the session is never looked up by ID, we can use the more space-efficient IDA instead of the IDR. Signed-off-by: Matthew Wilcox commit 26abc916a898d34c5ad159315a2f683def3c5555 Author: Mike Christie Date: Thu Jul 26 12:13:49 2018 -0500 iscsi target: fix session creation failure handling The problem is that iscsi_login_zero_tsih_s1 sets conn->sess early in iscsi_login_set_conn_values. If the function fails later like when we alloc the idr it does kfree(sess) and leaves the conn->sess pointer set. iscsi_login_zero_tsih_s1 then returns -Exyz and we then call iscsi_target_login_sess_out and access the freed memory. This patch has iscsi_login_zero_tsih_s1 either completely setup the session or completely tear it down, so later in iscsi_target_login_sess_out we can just check for it being set to the connection. Cc: stable@vger.kernel.org Fixes: 0957627a9960 ("iscsi-target: Fix sess allocation leak in...") Signed-off-by: Mike Christie Acked-by: Martin K. Petersen Signed-off-by: Matthew Wilcox commit 4eb085e42fdee0314a89cd12bbd7ad67313d50dd Author: Matthew Wilcox Date: Mon Jun 18 16:00:05 2018 -0400 drm/vmwgfx: Convert to new IDA API Reorder allocation to avoid an awkward lock/unlock/lock sequence. Simpler code due to being able to use ida_alloc_max(), even if we can't eliminate the driver's spinlock. Signed-off-by: Matthew Wilcox Reviewed-by: Sinclair Yeh commit 485258b44854a6ea08bd32c3296729cc1c64dc30 Author: Matthew Wilcox Date: Mon Jun 18 15:41:48 2018 -0400 dmaengine: Convert to new IDA API Simpler and shorter code. Signed-off-by: Matthew Wilcox Acked-by: Vinod Koul commit cd38049e48f0d6ae151339b8882c3510a6ca6eb5 Author: Matthew Wilcox Date: Mon Jun 18 09:34:34 2018 -0400 ppc: Convert vas ID allocation to new IDA API Removes a custom spinlock and simplifies the code. Also fix an error where we could allocate one ID too many. Signed-off-by: Matthew Wilcox commit 5a2ab034396c063ceed167076424cf37d17cdc01 Author: Matthew Wilcox Date: Mon Jun 18 08:35:52 2018 -0400 media: Convert entity ID allocation to new IDA API Removes a call to ida_pre_get(). Signed-off-by: Matthew Wilcox Reviewed-by: Sakari Ailus Acked-by: Mauro Carvalho Chehab commit b3fa64170e21393b5790be89ab16cdfe1f5bddbc Author: Matthew Wilcox Date: Mon Jun 18 08:26:32 2018 -0400 ppc: Convert mmu context allocation to new IDA API ida_alloc_range is the perfect fit for this use case. Eliminates a custom spinlock, a call to ida_pre_get and a local check for the allocated ID exceeding a maximum. Signed-off-by: Matthew Wilcox Reviewed-by: Nicholas Piggin commit 6e77cc471090a2f37802cb328bffe4ce56f4ce18 Author: Matthew Wilcox Date: Sun Jun 17 05:37:08 2018 -0400 Convert net_namespace to new IDA API Signed-off-by: Matthew Wilcox commit 4c9ca2fd7c402c8eab6e949899af04bc3c249b2b Author: Matthew Wilcox Date: Mon Jun 11 15:53:18 2018 -0400 cb710: Convert to new IDA API Eliminates the custom spinlock and the call to ida_pre_get. Signed-off-by: Matthew Wilcox Acked-by: Michał Mirosław commit 37ae133c2e079d50d6198a4a230732e5016676de Author: Matthew Wilcox Date: Mon Jun 11 15:46:46 2018 -0400 rsxx: Convert to new IDA API Eliminate the custom spinlock and the call to ida_pre_get. Also add a call to ida_free() in the card remove routine, which I believe fixes a bug in this driver. Signed-off-by: Matthew Wilcox commit 5963e78d0cb6d5950cb22c1c0a9a31067483933d Author: Matthew Wilcox Date: Mon Jun 11 15:41:25 2018 -0400 osd: Convert to new IDA API Slightly simpler code. Signed-off-by: Matthew Wilcox commit 9401508012e2044ce841a57bc453c5746b671851 Author: Matthew Wilcox Date: Mon Jun 11 15:26:27 2018 -0400 sd: Convert to new IDA API Allows us to remove an explicit spinlock. Signed-off-by: Matthew Wilcox commit 0f0a0e54a2a15174535349db3a22355a6b1cf5fa Author: Matthew Wilcox Date: Mon Jun 11 15:17:58 2018 -0400 devpts: Convert to new IDA API ida_alloc_max() matches what this driver wants to do. Also removes a call to ida_pre_get(). We no longer need the protection of the mutex, so convert pty_count to an atomic_t and remove the mutex entirely. Signed-off-by: Matthew Wilcox commit 169b480e4c8b7409119458ebfb755283a5fc9826 Author: Matthew Wilcox Date: Mon Jun 11 12:31:36 2018 -0400 fs: Convert namespace IDAs to new API We don't need to keep track of the starting value; the IDA is efficient. Signed-off-by: Matthew Wilcox commit 5a66847e4471be8250da9fadb8d400f1947b9872 Author: Matthew Wilcox Date: Mon Jun 11 12:03:31 2018 -0400 fs: Convert unnamed_dev_ida to new API The new API is much easier for this user. Also add kerneldoc for get_anon_bdev(). Signed-off-by: Matthew Wilcox commit 3aed4bc1e591959733b4e939e9965e65ffdff603 Author: Matthew Wilcox Date: Wed Mar 21 16:49:06 2018 -0400 mtip32xx: Convert to new IDA API Removes a use of ida_pre_get() and a personalised spinlock. Signed-off-by: Matthew Wilcox Reviewed-by: Johannes Thumshirn commit 5ade60dda43c8906d4554374226c2eb11cc2ffba Author: Matthew Wilcox Date: Tue Mar 20 17:07:11 2018 -0400 ida: Add new API Add ida_alloc(), ida_alloc_min(), ida_alloc_max(), ida_alloc_range() and ida_free(). The ida_alloc_max() and ida_alloc_range() functions differ from ida_simple_get() in that they take an inclusive 'max' parameter instead of an exclusive 'end' parameter. Callers are about evenly split whether they'd like inclusive or exclusive parameters and 'max' is easier to document than 'end'. Change the IDA allocation to first attempt to allocate a bit using existing memory, and only allocate memory afterwards. Also change the behaviour of 'min' > INT_MAX from being a BUG() to returning -ENOSPC. Leave compatibility wrappers in place for ida_simple_get() and ida_simple_remove() to avoid changing all callers. Signed-off-by: Matthew Wilcox commit 50d97d50715a8664f6bddc18211279cd74b8c3bf Author: Matthew Wilcox Date: Thu Jun 21 15:36:45 2018 -0400 ida: Lock the IDA in ida_destroy The user has no need to handle locking between ida_simple_get() and ida_simple_remove(). They shouldn't be forced to think about whether ida_destroy() might be called at the same time as any of their other IDA manipulation calls. Improve the documnetation while I'm in here. Signed-off-by: Matthew Wilcox commit 76f070b4135563165c523ab560056b7a9353e2f2 Author: Matthew Wilcox Date: Sat Aug 18 07:05:50 2018 -0400 radix-tree: Fix UBSAN warning get_slot_offset() can be called with a NULL 'parent' argument. In this case, the calculated value will not be used, but calculating it is undefined. Rather than fixing the caller (__radix_tree_delete) to not call get_slot_offset(), make get_slot_offset() robust against being called with a NULL parent. Signed-off-by: Matthew Wilcox commit d1c0d5e3c63d61226a75f24d5c35fe20755f0180 Author: Matthew Wilcox Date: Sat May 19 16:30:54 2018 -0400 radix tree test suite: Enable ubsan Add support for the undefined behaviour sanitizer and fix the bugs that ubsan pointed out. Nothing major, and all in the test suite, not the code. Signed-off-by: Matthew Wilcox commit c9b933521aa5795f5b9b6f9809325d6b21710d78 Author: Matthew Wilcox Date: Tue Aug 21 23:22:54 2018 -0400 radix tree test suite: Fix compilation An include of xarray.h was added to lib/idr.c without updating the test suite. Signed-off-by: Matthew Wilcox commit ad1d69735878a6bf797705b5d2a20316d35e1113 Merge: d9a185f8b496 963545357202 Author: Linus Torvalds Date: Tue Aug 21 18:47:36 2018 -0700 Merge tag 'fuse-update-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse Pull fuse update from Miklos Szeredi: "Various bug fixes and cleanups" * tag 'fuse-update-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: reduce allocation size for splice_write fuse: use kvmalloc to allocate array of pipe_buffer structs. fuse: convert last timespec use to timespec64 fs: fuse: Adding new return type vm_fault_t fuse: simplify fuse_abort_conn() fuse: Add missed unlock_page() to fuse_readpages_fill() fuse: Don't access pipe->buffers without pipe_lock() fuse: fix initial parallel dirops fuse: Fix oops at process_init_reply() fuse: umount should wait for all requests fuse: fix unlocked access to processing queue fuse: fix double request_end() commit d9a185f8b49678775ef56ecbdbc7b76970302897 Merge: c22fc16d172f 989974c80457 Author: Linus Torvalds Date: Tue Aug 21 18:19:09 2018 -0700 Merge tag 'ovl-update-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Pull overlayfs updates from Miklos Szeredi: "This contains two new features: - Stack file operations: this allows removal of several hacks from the VFS, proper interaction of read-only open files with copy-up, possibility to implement fs modifying ioctls properly, and others. - Metadata only copy-up: when file is on lower layer and only metadata is modified (except size) then only copy up the metadata and continue to use the data from the lower file" * tag 'ovl-update-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: (66 commits) ovl: Enable metadata only feature ovl: Do not do metacopy only for ioctl modifying file attr ovl: Do not do metadata only copy-up for truncate operation ovl: add helper to force data copy-up ovl: Check redirect on index as well ovl: Set redirect on upper inode when it is linked ovl: Set redirect on metacopy files upon rename ovl: Do not set dentry type ORIGIN for broken hardlinks ovl: Add an inode flag OVL_CONST_INO ovl: Treat metacopy dentries as type OVL_PATH_MERGE ovl: Check redirects for metacopy files ovl: Move some dir related ovl_lookup_single() code in else block ovl: Do not expose metacopy only dentry from d_real() ovl: Open file with data except for the case of fsync ovl: Add helper ovl_inode_realdata() ovl: Store lower data inode in ovl_inode ovl: Fix ovl_getattr() to get number of blocks from lower ovl: Add helper ovl_dentry_lowerdata() to get lower data dentry ovl: Copy up meta inode data from lowest data inode ovl: Modify ovl_lookup() and friends to lookup metacopy dentry ... commit c22fc16d172fba4d19ffd8f2aa8fe67edba63895 Merge: c1fecabecc35 7d5e049e72c4 Author: Linus Torvalds Date: Tue Aug 21 18:15:47 2018 -0700 Merge tag 'xfs-4.19-merge-7' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs fixes from Darrick Wong: - Fix an uninitialized variable - Don't use obviously garbage AG header counters to calculate transaction reservations - Trigger icount recalculation on bad icount when mounting * tag 'xfs-4.19-merge-7' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: iomap: fix WARN_ON_ONCE on uninitialized variable xfs: sanity check ag header values in xrep_calc_ag_resblks xfs: recalculate summary counters at mount time if icount is bad commit c1fecabecc352e40f99e6c5d7a74b8fcdfb38ae1 Merge: 99cc7ad46b62 5198a4838145 Author: Linus Torvalds Date: Tue Aug 21 18:06:27 2018 -0700 Merge tag 'for-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply Pull power supply and reset updates from Sebastian Reichel: - Improve support for TI bq20z75 in sbs-battery - Add Qualcomm PM8xxx reboot driver - Add cros-ec USBPD charger driver - Move ds2760 battery driver from w1 to power-supply and add DT support - Misc fixes * tag 'for-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply: (28 commits) power: supply: bq27xxx: Update comments power: supply: max77693_charger: fix unintentional fall-through power: supply: mark expected switch fall-throughs power: supply: lego_ev3_battery: fix Vce offset power: supply: lego_ev3_battery: Don't ignore iio_read_channel_processed() return value power: supply: ds2760_battery: add devicetree probing power: supply: ds2760_battery: merge ds2760 supply driver with its w1 slave companion w1: core: match sub-nodes of bus masters in devicetree dt-bindings: w1: document bindings for ds2760 battery monitor dt-bindings: w1: document generic onewire bindings power: supply: adp5061: Fix a couple off by ones dt-bindings: power: reset: qcom: Add resin binding adp5061: New driver for ADP5061 I2C battery charger power: generic-adc-battery: check for duplicate properties copied from iio channels power: generic-adc-battery: fix out-of-bounds write when copying channel properties power: supply: axp288_charger: Fix initial constant_charge_current value power: supply: ab8500: stop using getnstimeofday64() power: gemini-poweroff: Avoid more spurious poweroffs power: vexpress: fix corruption in notifier registration power: remove possible deadlock when unregistering power_supply ... commit 99cc7ad46b62ef20b0478147677bebd1157bd9cf Merge: 0214f46b3a03 19358d4488db Author: Linus Torvalds Date: Tue Aug 21 17:40:46 2018 -0700 Merge branch 'i2c/for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c updates from Wolfram Sang: - the core has now a lockless variant of i2c_smbus_xfer. Some open coded versions of this got removed in drivers. This also enables proper SCCB support in regmap. - locking got a more precise naming. i2c_{un}lock_adapter() had to go, and we know use i2c_lock_bus() consistently with flags like I2C_LOCK_ROOT_ADAPTER and I2C_LOCK_SEGMENT to avoid ambiguity. - the gpio fault injector got a new delicate testcase - the bus recovery procedure got fixed to handle the new testcase correctly - a new quirk flag for controllers not able to handle zero length messages together with driver updates to use it - new drivers: FSI bus attached I2C masters, GENI I2C controller, Owl family S900 - and a good set of driver improvements and bugfixes * 'i2c/for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (77 commits) i2c: rcar: implement STOP and REP_START according to docs i2c: rcar: refactor private flags i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return value i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes dt-bindings: i2c: rcar: Add r8a774a1 support dt-bindings: i2c: sh_mobile: Add r8a774a1 support i2c: imx: Simplify stopped state tracking i2c: imx: Fix race condition in dma read i2c: pasemi: remove hardcoded bus numbers on smbus i2c: designware: Add SPDX license tag i2c: designware: Convert to use struct i2c_timings i2c: core: Parse SDA hold time from firmware i2c: designware-pcidrv: Mark expected switch fall-through i2c: amd8111: Mark expected switch fall-through i2c: sh_mobile: use core to detect 'no zero length read' quirk i2c: xlr: use core to detect 'no zero length' quirk i2c: rcar: use core to detect 'no zero length' quirk i2c: stu300: use core to detect 'no zero length' quirk i2c: pmcmsp: use core to detect 'no zero length' quirk i2c: mxs: use core to detect 'no zero length' quirk ... commit 0a6b29230ec336189bab32498df3f06c8a6944d8 Author: Dan Carpenter Date: Thu Aug 2 11:38:23 2018 +0300 apparmor: fix an error code in __aa_create_ns() We should return error pointers in this function. Returning NULL results in a NULL dereference in the caller. Fixes: 73688d1ed0b8 ("apparmor: refactor prepare_ns() and make usable from different views") Signed-off-by: Dan Carpenter Signed-off-by: John Johansen commit 845b397a7771f2d3504beff5521f452be0d22eec Author: Arnd Bergmann Date: Tue Aug 21 16:20:44 2018 +0200 IB/ucm: fix UCM link error Building UCM with CONFIG_INFINIBAND_USER_ACCESS=m results in a set of link errors including: drivers/infiniband/core/ucm.o: In function `ib_ucm_event_handler': ucm.c:(.text+0x6dc): undefined reference to `ib_copy_path_rec_to_user' drivers/infiniband/core/ucma.o: In function `ucma_event_handler': ucma.c:(.text+0xdc0): undefined reference to `ib_copy_ah_attr_to_user' To get it to build-test again, this makes the option itself a tristate, which lets Kconfig figure out the dependency correctly. Fixes: 486edfb1039d ("IB/ucm: Fix compiling ucm.c") Signed-off-by: Arnd Bergmann Signed-off-by: Jason Gunthorpe commit 864d39df09b43f9d09d80bc29d8e8888294b3c4b Author: Greg Edwards Date: Wed Aug 8 13:29:55 2018 -0600 vhost/scsi: increase VHOST_SCSI_PREALLOC_PROT_SGLS to 2048 The current value of VHOST_SCSI_PREALLOC_PROT_SGLS is too small to accommodate larger I/Os, e.g. 16-32 MiB, when the VIRTIO_SCSI_F_T10_PI feature bit is negotiated and the backing store supports T10 PI. vhost-scsi rejects the command with errors like: [ 59.581317] vhost_scsi_calc_sgls: requested sgl_count: 1820 exceeds pre-allocated max_sgls: 512 Signed-off-by: Greg Edwards Signed-off-by: Michael S. Tsirkin commit 84f3396b718dfac59a5fe328aea34bac93f2fc9c Author: Greg Edwards Date: Fri Aug 10 10:45:49 2018 -0600 vhost: allow vhost-scsi driver to be built-in It's useful to allow vhost-scsi to be built-in when testing vhost in L1 + L2 VMs and booting L1 VM with QEMU '-kernel' option. Signed-off-by: Greg Edwards Signed-off-by: Michael S. Tsirkin commit 69599206ea9a3f8f2e94d46580579cbf9d08ad6c Author: Suzuki K Poulose Date: Wed Jul 18 10:18:45 2018 +0100 virtio: pci-legacy: Validate queue pfn Legacy PCI over virtio uses a 32bit PFN for the queue. If the queue pfn is too large to fit in 32bits, which we could hit on arm64 systems with 52bit physical addresses (even with 64K page size), we simply miss out a proper link to the other side of the queue. Add a check to validate the PFN, rather than silently breaking the devices. Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: Marc Zyngier Cc: Christoffer Dall Cc: Peter Maydel Cc: Jean-Philippe Brucker Signed-off-by: Suzuki K Poulose Signed-off-by: Michael S. Tsirkin commit 3fc92a96c2b7efdb7fc4f856713e2ab7439757f6 Author: Suzuki K Poulose Date: Wed Jul 18 10:18:44 2018 +0100 virtio: mmio-v1: Validate queue PFN virtio-mmio with virtio-v1 uses a 32bit PFN for the queue. If the queue pfn is too large to fit in 32bits, which we could hit on arm64 systems with 52bit physical addresses (even with 64K page size), we simply miss out a proper link to the other side of the queue. Add a check to validate the PFN, rather than silently breaking the devices. Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: Marc Zyngier Cc: Christoffer Dall Cc: Peter Maydel Cc: Jean-Philippe Brucker Signed-off-by: Suzuki K Poulose Signed-off-by: Michael S. Tsirkin commit 71994620bb25a8b109388fefa9e99a28e355255a Author: Wei Wang Date: Thu Aug 16 15:50:58 2018 +0800 virtio_balloon: replace oom notifier with shrinker The OOM notifier is getting deprecated to use for the reasons: - As a callout from the oom context, it is too subtle and easy to generate bugs and corner cases which are hard to track; - It is called too late (after the reclaiming has been performed). Drivers with large amuont of reclaimable memory is expected to release them at an early stage of memory pressure; - The notifier callback isn't aware of oom contrains; Link: https://lkml.org/lkml/2018/7/12/314 This patch replaces the virtio-balloon oom notifier with a shrinker to release balloon pages on memory pressure. The balloon pages are given back to mm adaptively by returning the number of pages that the reclaimer is asking for (i.e. sc->nr_to_scan). Currently the max possible value of sc->nr_to_scan passed to the balloon shrinker is SHRINK_BATCH, which is 128. This is smaller than the limitation that only VIRTIO_BALLOON_ARRAY_PFNS_MAX (256) pages can be returned via one invocation of leak_balloon. But this patch still considers the case that SHRINK_BATCH or shrinker->batch could be changed to a value larger than VIRTIO_BALLOON_ARRAY_PFNS_MAX, which will need to do multiple invocations of leak_balloon. Historically, the feature VIRTIO_BALLOON_F_DEFLATE_ON_OOM has been used to release balloon pages on OOM. We continue to use this feature bit for the shrinker, so the shrinker is only registered when this feature bit has been negotiated with host. Signed-off-by: Wei Wang Cc: Michael S. Tsirkin Cc: Michal Hocko Cc: Andrew Morton Cc: Tetsuo Handa Signed-off-by: Michael S. Tsirkin commit c51d8fca0ce368c707fd090e0324f3ba40931d0a Author: Wei Wang Date: Thu Aug 16 15:50:57 2018 +0800 virtio-balloon: kzalloc the vb struct Zero all the vb fields at alloaction, so that we don't need to zero-initialize each field one by one later. Signed-off-by: Wei Wang Cc: Michael S. Tsirkin Cc: Tetsuo Handa Signed-off-by: Michael S. Tsirkin commit 74cf5b169c4c197a8c66feaf1a98bb009fa306f8 Author: Wei Wang Date: Thu Aug 16 15:50:56 2018 +0800 virtio-balloon: remove BUG() in init_vqs It's a bit overkill to use BUG when failing to add an entry to the stats_vq in init_vqs. So remove it and just return the error to the caller to bail out nicely. Signed-off-by: Wei Wang Cc: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin commit 0214f46b3a0383d6e33c297e7706216b6a550e4b Merge: 40fafdcbcd7a 84fe4cc09abc Author: Linus Torvalds Date: Tue Aug 21 13:47:29 2018 -0700 Merge branch 'siginfo-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull core signal handling updates from Eric Biederman: "It was observed that a periodic timer in combination with a sufficiently expensive fork could prevent fork from every completing. This contains the changes to remove the need for that restart. This set of changes is split into several parts: - The first part makes PIDTYPE_TGID a proper pid type instead something only for very special cases. The part starts using PIDTYPE_TGID enough so that in __send_signal where signals are actually delivered we know if the signal is being sent to a a group of processes or just a single process. - With that prep work out of the way the logic in fork is modified so that fork logically makes signals received while it is running appear to be received after the fork completes" * 'siginfo-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (22 commits) signal: Don't send signals to tasks that don't exist signal: Don't restart fork when signals come in. fork: Have new threads join on-going signal group stops fork: Skip setting TIF_SIGPENDING in ptrace_init_task signal: Add calculate_sigpending() fork: Unconditionally exit if a fatal signal is pending fork: Move and describe why the code examines PIDNS_ADDING signal: Push pid type down into complete_signal. signal: Push pid type down into __send_signal signal: Push pid type down into send_signal signal: Pass pid type into do_send_sig_info signal: Pass pid type into send_sigio_to_task & send_sigurg_to_task signal: Pass pid type into group_send_sig_info signal: Pass pid and pid type into send_sigqueue posix-timers: Noralize good_sigevent signal: Use PIDTYPE_TGID to clearly store where file signals will be sent pid: Implement PIDTYPE_TGID pids: Move the pgrp and session pid pointers from task_struct to signal_struct kvm: Don't open code task_pid in kvm_vcpu_ioctl pids: Compute task_tgid using signal->leader_pid ... commit 01ac7c4c2e035bc8d0d47dc880bbc25bf562a648 Merge: 5ef499cd571c 2a3eb51e30b9 9d64b539b738 3df6f61fff49 Author: Rafael J. Wysocki Date: Tue Aug 21 22:39:24 2018 +0200 Merge branches 'pm-cpufreq', 'pm-pci' and 'pm-sleep' Merge fixes for the ondemand and conservative cpufreq governors, PCI power management and system wakeup framework. * pm-cpufreq: cpufreq: governor: Avoid accessing invalid governor_data * pm-pci: PCI / ACPI / PM: Resume all bridges on suspend-to-RAM * pm-sleep: PM / sleep: wakeup: Fix build error caused by missing SRCU support commit d1f3ab5b13c03b6f32d5379cd3cd5c7e50ce612c Merge: f317c7dc12b7 b5c16c7925fb Author: Rafael J. Wysocki Date: Tue Aug 21 22:36:31 2018 +0200 Merge branch 'acpi-pmic' Merge a CrystalCove PMIC driver update. * acpi-pmic: ACPI / PMIC: CrystalCove: Extend PMOP support to support all possible fields commit 40fafdcbcd7a74e80ab0229b35bf6e497831e28f Merge: 5e26830990a9 40291fb75123 Author: Linus Torvalds Date: Tue Aug 21 13:33:33 2018 -0700 Merge tag 'chrome-platform-for-linus-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/bleung/chrome-platform Pull chrome platform updates from Benson Leung. Everything but the SPDX identifier updates actually came in earlier through the MFD merge. * tag 'chrome-platform-for-linus-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/bleung/chrome-platform: platform/chrome: chromeos_tbmc - fix SPDX identifier commit 5e26830990a9e8816b6854f77c550f1c847d89d8 Merge: 778a33959a8a c4347b05440f Author: Linus Torvalds Date: Tue Aug 21 13:18:22 2018 -0700 Merge tag 'microblaze-v4.19-rc1' of git://git.monstr.eu/linux-2.6-microblaze Pull arch/microblaze updates from Michal Simek: - use generic noncoherent direct mapping - use LDFLAGS instead of LD - pci error path fix - remove incorrect comments * tag 'microblaze-v4.19-rc1' of git://git.monstr.eu/linux-2.6-microblaze: microblaze/PCI: Remove stale pcibios_align_resource() comment microblaze: delete wrong comment about machine_early_init microblaze: add endianness options to LDFLAGS instead of LD microblaze: remove consistent_sync and consistent_sync_page microblaze: use generic dma_noncoherent_ops microblaze: warn if of_iomap() failed commit 96c26e04581667e3cd17ed74c2fc3499afea49b8 Author: Prashant Bhole Date: Mon Aug 20 09:54:25 2018 +0900 xsk: fix return value of xdp_umem_assign_dev() s/ENOTSUPP/EOPNOTSUPP/ in function umem_assign_dev(). This function's return value is directly returned by xsk_bind(). EOPNOTSUPP is bind()'s possible return value. Fixes: f734607e819b ("xsk: refactor xdp_umem_assign_dev()") Signed-off-by: Prashant Bhole Acked-by: Song Liu Acked-by: Björn Töpel Signed-off-by: Daniel Borkmann commit 78c452fe70681c6e6383916a264e0bf010e98058 Merge: b93c1b5ac864 5ffe57da29b3 Author: David S. Miller Date: Tue Aug 21 12:45:45 2018 -0700 Merge branch 'net_sched-fixes' Cong Wang says: ==================== net_sched: pending clean up and bug fixes This patchset aims to clean up and fixes some bugs in current merge window, this is why it is targeting -net. Patch 1-5 are clean up Vlad's patches merged in current merge window, patch 6 is just a trivial cleanup. Patch 7 reverts a lockdep warning fix and patch 8 provides a better fix for it. Patch 9 fixes a potential deadlock found by me during code review. Please see each patch for details. ==================== Signed-off-by: Cong Wang commit 5ffe57da29b3802baeddaa40909682bbb4cb4d48 Author: Cong Wang Date: Sun Aug 19 12:22:13 2018 -0700 act_ife: fix a potential deadlock use_all_metadata() acquires read_lock(&ife_mod_lock), then calls add_metainfo() which calls find_ife_oplist() which acquires the same lock again. Deadlock! Introduce __add_metainfo() which accepts struct tcf_meta_ops *ops as an additional parameter and let its callers to decide how to find it. For use_all_metadata(), it already has ops, no need to find it again, just call __add_metainfo() directly. And, as ife_mod_lock is only needed for find_ife_oplist(), this means we can make non-atomic allocation for populate_metalist() now. Fixes: 817e9f2c5c26 ("act_ife: acquire ife_mod_lock before reading ifeoplist") Cc: Jamal Hadi Salim Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 4e407ff5cd67ec76eeeea1deec227b7982dc7f66 Author: Cong Wang Date: Sun Aug 19 12:22:12 2018 -0700 act_ife: move tcfa_lock down to where necessary The only time we need to take tcfa_lock is when adding a new metainfo to an existing ife->metalist. We don't need to take tcfa_lock so early and so broadly in tcf_ife_init(). This means we can always take ife_mod_lock first, avoid the reverse locking ordering warning as reported by Vlad. Reported-by: Vlad Buslov Tested-by: Vlad Buslov Cc: Vlad Buslov Cc: Jamal Hadi Salim Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 8ce5be1c899d31f3cd047e5f707cd9dbfb81e076 Author: Cong Wang Date: Sun Aug 19 12:22:11 2018 -0700 Revert "net: sched: act_ife: disable bh when taking ife_mod_lock" This reverts commit 42c625a486f3 ("net: sched: act_ife: disable bh when taking ife_mod_lock"), because what ife_mod_lock protects is absolutely not touched in rate est timer BH context, they have no race. A better fix is following up. Cc: Vlad Buslov Cc: Jamal Hadi Salim Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit a0c2e90fe131d9a7440ac05c9c31fc35dfac2fa8 Author: Cong Wang Date: Sun Aug 19 12:22:10 2018 -0700 net_sched: remove unused tcfa_capab Cc: Jamal Hadi Salim Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 244cd96adb5f5ab39551081fb1f9009a54bb12ee Author: Cong Wang Date: Sun Aug 19 12:22:09 2018 -0700 net_sched: remove list_head from tc_action After commit 90b73b77d08e, list_head is no longer needed. Now we just need to convert the list iteration to array iteration for drivers. Fixes: 90b73b77d08e ("net: sched: change action API to use array of pointers to actions") Cc: Jiri Pirko Cc: Vlad Buslov Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 7d485c451fc82f8ae431cdb379521bc6d0641064 Author: Cong Wang Date: Sun Aug 19 12:22:08 2018 -0700 net_sched: remove unused tcf_idr_check() tcf_idr_check() is replaced by tcf_idr_check_alloc(), and __tcf_idr_check() now can be folded into tcf_idr_search(). Fixes: 0190c1d452a9 ("net: sched: atomically check-allocate action") Cc: Jiri Pirko Cc: Vlad Buslov Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit b144e7ec51a132eac00a68bf897b6349d810022f Author: Cong Wang Date: Sun Aug 19 12:22:07 2018 -0700 net_sched: remove unused parameter for tcf_action_delete() Fixes: 16af6067392c ("net: sched: implement reference counted action release") Cc: Jiri Pirko Cc: Vlad Buslov Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 97a3f84f2c84f81b859aedd2c186df09c2ee21a6 Author: Cong Wang Date: Sun Aug 19 12:22:06 2018 -0700 net_sched: remove unnecessary ops->delete() All ops->delete() wants is getting the tn->idrinfo, but we already have tc_action before calling ops->delete(), and tc_action has a pointer ->idrinfo. More importantly, each type of action does the same thing, that is, just calling tcf_idr_delete_index(). So it can be just removed. Fixes: b409074e6693 ("net: sched: add 'delete' function to action ops") Cc: Jiri Pirko Cc: Vlad Buslov Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit edfaf94fa705181eeb2fe0c36c0b902dedbd40f1 Author: Cong Wang Date: Sun Aug 19 12:22:05 2018 -0700 net_sched: improve and refactor tcf_action_put_many() tcf_action_put_many() is mostly called to clean up actions on failure path, but tcf_action_put_many(&actions[acts_deleted]) is used in the ugliest way: it passes a slice of the array and uses an additional NULL at the end to avoid out-of-bound access. acts_deleted is completely unnecessary since we can teach tcf_action_put_many() scan the whole array and checks against NULL pointer. Which also means tcf_action_delete() should set deleted action pointers to NULL to avoid double free. Fixes: 90b73b77d08e ("net: sched: change action API to use array of pointers to actions") Cc: Jiri Pirko Cc: Vlad Buslov Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit c84ca616b1260949782f408271336f0eda056c61 Author: Masahiro Yamada Date: Tue Aug 21 02:08:28 2018 +0900 sparc: fix KBUILD_DEFCONFIG for ARCH=sparc32 As commit 5ba800962a80 ("kbuild: update ARCH alias info for sparc") addressed, SPARC accepts ARCH=sparc32 as an alias. However, arch/sparc/Makefile wrongly sets KBUILD_DEFCONFIG, then sparc64_defconfig is chosen as the base configuration for ARCH=sparc32. $ make ARCH=sparc32 defconfig *** Default configuration is based on 'sparc64_defconfig' # # configuration written to .config # Fix the logic to choose sparc64_defconfig only when ARCH=sparc64. Signed-off-by: Masahiro Yamada Signed-off-by: David S. Miller commit aa59fa7806ef6cd63fdf78d802e960d9cb516f39 Merge: dfaad39cec85 8818d89cf8fb Author: David S. Miller Date: Tue Aug 21 12:40:26 2018 -0700 Merge branch 'sparc32-NO_BOOTMEM' Mike Rapoport says: ==================== sparc32: switch to NO_BOOTMEM These patches convert sparc32 to use memblock + nobootmem. I've made the conversion as simple as possible, just enough to allow moving HAVE_MEMBLOCK and NO_BOOTMEM to the common SPARC configuration. v2 changes: * split whitespace changes to a separate patch * address Sam's comments [1] [1] https://lkml.org/lkml/2018/8/2/403 ==================== Signed-off-by: David S. Miller commit 8818d89cf8fb4df617412c45a983773d3720a97a Author: Mike Rapoport Date: Mon Aug 6 13:52:35 2018 +0300 sparc32: split ramdisk detection and reservation to a helper function The detection and reservation of ramdisk memory were separated to allow bootmem bitmap initialization after the ramdisk boundaries are detected. Since the bootmem initialization is removed, the reservation of ramdisk memory is done immediately after its boundaries are found. Split the entire block into a separate helper function. Signed-off-by: Mike Rapoport Suggested-by: Sam Ravnborg Reviewed-by: Sam Ravnborg Signed-off-by: David S. Miller commit cca079ef8ac29a7c02192d2bad2ffe4c0c5ffdd0 Author: Mike Rapoport Date: Mon Aug 6 13:52:34 2018 +0300 sparc32: switch to NO_BOOTMEM Each populated sparc_phys_bank is added to memblock.memory. The reserve_bootmem() calls are replaced with memblock_reserve(), and the bootmem bitmap initialization is droppped. Signed-off-by: Mike Rapoport Reviewed-by: Sam Ravnborg Signed-off-by: David S. Miller commit 60ef86168247b051f2ef35ee24cb9d61c14844e7 Author: Mike Rapoport Date: Mon Aug 6 13:52:33 2018 +0300 sparc: mm/init_32: kill trailing whitespace Signed-off-by: Mike Rapoport Signed-off-by: David S. Miller commit dfaad39cec85790f87161705c14027a63be44496 Author: Christoph Hellwig Date: Tue Jul 31 10:02:04 2018 +0200 sparc: use generic dma_noncoherent_ops Switch to the generic noncoherent direct mapping implementation. This removes the previous sync_single_for_device implementation, which looks bogus given that no syncing is happening in the similar but more important map_single case. Signed-off-by: Christoph Hellwig Acked-by: Sam Ravnborg Signed-off-by: David S. Miller commit 9d1d02ff36783f954a206dfbf7943b7f2057f58b Author: Leo (Sunpeng) Li Date: Thu Aug 16 15:44:39 2018 -0400 drm/amd/display: Don't build DCN1 when kcov is enabled DCN1 contains code that utilizes fp math. When CONFIG_KCOV_INSTRUMENT_ALL and CONFIG_KCOV_ENABLE_COMPARISONS are enabled, build errors are found. See this earlier patch for details: https://lists.freedesktop.org/archives/dri-devel/2018-August/186131.html As a short term solution, disable CONFIG_DRM_AMD_DC_DCN1_0 when KCOV_INSTRUMENT_ALL and KCOV_ENABLE_COMPARISONS are enabled. In addition, make it a fully derived config, taking into account CONFIG_X86. Acked-by: Alex Deucher Acked-by: Arnd Bergmann Reviewed-by: Michel Dänzer Signed-off-by: Leo (Sunpeng) Li Signed-off-by: Alex Deucher commit dc37a9a08d5760e405ffdd94ec6bbb6efededba6 Author: Leo (Sunpeng) Li Date: Thu Aug 16 15:44:38 2018 -0400 Revert "drm/amdgpu/display: Replace CONFIG_DRM_AMD_DC_DCN1_0 with CONFIG_X86" This reverts commit 8624c3c4dbfe24fc6740687236a2e196f5f4bfb0. We need CONFIG_DRM_AMD_DC_DCN1_0 to guard code that is using fp math. Acked-by: Alex Deucher Reviewed-by: Michel Dänzer Signed-off-by: Leo (Sunpeng) Li Signed-off-by: Alex Deucher commit 95f05a3a2e6895ecfd8b4f64b5d6c6cf0b6a3f4a Author: Alex Deucher Date: Thu Aug 16 15:35:21 2018 -0500 drm/amdgpu/display: disable eDP fast boot optimization on DCE8 Seems to cause blank screens. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106940 Reviewed-by: Harry Wentland Signed-off-by: Alex Deucher commit e6f8d26ebbcf45ff964abf7d9d2430401638067c Author: Christian König Date: Tue Aug 14 09:37:06 2018 +0200 drm/amdgpu: fix amdgpu_amdkfd_remove_eviction_fence v3 Fix quite a number of bugs here. Unfortunately only compile tested. v2: fix copy&paste error v3: fix 80 chars issue in comment Signed-off-by: Christian König Reviewed-by: Felix Kuehling Signed-off-by: Alex Deucher commit c4aed87630d41ee54e2ee23d4583c3dd423296dd Author: Christian König Date: Fri Aug 17 19:38:33 2018 +0200 drm/amdgpu: fix incorrect use of drm_file->pid That's the PID of the creator of the file (usually the X server) and not the end user of the file. Signed-off-by: Christian König Acked-by: Alex Deucher Signed-off-by: Alex Deucher CC: stable@vger.kernel.org commit bce31d4c1ae8865d6382e3a27b07b4bb8e020ade Author: Christian König Date: Fri Aug 17 19:36:08 2018 +0200 drm/amdgpu: fix incorrect use of fcheck The usage isn't RCU protected. Signed-off-by: Christian König Acked-by: Alex Deucher Signed-off-by: Alex Deucher CC: stable@vger.kernel.org commit 11a88c2e92feca1ed3fba19fa375f76d3c75f5d5 Author: Yintian Tao Date: Mon Aug 20 11:11:48 2018 +0800 drm/powerplay: enable dpm under pass-through Repeat enable dpm under pass-through because there is no actually hardware-fini and real power-off when guest vm shutdown or reboot. Otherwise, under pass-through it will be failed to populate populate and upload SCLK MCLK DPM levels due to zero of pcie_speed_table.count. Signed-off-by: Yintian Tao Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher commit fa1d04e9a896c468f0882425f5ba452a4b424108 Author: Yintian Tao Date: Wed Aug 15 16:20:55 2018 +0800 drm/amdgpu: access register without KIQ there is no need to access register such as mmSMC_IND_INDEX_11 and mmSMC_IND_DATA_11 through KIQ because they are VF-copy. Signed-off-by: Yintian Tao Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher commit bde0781561dcd3a7e9d01e9cb9fd410f025f7ee3 Author: Evan Quan Date: Fri Aug 17 09:31:56 2018 +0800 drm/amdgpu: set correct base for THM/NBIF/MP1 IP Set correct address base for vega20. Signed-off-by: Evan Quan Reviewed-by: Alex Deucher Reviewed-by: Huang Rui Signed-off-by: Alex Deucher commit 39a3cd6783521cb9ec463033ea6a24e42c2d5508 Author: Dmytro Laktyushkin Date: Wed Aug 8 18:27:55 2018 -0400 drm/amd/display: fix dentist did ranges Dentist did ranges were incomplete as max setting has an unusual divider step up of 66. Signed-off-by: Dmytro Laktyushkin Reviewed-by: Charlene Liu Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher commit 66b198ffc934089c24f8a12436d46fdc283eaed8 Author: Dmytro Laktyushkin Date: Tue Aug 7 14:43:20 2018 -0400 drm/amd/display: make dp_ss_off optional dp_ss_off flag doesn't need to be set, so we create a link_init function if it is needed by an asic Signed-off-by: Dmytro Laktyushkin Reviewed-by: Eric Bernstein Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher commit 16747b21098505bea3b7bc7009d8e16921a7ca65 Author: Dmytro Laktyushkin Date: Thu Aug 2 11:43:36 2018 -0400 drm/amd/display: fix dp_ss_control vbios flag parsing dp_ss_control = 0 means ss is off, we had a typo where we would double not dp_ss_control while setting dp_ss_off flag Signed-off-by: Dmytro Laktyushkin Reviewed-by: Eric Bernstein Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher commit 8f7040b8f252fae4ca5d2453e9f50b78cf6b834f Author: Samson Tam Date: Mon Jul 30 12:22:35 2018 -0400 drm/amd/display: Do not retain link settings Do not retrain link settings if lane count and link rate are both unknown. Causes driver to be stuck reading VBIOS register after removing emulated connection. Signed-off-by: Samson Tam Reviewed-by: Anthony Koo Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher commit 690d9163bf4b8563a2682e619f938e6a0443947f Author: Paul Burton Date: Tue Aug 21 12:12:59 2018 -0700 MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 Some versions of GCC suboptimally generate calls to the __multi3() intrinsic for MIPS64r6 builds, resulting in link failures due to the missing function: LD vmlinux.o MODPOST vmlinux.o kernel/bpf/verifier.o: In function `kmalloc_array': include/linux/slab.h:631: undefined reference to `__multi3' fs/select.o: In function `kmalloc_array': include/linux/slab.h:631: undefined reference to `__multi3' ... We already have a workaround for this in which we provide the instrinsic, but we do so selectively for GCC 7 only. Unfortunately the issue occurs with older GCC versions too - it has been observed with both GCC 5.4.0 & GCC 6.4.0. MIPSr6 support was introduced in GCC 5, so all major GCC versions prior to GCC 8 are affected and we extend our workaround accordingly to all MIPS64r6 builds using GCC versions older than GCC 8. Signed-off-by: Paul Burton Reported-by: Vladimir Kondratiev Fixes: ebabcf17bcd7 ("MIPS: Implement __multi3 for GCC7 MIPS64r6 builds") Patchwork: https://patchwork.linux-mips.org/patch/20297/ Cc: James Hogan Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org # 4.15+ commit b93c1b5ac8643cc08bb74fa8ae21d6c63dfcb23d Author: Stephen Hemminger Date: Tue Aug 21 10:40:38 2018 -0700 hv_netvsc: ignore devices that are not PCI Registering another device with same MAC address (such as TAP, VPN or DPDK KNI) will confuse the VF autobinding logic. Restrict the search to only run if the device is known to be a PCI attached VF. Fixes: e8ff40d4bff1 ("hv_netvsc: improve VF device matching") Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller commit 0af4c8be97a14d1df8a78b4993a09e8dff545a18 Author: Trond Myklebust Date: Tue Aug 21 10:25:34 2018 -0400 pNFS: Remove unwanted optimisation of layoutget If we knew that the file was empty, we wouldn't be asking for a layout. Any optimisation here is already done before calling pnfs_update_layout(). As it stands, we sometimes end up doing an unnecessary inband read to the MDS even when holding a layout. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 1c1aeaf1432f51b57341741dcb76a3825d63a168 Author: Trond Myklebust Date: Tue Aug 21 10:25:33 2018 -0400 pNFS/flexfiles: ff_layout_pg_init_read should exit on error If we get an error while retrieving the layout, then we should report it rather than falling back to I/O through the MDS. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 906d441febc0de974b2a6ef848a8f058f3bfada3 Author: Paul Burton Date: Mon Aug 20 15:36:18 2018 -0700 MIPS: Workaround GCC __builtin_unreachable reordering bug Some versions of GCC for the MIPS architecture suffer from a bug which can lead to instructions from beyond an unreachable statement being incorrectly reordered into earlier branch delay slots if the unreachable statement is the only content of a case in a switch statement. This can lead to seemingly random behaviour, such as invalid memory accesses from incorrectly reordered loads or stores, and link failures on microMIPS builds. See this potential GCC fix for details: https://gcc.gnu.org/ml/gcc-patches/2015-09/msg00360.html Runtime problems resulting from this bug were initially observed using a maltasmvp_defconfig v4.4 kernel built using GCC 4.9.2 (from a Codescape SDK 2015.06-05 toolchain), with the result being an address exception taken after log messages about the L1 caches (during probe of the L2 cache): Initmem setup node 0 [mem 0x0000000080000000-0x000000009fffffff] VPE topology {2,2} total 4 Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes. Primary data cache 64kB, 4-way, PIPT, no aliases, linesize 32 bytes This is early enough that the kernel exception vectors are not in use, so any further output depends upon the bootloader. This is reproducible in QEMU where no further output occurs - ie. the system hangs here. Given the nature of the bug it may potentially be hit with differing symptoms. The bug is known to affect GCC versions as recent as 7.3, and it is unclear whether GCC 8 fixed it or just happens not to encounter the bug in the testcase found at the link above due to differing optimizations. This bug can be worked around by placing a volatile asm statement, which GCC is prevented from reordering past, prior to the __builtin_unreachable call. That was actually done already for other reasons by commit 173a3efd3edb ("bug.h: work around GCC PR82365 in BUG()"), but creates problems for microMIPS builds due to the lack of a .insn directive. The microMIPS ISA allows for interlinking with regular MIPS32 code by repurposing bit 0 of the program counter as an ISA mode bit. To switch modes one changes the value of this bit in the PC. However typical branch instructions encode their offsets as multiples of 2-byte instruction halfwords, which means they cannot change ISA mode - this must be done using either an indirect branch (a jump-register in MIPS terminology) or a dedicated jalx instruction. In order to ensure that regular branches don't attempt to target code in a different ISA which they can't actually switch to, the linker will check that branch targets are code in the same ISA as the branch. Unfortunately our empty asm volatile statements don't qualify as code, and the link for microMIPS builds fails with errors such as: arch/mips/mm/dma-default.s:3265: Error: branch to a symbol in another ISA mode arch/mips/mm/dma-default.s:5027: Error: branch to a symbol in another ISA mode Resolve this by adding a .insn directive within the asm statement which declares that what comes next is code. This may or may not be true, since we don't really know what comes next, but as this code is in an unreachable path anyway that doesn't matter since we won't execute it. We do this in asm/compiler.h & select CONFIG_HAVE_ARCH_COMPILER_H in order to have this included by linux/compiler_types.h after linux/compiler-gcc.h. This will result in asm/compiler.h being included in all C compilations via the -include linux/compiler_types.h argument in c_flags, which should be harmless. Signed-off-by: Paul Burton Fixes: 173a3efd3edb ("bug.h: work around GCC PR82365 in BUG()") Patchwork: https://patchwork.linux-mips.org/patch/20270/ Cc: James Hogan Cc: Ralf Baechle Cc: Arnd Bergmann Cc: linux-mips@linux-mips.org commit 04f264d3a8b0eb25d378127bd78c3c9a0261c828 Author: Paul Burton Date: Mon Aug 20 15:36:17 2018 -0700 compiler.h: Allow arch-specific asm/compiler.h We have a need to override the definition of barrier_before_unreachable() for MIPS, which means we either need to add architecture-specific code into linux/compiler-gcc.h or we need to allow the architecture to provide a header that can define the macro before the generic definition. The latter seems like the better approach. A straightforward approach to the per-arch header is to make use of asm-generic to provide a default empty header & adjust architectures which don't need anything specific to make use of that by adding the header to generic-y. Unfortunately this doesn't work so well due to commit 28128c61e08e ("kconfig.h: Include compiler types to avoid missed struct attributes") which caused linux/compiler_types.h to be included in the compilation of every C file via the -include linux/kconfig.h flag in c_flags. Because the -include flag is present for all C files we compile, we need the architecture-provided header to be present before any C files are compiled. If any C files can be compiled prior to the asm-generic header wrappers being generated then we hit a build failure due to missing header. Such cases do exist - one pointed out by the kbuild test robot is the compilation of arch/ia64/kernel/nr-irqs.c, which occurs as part of the archprepare target [1]. This leaves us with a few options: 1) Use generic-y & fix any build failures we find by enforcing ordering such that the asm-generic target occurs before any C compilation, such that linux/compiler_types.h can always include the generated asm-generic wrapper which in turn includes the empty asm-generic header. This would rely on us finding all the problematic cases - I don't know for sure that the ia64 issue is the only one. 2) Add an actual empty header to each architecture, so that we don't need the generated asm-generic wrapper. This seems messy. 3) Give up & add #ifdef CONFIG_MIPS or similar to linux/compiler_types.h. This seems messy too. 4) Include the arch header only when it's actually needed, removing the need for the asm-generic wrapper for all other architectures. This patch allows us to use approach 4, by including an asm/compiler.h header from linux/compiler_types.h after the inclusion of the compiler-specific linux/compiler-*.h header(s). We do this conditionally, only when CONFIG_HAVE_ARCH_COMPILER_H is selected, in order to avoid the need for asm-generic wrappers & the associated build ordering issue described above. The asm/compiler.h header is included after the generic linux/compiler-*.h header(s) for consistency with the way linux/compiler-intel.h & linux/compiler-clang.h are included after the linux/compiler-gcc.h header that they override. [1] https://lists.01.org/pipermail/kbuild-all/2018-August/051175.html Signed-off-by: Paul Burton Reviewed-by: Masahiro Yamada Patchwork: https://patchwork.linux-mips.org/patch/20269/ Cc: Arnd Bergmann Cc: James Hogan Cc: Masahiro Yamada Cc: Ralf Baechle Cc: linux-arch@vger.kernel.org Cc: linux-kbuild@vger.kernel.org Cc: linux-mips@linux-mips.org commit 1e7da865b8c0428b9bcb18ba05ba0f6f47bcfdb4 Author: Colin Ian King Date: Tue Aug 21 10:12:48 2018 +0100 block/DAC960.c: make some arrays static const, shrinks object size Don't populate the arrays ReadCacheStatus, WriteCacheStatus and SenseErrors on the stack but instead make them static const. Makes the object code smaller by 47 bytes: Before: text data bss dec hex filename 160974 34628 832 196434 2ff52 drivers/block/DAC960.o After: text data bss dec hex filename 160671 34884 832 196387 2ff23 drivers/block/DAC960.o (gcc version 8.2.0 x86_64) Signed-off-by: Colin Ian King Signed-off-by: Jens Axboe commit c27f1e2e9f29563cb093e96261e87c1ef83aeb98 Author: Yue Haibing Date: Tue Aug 21 14:05:42 2018 +0000 rds: tcp: remove duplicated include from tcp.c Remove duplicated include. Signed-off-by: Yue Haibing Acked-by: Sowmini Varadhan Signed-off-by: David S. Miller commit 093dee661d6004738c4cbcbf48835c1e6c6ebae3 Author: Yue Haibing Date: Tue Aug 21 13:58:08 2018 +0000 sch_cake: Remove unused including Remove including that don't need it. Signed-off-by: Yue Haibing Signed-off-by: David S. Miller commit f5bbbbe4d63577026f908a809f22f5fd5a90ea1f Author: Jianchao Wang Date: Tue Aug 21 15:15:04 2018 +0800 blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter For blk-mq, part_in_flight/rw will invoke blk_mq_in_flight/rw to account the inflight requests. It will access the queue_hw_ctx and nr_hw_queues w/o any protection. When updating nr_hw_queues and blk_mq_in_flight/rw occur concurrently, panic comes up. Before update nr_hw_queues, the q will be frozen. So we could use q_usage_counter to avoid the race. percpu_ref_is_zero is used here so that we will not miss any in-flight request. The access to nr_hw_queues and queue_hw_ctx in blk_mq_queue_tag_busy_iter are under rcu critical section, __blk_mq_update_nr_hw_queues could use synchronize_rcu to ensure the zeroed q_usage_counter to be globally visible. Signed-off-by: Jianchao Wang Reviewed-by: Ming Lei Signed-off-by: Jens Axboe commit d48ece209f82c9ce07be942441b53d3fa3664936 Author: Jianchao Wang Date: Tue Aug 21 15:15:03 2018 +0800 blk-mq: init hctx sched after update ctx and hctx mapping Currently, when update nr_hw_queues, IO scheduler's init_hctx will be invoked before the mapping between ctx and hctx is adapted correctly by blk_mq_map_swqueue. The IO scheduler init_hctx (kyber) may depend on this mapping and get wrong result and panic finally. A simply way to fix this is that switch the IO scheduler to 'none' before update the nr_hw_queues, and then switch it back after update nr_hw_queues. blk_mq_sched_init_/exit_hctx are removed due to nobody use them any more. Signed-off-by: Jianchao Wang Signed-off-by: Jens Axboe commit addb3ffbca66954fb1d1791d2db2153c403f81af Author: Gustavo A. R. Silva Date: Tue Aug 14 10:10:31 2018 -0500 Bluetooth: mediatek: Fix memory leak In case memory resources for *fw* were allocated, release them before return. Addresses-Coverity-ID: 1472611 ("Resource leak") Fixes: 7237c4c9ec92 ("Bluetooth: mediatek: Add protocol support for MediaTek serial devices") Signed-off-by: Gustavo A. R. Silva Acked-by: Sean Wang Signed-off-by: Marcel Holtmann commit 51474eff2bc2777061ab3658e014a37dc9d7a775 Author: Hans de Goede Date: Tue Aug 14 11:57:07 2018 +0200 Bluetooth: Make BT_HCIUART_RTL configuration option depend on ACPI At the moment we only support ACPI enumeration for serial port attached RTL bluetooth controllers. This commit adds a dependency on ACPI to the BT_HCIUART_RTL configuration option, fixing the following warning when ACPI is not enabled: drivers/bluetooth/hci_h5.c:920:22: warning: 'rtl_vnd' defined but not used Cc: Arnd Bergmann Reported-by: Arnd Bergmann Signed-off-by: Hans de Goede Acked-by: Arnd Bergmann Acked-by: Geert Uytterhoeven Signed-off-by: Marcel Holtmann commit 26caddf274cf1e89fd4ce44ab2b8dbc7a7f97681 Author: Adrian Hunter Date: Tue Aug 21 15:05:55 2018 +0300 mmc: block: Fix unsupported parallel dispatch of requests The mmc block driver does not support parallel dispatch of requests. In normal circumstances, all requests are anyway funneled through a single work item, so parallel dispatch never happens. However it can happen if there is no elevator. Fix that by detecting if a dispatch is in progress and returning busy (BLK_STS_RESOURCE) in that case Fixes: 81196976ed94 ("mmc: block: Add blk-mq support") Cc: stable@vger.kernel.org # v4.16+ Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson commit 17e96d8516e31c3cb52cb8e2ee79d1d2e6948c11 Author: Ludovic Desroches Date: Mon Aug 20 10:54:45 2018 +0200 mmc: android-goldfish: fix bad logic of sg_copy_{from,to}_buffer conversion The conversion to sg_copy_{from,to}_buffer has been done in the wrong way. sg_copy_to_buffer is a copy from an SG list to a linear buffer so it can't replace memcpy(dest, host->virt_base, data->sg->length) where dest is the virtual address of the SG. Same for sg_copy_from_buffer but in the opposite way. Signed-off-by: Ludovic Desroches Suggested-by: Douglas Gilbert Fixes: 53d7e098ba08 ("mmc: android-goldfish: use sg_copy_{from,to}_buffer") Signed-off-by: Ulf Hansson commit 19f5e9e015675fcdbf2c20e804b2e84e80201454 Author: Ludovic Desroches Date: Mon Aug 20 10:54:44 2018 +0200 mmc: atmel-mci: fix bad logic of sg_copy_{from,to}_buffer conversion The conversion to sg_copy_{from,to}_buffer has been done in the wrong way. sg_copy_to_buffer is a copy from an SG list to a linear buffer so it can't replace memcpy(buf + offset, &value, remaining) where buf is the virtual address of the SG. Same for sg_copy_to_buffer but in the opposite way. Signed-off-by: Ludovic Desroches Suggested-by: Douglas Gilbert Fixes: 5b4277814e3f ("mmc: atmel-mci: use sg_copy_{from,to}_buffer") Signed-off-by: Ulf Hansson commit 4ec84835900b6eceb5b49f9ffeec9a0916ba43d6 Author: Heiko Carstens Date: Tue Aug 21 13:37:57 2018 +0200 s390: remove gcc version check (4.3 or newer) git commit cafa0010cd51 ("Raise the minimum required gcc version to 4.6") raised the minimum gcc version to 4.6. Therefore remove the s390 specific gcc 4.3 version check, which wasn't sufficient anyway. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky commit 3d8f60d38e249f989a7fca9c2370c31c3d5487e1 Author: Harald Freudenberger Date: Mon Aug 20 15:27:45 2018 +0200 s390/zcrypt: hex string mask improvements for apmask and aqmask. The sysfs attributes /sys/bus/ap/apmask and /sys/bus/ap/aqmask and the kernel command line arguments ap.apm and ap.aqm get an improvement of the value parsing with this patch: The mask values are bitmaps in big endian order starting with bit 0. So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs attributes and the kernel command line accept 2 different formats: - Absolute hex string starting with 0x like "0x12345678" does set the mask starting from left to right. If the given string is shorter than the mask it is padded with 0s on the right. If the string is longer than the mask an error comes back (EINVAL). - Relative format - a concatenation (done with ',') of the terms +[-] or -[-]. may be any valid number (hex, decimal or octal) in the range 0...255. Here are some examples: "+0-15,+32,-128,-0xFF" "-0-255,+1-16,+0x128" Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky commit 9161a864ff88e800de50494da095af19832e9583 Author: Masami Hiramatsu Date: Tue Aug 21 22:04:57 2018 +0900 tracing/kprobes: Fix to check notrace function with correct range Fix within_notrace_func() to check notrace function correctly. Since the ftrace_location_range(start, end) function checks the range inclusively (start <= ftrace-loc <= end), the end address must not include the entry address of next function. However, within_notrace_func() uses kallsyms_lookup_size_offset() to get the function size and calculate the end address from adding the size to the entry address. This means the end address is the entry address of the next function. In the result, within_notrace_func() fails to find notrace function if the next function of the target function is ftraced. Let's subtract 1 from the end address so that ftrace_location_range() can check it correctly. Link: http://lkml.kernel.org/r/153485669706.16611.17726752296213785504.stgit@devbox Fixes: commit 45408c4f9250 ("tracing: kprobes: Prohibit probing on notrace function") Reported-by: Michael Rodin Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit 6b7dca401cb148603158119c89319c85228a2a61 Author: Masami Hiramatsu Date: Tue Aug 21 16:27:58 2018 +0900 tracing: Allow gcov profiling on only ftrace subsystem Add GCOV_PROFILE_FTRACE to allow gcov profiling on only files in ftrace subsystem. This config option will be used for checking kselftest/ftrace coverage. Link: http://lkml.kernel.org/r/153483647755.32472.4746349899604275441.stgit@devbox Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit dbf2a4b1ffab2867505be3b24221d5efa2200c91 Author: Helge Deller Date: Tue Aug 21 08:15:42 2018 +0200 parisc: Add hardware description to stack traces Signed-off-by: Helge Deller commit 8801ccb9fa524c195322c26b6d44e99827772bde Author: Helge Deller Date: Tue Aug 21 14:31:32 2018 +0200 parisc: Fix boot failure of 64-bit kernel Commit c8921d72e390 ("parisc: Fix and improve kernel stack unwinding") broke booting of 64-bit kernels. On 64-bit kernels function pointers are actually function descriptors which require dereferencing. In this patch we instead declare functions in assembly code which are referenced from C-code as external data pointers with the ENTRY() macro and thus can use a simple external reference to the functions. Signed-off-by: Helge Deller Fixes: c8921d72e390 ("parisc: Fix and improve kernel stack unwinding") commit 8a328ac1f9ebfc7621f76bbb27aa0382cc5b393d Author: Kailang Yang Date: Tue Aug 21 16:54:41 2018 +0800 ALSA: hda/realtek - Fix HP Headset Mic can't record This patch will fix HP workstation Headset Mic not recording. Signed-off-by: Kailang Yang Tested-by: Hui Wang Signed-off-by: Takashi Iwai commit 09a4e0be5826aa66c4ce9954841f110ffe63ef4f Author: Eric Sandeen Date: Thu Aug 16 21:44:02 2018 -0500 isofs: reject hardware sector size > 2048 bytes The largest block size supported by isofs is ISOFS_BLOCK_SIZE (2048), but isofs_fill_super calls sb_min_blocksize and sets the blocksize to the device's logical block size if it's larger than what we ended up with after option parsing. If for some reason we try to mount a hard 4k device as an isofs filesystem, we'll set opt.blocksize to 4096, and when we try to read the superblock we found via: block = iso_blknum << (ISOFS_BLOCK_BITS - s->s_blocksize_bits) with s_blocksize_bits greater than ISOFS_BLOCK_BITS, we'll have a negative shift and the bread will fail somewhat cryptically: isofs_fill_super: bread failed, dev=sda, iso_blknum=17, block=-2147483648 It seems best to just catch and clearly reject mounts of such a device. Reported-by: Bryan Gurney Signed-off-by: Eric Sandeen Signed-off-by: Jan Kara commit c4347b05440f4d72f8084c82c86d16863f69c8a2 Author: Lorenzo Pieralisi Date: Mon Aug 20 10:47:29 2018 +0100 microblaze/PCI: Remove stale pcibios_align_resource() comment commit 01cf9d524ff0 ("microblaze/PCI: Support generic Xilinx AXI PCIe Host Bridge IP driver") and commit ecf677c8dcaa ("PCI: Add a generic weak pcibios_align_resource()") first patched then removed pcibios_align_resource() from the microblaze architecture code but failed to remove the comment that was added to it. Remove it since it has now become stale and it is quite confusing. Signed-off-by: Lorenzo Pieralisi Cc: Palmer Dabbelt Cc: Bjorn Helgaas Cc: Bharat Kumar Gogada Cc: Michal Simek Signed-off-by: Michal Simek commit 6aa58d8ad20a3323f42274c25820a6f54192422d Author: Chao Yu Date: Tue Aug 14 22:37:25 2018 +0800 f2fs: readahead encrypted block during GC During GC, for each encrypted block, we will read block synchronously into meta page, and then submit it into current cold data log area. So this block read model with 4k granularity can make poor performance, like migrating non-encrypted block, let's readahead encrypted block as well to improve migration performance. To implement this, we choose meta page that its index is old block address of the encrypted block, and readahead ciphertext into this page, later, if readaheaded page is still updated, we will load its data into target meta page, and submit the write IO. Note that for OPU, truncation, deletion, we need to invalid meta page after we invalid old block address, to make sure we won't load invalid data from target meta page during encrypted block migration. for ((i = 0; i < 1000; i++)) do { xfs_io -f /mnt/f2fs/dir/$i -c "pwrite 0 128k" -c "fsync"; } done for ((i = 0; i < 1000; i+=2)) do { rm /mnt/f2fs/dir/$i; } done ret = ioctl(fd, F2FS_IOC_GARBAGE_COLLECT, 0); Before: gc-6549 [001] d..1 214682.212797: block_rq_insert: 8,32 RA 32768 () 786400 + 64 [gc] gc-6549 [001] d..1 214682.212802: block_unplug: [gc] 1 gc-6549 [001] .... 214682.213892: block_bio_queue: 8,32 R 67494144 + 8 [gc] gc-6549 [001] .... 214682.213899: block_getrq: 8,32 R 67494144 + 8 [gc] gc-6549 [001] .... 214682.213902: block_plug: [gc] gc-6549 [001] d..1 214682.213905: block_rq_insert: 8,32 R 4096 () 67494144 + 8 [gc] gc-6549 [001] d..1 214682.213908: block_unplug: [gc] 1 gc-6549 [001] .... 214682.226405: block_bio_queue: 8,32 R 67494152 + 8 [gc] gc-6549 [001] .... 214682.226412: block_getrq: 8,32 R 67494152 + 8 [gc] gc-6549 [001] .... 214682.226414: block_plug: [gc] gc-6549 [001] d..1 214682.226417: block_rq_insert: 8,32 R 4096 () 67494152 + 8 [gc] gc-6549 [001] d..1 214682.226420: block_unplug: [gc] 1 gc-6549 [001] .... 214682.226904: block_bio_queue: 8,32 R 67494160 + 8 [gc] gc-6549 [001] .... 214682.226910: block_getrq: 8,32 R 67494160 + 8 [gc] gc-6549 [001] .... 214682.226911: block_plug: [gc] gc-6549 [001] d..1 214682.226914: block_rq_insert: 8,32 R 4096 () 67494160 + 8 [gc] gc-6549 [001] d..1 214682.226916: block_unplug: [gc] 1 After: gc-5678 [003] .... 214327.025906: block_bio_queue: 8,32 R 67493824 + 8 [gc] gc-5678 [003] .... 214327.025908: block_bio_backmerge: 8,32 R 67493824 + 8 [gc] gc-5678 [003] .... 214327.025915: block_bio_queue: 8,32 R 67493832 + 8 [gc] gc-5678 [003] .... 214327.025917: block_bio_backmerge: 8,32 R 67493832 + 8 [gc] gc-5678 [003] .... 214327.025923: block_bio_queue: 8,32 R 67493840 + 8 [gc] gc-5678 [003] .... 214327.025925: block_bio_backmerge: 8,32 R 67493840 + 8 [gc] gc-5678 [003] .... 214327.025932: block_bio_queue: 8,32 R 67493848 + 8 [gc] gc-5678 [003] .... 214327.025934: block_bio_backmerge: 8,32 R 67493848 + 8 [gc] gc-5678 [003] .... 214327.025941: block_bio_queue: 8,32 R 67493856 + 8 [gc] gc-5678 [003] .... 214327.025943: block_bio_backmerge: 8,32 R 67493856 + 8 [gc] gc-5678 [003] .... 214327.025953: block_bio_queue: 8,32 R 67493864 + 8 [gc] gc-5678 [003] .... 214327.025955: block_bio_backmerge: 8,32 R 67493864 + 8 [gc] gc-5678 [003] .... 214327.025962: block_bio_queue: 8,32 R 67493872 + 8 [gc] gc-5678 [003] .... 214327.025964: block_bio_backmerge: 8,32 R 67493872 + 8 [gc] gc-5678 [003] .... 214327.025970: block_bio_queue: 8,32 R 67493880 + 8 [gc] gc-5678 [003] .... 214327.025972: block_bio_backmerge: 8,32 R 67493880 + 8 [gc] gc-5678 [003] .... 214327.026000: block_bio_queue: 8,32 WS 34123776 + 2048 [gc] gc-5678 [003] .... 214327.026019: block_getrq: 8,32 WS 34123776 + 2048 [gc] gc-5678 [003] d..1 214327.026021: block_rq_insert: 8,32 R 131072 () 67493632 + 256 [gc] gc-5678 [003] d..1 214327.026023: block_unplug: [gc] 1 gc-5678 [003] d..1 214327.026026: block_rq_issue: 8,32 R 131072 () 67493632 + 256 [gc] gc-5678 [003] .... 214327.026046: block_plug: [gc] Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 6f8d4455060dfb0e32dfb8e685b97caf4ed1be41 Author: Jaegeuk Kim Date: Wed Jul 25 12:11:56 2018 +0900 f2fs: avoid fi->i_gc_rwsem[WRITE] lock in f2fs_gc The f2fs_gc() called by f2fs_balance_fs() requires to be called outside of fi->i_gc_rwsem[WRITE], since f2fs_gc() can try to grab it in a loop. If it hits the miximum retrials in GC, let's give a chance to release gc_mutex for a short time in order not to go into live lock in the worst case. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 853137cef46ccc490e6fd4b160a1c252d6459842 Author: Jaegeuk Kim Date: Thu Aug 9 17:53:34 2018 -0700 f2fs: fix performance issue observed with multi-thread sequential read This reverts the commit - "b93f771 - f2fs: remove writepages lock" to fix the drop in sequential read throughput. Test: ./tiotest -t 32 -d /data/tio_tmp -f 32 -b 524288 -k 1 -k 3 -L device: UFS Before - read throughput: 185 MB/s total read requests: 85177 (of these ~80000 are 4KB size requests). total write requests: 2546 (of these ~2208 requests are written in 512KB). After - read throughput: 758 MB/s total read requests: 2417 (of these ~2042 are 512KB reads). total write requests: 2701 (of these ~2034 requests are written in 512KB). Signed-off-by: Sahitya Tummala Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 2ea62630681027c455117aa471ea3ab8bb099ead Author: Srikar Dronamraju Date: Fri Aug 17 20:24:39 2018 +0530 powerpc/topology: Get topology for shared processors at boot On a shared LPAR, Phyp will not update the CPU associativity at boot time. Just after the boot system does recognize itself as a shared LPAR and trigger a request for correct CPU associativity. But by then the scheduler would have already created/destroyed its sched domains. This causes - Broken load balance across Nodes causing islands of cores. - Performance degradation esp if the system is lightly loaded - dmesg to wrongly report all CPUs to be in Node 0. - Messages in dmesg saying borken topology. - With commit 051f3ca02e46 ("sched/topology: Introduce NUMA identity node sched domain"), can cause rcu stalls at boot up. The sched_domains_numa_masks table which is used to generate cpumasks is only created at boot time just before creating sched domains and never updated. Hence, its better to get the topology correct before the sched domains are created. For example on 64 core Power 8 shared LPAR, dmesg reports Brought up 512 CPUs Node 0 CPUs: 0-511 Node 1 CPUs: Node 2 CPUs: Node 3 CPUs: Node 4 CPUs: Node 5 CPUs: Node 6 CPUs: Node 7 CPUs: Node 8 CPUs: Node 9 CPUs: Node 10 CPUs: Node 11 CPUs: ... BUG: arch topology borken the DIE domain not a subset of the NUMA domain BUG: arch topology borken the DIE domain not a subset of the NUMA domain numactl/lscpu output will still be correct with cores spreading across all nodes: Socket(s): 64 NUMA node(s): 12 Model: 2.0 (pvr 004d 0200) Model name: POWER8 (architected), altivec supported Hypervisor vendor: pHyp Virtualization type: para L1d cache: 64K L1i cache: 32K NUMA node0 CPU(s): 0-7,32-39,64-71,96-103,176-183,272-279,368-375,464-471 NUMA node1 CPU(s): 8-15,40-47,72-79,104-111,184-191,280-287,376-383,472-479 NUMA node2 CPU(s): 16-23,48-55,80-87,112-119,192-199,288-295,384-391,480-487 NUMA node3 CPU(s): 24-31,56-63,88-95,120-127,200-207,296-303,392-399,488-495 NUMA node4 CPU(s): 208-215,304-311,400-407,496-503 NUMA node5 CPU(s): 168-175,264-271,360-367,456-463 NUMA node6 CPU(s): 128-135,224-231,320-327,416-423 NUMA node7 CPU(s): 136-143,232-239,328-335,424-431 NUMA node8 CPU(s): 216-223,312-319,408-415,504-511 NUMA node9 CPU(s): 144-151,240-247,336-343,432-439 NUMA node10 CPU(s): 152-159,248-255,344-351,440-447 NUMA node11 CPU(s): 160-167,256-263,352-359,448-455 Currently on this LPAR, the scheduler detects 2 levels of Numa and created numa sched domains for all CPUs, but it finds a single DIE domain consisting of all CPUs. Hence it deletes all numa sched domains. To address this, detect the shared processor and update topology soon after CPUs are setup so that correct topology is updated just before scheduler creates sched domain. With the fix, dmesg reports: numa: Node 0 CPUs: 0-7 32-39 64-71 96-103 176-183 272-279 368-375 464-471 numa: Node 1 CPUs: 8-15 40-47 72-79 104-111 184-191 280-287 376-383 472-479 numa: Node 2 CPUs: 16-23 48-55 80-87 112-119 192-199 288-295 384-391 480-487 numa: Node 3 CPUs: 24-31 56-63 88-95 120-127 200-207 296-303 392-399 488-495 numa: Node 4 CPUs: 208-215 304-311 400-407 496-503 numa: Node 5 CPUs: 168-175 264-271 360-367 456-463 numa: Node 6 CPUs: 128-135 224-231 320-327 416-423 numa: Node 7 CPUs: 136-143 232-239 328-335 424-431 numa: Node 8 CPUs: 216-223 312-319 408-415 504-511 numa: Node 9 CPUs: 144-151 240-247 336-343 432-439 numa: Node 10 CPUs: 152-159 248-255 344-351 440-447 numa: Node 11 CPUs: 160-167 256-263 352-359 448-455 and lscpu also reports: Socket(s): 64 NUMA node(s): 12 Model: 2.0 (pvr 004d 0200) Model name: POWER8 (architected), altivec supported Hypervisor vendor: pHyp Virtualization type: para L1d cache: 64K L1i cache: 32K NUMA node0 CPU(s): 0-7,32-39,64-71,96-103,176-183,272-279,368-375,464-471 NUMA node1 CPU(s): 8-15,40-47,72-79,104-111,184-191,280-287,376-383,472-479 NUMA node2 CPU(s): 16-23,48-55,80-87,112-119,192-199,288-295,384-391,480-487 NUMA node3 CPU(s): 24-31,56-63,88-95,120-127,200-207,296-303,392-399,488-495 NUMA node4 CPU(s): 208-215,304-311,400-407,496-503 NUMA node5 CPU(s): 168-175,264-271,360-367,456-463 NUMA node6 CPU(s): 128-135,224-231,320-327,416-423 NUMA node7 CPU(s): 136-143,232-239,328-335,424-431 NUMA node8 CPU(s): 216-223,312-319,408-415,504-511 NUMA node9 CPU(s): 144-151,240-247,336-343,432-439 NUMA node10 CPU(s): 152-159,248-255,344-351,440-447 NUMA node11 CPU(s): 160-167,256-263,352-359,448-455 Reported-by: Manjunatha H R Signed-off-by: Srikar Dronamraju [mpe: Trim / format change log] Tested-by: Michael Ellerman Signed-off-by: Michael Ellerman commit d6ee76d3d37d156c479348821574b6f99d6472a1 Author: Luke Dashjr Date: Thu Aug 16 21:36:26 2018 +0000 powerpc64/ftrace: Include ftrace.h needed for enable/disable calls this_cpu_disable_ftrace and this_cpu_enable_ftrace are inlines in ftrace.h Without it included, the build fails. Fixes: a4bc64d305af ("powerpc64/ftrace: Disable ftrace during kvm entry/exit") Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Luke Dashjr Acked-by: Naveen N. Rao Signed-off-by: Michael Ellerman commit 778a33959a8ad4cb1ea2f4c5119f9e1e8b9f9d9b Merge: 6b2edf27fe26 f62800992e59 Author: Linus Torvalds Date: Mon Aug 20 19:37:09 2018 -0700 Merge tag 'please-pull-noboot' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux Pull ia64 NO_BOOTMEM conversion from Tony Luck: "Mike Rapoport kindly fixed up ia64 to work with NO_BOOTMEM" * tag 'please-pull-noboot' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux: ia64: switch to NO_BOOTMEM ia64: use mem_data to detect nodes' minimal and maximal PFNs ia64: remove unused num_dma_physpages member from 'struct early_node_data' ia64: contig/paging_init: reduce code duplication commit ab08dcd724543896303eae7de6288242bbaff458 Author: Yue Haibing Date: Tue Aug 21 01:41:56 2018 +0000 rhashtable: remove duplicated include from rhashtable.c Remove duplicated include. Signed-off-by: Yue Haibing Signed-off-by: David S. Miller commit 6b2edf27fe26c73cd67b6bf5ffb23dce882e1455 Merge: 7140ad3898dd 01675e9503c4 Author: Linus Torvalds Date: Mon Aug 20 19:02:17 2018 -0700 Merge tag 'linux-kselftest-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull Kselftest update from Shuah Khan: - add cgroup core selftests - fix compile warnings in android ion test - fix to bugs in exclude and skip paths in vDSO test - remove obsolete config options - add missing .gitignore file * tag 'linux-kselftest-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: selftests/ftrace: Fix kprobe string testcase to not probe notrace function selftests: mount: remove no longer needed config option selftests: cgroup: add gitignore file Add cgroup core selftests selftests: vDSO - fix to return KSFT_SKIP when test couldn't be run selftests: vDSO - fix to exclude x86 test on non-x86 platforms selftests/android: initialize heap_type to avoid compiling warning commit 7140ad3898dd119d993aff76a8752570c4f23871 Merge: 0a78ac4b9bb1 bb730b5833b5 Author: Linus Torvalds Date: Mon Aug 20 18:32:00 2018 -0700 Merge tag 'trace-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing updates from Steven Rostedt: - Restructure of lockdep and latency tracers This is the biggest change. Joel Fernandes restructured the hooks from irqs and preemption disabling and enabling. He got rid of a lot of the preprocessor #ifdef mess that they caused. He turned both lockdep and the latency tracers to use trace events inserted in the preempt/irqs disabling paths. But unfortunately, these started to cause issues in corner cases. Thus, parts of the code was reverted back to where lockdep and the latency tracers just get called directly (without using the trace events). But because the original change cleaned up the code very nicely we kept that, as well as the trace events for preempt and irqs disabling, but they are limited to not being called in NMIs. - Have trace events use SRCU for "rcu idle" calls. This was required for the preempt/irqs off trace events. But it also had to not allow them to be called in NMI context. Waiting till Paul makes an NMI safe SRCU API. - New notrace SRCU API to allow trace events to use SRCU. - Addition of mcount-nop option support - SPDX headers replacing GPL templates. - Various other fixes and clean ups. - Some fixes are marked for stable, but were not fully tested before the merge window opened. * tag 'trace-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: (44 commits) tracing: Fix SPDX format headers to use C++ style comments tracing: Add SPDX License format tags to tracing files tracing: Add SPDX License format to bpf_trace.c blktrace: Add SPDX License format header s390/ftrace: Add -mfentry and -mnop-mcount support tracing: Add -mcount-nop option support tracing: Avoid calling cc-option -mrecord-mcount for every Makefile tracing: Handle CC_FLAGS_FTRACE more accurately Uprobe: Additional argument arch_uprobe to uprobe_write_opcode() Uprobes: Simplify uprobe_register() body tracepoints: Free early tracepoints after RCU is initialized uprobes: Use synchronize_rcu() not synchronize_sched() tracing: Fix synchronizing to event changes with tracepoint_synchronize_unregister() ftrace: Remove unused pointer ftrace_swapper_pid tracing: More reverting of "tracing: Centralize preemptirq tracepoints and unify their usage" tracing/irqsoff: Handle preempt_count for different configs tracing: Partial revert of "tracing: Centralize preemptirq tracepoints and unify their usage" tracing: irqsoff: Account for additional preempt_disable trace: Use rcu_dereference_raw for hooks from trace-event subsystem tracing/kprobes: Fix within_notrace_func() to check only notrace functions ... commit 0a78ac4b9bb15b2a00dc5a5aba22b0e48834e1ad Merge: bfebeb16722d 0fcf6c02b205 Author: Linus Torvalds Date: Mon Aug 20 18:26:55 2018 -0700 Merge tag 'ceph-for-4.19-rc1' of git://github.com/ceph/ceph-client Pull ceph updates from Ilya Dryomov: "The main things are support for cephx v2 authentication protocol and basic support for rbd images within namespaces (myself). Also included are y2038 conversion patches from Arnd, a pile of miscellaneous fixes from Chengguang and Zheng's feature bit infrastructure for the filesystem" * tag 'ceph-for-4.19-rc1' of git://github.com/ceph/ceph-client: (40 commits) ceph: don't drop message if it contains more data than expected ceph: support cephfs' own feature bits crush: fix using plain integer as NULL warning libceph: remove unnecessary non NULL check for request_key ceph: refactor error handling code in ceph_reserve_caps() ceph: refactor ceph_unreserve_caps() ceph: change to void return type for __do_request() ceph: compare fsc->max_file_size and inode->i_size for max file size limit ceph: add additional size check in ceph_setattr() ceph: add additional offset check in ceph_write_iter() ceph: add additional range check in ceph_fallocate() ceph: add new field max_file_size in ceph_fs_client libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() libceph: check authorizer reply/challenge length before reading libceph: implement CEPHX_V2 calculation mode libceph: add authorizer challenge libceph: factor out encrypt_authorizer() libceph: factor out __ceph_x_decrypt() libceph: factor out __prepare_write_connect() libceph: store ceph_auth_handshake pointer in ceph_connection ... commit 80f1a0f4e0cd4bfc8a74fc1c39843a6e7b206b95 Author: David Ahern Date: Mon Aug 20 13:02:41 2018 -0700 net/ipv6: Put lwtstate when destroying fib6_info Prior to the introduction of fib6_info lwtstate was managed by the dst code. With fib6_info releasing lwtstate needs to be done when the struct is freed. Fixes: 93531c674315 ("net/ipv6: separate handling of FIB entries from dst based routes") Signed-off-by: David Ahern Signed-off-by: David S. Miller commit bfebeb16722d93caf7870b63aa7d094b6843479a Merge: 3933ec73cd9b 6b583a64fd1e Author: Linus Torvalds Date: Mon Aug 20 16:30:27 2018 -0700 Merge tag 'rtc-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux Pull RTC updates from Alexandre Belloni: "It is now possible to add custom sysfs attributes while avoiding a possible race condition. Unused code has been removed resulting in a nice reduction of the code base. And more drivers have been switched to SPDX by their maintainers. Summary: Subsystem: - new helpers to add custom sysfs attributes - struct rtc_task removal along with rtc_irq_[un]register() - rtc_irq_set_state and rtc_irq_set_freq are not exported anymore Drivers: - armada38x: reset after rtc power loss - ds1307: now supports m41t11 - isl1208: now supports isl1219 and tamper detection - pcf2127: internal SRAM support" * tag 'rtc-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux: (34 commits) rtc: ds1307: simplify hwmon config rtc: s5m: Add SPDX license identifier rtc: maxim: Add SPDX license identifiers rtc: isl1219: add device tree documentation rtc: isl1208: set ev-evienb bit from device tree rtc: isl1208: Add "evdet" interrupt source for isl1219 rtc: isl1208: add support for isl1219 with tamper detection rtc: sysfs: facilitate attribute add to rtc device rtc: remove struct rtc_task char: rtc: remove task handling rtc: pcf85063: preserve control register value between stop and start rtc: sh: remove unused variable rtc_dev rtc: unexport rtc_irq_set_* rtc: simplify rtc_irq_set_state/rtc_irq_set_freq rtc: remove irq_task and irq_task_lock rtc: remove rtc_irq_register/rtc_irq_unregister rtc: sh: remove dead code rtc: sa1100: don't set PIE frequency rtc: ds1307: support m41t11 variant rtc: ds1307: fix data pointer to m41t0 ... commit 3933ec73cd9bbff4a98259d0eae606af4e2850a2 Merge: 7a324b3f0535 badf58a27213 Author: Linus Torvalds Date: Mon Aug 20 16:10:47 2018 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching Pull livepatching updates from Jiri Kosina: "Code cleanups from Kamalesh Babulal" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching: livepatch: Validate module/old func name length livepatch: Remove reliable stacktrace check in klp_try_switch_task() commit 7a324b3f0535ceb0f6676fa20ca2a7b6213008cb Merge: 61c4fc1eaf73 1429b47bfe98 Author: Linus Torvalds Date: Mon Aug 20 15:59:01 2018 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID updates from Jiri Kosina: - touch_max detection improvements and quirk handling fixes in wacom driver from Jason Gerecke and Ping Cheng - Palm rejection from Dmitry Torokhov and _dial support from Benjamin Tissoires for hid-multitouch driver - Low voltage support for i2c-hid driver from Stephen Boyd - Guitar-Hero support from Nicolas Adenis-Lamarre - other assorted small fixes and device ID additions * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: (40 commits) HID: intel_ish-hid: tx_buf memory leak on probe/remove HID: intel-ish-hid: Prevent loading of driver on Mehlow HID: cougar: Add support for the Cougar 500k Gaming Keyboard HID: cougar: make compare_device_paths reusable HID: intel-ish-hid: remove redundant variable num_frags HID: multitouch: handle palm for touchscreens HID: multitouch: touchscreens also use confidence reports HID: multitouch: report MT_TOOL_PALM for non-confident touches HID: microsoft: support the Surface Dial HID: core: do not upper bound the collection stack HID: input: enable Totem on the Dell Canvas 27 HID: multitouch: remove one copy of values HID: multitouch: ditch mt_report_id HID: multitouch: store a per application quirks value HID: multitouch: Store per collection multitouch data HID: multitouch: make sure the static list of class is not changed input: add MT_TOOL_DIAL HID: elan: Add support for touchpad on the Toshiba Click Mini L9W HID: elan: Add USB-id for HP x2 10-n000nd touchpad HID: elan: Add a flag for selecting if the touchpad has a LED ... commit 61c4fc1eaf736344904767d201b0d4f7a2ebaf79 Merge: 532c2b926dda 633786736ed5 Author: Linus Torvalds Date: Mon Aug 20 15:41:37 2018 -0700 Merge tag 'backlight-next-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight Pull backlight updates from Lee Jones: "Core Framework: - Remove unused/obsolete code/comments New Functionality: - Allow less granular brightness specification for high-res PWMs; pwm_bl - Align brightness {inc,dec}rements with that perceived by the human-eye; pwm_bl Fix-ups: - Prepare for the introduction of -Wimplicit-fall-through; adp8860_bl Bug Fixes: - Fix uninitialised variable; pwm_bl" * tag 'backlight-next-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight: backlight: pwm_bl: Fix uninitialized variable backlight: adp8860: Mark expected switch fall-through backlight: Remove obsolete comment for ->state dt-bindings: pwm-backlight: Move brightness-levels to optional backlight: pwm_bl: Compute brightness of LED linearly to human eye dt-bindings: pwm-backlight: Add a num-interpolation-steps property backlight: pwm_bl: Linear interpolation between brightness-levels commit 532c2b926dda11174700333a5dda5e3c0ee383f2 Merge: 8786583db541 d2c9281c184b Author: Linus Torvalds Date: Mon Aug 20 15:38:44 2018 -0700 Merge tag 'mfd-next-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd Pull MFD updates from Lee Jones: "New Drivers: - Add Cirrus Logic Madera Codec (CS47L35, CS47L85 and CS47L90/91) driver - Add ChromeOS EC CEC driver - Add ROHM BD71837 PMIC driver New Device Support: - Add support for Dialog Semi DA9063L PMIC variant to DA9063 - Add support for Intel Ice Lake to Intel-PLSS-PCI - Add support for X-Powers AXP806 to AXP20x New Functionality: - Add support for USB Charging to the ChromeOS Embedded Controller - Add support for HDMI CEC to the ChromeOS Embedded Controller - Add support for HDMI CEC to Intel HDMI - Add support for accessory detection to Madera devices - Allow individual pins to be configured via DT' wlf,csnaddr-pd - Provide legacy platform specific EEPROM/Watchdog commands; rave-sp Fix-upsL - Trivial renaming/spelling fixes; cros_ec, da9063-* - Convert to Managed Resources (devm_*); da9063-*, ti_am335x_tscadc - Transition to helper macros/functions; da9063-* - Constify; kempld-core - Improve error path/messages; wm8994-core - Disable IRQs locally instead of relying on USB subsystem; dln2 - Remove unused code; rave-sp - New exports; sec-core Bug Fixes: - Fix possible false I2C transaction error; arizona-core - Fix declared memory area size; hi655x-pmic - Fix checksum type; rave-sp - Fix incorrect default serial port configuration: rave-sp - Fix incorrect coherent DMA mask for sub-devices; sm501" * tag 'mfd-next-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: (60 commits) mfd: madera: Add register definitions for accessory detect mfd: sm501: Set coherent_dma_mask when creating subdevices mfd: bd71837: Devicetree bindings for ROHM BD71837 PMIC mfd: bd71837: Core driver for ROHM BD71837 PMIC media: platform: cros-ec-cec: Fix dependency on MFD_CROS_EC mfd: sec-core: Export OF module alias table mfd: as3722: Disable auto-power-on when AC OK mfd: axp20x: Support AXP806 in I2C mode mfd: axp20x: Add self-working mode support for AXP806 dt-bindings: mfd: axp20x: Add "self-working" mode for AXP806 mfd: wm8994: Allow to configure CS/ADDR Pulldown from dts mfd: wm8994: Allow to configure Speaker Mode Pullup from dts mfd: rave-sp: Emulate CMD_GET_STATUS on device that don't support it mfd: rave-sp: Add legacy watchdog ping command translation mfd: rave-sp: Add legacy EEPROM access command translation mfd: rave-sp: Initialize flow control and parity of the port mfd: rave-sp: Fix incorrectly specified checksum type mfd: rave-sp: Remove unused defines mfd: hi655x: Fix regmap area declared size for hi655x mfd: ti_am335x_tscadc: Fix struct clk memory leak ... commit 8786583db54197b3859311870912f51cb3fca434 Merge: cafa0010cd51 b748f2de4b2f Author: Linus Torvalds Date: Mon Aug 20 15:28:54 2018 -0700 Merge tag 'edac_fixes_for_4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp Pull EDAC fix from Borislav Petkov: "An urgent fix for a NULL ptr deref on machines with LRDDR4 DIMMs, from Takashi Iwai" * tag 'edac_fixes_for_4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp: EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] commit cafa0010cd51fb711fdcb50fc55f394c5f167a0a Author: Joe Perches Date: Mon Aug 20 13:15:26 2018 -0700 Raise the minimum required gcc version to 4.6 Various architectures fail to build properly with older versions of the gcc compiler. An example from Guenter Roeck in thread [1]: > > In file included from ./include/linux/mm.h:17:0, > from ./include/linux/pid_namespace.h:7, > from ./include/linux/ptrace.h:10, > from arch/openrisc/kernel/asm-offsets.c:32: > ./include/linux/mm_types.h:497:16: error: flexible array member in otherwise empty struct > > This is just an example with gcc 4.5.1 for or32. I have seen the problem > with gcc 4.4 (for unicore32) as well. So update the minimum required version of gcc to 4.6. [1] https://lore.kernel.org/lkml/20180814170904.GA12768@roeck-us.net/ Miscellanea: - Update Documentation/process/changes.rst - Remove and consolidate version test blocks in compiler-gcc.h for versions lower than 4.6 Signed-off-by: Joe Perches Reviewed-by: Kees Cook Reviewed-by: Nick Desaulniers Signed-off-by: Linus Torvalds commit 35d231db53a60b76e218a56da30ad071d4717b56 Merge: bfd5bb6f90af 2cc15e802b25 Author: Max Filippov Date: Mon Aug 20 13:24:24 2018 -0700 Merge branch 'xtensa-dma-fixes' (early part) into xtensa-fixes This switches xtensa arch to the generic noncoherent direct mapping operations, adds support for DMA_ATTR_NO_KERNEL_MAPPING attribute and allows for platform-specific handling of coherent memory. Signed-off-by: Max Filippov commit 176eb614b118c96e7797f5ddefd10708c316f621 Author: Kai-Heng Feng Date: Mon Aug 20 12:43:51 2018 +0800 r8152: disable RX aggregation on new Dell TB16 dock There's a new Dell TB16 dock with a different iSerialNumber. Apply the same fix from commit 0b1655143df0 ("r8152: disable RX aggregation on Dell TB16 dock") to this model. BugLink: https://bugs.launchpad.net/bugs/1785780 Signed-off-by: Kai-Heng Feng Signed-off-by: David S. Miller commit bfd5bb6f90af092aa345b15cd78143956a13c2a8 Author: Max Filippov Date: Thu Sep 10 20:51:33 2015 +0300 xtensa: add test_kc705_be variant test_kc705_be is a big-endian Xtensa core with HiFi2 instructions. Signed-off-by: Max Filippov commit 0c692569ce1f8944490869604beb99de10278a12 Author: Max Filippov Date: Mon Aug 13 20:43:10 2018 -0700 xtensa: clean up boot-elf/bootstrap.S Drop unneeded headers, rewrite literal definitions with .literal. Signed-off-by: Max Filippov commit baac1d36d15d16fc064a901918bf844a36e97b1b Author: Max Filippov Date: Mon Aug 13 18:56:37 2018 -0700 xtensa: make bootparam parsing optional A kernel may not need any boot parameters from the bootloader, allow disabling bootparam parsing in that case. Signed-off-by: Max Filippov commit 8b5163eb988067093064ecb10265da27fd000cad Author: Max Filippov Date: Mon Aug 13 18:21:08 2018 -0700 xtensa: drop variant IRQ support If an xtensa core provides an additional IRQ controller it should be treated as a separate piece of hardware and be driven by an irqchip driver. Signed-off-by: Max Filippov commit fc862ee9976f0490a20b2a2b8ae0c4fbeb7bbf13 Author: Max Filippov Date: Mon Aug 13 18:14:14 2018 -0700 xtensa: drop unneeded platform/hardware.h headers platform/hardware.h no longer supply any information for processor.h, vectors.h, setup.c or vmlinux.lds.S, don't include it. This header is now empty in the platforms/iss, so remove it altogether. Signed-off-by: Max Filippov commit 994fa1c83d658f857dacf0512e8f7db246143d26 Author: Max Filippov Date: Mon Aug 13 18:11:38 2018 -0700 xtensa: move PLATFORM_NR_IRQS to Kconfig Signed-off-by: Max Filippov commit aea731c81f998af5e45654459bac24a1c808fb22 Author: Max Filippov Date: Mon Aug 13 16:45:54 2018 -0700 xtensa: rework {CONFIG,PLATFORM}_DEFAULT_MEM_START Drop PLATFORM_DEFAULT_MEM_START from the platform/hardware.h headers. Provide definition of CONFIG_DEFAULT_MEM_START always, allow changing it only in noMMU configurations when PLATFORM_WANT_DEFAULT_MEM is selected. Change prompt and description so that it's clear that it controls PAGE_OFFSET and PHYS_OFFSET. Signed-off-by: Max Filippov commit f79e4d5f92a129a1159c973735007d4ddc8541f3 Author: Max Filippov Date: Sun Aug 12 18:32:13 2018 -0700 xtensa: drop unused {CONFIG,PLATFORM}_DEFAULT_MEM_SIZE Now that noMMU cache attributes are set up separately drop no longer used macro PLATFORM_DEFAULT_MEM_SIZE and config symbol CONFIG_DEFAULT_MEM_SIZE used for setting it. Signed-off-by: Max Filippov commit cc26ebbebde8548014d9329ac2f6cf0178181789 Author: Tony Luck Date: Mon Aug 20 09:31:04 2018 -0700 ia64: Fix kernel BUG at lib/ioremap.c:72! Commit 0bbf47eab469 ("ia64: use asm-generic/io.h") results in a BUG while booting ia64. This is because asm-generic/io.h defines PCI_IOBASE, which results in the function acpi_pci_root_remap_iospace() doing a lot of unnecessary (and wrong) things. I'd suggested an #if !CONFIG_IA64 in the functon, but Arnd suggested keeping the fix inside the arch/ia64 tree. Fixes: 0bbf47eab469 ("ia64: use asm-generic/io.h") Suggested-by: Arnd Bergman Signed-off-by: Tony Luck Signed-off-by: Linus Torvalds commit 152395fd03d4ce1e535a75cdbf58105e50587611 Author: Anson Huang Date: Tue Jul 31 00:56:49 2018 +0800 thermal: of-thermal: disable passive polling when thermal zone is disabled When thermal zone is in passive mode, disabling its mode from sysfs is NOT taking effect at all, it is still polling the temperature of the disabled thermal zone and handling all thermal trips, it makes user confused. The disabling operation should disable the thermal zone behavior completely, for both active and passive mode, this patch clears the passive_delay when thermal zone is disabled and restores it when it is enabled. Signed-off-by: Anson Huang Signed-off-by: Eduardo Valentin commit 75f2d3a0cef5cd8cd41772c9f8ada37dee9c9369 Author: Juergen Gross Date: Mon Aug 20 17:24:20 2018 +0200 x86/xen: enable early use of set_fixmap in 32-bit Xen PV guest Commit 7b25b9cb0dad83 ("x86/xen/time: Initialize pv xen time in init_hypervisor_platform()") moved the mapping of the shared info area before pagetable_init(). This breaks booting as 32-bit PV guest as the use of set_fixmap isn't possible at this time on 32-bit. This can be worked around by populating the needed PMD on 32-bit kernel earlier. In order not to reimplement populate_extra_pte() using extend_brk() for allocating new page tables extend alloc_low_pages() to do that in case the early page table pool is not yet available. Fixes: 7b25b9cb0dad83 ("x86/xen/time: Initialize pv xen time in init_hypervisor_platform()") Signed-off-by: Juergen Gross Reviewed-by: Thomas Gleixner Signed-off-by: Boris Ostrovsky commit 00f53f758d9baffef9dc3efedf534bb0dc1872eb Author: Juergen Gross Date: Mon Aug 20 15:03:30 2018 +0200 xen: remove unused hypercall functions Remove Xen hypercall functions which are used nowhere in the kernel. Signed-off-by: Juergen Gross Signed-off-by: Boris Ostrovsky commit df11b6912f63ab86e694db5e9dee4df050f4c137 Author: Juergen Gross Date: Mon Aug 20 15:02:03 2018 +0200 x86/xen: remove unused function xen_auto_xlated_memory_setup() xen_auto_xlated_memory_setup() is a leftover from PVH V1. Remove it. Signed-off-by: Juergen Gross Signed-off-by: Boris Ostrovsky commit 166deb0f0bcdda70cfa650982777f94da273f0e4 Author: Jan Beulich Date: Mon Jun 25 04:17:35 2018 -0600 xen/ACPI: don't upload Px/Cx data for disabled processors This is unnecessary and triggers a warning in the hypervisor. Often systems have more processor entries in their ACPI tables than are actually installed/active. The ACPI_STA_DEVICE_PRESENT bit cannot be reliably used, but the ACPI_MADT_ENABLED bit can. In order to not introduce new functions in the main ACPI processor driver code, simply use acpi_get_phys_id(), which does more than we need, but which checks the MADT enabled bit in the process. Any CPU for which we can't determine the APIC ID is unlikely to work properly anyway, so the extra checks done by acpi_get_phys_id() should do no harm. Signed-off-by: Jan Beulich Reviewed-by: Juergen Gross Acked-by: Rafael J. Wysocki Signed-off-by: Boris Ostrovsky commit 71dc05635983ae711694f748d006e107387f1bab Author: Jan Beulich Date: Mon Jun 25 04:45:49 2018 -0600 x86/Xen: further refine add_preferred_console() invocations As the sequence of invocations matters, add "tty" only after "hvc" when a VGA console is available (which is often the case for Dom0, but hardly ever for DomU). Signed-off-by: Jan Beulich Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky commit f76c318c779a40cb23ff70d9c5d6e1771987ebba Author: Jan Beulich Date: Mon Jun 25 04:19:48 2018 -0600 xen/mcelog: eliminate redundant setting of interface version This already gets done in HYPERVISOR_mca(). Signed-off-by: Jan Beulich Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky commit 2197082afd4ef7139ea1bcb10b81c2dc881830a4 Author: Jan Beulich Date: Mon Jun 25 04:34:01 2018 -0600 x86/Xen: mark xen_setup_gdt() __init Its only caller is __init, so to avoid section mismatch warnings when a compiler decides to not inline the function marke this function so as well. Take the opportunity and also make the function actually use its argument: The sole caller passes in zero anyway. Signed-off-by: Jan Beulich Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky commit d316522d06e9894429ace4b5f99e181bde4e7bd7 Author: Kuninori Morimoto Date: Mon Aug 20 11:42:35 2018 -0700 thermal: rcar_gen3_thermal: convert to SPDX identifiers Signed-off-by: Kuninori Morimoto Reviewed-by: Geert Uytterhoeven Reviewed-by: Daniel Lezcano Reviewed-by: Niklas Söderlund Reviewed-by: Simon Horman Signed-off-by: Eduardo Valentin commit c954579087f4c0185206cfa777e697874b1e7d13 Author: Kuninori Morimoto Date: Mon Jul 30 07:56:06 2018 +0000 thermal: rcar_thermal: convert to SPDX identifiers As original license mentioned, it is GPL-2.0 in SPDX. Then, MODULE_LICENSE() should be "GPL v2" instead of "GPL". See ${LINUX}/include/linux/module.h "GPL" [GNU Public License v2 or later] "GPL v2" [GNU Public License v2] Signed-off-by: Kuninori Morimoto Reviewed-by: Daniel Lezcano Reviewed-by: Geert Uytterhoeven Reviewed-by: Simon Horman Signed-off-by: Eduardo Valentin commit b0c41e96cfd4305636f5ed0d60650e648485c54c Merge: 9c86336c15db b310974e0419 Author: David S. Miller Date: Mon Aug 20 11:34:39 2018 -0700 Merge branch 'qed-Misc-fixes-in-the-interface-with-the-MFW' Tomer Tayar says: ==================== qed: Misc fixes in the interface with the MFW This patch series fixes several issues in the driver's interface with the management FW (MFW). v1->v2: - Fix loop counter decrement to be pre instead of post. ==================== Signed-off-by: David S. Miller commit b310974e041913231b6e3d5d475d4df55c312301 Author: Tomer Tayar Date: Mon Aug 20 00:01:45 2018 +0300 qed: Avoid sending mailbox commands when MFW is not responsive Keep sending mailbox commands to the MFW when it is not responsive ends up with a redundant amount of timeout expiries. This patch prints the MCP status on the first command which is not responded, and blocks the following commands. Since the (un)load request commands might be not responded due to other PFs, the patch also adds the option to skip the blocking upon a failure. Signed-off-by: Tomer Tayar Signed-off-by: Ariel Elior Signed-off-by: David S. Miller commit eaa50fc59e5841910987e90b0438b2643041f508 Author: Tomer Tayar Date: Mon Aug 20 00:01:44 2018 +0300 qed: Prevent a possible deadlock during driver load and unload The MFW manages an internal lock to prevent concurrent hardware (de)initialization of different PFs. This, together with the busy-waiting for the MFW's responses for commands, might lead to a deadlock during concurrent load or unload of PFs. This patch adds the option to sleep within the busy-waiting, and uses it for the (un)load requests (which are not sent from an interrupt context) to prevent the possible deadlock. Signed-off-by: Tomer Tayar Signed-off-by: Ariel Elior Signed-off-by: David S. Miller commit 76271809f49056f079e202bf6513d17b0d6dd34d Author: Tomer Tayar Date: Mon Aug 20 00:01:43 2018 +0300 qed: Wait for MCP halt and resume commands to take place Successive iterations of halting and resuming the management chip (MCP) might fail, since currently the driver doesn't wait for these operations to actually take place. This patch prevents the driver from moving forward before the operations are reflected in the state register. Signed-off-by: Tomer Tayar Signed-off-by: Ariel Elior Signed-off-by: David S. Miller commit f00d25f3154b676fcea4502a25b94bd7f142ca74 Author: Tomer Tayar Date: Mon Aug 20 00:01:42 2018 +0300 qed: Wait for ready indication before rereading the shmem The MFW might be reset and re-update its shared memory. Upon the detection of such a reset the driver rereads this memory, but it has to wait till the data is valid. This patch adds the missing wait for a data ready indication. Signed-off-by: Tomer Tayar Signed-off-by: Ariel Elior Signed-off-by: David S. Miller commit 2dfef650217c0e24754cd4c3abbb43e98131a7cf Author: Fabio Estevam Date: Sat Jul 28 16:17:51 2018 -0300 thermal: qoriq: Switch to SPDX identifier Adopt the SPDX license identifier headers to ease license compliance management. Signed-off-by: Fabio Estevam Reviewed-by: Daniel Lezcano Acked-by: Philippe Ombredanne Signed-off-by: Eduardo Valentin commit 7a3b1bf70b37b3797c8570b82a473fd5749fab8d Merge: 66eb957df4c7 e45c7aca4914 Author: Palmer Dabbelt Date: Mon Aug 20 11:32:10 2018 -0700 RISC-V: Fix sys_riscv_flush_icache This contains a pair of patches that together fix sys_riscv_flush_icache on all systems: * The first enables sys_riscv_flush_icache() for non-SMP systems. * The second fixes a bug in our syscall header that caused sys_riscv_flush_icache to never get generated. commit 1a893a5a198eff228ddc1a364830f8928b8f9ac5 Author: Fabio Estevam Date: Sat Jul 28 16:17:50 2018 -0300 thermal: qoriq: Simplify the 'site' variable assignment There is no need to assign zero to the variable 'site' and then perform a compound bitwise OR operation afterwards. Make it simpler by assigning the final 'site' value directly. Signed-off-by: Fabio Estevam Reviewed-by: Daniel Lezcano Signed-off-by: Eduardo Valentin commit f1506a69e3e72196c7c5ce4fd420d5e1a6965ed3 Author: Fabio Estevam Date: Sat Jul 28 16:17:49 2018 -0300 thermal: qoriq: Use devm_thermal_zone_of_sensor_register() By using the managed devm_thermal_zone_of_sensor_register() we can drop the explicit call to thermal_zone_of_sensor_unregister() in the qoriq_tmu_remove() function, which simplifies the code a bit. So switch to devm_thermal_zone_of_sensor_register(). Signed-off-by: Fabio Estevam Reviewed-by: Daniel Lezcano Signed-off-by: Eduardo Valentin commit 66eb957df4c7f60afb2bf19873f12214a2b3b62b Author: Deepa Dinamani Date: Fri Jul 6 22:42:43 2018 -0700 riscv: Delete asm/compat.h riscv does not enable CONFIG_COMPAT in default configurations: defconfig, allmodconfig and allnoconfig. Remove the asm/compat.h as it does not seem to add any value to the architecture without CONFIG_COMPAT. Now that time compat syscalls are being reused in non CONFIG_COMPAT modes, asm-generic/compat.h provides definitions for riscv 32 bit mode. Reviewed-by: Christoph Hellwig Signed-off-by: Deepa Dinamani Cc: palmer@sifive.com Cc: linux-riscv@lists.infradead.org Signed-off-by: Palmer Dabbelt commit e45c7aca4914efc8bcdd8fc231efadcdc87ae2e5 Author: Palmer Dabbelt Date: Fri Aug 3 12:27:19 2018 -0700 RISC-V: Don't use a global include guard for uapi/asm/syscalls.h This file is expected to be included multiple times in the same file in order to allow the __SYSCALL macro to generate system call tables. With a global include guard we end up missing __NR_riscv_flush_icache in the syscall table, which results in icache flushes that escape the vDSO call to not actually do anything. The fix is to move to per-#define include guards, which allows the system call tables to actually be populated. Thanks to Macrus Comstedt for finding and fixing the bug! Cc: Marcus Comstedt Signed-off-by: Palmer Dabbelt commit 7847e7052fc37fff9761347411f2838849e2146d Author: Palmer Dabbelt Date: Thu Aug 9 12:53:57 2018 -0700 RISC-V: Define sys_riscv_flush_icache when SMP=n This would be necessary to make non-SMP builds work, but there is another error in the implementation of our syscall linkage that actually just causes sys_riscv_flush_icache to never build. I've build tested this on allnoconfig and allnoconfig+SMP=y, as well as defconfig like normal. CC: Christoph Hellwig CC: Guenter Roeck In-Reply-To: <20180809055830.GA17533@infradead.org> In-Reply-To: <20180809132612.GA31058@roeck-us.net> Signed-off-by: Palmer Dabbelt commit c513de490f808d8480346f9a58e6a4a5f3de12e7 Author: Michael J. Ruhl Date: Wed Aug 15 22:54:49 2018 -0700 IB/hfi1: Invalid NUMA node information can cause a divide by zero If the system BIOS does not supply NUMA node information to the PCI devices, the NUMA node is selected by choosing the current node. This can lead to the following crash: divide error: 0000 SMP CPU: 0 PID: 4 Comm: kworker/0:0 Tainted: G IOE ------------ 3.10.0-693.21.1.el7.x86_64 #1 Hardware name: Intel Corporation S2600KP/S2600KP, BIOS SE5C610.86B.01.01.0005.101720141054 10/17/2014 Workqueue: events work_for_cpu_fn task: ffff880174480fd0 ti: ffff880174488000 task.ti: ffff880174488000 RIP: 0010: [] hfi1_dev_affinity_init+0x129/0x6a0 [hfi1] RSP: 0018:ffff88017448bbf8 EFLAGS: 00010246 RAX: 0000000000000011 RBX: ffff88107ffba6c0 RCX: ffff88085c22e130 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880824ad0000 RBP: ffff88017448bc48 R08: 0000000000000011 R09: 0000000000000002 R10: ffff8808582b6ca0 R11: 0000000000003151 R12: ffff8808582b6ca0 R13: ffff8808582b6518 R14: ffff8808582b6010 R15: 0000000000000012 FS: 0000000000000000(0000) GS:ffff88085ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007efc707404f0 CR3: 0000000001a02000 CR4: 00000000001607f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Call Trace: hfi1_init_dd+0x14b3/0x27a0 [hfi1] ? pcie_capability_write_word+0x46/0x70 ? hfi1_pcie_init+0xc0/0x200 [hfi1] do_init_one+0x153/0x4c0 [hfi1] ? sched_clock_cpu+0x85/0xc0 init_one+0x1b5/0x260 [hfi1] local_pci_probe+0x4a/0xb0 work_for_cpu_fn+0x1a/0x30 process_one_work+0x17f/0x440 worker_thread+0x278/0x3c0 ? manage_workers.isra.24+0x2a0/0x2a0 kthread+0xd1/0xe0 ? insert_kthread_work+0x40/0x40 ret_from_fork+0x77/0xb0 ? insert_kthread_work+0x40/0x40 If the BIOS is not supplying NUMA information: - set the default table count to 1 for all possible nodes - select node 0 (instead of current NUMA) node to get consistent performance - generate an error indicating that the BIOS should be upgraded Reviewed-by: Gary Leshner Reviewed-by: Mike Marciniszyn Signed-off-by: Michael J. Ruhl Signed-off-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit badf58a272132c7bb953666b65ef816c1ef9efff Merge: 6e9df95b76ca 1d98a69e5cef Author: Jiri Kosina Date: Mon Aug 20 18:33:50 2018 +0200 Merge branch 'for-4.19/upstream' into for-linus commit b639186ffe9168fd1d2f95a1fff8571720739126 Author: Gustavo A. R. Silva Date: Thu Aug 16 12:21:24 2018 -0500 futex: Mark expected switch fall-throughs In preparation of enabling -Wimplicit-fallthrough, mark switch cases which fall through. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra Cc: Darren Hart Link: https://lkml.kernel.org/r/20180816172124.GA2407@embeddedor.com commit c953cc987ab87d180e1d5de2f1c217abe33aac77 Author: Dan Williams Date: Fri Jul 13 21:50:37 2018 -0700 libnvdimm, pmem: Restore page attributes when clearing errors Use clear_mce_nospec() to restore WB mode for the kernel linear mapping of a pmem page that was marked 'HWPoison'. A page with 'HWPoison' set has also been marked UC in PAT (page attribute table) via set_mce_nospec() to prevent speculative retrievals of poison. The 'HWPoison' flag is only cleared when overwriting an entire page. Signed-off-by: Dan Williams Signed-off-by: Dave Jiang commit 284ce4011ba60d6c487b668eea729b6294930806 Author: Dan Williams Date: Fri Jul 13 21:50:32 2018 -0700 x86/memory_failure: Introduce {set, clear}_mce_nospec() Currently memory_failure() returns zero if the error was handled. On that result mce_unmap_kpfn() is called to zap the page out of the kernel linear mapping to prevent speculative fetches of potentially poisoned memory. However, in the case of dax mapped devmap pages the page may be in active permanent use by the device driver, so it cannot be unmapped from the kernel. Instead of marking the page not present, marking the page UC should be sufficient for preventing poison from being pre-fetched into the cache. Convert mce_unmap_pfn() to set_mce_nospec() remapping the page as UC, to hide it from speculative accesses. Given that that persistent memory errors can be cleared by the driver, include a facility to restore the page to cacheable operation, clear_mce_nospec(). Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Borislav Petkov Cc: Cc: Acked-by: Tony Luck Signed-off-by: Dan Williams Acked-by: Ingo Molnar Signed-off-by: Dave Jiang commit 510ee090abc3dbc862bd35f5f3d8b7284a9117b4 Author: Dan Williams Date: Fri Jul 13 21:50:27 2018 -0700 x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses In preparation for using set_memory_uc() instead set_memory_np() for isolating poison from speculation, teach the memtype code to sanitize physical addresses vs __PHYSICAL_MASK. The motivation for using set_memory_uc() for this case is to allow ongoing access to persistent memory pages via the pmem-driver + memcpy_mcsafe() until the poison is repaired. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Tony Luck Cc: Borislav Petkov Cc: Cc: Signed-off-by: Dan Williams Acked-by: Ingo Molnar Signed-off-by: Dave Jiang commit 1429b47bfe98e63421d207aaae8038809c3f90ce Merge: ffbeeaa460a5 d4bdf2d2ba73 Author: Jiri Kosina Date: Mon Aug 20 18:13:57 2018 +0200 Merge branch 'for-4.19/wiimote' into for-linus Guitar-Hero devices support for hid-wiimote commit ffbeeaa460a500e640aeb0f4e91311d2ca02ba72 Merge: a91ddf23e240 418b573b4313 Author: Jiri Kosina Date: Mon Aug 20 18:12:42 2018 +0200 Merge branch 'for-4.19/wacom' into for-linus Wacom driver updates: - touch_max detection improvements - quirk handling cleanup - get rid of wacom custom usages commit a91ddf23e2400140382e08eca03786c6e948af86 Merge: 78a8ad794845 7f342e9c61d7 Author: Jiri Kosina Date: Mon Aug 20 18:11:20 2018 +0200 Merge branch 'for-4.19/upstream' into for-linus Assorted small driver/core fixes. commit 78a8ad7948451f5683fc3bc2791b17094f72b96d Merge: 16501e846dd2 ea58c33d4d85 Author: Jiri Kosina Date: Mon Aug 20 18:10:33 2018 +0200 Merge branch 'for-4.19/sony' into for-linus devm_* API conversion for hid-sony commit 16501e846dd23f56a23330cd874cfbfaf60daf1a Merge: f5dd80715ae1 28a042a3b7ab Author: Jiri Kosina Date: Mon Aug 20 18:09:06 2018 +0200 Merge branch 'for-4.19/multitouch-multiaxis' into for-linus Multitouch updates: - Dial support - Palm rejection for touchscreens - a few small assorted fixes commit f5dd80715ae1f34909cb04f29b7092dfc6717ed7 Merge: 4435b5774cdf 50fa92594a2b Author: Jiri Kosina Date: Mon Aug 20 18:07:36 2018 +0200 Merge branch 'for-4.19/intel-ish' into for-linus Device-specific fixes for hid-intel-ish commit 4435b5774cdf9b3547934333e8facbb3fc1057be Merge: 5a12d86ce3a9 6136f97cd2dd Author: Jiri Kosina Date: Mon Aug 20 18:07:01 2018 +0200 Merge branch 'for-4.19/i2c-hid' into for-linus Low voltage support for i2c-hid commit 5a12d86ce3a93b6442963e5f6e6511e8f470f760 Merge: 415d2b3392d7 e7ad3dc9f4a2 Author: Jiri Kosina Date: Mon Aug 20 18:06:30 2018 +0200 Merge branch 'for-4.19/elan' into for-linus Resolution/pressure fixes and new device support for hid-elan commit 415d2b3392d7a80903e0f97f051201aa02bf20e9 Merge: 4f65245f2d17 b8e759b8f6da Author: Jiri Kosina Date: Mon Aug 20 18:05:17 2018 +0200 Merge branch 'for-4.19/cougar' into for-linus New device support for hid-cougar commit 94d7a86c21a3d6046bf4616272313cb7d525075a Author: Josh Poimboeuf Date: Tue Aug 14 12:32:19 2018 -0500 x86/kvm/vmx: Remove duplicate l1d flush definitions These are already defined higher up in the file. Fixes: 7db92e165ac8 ("x86/kvm: Move l1tf setup function") Signed-off-by: Josh Poimboeuf Signed-off-by: Thomas Gleixner Cc: Paolo Bonzini Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/d7ca03ae210d07173452aeed85ffe344301219a5.1534253536.git.jpoimboe@redhat.com commit 9df9516940a61d29aedf4d91b483ca6597e7d480 Author: Vlastimil Babka Date: Mon Aug 20 11:58:35 2018 +0200 x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit On 32bit PAE kernels on 64bit hardware with enough physical bits, l1tf_pfn_limit() will overflow unsigned long. This in turn affects max_swapfile_size() and can lead to swapon returning -EINVAL. This has been observed in a 32bit guest with 42 bits physical address size, where max_swapfile_size() overflows exactly to 1 << 32, thus zero, and produces the following warning to dmesg: [ 6.396845] Truncating oversized swap area, only using 0k out of 2047996k Fix this by using unsigned long long instead. Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") Fixes: 377eeaa8e11f ("x86/speculation/l1tf: Limit swap file size to MAX_PA/2") Reported-by: Dominique Leuenberger Reported-by: Adrian Schroeter Signed-off-by: Vlastimil Babka Signed-off-by: Thomas Gleixner Acked-by: Andi Kleen Acked-by: Michal Hocko Cc: "H . Peter Anvin" Cc: Linus Torvalds Cc: Dave Hansen Cc: Michal Hocko Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180820095835.5298-1-vbabka@suse.cz commit dc76803e57cc86589c4efcb5362918f9b0c0436f Author: Rian Hunter Date: Sun Aug 19 16:08:53 2018 -0700 x86/process: Re-export start_thread() The consolidation of the start_thread() functions removed the export unintentionally. This breaks binfmt handlers built as a module. Add it back. Fixes: e634d8fc792c ("x86-64: merge the standard and compat start_thread() functions") Signed-off-by: Rian Hunter Signed-off-by: Thomas Gleixner Cc: "H. Peter Anvin" Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Vitaly Kuznetsov Cc: Joerg Roedel Cc: Dmitry Safonov Cc: Josh Poimboeuf Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180819230854.7275-1-rian@alum.mit.edu commit 704ae091b061082b37a9968621af4c290c641d50 Author: Arnd Bergmann Date: Fri Aug 17 12:01:36 2018 +0200 x86/mce: Add notifier_block forward declaration Without linux/irq.h, there is no declaration of notifier_block, leading to a build warning: In file included from arch/x86/kernel/cpu/mcheck/threshold.c:10: arch/x86/include/asm/mce.h:151:46: error: 'struct notifier_block' declared inside parameter list will not be visible outside of this definition or declaration [-Werror] It's sufficient to declare the struct tag here, which avoids pulling in more header files. Fixes: 447ae3166702 ("x86: Don't include linux/irq.h from asm/hardirq.h") Signed-off-by: Arnd Bergmann Signed-off-by: Thomas Gleixner Cc: Nicolai Stange Cc: "H. Peter Anvin" Cc: Greg Kroah-Hartman Cc: Borislav Petkov Link: https://lkml.kernel.org/r/20180817100156.3009043-1-arnd@arndb.de commit 2e549b2ee0e358bc758480e716b881f9cabedb6a Author: Andy Lutomirski Date: Thu Aug 16 12:41:15 2018 -0700 x86/vdso: Fix vDSO build if a retpoline is emitted Currently, if the vDSO ends up containing an indirect branch or call, GCC will emit the "external thunk" style of retpoline, and it will fail to link. Fix it by building the vDSO with inline retpoline thunks. I haven't seen any reports of this triggering on an unpatched kernel. Fixes: commit 76b043848fd2 ("x86/retpoline: Add initial retpoline support") Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Acked-by: Matt Rickard Cc: Borislav Petkov Cc: Jason Vas Dias Cc: David Woodhouse Cc: Peter Zijlstra Cc: Andi Kleen Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/c76538cd3afbe19c6246c2d1715bc6a60bd63985.1534448381.git.luto@kernel.org commit 286e87718103acdf85f4ed323a37e4839a8a7c05 Author: Vishal Verma Date: Fri Aug 10 13:23:15 2018 -0600 libnvdimm: fix ars_status output length calculation Commit efda1b5d87cb ("acpi, nfit, libnvdimm: fix / harden ars_status output length handling") Introduced additional hardening for ambiguity in the ACPI spec for ars_status output sizing. However, it had a couple of cases mixed up. Where it should have been checking for (and returning) "out_field[1] - 4" it was using "out_field[1] - 8" and vice versa. This caused a four byte discrepancy in the buffer size passed on to the command handler, and in some cases, this caused memory corruption like: ./daxdev-errors.sh: line 76: 24104 Aborted (core dumped) ./daxdev-errors $busdev $region malloc(): memory corruption Program received signal SIGABRT, Aborted. [...] #5 0x00007ffff7865a2e in calloc () from /lib64/libc.so.6 #6 0x00007ffff7bc2970 in ndctl_bus_cmd_new_ars_status (ars_cap=ars_cap@entry=0x6153b0) at ars.c:136 #7 0x0000000000401644 in check_ars_status (check=0x7fffffffdeb0, bus=0x604c20) at daxdev-errors.c:144 #8 test_daxdev_clear_error (region_name=, bus_name=) at daxdev-errors.c:332 Cc: Cc: Dave Jiang Cc: Keith Busch Cc: Lukasz Dorau Cc: Dan Williams Fixes: efda1b5d87cb ("acpi, nfit, libnvdimm: fix / harden ars_status output length handling") Signed-off-by: Vishal Verma Reviewed-by: Keith Busch Signed-of-by: Dave Jiang commit 7e0bdbe5c21cb8316a694e46ad5aad339f6894a6 Author: Harald Freudenberger Date: Fri Jul 20 08:36:53 2018 +0200 s390/zcrypt: AP bus support for alternate driver(s) The current AP bus, AP devices and AP device drivers implementation uses a clearly defined mapping for binding AP devices to AP device drivers. So for example a CEX6C queue will always be bound to the cex4queue device driver. The Linux Device Driver model has no sensitivity for more than one device driver eligible for one device type. If there exist more than one drivers matching to the device type, simple all drivers are tried consecutively. There is no way to determine and influence the probing order of the drivers. With KVM there is a need to provide additional device drivers matching to the very same type of AP devices. With a simple implementation the KVM drivers run in competition to the regular drivers. Whichever 'wins' a device depends on build order and implementation details within the common Linux Device Driver Model and is not deterministic. However, a userspace process could figure out which device should be bound to which driver and sort out the correct binding by manipulating attributes in the sysfs. If for security reasons a AP device must not get bound to the 'wrong' device driver the sorting out has to be done within the Linux kernel by the AP bus code. This patch modifies the behavior of the AP bus for probing drivers for devices in a way that two sets of drivers are usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a subset of the APQN range for 'usable by the ap bus and the default drivers' or 'not usable by the default drivers and thus available for alternate drivers like vfio-xxx'. So an APQN which is addressed by this masking only the default drivers will be probed. In contrary an APQN which is not addressed by the masks will never be probed and bound to default drivers but onny to alternate drivers. Eventually the two masks give a way to divide the range of APQNs into two pools: one pool of APQNs used by the AP bus and the default drivers and thus via zcrypt drivers available to the userspace of the system. And another pool where no zcrypt drivers are bound to and which can be used by alternate drivers (like vfio-xxx) for their needs. This division is hot-plug save and makes sure a APQN assigned to an alternate driver is at no time somehow exploitable by the wrong party. The two masks are located in sysfs at /sys/bus/ap/apmask and /sys/bus/ap/aqmask. The mask syntax is exactly the same as the already existing mask attributes in the /sys/bus/ap directory (for example ap_usage_domain_mask and ap_control_domain_mask). By default all APQNs belong to the ap bus and the default drivers: cat /sys/bus/ap/apmask 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff cat /sys/bus/ap/aqmask 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff The masks can be changed at boot time with the kernel command line like this: ... ap.apmask=0xffff ap.aqmask=0x40 This would give these two pools: default drivers pool: adapter 0 - 15, domain 1 alternate drivers pool: adapter 0 - 15, all but domain 1 adapter 16-255, all domains The sysfs attributes for this two masks are writeable and an administrator is able to reconfigure the assignements on the fly by writing new mask values into. With changing the mask(s) a revision of the existing queue to driver bindings is done. So all APQNs which are bound to the 'wrong' driver are reprobed via kernel function device_reprobe() and thus the new correct driver will be assigned with respect of the changed apmask and aqmask bits. The mask values are bitmaps in big endian order starting with bit 0. So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs attributes accept 2 different formats: - Absolute hex string starting with 0x like "0x12345678" does set the mask starting from left to right. If the given string is shorter than the mask it is padded with 0s on the right. If the string is longer than the mask an error comes back (EINVAL). - '+' or '-' followed by a numerical value. Valid examples are "+1", "-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed bit in the mask is switched on ('+') or off ('-'). This patch will also be the base for an upcoming extension to the zcrypt drivers to be able to provide additional zcrypt device nodes with filtering based on ap and aq masks. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky commit ac2b96f351d7d222c46e524feca03005f3fa8d75 Author: Harald Freudenberger Date: Fri Aug 17 12:36:01 2018 +0200 s390/zcrypt: code beautify Code beautify by following most of the checkpatch suggestions: - SPDX license identifier line complains by checkpatch - missing space or newline complains by checkpatch - octal numbers for permssions complains by checkpatch - renaming of static sysfs functions complains by checkpatch - fix of block comment complains by checkpatch - fix printf like calls where function name instead of %s __func__ was used - __packed instead of __attribute__((packed)) - init to zero for static variables removed - use of DEVICE_ATTR_RO and DEVICE_ATTR_RW macros No functional code changes or API changes! Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky commit 9b97e9f555f1fe5044dc76d9212078757aa143ce Author: Harald Freudenberger Date: Fri Aug 17 09:01:09 2018 +0200 s390/zcrypt: switch return type to bool for ap_instructions_available() Function ap_instructions_available() had returntype int but in fact returned 1 for true and 0 for false. Changed returntype to bool. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky commit 78303650e4cd873c6c4276c6fe3e768ff0b46d22 Author: Arnaldo Carvalho de Melo Date: Mon Aug 20 10:17:14 2018 -0300 tools arch: Update arch/x86/lib/memcpy_64.S copy used in 'perf bench mem memcpy' To bring in the change made in this cset: Fixes: a7bea8308933 ("x86/asm/64: Use 32-bit XOR to zero registers") CC /tmp/build/perf/bench/mem-memcpy-x86-64-asm.o LD /tmp/build/perf/bench/perf-in.o LD /tmp/build/perf/perf-in.o LINK /tmp/build/perf/perf Silencing this perf build warning: Warning: Kernel ABI header at 'tools/arch/x86/lib/memcpy_64.S' differs from latest version at 'arch/x86/lib/memcpy_64.S' diff -u tools/arch/x86/lib/memcpy_64.S arch/x86/lib/memcpy_64.S Cc: Adrian Hunter Cc: David Ahern Cc: Jan Beulich Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-sad22dudoz71qr3tsnlqtkia@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 252df177113575a66fc505169a29221d7232eb1e Author: Arnaldo Carvalho de Melo Date: Mon Aug 20 10:13:13 2018 -0300 tools arch x86: Update tools's copy of cpufeatures.h To get the changes in the following csets: 301d328a6f8b ("x86/cpufeatures: Add EPT_AD feature bit") 706d51681d63 ("x86/speculation: Support Enhanced IBRS on future CPUs") No tools were affected, copy it to silence this perf tool build warning: Warning: Kernel ABI header at 'tools/arch/x86/include/asm/cpufeatures.h' differs from latest version at 'arch/x86/include/asm/cpufeatures.h' diff -u tools/arch/x86/include/asm/cpufeatures.h arch/x86/include/asm/cpufeatures.h Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Feiner Cc: Sai Praneeth Cc: Thomas Gleixner Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-bvs8wgd5wp4lz9f0xf1iug5r@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 19358d4488db7e6a04e940730cc75909d7d1e0d8 Author: Wolfram Sang Date: Wed Aug 8 09:59:28 2018 +0200 i2c: rcar: implement STOP and REP_START according to docs When doing a REP_START after a read message, the driver used to trigger a STOP first which would then be overwritten by REP_START. This was the only stable method found when doing the last refactoring. However, this was not in accordance with the documentation. After research from our BSP team and myself, we now can implement a version which works and is according to the documentation. The new approach ensures the ICMCR register is only changed when really needed. Tested on a R-Car Gen2 (H2) and Gen3 with DMA (M3N). Signed-off-by: Hiromitsu Yamasaki Signed-off-by: Wolfram Sang Reviewed-by: Ulrich Hecht Signed-off-by: Wolfram Sang commit b07531acd55180efc95e334605f04ca1eaf4e003 Author: Wolfram Sang Date: Wed Aug 8 09:59:27 2018 +0200 i2c: rcar: refactor private flags Use BIT macro to avoid shift-31-problem, indent a little more and use GENMASK to make it easier to add new flags. Signed-off-by: Wolfram Sang Reviewed-by: Ulrich Hecht Signed-off-by: Wolfram Sang commit 0a30446c0dca3483c384b54a431cc951e15f7e79 Author: Hans de Goede Date: Sun Aug 12 12:53:21 2018 +0200 i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return value Currently acpi_gsb_i2c_read_bytes() directly returns i2c_transfer's return value. i2c_transfer returns a value < 0 on error and 2 (for 2 successfully executed transfers) on success. But the ACPI code expects 0 on success, so currently acpi_gsb_i2c_read_bytes()'s caller does: if (status > 0) status = 0; This commit makes acpi_gsb_i2c_read_bytes() return a value which can be directly consumed by the ACPI code, mirroring acpi_gsb_i2c_write_bytes(), this commit also makes acpi_gsb_i2c_read_bytes() explitcly check that i2c_transfer returns 2, rather then accepting any value > 0. Signed-off-by: Hans de Goede Acked-by: Mika Westerberg Signed-off-by: Wolfram Sang commit c463a158cb6c5d9a85b7d894cd4f8116e8bd6be0 Author: Hans de Goede Date: Sun Aug 12 12:53:20 2018 +0200 i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes acpi_gsb_i2c_write_bytes() returns i2c_transfer()'s return value, which is the number of transfers executed on success, so 1. The ACPI code expects us to store 0 in gsb->status for success, not 1. Specifically this breaks the following code in the Thinkpad 8 DSDT: ECWR = I2CW = ECWR /* \_SB_.I2C1.BAT0.ECWR */ If ((ECST == Zero)) { ECRD = I2CR /* \_SB_.I2C1.I2CR */ } Before this commit we set ECST to 1, causing the read to never happen breaking battery monitoring on the Thinkpad 8. This commit makes acpi_gsb_i2c_write_bytes() return 0 when i2c_transfer() returns 1, so the single write transfer completed successfully, and makes it return -EIO on for other (unexpected) return values >= 0. Cc: stable@vger.kernel.org Signed-off-by: Hans de Goede Acked-by: Mika Westerberg Signed-off-by: Wolfram Sang commit 0857f50807709ae109b9d11d7ca88c44dc7ca99f Author: Fabrizio Castro Date: Tue Aug 14 13:32:55 2018 +0100 dt-bindings: i2c: rcar: Add r8a774a1 support Document RZ/G2M (R8A774A1) I2C compatibility with the relevant driver dt-bindings. Signed-off-by: Fabrizio Castro Reviewed-by: Biju Das Reviewed-by: Rob Herring Reviewed-by: Simon Horman Signed-off-by: Wolfram Sang commit de460c20f4d76a25555458e2ec478f01b31fa60c Author: Fabrizio Castro Date: Tue Aug 14 13:33:08 2018 +0100 dt-bindings: i2c: sh_mobile: Add r8a774a1 support Document RZ/G2M (R8A774A1) SoC bindings. Signed-off-by: Fabrizio Castro Reviewed-by: Biju Das Reviewed-by: Rob Herring Reviewed-by: Simon Horman Signed-off-by: Wolfram Sang commit d3bc0fa8411c35194f99046157e2e26fe60e1d91 Author: Jan Kara Date: Mon Aug 20 13:55:45 2018 +0200 fsnotify: fix false positive warning on inode delete When inode is getting deleted and someone else holds reference to a mark attached to the inode, we just detach the connector from the inode. In that case fsnotify_put_mark() called from fsnotify_destroy_marks() will decide to recalculate mask for the inode and __fsnotify_recalc_mask() will WARN about invalid connector type: WARNING: CPU: 1 PID: 12015 at fs/notify/mark.c:139 __fsnotify_recalc_mask+0x2d7/0x350 fs/notify/mark.c:139 Actually there's no reason to warn about detached connector in __fsnotify_recalc_mask() so just silently skip updating the mask in such case. Reported-by: syzbot+c34692a51b9a6ca93540@syzkaller.appspotmail.com Fixes: 3ac70bfcde81 ("fsnotify: add helper to get mask from connector") Signed-off-by: Jan Kara commit 721f0dfc3ce821c6a32820ab63edfb48ed4af075 Author: Jiri Olsa Date: Fri Aug 17 13:45:56 2018 +0200 perf python: Fix pyrf_evlist__read_on_cpu() interface Jaroslav reported errors from valgrind over perf python script: # echo 0 > /sys/devices/system/cpu/cpu4/online # valgrind ./test.py ==7524== Memcheck, a memory error detector ... ==7524== Command: ./test.py ==7524== pid 7526 exited ==7524== Invalid read of size 8 ==7524== at 0xCC2C2B3: perf_mmap__read_forward (evlist.c:780) ==7524== by 0xCC2A681: pyrf_evlist__read_on_cpu (python.c:959) ... ==7524== Address 0x65c4868 is 16 bytes after a block of size 459,36.. ==7524== at 0x4C2B955: calloc (vg_replace_malloc.c:711) ==7524== by 0xCC2F484: zalloc (util.h:35) ==7524== by 0xCC2F484: perf_evlist__alloc_mmap (evlist.c:978) ... The reason for this is in the python interface, that allows a script to pass arbitrary cpu number, which is then used to access struct perf_evlist::mmap array. That's obviously wrong and works only when if all cpus are available and fails if some cpu is missing, like in the example above. This patch makes pyrf_evlist__read_on_cpu() search the evlist's maps array for the proper map to access. It's linear search at the moment. Based on the way how is the read_on_cpu used, I don't think we need to be fast in here. But we could add some hash in the middle to make it fast/er. We don't allow python interface to set write_backward event attribute, so it's safe to check only evlist's mmaps. Reported-by: Jaroslav Škarvada Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Joe Mario Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817114556.28000-3-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 31fb4c0d7b88f036edb96a6a3bd791289ea2f931 Author: Jiri Olsa Date: Fri Aug 17 13:45:55 2018 +0200 perf mmap: Store real cpu number in 'struct perf_mmap' Store the real cpu number in 'struct perf_mmap', which will be used by python interface that allows user to read a particular memory map for given cpu. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Jaroslav Škarvada Cc: Joe Mario Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817114556.28000-2-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit b946cd37348aaef443a1d951144f79a70274867f Author: Jiri Olsa Date: Fri Aug 17 11:48:13 2018 +0200 perf tools: Remove ext from struct kmod_path Having comp carrying the compression ID, we no longer need return the extension. Removing it and updating the automated test. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817094813.15086-14-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 88c74dc76a30b9242c2df687deb44788d93fee6b Author: Jiri Olsa Date: Fri Aug 17 11:48:12 2018 +0200 perf tools: Add gzip_is_compressed function Add implementation of the is_compressed callback for gzip. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817094813.15086-13-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 4b57fd44b61beb51b7d64f21c72941ba10c1ea2b Author: Jiri Olsa Date: Fri Aug 17 11:48:11 2018 +0200 perf tools: Add lzma_is_compressed function Add implementation of the is_compressed callback for lzma. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817094813.15086-12-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 8b42b7e5e8b5692bc5e57342bf00c40d64978407 Author: Jiri Olsa Date: Fri Aug 17 11:48:10 2018 +0200 perf tools: Add is_compressed callback to compressions array Add is_compressed callback to the compressions array, that returns 0 if the file is compressed or != 0 if not. The new callback is used to recognize the situation when we have a 'compressed' object, like: /lib/modules/.../drivers/net/ethernet/intel/igb/igb.ko.xz but we need to read its debug data from debuginfo files, which might not be compressed, like: /root/.debug/.build-id/d6/...c4b301f/debug So even for a 'compressed' object we read debug data from a plain uncompressed object. To keep this transparent, we detect this in decompress_kmodule() and return the file descriptor to the uncompressed file. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817094813.15086-11-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit c9a8a6131fb68f6eabec34fd855e69b4855155e4 Author: Jiri Olsa Date: Fri Aug 17 11:48:09 2018 +0200 perf tools: Move the temp file processing into decompress_kmodule We will add a compression check in the following patch and it makes it easier if the file processing is done in a single place. It also makes the current code simpler. The decompress_kmodule function now returns the fd of the uncompressed file and the file name in the pathname arg, if it's provided. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817094813.15086-10-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit dde755a90e98a1c57f6a92d1a79bc5554024065c Author: Jiri Olsa Date: Fri Aug 17 11:48:08 2018 +0200 perf tools: Use compression id in decompress_kmodule() Once we parsed out the compression ID, we dont need to iterate all available compressions and we can call it directly. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817094813.15086-9-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 2af5247530e073f4146d74ecd96cf64c953c001c Author: Jiri Olsa Date: Fri Aug 17 11:48:07 2018 +0200 perf tools: Store compression id into struct dso Add comp to 'struct dso' to hold the compression index. It will be used in the following patches. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817094813.15086-8-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 4b838b0db4e9cb3892b181ea9adc13cefb90d210 Author: Jiri Olsa Date: Fri Aug 17 11:48:06 2018 +0200 perf tools: Add compression id into 'struct kmod_path' Store a decompression ID in 'struct kmod_path', so it can be later stored in 'struct dso'. Switch 'struct kmod_path's 'comp' from 'bool' to 'int' to return the compressions array index. Add 0 index item into compressions array, so that the comp usage stays as it was: 0 - no compression, != 0 compression index. Update the kmod_path tests. Committer notes: Use a designated initializer + terminating comma, e.g. { .fmt = NULL, }, to fix the build in several distros: centos:6: util/dso.c:201: error: missing initializer centos:6: util/dso.c:201: error: (near initialization for 'compressions[0].decompress') debian:9: util/dso.c:201:24: error: missing field 'decompress' initializer [-Werror,-Wmissing-field-initializers] fedora:25: util/dso.c:201:24: error: missing field 'decompress' initializer [-Werror,-Wmissing-field-initializers] fedora:26: util/dso.c:201:24: error: missing field 'decompress' initializer [-Werror,-Wmissing-field-initializers] fedora:27: util/dso.c:201:24: error: missing field 'decompress' initializer [-Werror,-Wmissing-field-initializers] oraclelinux:6: util/dso.c:201: error: missing initializer oraclelinux:6: util/dso.c:201: error: (near initialization for 'compressions[0].decompress') ubuntu:12.04.5: util/dso.c:201:2: error: missing initializer [-Werror=missing-field-initializers] ubuntu:12.04.5: util/dso.c:201:2: error: (near initialization for 'compressions[0].decompress') [-Werror=missing-field-initializers] ubuntu:16.04: util/dso.c:201:24: error: missing field 'decompress' initializer [-Werror,-Wmissing-field-initializers] ubuntu:16.10: util/dso.c:201:24: error: missing field 'decompress' initializer [-Werror,-Wmissing-field-initializers] ubuntu:16.10: util/dso.c:201:24: error: missing field 'decompress' initializer [-Werror,-Wmissing-field-initializers] ubuntu:17.10: util/dso.c:201:24: error: missing field 'decompress' initializer [-Werror,-Wmissing-field-initializers] Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817094813.15086-7-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit e1e139463db363a253296b431e61519d8809e386 Author: Jiri Olsa Date: Fri Aug 17 11:48:05 2018 +0200 perf tools: Make is_supported_compression() static There's no outside user of it. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817094813.15086-6-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 85e1d419e71eaa39248a9fa6572502a3c802f9ca Author: Jiri Olsa Date: Fri Aug 17 11:48:04 2018 +0200 perf tools: Make decompress_to_file() function static There's no outside user of it. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817094813.15086-5-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit d68a29c2823ff6bd7a25cb748b577f2d88c1f47a Author: Jiri Olsa Date: Fri Aug 17 11:48:03 2018 +0200 perf tools: Get rid of dso__needs_decompress() call in __open_dso() There's no need to call dso__needs_decompress() twice in the function. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817094813.15086-4-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 2354ae9bdc320939cc74695b564ccf178780dd61 Author: Jiri Olsa Date: Fri Aug 17 11:48:02 2018 +0200 perf tools: Get rid of dso__needs_decompress() call in symbol__disassemble() There's no need to call dso__needs_decompress() twice in the function. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817094813.15086-3-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit bcd4287ead885e010cd49265d8c68f2373476b08 Author: Jiri Olsa Date: Fri Aug 17 11:48:01 2018 +0200 perf tools: Get rid of dso__needs_decompress() call in read_object_code() There's no need to call dso__needs_decompress() twice in the function. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180817094813.15086-2-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 6ab025ed444cfd1f6cc93c05a977550ce82c8ea1 Author: Steven Rostedt (VMware) Date: Thu Aug 16 11:10:15 2018 -0400 tools lib traceevent: Change to SPDX License format Replace the GPL text with SPDX tags in the tools/lib/traceevent files. Signed-off-by: Steven Rostedt Cc: Jiri Olsa Cc: Tzvetomir Stoyanov (VMware) Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180816111015.125e0f25@gandalf.local.home Signed-off-by: Arnaldo Carvalho de Melo commit cb76371441d0984824a6e66f8f3d369f037edb34 Author: Arnaldo Carvalho de Melo Date: Wed Aug 15 17:07:01 2018 -0300 perf llvm: Allow passing options to llc in addition to clang The newly added 'llvm.opts' variable allows passing options directly to llc, like needed to get sane DWARF in BPF ELF debug sections: With: [root@seventh perf]# cat ~/.perfconfig [llvm] dump-obj = true clang-opt = -g [root@seventh perf]# We get: [root@seventh perf]# perf trace -e tools/perf/examples/bpf/hello.c cat /etc/passwd > /dev/null LLVM: dumping tools/perf/examples/bpf/hello.o 0.000 __bpf_stdout__:Hello, world 0.015 __bpf_stdout__:Hello, world 0.187 __bpf_stdout__:Hello, world [root@seventh perf]# pahole tools/perf/examples/bpf/hello.o struct clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566eefef9c3777bd780ec4cbb9efa764633b76c) { clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566e.org clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566eefef9c3777bd780ec4cbb9efa764633b76c); /* 0 4 */ clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566e.org clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566eefef9c3777bd780ec4cbb9efa764633b76c); /* 4 4 */ clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566e.org clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566eefef9c3777bd780ec4cbb9efa764633b76c); /* 8 4 */ clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566e.org clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566eefef9c3777bd780ec4cbb9efa764633b76c); /* 12 4 */ clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566e.org clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566eefef9c3777bd780ec4cbb9efa764633b76c); /* 16 4 */ clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566e.org clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566eefef9c3777bd780ec4cbb9efa764633b76c); /* 20 4 */ clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566e.org clang version 8.0.0 (http://llvm.org/git/clang.git 8587270a739ee30c926a76d5657e65e85b560f6e) (http://llvm.org/git/llvm.git 0566eefef9c3777bd780ec4cbb9efa764633b76c); /* 24 4 */ /* size: 28, cachelines: 1, members: 7 */ /* last cacheline: 28 bytes */ }; [root@seventh perf]# Adding these options to be passed to llvm's llc: [root@seventh perf]# cat ~/.perfconfig [llvm] dump-obj = true clang-opt = -g opts = -mattr=dwarfris [root@seventh perf]# We get sane output: [root@seventh perf]# perf trace -e tools/perf/examples/bpf/hello.c cat /etc/passwd > /dev/null LLVM: dumping tools/perf/examples/bpf/hello.o 0.000 __bpf_stdout__:Hello, world 0.015 __bpf_stdout__:Hello, world 0.185 __bpf_stdout__:Hello, world [root@seventh perf]# pahole tools/perf/examples/bpf/hello.o struct bpf_map { unsigned int type; /* 0 4 */ unsigned int key_size; /* 4 4 */ unsigned int value_size; /* 8 4 */ unsigned int max_entries; /* 12 4 */ unsigned int map_flags; /* 16 4 */ unsigned int inner_map_idx; /* 20 4 */ unsigned int numa_node; /* 24 4 */ /* size: 28, cachelines: 1, members: 7 */ /* last cacheline: 28 bytes */ }; [root@seventh perf]# Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Jiri Olsa Cc: Martin KaFai Lau Cc: Namhyung Kim Cc: Wang Nan , Cc: Yonghong Song Link: https://lkml.kernel.org/n/tip-0lrwmrip4dru1651rm8xa7tq@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 49836f7811f383d8613661fff110ce74f4710d52 Author: Jack Henschel Date: Wed Jul 4 14:13:45 2018 +0200 perf parser: Improve error message for PMU address filters This is the second version of a patch that improves the error message of the perf events parser when the PMU hardware does not support address filters. Previously, the perf returned the following error: $ perf record -e intel_pt// --filter 'filter sys_write' --filter option should follow a -e tracepoint or HW tracer option This implies there is some syntax error present in the command line, which is not true. Rather, notify the user that the CPU does not have support for this feature. For example, Intel chips based on the Broadwell micro-archticture have the Intel PT PMU, but do not support address filtering. Now, perf prints the following error message: $ perf record -e intel_pt// --filter 'filter sys_write' This CPU does not support address filtering Signed-off-by: Jack Henschel Tested-by: Arnaldo Carvalho de Melo Acked-by: Jiri Olsa Cc: Alexander Shishkin Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180704121345.19025-1-jackdev@mailbox.org Signed-off-by: Arnaldo Carvalho de Melo commit da15fc2fa9c07b23db8f5e479bd8a9f0d741ca07 Author: Rasmus Villemoes Date: Thu Jul 5 15:15:27 2018 +0200 perf tools: Disable parallelism for 'make clean' The Yocto build system does a 'make clean' when rebuilding due to changed dependencies, and that consistently fails for me (causing the whole BSP build to fail) with errors such as | find: '[...]/perf/1.0-r9/perf-1.0/plugin_mac80211.so': No such file or directory | find: '[...]/perf/1.0-r9/perf-1.0/plugin_mac80211.so': No such file or directory | find: find: '[...]/perf/1.0-r9/perf-1.0/libtraceevent.a''[...]/perf/1.0-r9/perf-1.0/libtraceevent.a': No such file or directory: No such file or directory | [...] | find: cannot delete '/mnt/xfs/devel/pil/yocto/tmp-glibc/work/wandboard-oe-linux-gnueabi/perf/1.0-r9/perf-1.0/util/.pstack.o.cmd': No such file or directory Apparently (despite the comment), 'make clean' ends up launching multiple sub-makes that all want to remove the same things - perhaps this only happens in combination with a O=... parameter. In any case, we don't lose much by explicitly disabling the parallelism for the clean target, and it makes automated builds much more reliable. Signed-off-by: Rasmus Villemoes Acked-by: Jiri Olsa Cc: Alexander Shishkin Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180705131527.19749-1-linux@rasmusvillemoes.dk Signed-off-by: Arnaldo Carvalho de Melo commit 5ef499cd571c293b74a30d77e7ef512edb6ded6b Author: Rafael J. Wysocki Date: Tue Aug 14 12:34:40 2018 +0200 cpuidle: menu: Handle stopped tick more aggressively Commit 87c9fe6ee495 (cpuidle: menu: Avoid selecting shallow states with stopped tick) missed the case when the target residencies of deep idle states of CPUs are above the tick boundary which may cause the CPU to get stuck in a shallow idle state for a long time. Say there are two CPU idle states available: one shallow, with the target residency much below the tick boundary and one deep, with the target residency significantly above the tick boundary. In that case, if the tick has been stopped already and the expected next timer event is relatively far in the future, the governor will assume the idle duration to be equal to TICK_USEC and it will select the idle state for the CPU accordingly. However, that will cause the shallow state to be selected even though it would have been more energy-efficient to select the deep one. To address this issue, modify the governor to always use the time till the closest timer event instead of the predicted idle duration if the latter is less than the tick period length and the tick has been stopped already. Also make it extend the search for a matching idle state if the tick is stopped to avoid settling on a shallow state if deep states with target residencies above the tick period length are available. In addition, make it always indicate that the tick should be stopped if it has been stopped already for consistency. Fixes: 87c9fe6ee495 (cpuidle: menu: Avoid selecting shallow states with stopped tick) Reported-by: Leo Yan Acked-by: Peter Zijlstra (Intel) Cc: 4.17+ # 4.17+ Signed-off-by: Rafael J. Wysocki commit db2173198b9513f7add8009f225afa1f1c79bcc6 Author: Benjamin Herrenschmidt Date: Fri Aug 17 17:30:39 2018 +1000 powerpc/powernv/pci: Work around races in PCI bridge enabling The generic code is racy when multiple children of a PCI bridge try to enable it simultaneously. This leads to drivers trying to access a device through a not-yet-enabled bridge, and this EEH errors under various circumstances when using parallel driver probing. There is work going on to fix that properly in the PCI core but it will take some time. x86 gets away with it because (outside of hotplug), the BIOS enables all the bridges at boot time. This patch does the same thing on powernv by enabling all bridges that have child devices at boot time, thus avoiding subsequent races. It's suitable for backporting to stable and distros, while the proper PCI fix will probably be significantly more invasive. Signed-off-by: Benjamin Herrenschmidt Cc: stable@vger.kernel.org Signed-off-by: Michael Ellerman commit a58183138cb72059a0c278f8370a47f41dae9afa Author: Hari Bathini Date: Sat Aug 18 02:10:56 2018 +0530 powerpc/fadump: cleanup crash memory ranges support Commit 1bd6a1c4b80a ("powerpc/fadump: handle crash memory ranges array index overflow") changed crash memory ranges to a dynamic array that is reallocated on-demand with krealloc(). The relevant header for this call was not included. The kernel compiles though. But be cautious and add the header anyway. Also, memory allocation logic in fadump_add_crash_memory() takes care of memory allocation for crash memory ranges in all scenarios. Drop unnecessary memory allocation in fadump_setup_crash_memory_ranges(). Fixes: 1bd6a1c4b80a ("powerpc/fadump: handle crash memory ranges array index overflow") Cc: Mahesh Salgaonkar Signed-off-by: Hari Bathini Signed-off-by: Michael Ellerman commit 95b861a76c1ded3e89d33a3d9f4552dce22e9875 Author: Nicholas Piggin Date: Tue May 1 00:55:58 2018 +1000 powerpc/powernv: provide a console flush operation for opal hvc driver Provide the flush hv_op for the opal hvc driver. This will flush the firmware console buffers without spinning with interrupts disabled. Cc: Benjamin Herrenschmidt Cc: linuxppc-dev@lists.ozlabs.org Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman commit 997dd26cb3c8b7c9b8765751cc1491ad33b2024f Author: Michael Ellerman Date: Thu Aug 16 15:27:47 2018 +1000 powerpc/traps: Avoid rate limit messages from show unhandled signals In the recent commit to add an explicit ratelimit state when showing unhandled signals, commit 35a52a10c3ac ("powerpc/traps: Use an explicit ratelimit state for show_signal_msg()"), I put the check of show_unhandled_signals and the ratelimit state before the call to unhandled_signal() so as to avoid unnecessarily calling the latter when show_unhandled_signals is false. However that causes us to check the ratelimit state on every call, so if we take a lot of *handled* signals that has the effect of making the ratelimit code print warnings that callbacks have been suppressed when they haven't. So rearrange the code so that we check show_unhandled_signals first, then call unhandled_signal() and finally check the ratelimit state. Signed-off-by: Michael Ellerman Reviewed-by: Murilo Opsfelder Araujo commit 8cdc43afbb2cb58692c49fab0b13e2d9439c0642 Author: John Crispin Date: Wed Jul 25 11:52:09 2018 +0200 pwm: mediatek: Add MT7628 support Add support for MT7628. The SoC is legacy MIPS and hence has no complex clock tree. This patch add an extra flag to the SoC specific data indicating, that no clocks are present. Signed-off-by: John Crispin Reviewed-by: Matthias Brugger Signed-off-by: Thierry Reding commit 935be8e08a73e090ee8a9e252242c089f81a4ce4 Author: John Crispin Date: Wed Jul 25 11:52:08 2018 +0200 dt-bindings: pwm: Add MT7628 information Enhance the MediaTek PWM binding with details about the IP found in the MT7628 SoC. Signed-off-by: John Crispin Signed-off-by: Thierry Reding commit 5cd96041d027d958fe6b24e193488a468af0762e Author: Yoshihiro Shimoda Date: Mon Jul 30 20:49:51 2018 +0900 dt-bindings: pwm: rcar: Add bindings for R-Car E3 support This patch adds bindings for R-Car E3. No driver update is needed. Signed-off-by: Yoshihiro Shimoda Reviewed-by: Geert Uytterhoeven Reviewed-by: Simon Horman Acked-by: Rob Herring Signed-off-by: Thierry Reding commit b96e9eb62841c519ba1db32d036628be3cdef91f Author: Jerome Brunet Date: Wed Aug 1 12:57:20 2018 +0200 pwm: meson: Fix mux clock names Current clock name looks like this: /soc/bus@ffd00000/pwm@1b000#mux0 This is bad because CCF uses the clock to create a directory in clk debugfs. With such name, the directory creation (silently) fails and the debugfs entry end up being created at the debugfs root. With this change, the clock name will now be: ffd1b000.pwm#mux0 This matches the clock naming scheme used in the ethernet and mmc driver. It also fixes the problem with debugfs. Fixes: 36af66a79056 ("pwm: Convert to using %pOF instead of full_name") Signed-off-by: Jerome Brunet Acked-by: Neil Armstrong Signed-off-by: Thierry Reding commit 2c2059c0b85d93d527cd23c0491288ef0264aee5 Author: Fabrice Gasnier Date: Fri Jul 20 09:16:32 2018 +0200 pwm: stm32-lp: Remove useless loop in stm32_pwm_lp_remove() LPTimer has only one pwm channel (npwm = 1). Remove useless for loop in remove routine. Signed-off-by: Fabrice Gasnier Signed-off-by: Thierry Reding commit 43725feb593127b16318b871e3a9bf89a96d66cb Author: David Rivshin Date: Wed Aug 1 10:17:29 2018 -0400 pwm: omap-dmtimer: Return -EPROBE_DEFER if no dmtimer platform data If a pwm-omap-dmtimer is probed before the dmtimer it uses, the platform data won't be set yet. Fixes: ac30751df953 ("ARM: OMAP: pdata-quirks: Remove unused timer pdata") Cc: # 4.17+ Signed-off-by: David Rivshin Acked-by: Pavel Machek Tested-by: Pavel Machek Acked-by: Ladislav Michl Tested-by: Andreas Kemnade Signed-off-by: Thierry Reding commit 7059b36636beab57c3c43c62104483e5449bee95 Author: Rafael J. Wysocki Date: Thu Aug 9 19:08:34 2018 +0200 sched: idle: Avoid retaining the tick when it has been stopped If the tick has been stopped already, but the governor has not asked to stop it (which it can do sometimes), the idle loop should invoke tick_nohz_idle_stop_tick(), to let tick_nohz_stop_tick() take care of this case properly. Fixes: 554c8aa8ecad (sched: idle: Select idle state before stopping the tick) Cc: 4.17+ # 4.17+ Acked-by: Peter Zijlstra (Intel) Signed-off-by: Rafael J. Wysocki commit ef456a2de3716e2a38382ff2aa9a9c52962e7e84 Author: Esben Haabendal Date: Thu Aug 16 10:43:13 2018 +0200 i2c: imx: Simplify stopped state tracking Always update the stopped state when busy status have been checked. This is identical to what was done before, with the exception of error handling. Without this change, some errors cause the stopped state to be left in incorrect state in i2c_imx_stop(), i2c_imx_dma_read(), i2c_imx_read() and i2c_imx_xfer(). Signed-off-by: Esben Haabendal Acked-by: Uwe Kleine-König Signed-off-by: Wolfram Sang commit bed4ff1ed4d8f2ef5007c5c6ae1b29c5677a3632 Author: Esben Haabendal Date: Thu Aug 16 10:43:12 2018 +0200 i2c: imx: Fix race condition in dma read This fixes a race condition, where the DMAEN bit ends up being set after I2C slave has transmitted a byte following the dummy read. When that happens, an interrupt is generated instead, and no DMA request is generated to kickstart the DMA read, and a timeout happens after DMA_TIMEOUT (1 sec). Fixed by setting the DMAEN bit before the dummy read. Signed-off-by: Esben Haabendal Acked-by: Uwe Kleine-König Signed-off-by: Wolfram Sang Cc: stable@kernel.org commit 5c18d12ced225fa0ad5a03fb42bbb293815d1342 Author: Darren Stevens Date: Sun Dec 31 20:53:55 2017 +0000 i2c: pasemi: remove hardcoded bus numbers on smbus The pasemi smbus controller uses PCI_FUNC(dev->devfn) to define which number bus to attach to, however this fails when something else is probed first, for example an ATI Radeon graphics card will claim 9 or 10 busses, including the ones the pasemi wants. Patch the driver to call i2c_add_adapter rather than i2c_add_numbered_adapter. Signed-off-by: Darren Stevens Signed-off-by: Wolfram Sang commit 4110b5cbb014ebaaeb3d18ac8b98470b7251847d Author: Marc Zyngier Date: Fri Aug 17 09:18:01 2018 +0100 irqchip/gic-v3: Allow interrupt to be configured as wake-up sources Although GICv3 doesn't directly offers support for wake-up interrupts and relies on external HW for this, it shouldn't prevent the driver for such HW from doing it work. Let's set the required flags on the irq_chip structures. Reported-by: Lina Iyer Tested-by: Lina Iyer Reviewed-by: Sudeep Holla Signed-off-by: Marc Zyngier commit 44beda0c357f656e95febec8de7347015479295d Author: Martin Kaiser Date: Fri Aug 17 14:10:27 2018 +0200 irqchip/tango: Set irq handler and data in one go Replace the two separate calls for setting the irq handler and data with a single irq_set_chained_handler_and_data() call. Signed-off-by: Martin Kaiser Signed-off-by: Marc Zyngier commit ad0926f05b0f4d302247e434d67099d9f6b622f3 Author: Fabrizio Castro Date: Tue Aug 14 13:33:28 2018 +0100 dt-bindings: irqchip: renesas-irqc: Document r8a774a1 support Document RZ/G2M (R8A774A1) SoC bindings. Reviewed-by: Biju Das Reviewed-by: Rob Herring Reviewed-by: Simon Horman Signed-off-by: Fabrizio Castro Signed-off-by: Marc Zyngier commit 15c566fcff9cc7b8fd64461d6ee6fd1bc665b444 Author: Andy Shevchenko Date: Fri Aug 10 13:26:49 2018 +0300 i2c: designware: Add SPDX license tag Replace short statement in comment with proper SPDX license tag. Note, for i2c-desingware-slave.c the identifier is chosen in accordance with MODULE_LICENSE() macro since it is visible to user. Another point to this choice is that the header seems to be copy'n'paste from the other file of this very driver. Acked-by: Luis Oliveira Signed-off-by: Andy Shevchenko Acked-by: Jarkko Nikula Signed-off-by: Wolfram Sang commit 8a54d8fc160e67ad485d95a0322ce1221f80770a Author: Johannes Berg Date: Mon Jun 18 09:29:57 2018 +0200 cfg80211: remove division by size of sizeof(struct ieee80211_wmm_rule) Pointer arithmetic already adjusts by the size of the struct, so the sizeof() calculation is wrong. This is basically the same as Colin King's patch for similar code in the iwlwifi driver. Fixes: 230ebaa189af ("cfg80211: read wmm rules from regulatory database") Signed-off-by: Johannes Berg commit 46dec40fb741f00f1864580130779aeeaf24fb3d Author: Paul Mackerras Date: Mon Aug 20 16:05:45 2018 +1000 KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function This fixes a bug which causes guest virtual addresses to get translated to guest real addresses incorrectly when the guest is using the HPT MMU and has more than 256GB of RAM, or more specifically has a HPT larger than 2GB. This has showed up in testing as a failure of the host to emulate doorbell instructions correctly on POWER9 for HPT guests with more than 256GB of RAM. The bug is that the HPTE index in kvmppc_mmu_book3s_64_hv_xlate() is stored as an int, and in forming the HPTE address, the index gets shifted left 4 bits as an int before being signed-extended to 64 bits. The simple fix is to make the variable a long int, matching the return type of kvmppc_hv_find_lock_hpte(), which is what calculates the index. Fixes: 697d3899dcb4 ("KVM: PPC: Implement MMIO emulation support for Book3S HV guests") Signed-off-by: Paul Mackerras commit 9c86336c15db1c48cbaddff56caf2be0a930e991 Author: Haishuang Yan Date: Mon Aug 20 10:51:05 2018 +0800 ip6_vti: fix a null pointer deference when destroy vti6 tunnel If load ip6_vti module and create a network namespace when set fb_tunnels_only_for_init_net to 1, then exit the namespace will cause following crash: [ 6601.677036] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [ 6601.679057] PGD 8000000425eca067 P4D 8000000425eca067 PUD 424292067 PMD 0 [ 6601.680483] Oops: 0000 [#1] SMP PTI [ 6601.681223] CPU: 7 PID: 93 Comm: kworker/u16:1 Kdump: loaded Tainted: G E 4.18.0+ #3 [ 6601.683153] Hardware name: Fedora Project OpenStack Nova, BIOS seabios-1.7.5-11.el7 04/01/2014 [ 6601.684919] Workqueue: netns cleanup_net [ 6601.685742] RIP: 0010:vti6_exit_batch_net+0x87/0xd0 [ip6_vti] [ 6601.686932] Code: 7b 08 48 89 e6 e8 b9 ea d3 dd 48 8b 1b 48 85 db 75 ec 48 83 c5 08 48 81 fd 00 01 00 00 75 d5 49 8b 84 24 08 01 00 00 48 89 e6 <48> 8b 78 08 e8 90 ea d3 dd 49 8b 45 28 49 39 c6 4c 8d 68 d8 75 a1 [ 6601.690735] RSP: 0018:ffffa897c2737de0 EFLAGS: 00010246 [ 6601.691846] RAX: 0000000000000000 RBX: 0000000000000000 RCX: dead000000000200 [ 6601.693324] RDX: 0000000000000015 RSI: ffffa897c2737de0 RDI: ffffffff9f2ea9e0 [ 6601.694824] RBP: 0000000000000100 R08: 0000000000000000 R09: 0000000000000000 [ 6601.696314] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8dc323c07e00 [ 6601.697812] R13: ffff8dc324a63100 R14: ffffa897c2737e30 R15: ffffa897c2737e30 [ 6601.699345] FS: 0000000000000000(0000) GS:ffff8dc33fdc0000(0000) knlGS:0000000000000000 [ 6601.701068] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6601.702282] CR2: 0000000000000008 CR3: 0000000424966002 CR4: 00000000001606e0 [ 6601.703791] Call Trace: [ 6601.704329] cleanup_net+0x1b4/0x2c0 [ 6601.705268] process_one_work+0x16c/0x370 [ 6601.706145] worker_thread+0x49/0x3e0 [ 6601.706942] kthread+0xf8/0x130 [ 6601.707626] ? rescuer_thread+0x340/0x340 [ 6601.708476] ? kthread_bind+0x10/0x10 [ 6601.709266] ret_from_fork+0x35/0x40 Reproduce: modprobe ip6_vti echo 1 > /proc/sys/net/core/fb_tunnels_only_for_init_net unshare -n exit This because ip6n->tnls_wc[0] point to fallback device in default, but in non-default namespace, ip6n->tnls_wc[0] will be NULL, so add the NULL check comparatively. Fixes: e2948e5af8ee ("ip6_vti: fix creating fallback tunnel device for vti6") Signed-off-by: Haishuang Yan Signed-off-by: David S. Miller commit 8fdd36d44205cd6bccca26246ae84d7515d10015 Merge: 2ad0d5269970 58064e1f46b1 Author: Linus Torvalds Date: Sun Aug 19 16:23:03 2018 -0700 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu Pull m68knommu updates from Greg Ungerer: "Only two changes. One cleans up warnings in the ColdFire DMA code, the other stubs out (with warnings) ColdFire clock api functions not normally used" * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu: m68knommu: Fix typos in Coldfire 5272 DMA debug code m68k: coldfire: Normalize clk API commit 2ad0d52699700a91660a406a4046017a2d7f246a Merge: e61cf2e3a5b4 e2948e5af8ee Author: Linus Torvalds Date: Sun Aug 19 11:51:45 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Fix races in IPVS, from Tan Hu. 2) Missing unbind in matchall classifier, from Hangbin Liu. 3) Missing act_ife action release, from Vlad Buslov. 4) Cure lockdep splats in ila, from Cong Wang. 5) veth queue leak on link delete, from Toshiaki Makita. 6) Disable isdn's IIOCDBGVAR ioctl, it exposes kernel addresses. From Kees Cook. 7) RCU usage fixup in XDP, from Tariq Toukan. 8) Two TCP ULP fixes from Daniel Borkmann. 9) r8169 needs REALTEK_PHY as a Kconfig dependency, from Heiner Kallweit. 10) Always take tcf_lock with BH disabled, otherwise we can deadlock with rate estimator code paths. From Vlad Buslov. 11) Don't use MSI-X on RTL8106e r8169 chips, they don't resume properly. From Jian-Hong Pan. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (41 commits) ip6_vti: fix creating fallback tunnel device for vti6 ip_vti: fix a null pointer deferrence when create vti fallback tunnel r8169: don't use MSI-X on RTL8106e net: lan743x_ptp: convert to ktime_get_clocktai_ts64 net: sched: always disable bh when taking tcf_lock ip6_vti: simplify stats handling in vti6_xmit bpf: fix redirect to map under tail calls r8169: add missing Kconfig dependency tools/bpf: fix bpf selftest test_cgroup_storage failure bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist bpf, sockmap: fix map elem deletion race with smap_stop_sock bpf, sockmap: fix leakage of smap_psock_map_entry tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach tcp, ulp: add alias for all ulp modules bpf: fix a rcu usage warning in bpf_prog_array_copy_core() samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM net/xdp: Fix suspicious RCU usage warning net/mlx5e: Delete unneeded function argument Documentation: networking: ti-cpsw: correct cbs parameters for Eth1 100Mb isdn: Disable IIOCDBGVAR ... commit e2948e5af8eeb6c945000772b7613b0323a0a203 Author: Haishuang Yan Date: Sun Aug 19 15:05:05 2018 +0800 ip6_vti: fix creating fallback tunnel device for vti6 When set fb_tunnels_only_for_init_net to 1, don't create fallback tunnel device for vti6 when a new namespace is created. Tested: [root@builder2 ~]# modprobe ip6_tunnel [root@builder2 ~]# modprobe ip6_vti [root@builder2 ~]# echo 1 > /proc/sys/net/core/fb_tunnels_only_for_init_net [root@builder2 ~]# unshare -n [root@builder2 ~]# ip link 1: lo: mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 Signed-off-by: Haishuang Yan Signed-off-by: David S. Miller commit cd1aa9c2c665cafbd05b83507d3f1096f3912aa4 Author: Haishuang Yan Date: Sun Aug 19 15:05:04 2018 +0800 ip_vti: fix a null pointer deferrence when create vti fallback tunnel After set fb_tunnels_only_for_init_net to 1, the itn->fb_tunnel_dev will be NULL and will cause following crash: [ 2742.849298] BUG: unable to handle kernel NULL pointer dereference at 0000000000000941 [ 2742.851380] PGD 800000042c21a067 P4D 800000042c21a067 PUD 42aaed067 PMD 0 [ 2742.852818] Oops: 0002 [#1] SMP PTI [ 2742.853570] CPU: 7 PID: 2484 Comm: unshare Kdump: loaded Not tainted 4.18.0-rc8+ #2 [ 2742.855163] Hardware name: Fedora Project OpenStack Nova, BIOS seabios-1.7.5-11.el7 04/01/2014 [ 2742.856970] RIP: 0010:vti_init_net+0x3a/0x50 [ip_vti] [ 2742.858034] Code: 90 83 c0 48 c7 c2 20 a1 83 c0 48 89 fb e8 6e 3b f6 ff 85 c0 75 22 8b 0d f4 19 00 00 48 8b 93 00 14 00 00 48 8b 14 ca 48 8b 12 82 41 09 00 00 04 c6 82 38 09 00 00 45 5b c3 66 0f 1f 44 00 00 [ 2742.861940] RSP: 0018:ffff9be28207fde0 EFLAGS: 00010246 [ 2742.863044] RAX: 0000000000000000 RBX: ffff8a71ebed4980 RCX: 0000000000000013 [ 2742.864540] RDX: 0000000000000000 RSI: 0000000000000013 RDI: ffff8a71ebed4980 [ 2742.866020] RBP: ffff8a71ea717000 R08: ffffffffc083903c R09: ffff8a71ea717000 [ 2742.867505] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8a71ebed4980 [ 2742.868987] R13: 0000000000000013 R14: ffff8a71ea5b49c0 R15: 0000000000000000 [ 2742.870473] FS: 00007f02266c9740(0000) GS:ffff8a71ffdc0000(0000) knlGS:0000000000000000 [ 2742.872143] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2742.873340] CR2: 0000000000000941 CR3: 000000042bc20006 CR4: 00000000001606e0 [ 2742.874821] Call Trace: [ 2742.875358] ops_init+0x38/0xf0 [ 2742.876078] setup_net+0xd9/0x1f0 [ 2742.876789] copy_net_ns+0xb7/0x130 [ 2742.877538] create_new_namespaces+0x11a/0x1d0 [ 2742.878525] unshare_nsproxy_namespaces+0x55/0xa0 [ 2742.879526] ksys_unshare+0x1a7/0x330 [ 2742.880313] __x64_sys_unshare+0xe/0x20 [ 2742.881131] do_syscall_64+0x5b/0x180 [ 2742.881933] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Reproduce: echo 1 > /proc/sys/net/core/fb_tunnels_only_for_init_net modprobe ip_vti unshare -n Fixes: 79134e6ce2c9 ("net: do not create fallback tunnels for non-default namespaces") Cc: Eric Dumazet Signed-off-by: Haishuang Yan Signed-off-by: David S. Miller commit 7bb05b85bc2d1a1b647b91424b2ed4a18e6ecd81 Author: Jian-Hong Pan Date: Fri Aug 17 13:07:35 2018 +0800 r8169: don't use MSI-X on RTL8106e Found the ethernet network on ASUS X441UAR doesn't come back on resume from suspend when using MSI-X. The chip is RTL8106e - version 39. [ 21.848357] libphy: r8169: probed [ 21.848473] r8169 0000:02:00.0 eth0: RTL8106e, 0c:9d:92:32:67:b4, XID 44900000, IRQ 127 [ 22.518860] r8169 0000:02:00.0 enp2s0: renamed from eth0 [ 29.458041] Generic PHY r8169-200:00: attached PHY driver [Generic PHY] (mii_bus:phy_addr=r8169-200:00, irq=IGNORE) [ 63.227398] r8169 0000:02:00.0 enp2s0: Link is Up - 100Mbps/Full - flow control off [ 124.514648] Generic PHY r8169-200:00: attached PHY driver [Generic PHY] (mii_bus:phy_addr=r8169-200:00, irq=IGNORE) Here is the ethernet controller in detail: 02:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8101/2/6E PCI Express Fast/Gigabit Ethernet controller [10ec:8136] (rev 07) Subsystem: ASUSTeK Computer Inc. RTL810xE PCI Express Fast Ethernet controller [1043:200f] Flags: bus master, fast devsel, latency 0, IRQ 16 I/O ports at e000 [size=256] Memory at ef100000 (64-bit, non-prefetchable) [size=4K] Memory at e0000000 (64-bit, prefetchable) [size=16K] Capabilities: Kernel driver in use: r8169 Kernel modules: r8169 Falling back to MSI fixes the issue. Fixes: 6c6aa15fdea5 ("r8169: improve interrupt handling") Signed-off-by: Jian-Hong Pan Signed-off-by: David S. Miller commit 0b3e776e2e809b808875b10e35d1047c5c548da4 Author: Arnd Bergmann Date: Wed Aug 15 19:49:49 2018 +0200 net: lan743x_ptp: convert to ktime_get_clocktai_ts64 timekeeping_clocktai64() has been renamed to ktime_get_clocktai_ts64() for consistency with the other ktime_get_* access functions. Rename the new caller that has come up as well. Question: this is the only ptp driver that sets the hardware time to the current system time in TAI. Why does it do that? Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller commit 653cd284a8a857ddfcf24f5bc3bd204a229f6c9f Author: Vlad Buslov Date: Tue Aug 14 21:46:16 2018 +0300 net: sched: always disable bh when taking tcf_lock Recently, ops->init() and ops->dump() of all actions were modified to always obtain tcf_lock when accessing private action state. Actions that don't depend on tcf_lock for synchronization with their data path use non-bh locking API. However, tcf_lock is also used to protect rate estimator stats in softirq context by timer callback. Change ops->init() and ops->dump() of all actions to disable bh when using tcf_lock to prevent deadlock reported by following lockdep warning: [ 105.470398] ================================ [ 105.475014] WARNING: inconsistent lock state [ 105.479628] 4.18.0-rc8+ #664 Not tainted [ 105.483897] -------------------------------- [ 105.488511] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 105.494871] swapper/16/0 [HC0[0]:SC1[1]:HE1:SE0] takes: [ 105.500449] 00000000f86c012e (&(&p->tcfa_lock)->rlock){+.?.}, at: est_fetch_counters+0x3c/0xa0 [ 105.509696] {SOFTIRQ-ON-W} state was registered at: [ 105.514925] _raw_spin_lock+0x2c/0x40 [ 105.519022] tcf_bpf_init+0x579/0x820 [act_bpf] [ 105.523990] tcf_action_init_1+0x4e4/0x660 [ 105.528518] tcf_action_init+0x1ce/0x2d0 [ 105.532880] tcf_exts_validate+0x1d8/0x200 [ 105.537416] fl_change+0x55a/0x268b [cls_flower] [ 105.542469] tc_new_tfilter+0x748/0xa20 [ 105.546738] rtnetlink_rcv_msg+0x56a/0x6d0 [ 105.551268] netlink_rcv_skb+0x18d/0x200 [ 105.555628] netlink_unicast+0x2d0/0x370 [ 105.559990] netlink_sendmsg+0x3b9/0x6a0 [ 105.564349] sock_sendmsg+0x6b/0x80 [ 105.568271] ___sys_sendmsg+0x4a1/0x520 [ 105.572547] __sys_sendmsg+0xd7/0x150 [ 105.576655] do_syscall_64+0x72/0x2c0 [ 105.580757] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.586243] irq event stamp: 489296 [ 105.590084] hardirqs last enabled at (489296): [] _raw_spin_unlock_irq+0x29/0x40 [ 105.599765] hardirqs last disabled at (489295): [] _raw_spin_lock_irq+0x15/0x50 [ 105.609277] softirqs last enabled at (489292): [] irq_enter+0x83/0xa0 [ 105.618001] softirqs last disabled at (489293): [] irq_exit+0x140/0x190 [ 105.626813] other info that might help us debug this: [ 105.633976] Possible unsafe locking scenario: [ 105.640526] CPU0 [ 105.643325] ---- [ 105.646125] lock(&(&p->tcfa_lock)->rlock); [ 105.650747] [ 105.653717] lock(&(&p->tcfa_lock)->rlock); [ 105.658514] *** DEADLOCK *** [ 105.665349] 1 lock held by swapper/16/0: [ 105.669629] #0: 00000000a640ad99 ((&est->timer)){+.-.}, at: call_timer_fn+0x10b/0x550 [ 105.678200] stack backtrace: [ 105.683194] CPU: 16 PID: 0 Comm: swapper/16 Not tainted 4.18.0-rc8+ #664 [ 105.690249] Hardware name: Supermicro SYS-2028TP-DECR/X10DRT-P, BIOS 2.0b 03/30/2017 [ 105.698626] Call Trace: [ 105.701421] [ 105.703791] dump_stack+0x92/0xeb [ 105.707461] print_usage_bug+0x336/0x34c [ 105.711744] mark_lock+0x7c9/0x980 [ 105.715500] ? print_shortest_lock_dependencies+0x2e0/0x2e0 [ 105.721424] ? check_usage_forwards+0x230/0x230 [ 105.726315] __lock_acquire+0x923/0x26f0 [ 105.730597] ? debug_show_all_locks+0x240/0x240 [ 105.735478] ? mark_lock+0x493/0x980 [ 105.739412] ? check_chain_key+0x140/0x1f0 [ 105.743861] ? __lock_acquire+0x836/0x26f0 [ 105.748323] ? lock_acquire+0x12e/0x290 [ 105.752516] lock_acquire+0x12e/0x290 [ 105.756539] ? est_fetch_counters+0x3c/0xa0 [ 105.761084] _raw_spin_lock+0x2c/0x40 [ 105.765099] ? est_fetch_counters+0x3c/0xa0 [ 105.769633] est_fetch_counters+0x3c/0xa0 [ 105.773995] est_timer+0x87/0x390 [ 105.777670] ? est_fetch_counters+0xa0/0xa0 [ 105.782210] ? lock_acquire+0x12e/0x290 [ 105.786410] call_timer_fn+0x161/0x550 [ 105.790512] ? est_fetch_counters+0xa0/0xa0 [ 105.795055] ? del_timer_sync+0xd0/0xd0 [ 105.799249] ? __lock_is_held+0x93/0x110 [ 105.803531] ? mark_held_locks+0x20/0xe0 [ 105.807813] ? _raw_spin_unlock_irq+0x29/0x40 [ 105.812525] ? est_fetch_counters+0xa0/0xa0 [ 105.817069] ? est_fetch_counters+0xa0/0xa0 [ 105.821610] run_timer_softirq+0x3c4/0x9f0 [ 105.826064] ? lock_acquire+0x12e/0x290 [ 105.830257] ? __bpf_trace_timer_class+0x10/0x10 [ 105.835237] ? __lock_is_held+0x25/0x110 [ 105.839517] __do_softirq+0x11d/0x7bf [ 105.843542] irq_exit+0x140/0x190 [ 105.847208] smp_apic_timer_interrupt+0xac/0x3b0 [ 105.852182] apic_timer_interrupt+0xf/0x20 [ 105.856628] [ 105.859081] RIP: 0010:cpuidle_enter_state+0xd8/0x4d0 [ 105.864395] Code: 46 ff 48 89 44 24 08 0f 1f 44 00 00 31 ff e8 cf ec 46 ff 80 7c 24 07 00 0f 85 1d 02 00 00 e8 9f 90 4b ff fb 66 0f 1f 44 00 00 <4c> 8b 6c 24 08 4d 29 fd 0f 80 36 03 00 00 4c 89 e8 48 ba cf f7 53 [ 105.884288] RSP: 0018:ffff8803ad94fd20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 105.892494] RAX: 0000000000000000 RBX: ffffe8fb300829c0 RCX: ffffffffb41e19e1 [ 105.899988] RDX: 0000000000000007 RSI: dffffc0000000000 RDI: ffff8803ad9358ac [ 105.907503] RBP: ffffffffb6636300 R08: 0000000000000004 R09: 0000000000000000 [ 105.914997] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000004 [ 105.922487] R13: ffffffffb6636140 R14: ffffffffb66362d8 R15: 000000188d36091b [ 105.929988] ? trace_hardirqs_on_caller+0x141/0x2d0 [ 105.935232] do_idle+0x28e/0x320 [ 105.938817] ? arch_cpu_idle_exit+0x40/0x40 [ 105.943361] ? mark_lock+0x8c1/0x980 [ 105.947295] ? _raw_spin_unlock_irqrestore+0x32/0x60 [ 105.952619] cpu_startup_entry+0xc2/0xd0 [ 105.956900] ? cpu_in_idle+0x20/0x20 [ 105.960830] ? _raw_spin_unlock_irqrestore+0x32/0x60 [ 105.966146] ? trace_hardirqs_on_caller+0x141/0x2d0 [ 105.971391] start_secondary+0x2b5/0x360 [ 105.975669] ? set_cpu_sibling_map+0x1330/0x1330 [ 105.980654] secondary_startup_64+0xa5/0xb0 Taking tcf_lock in sample action with bh disabled causes lockdep to issue a warning regarding possible irq lock inversion dependency between tcf_lock, and psample_groups_lock that is taken when holding tcf_lock in sample init: [ 162.108959] Possible interrupt unsafe locking scenario: [ 162.116386] CPU0 CPU1 [ 162.121277] ---- ---- [ 162.126162] lock(psample_groups_lock); [ 162.130447] local_irq_disable(); [ 162.136772] lock(&(&p->tcfa_lock)->rlock); [ 162.143957] lock(psample_groups_lock); [ 162.150813] [ 162.153808] lock(&(&p->tcfa_lock)->rlock); [ 162.158608] *** DEADLOCK *** In order to prevent potential lock inversion dependency between tcf_lock and psample_groups_lock, extract call to psample_group_get() from tcf_lock protected section in sample action init function. Fixes: 4e232818bd32 ("net: sched: act_mirred: remove dependency on rtnl lock") Fixes: 764e9a24480f ("net: sched: act_vlan: remove dependency on rtnl lock") Fixes: 729e01260989 ("net: sched: act_tunnel_key: remove dependency on rtnl lock") Fixes: d77284956656 ("net: sched: act_sample: remove dependency on rtnl lock") Fixes: e8917f437006 ("net: sched: act_gact: remove dependency on rtnl lock") Fixes: b6a2b971c0b0 ("net: sched: act_csum: remove dependency on rtnl lock") Fixes: 2142236b4584 ("net: sched: act_bpf: remove dependency on rtnl lock") Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit e61cf2e3a5b452cfefcb145021f5a8ea88735cc1 Merge: 1009aa1205c2 28a1f3ac1d0c Author: Linus Torvalds Date: Sun Aug 19 10:38:36 2018 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull first set of KVM updates from Paolo Bonzini: "PPC: - minor code cleanups x86: - PCID emulation and CR3 caching for shadow page tables - nested VMX live migration - nested VMCS shadowing - optimized IPI hypercall - some optimizations ARM will come next week" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (85 commits) kvm: x86: Set highest physical address bits in non-present/reserved SPTEs KVM/x86: Use CC_SET()/CC_OUT in arch/x86/kvm/vmx.c KVM: X86: Implement PV IPIs in linux guest KVM: X86: Add kvm hypervisor init time platform setup callback KVM: X86: Implement "send IPI" hypercall KVM/x86: Move X86_CR4_OSXSAVE check into kvm_valid_sregs() KVM: x86: Skip pae_root shadow allocation if tdp enabled KVM/MMU: Combine flushing remote tlb in mmu_set_spte() KVM: vmx: skip VMWRITE of HOST_{FS,GS}_BASE when possible KVM: vmx: skip VMWRITE of HOST_{FS,GS}_SEL when possible KVM: vmx: always initialize HOST_{FS,GS}_BASE to zero during setup KVM: vmx: move struct host_state usage to struct loaded_vmcs KVM: vmx: compute need to reload FS/GS/LDT on demand KVM: nVMX: remove a misleading comment regarding vmcs02 fields KVM: vmx: rename __vmx_load_host_state() and vmx_save_host_state() KVM: vmx: add dedicated utility to access guest's kernel_gs_base KVM: vmx: track host_state.loaded using a loaded_vmcs pointer KVM: vmx: refactor segmentation code in vmx_save_host_state() kvm: nVMX: Fix fault priority for VMX operations kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 ... commit 1009aa1205c2c5e9101437dcadfa195708d863bf Merge: 1d0926e99de7 627672cf431b Author: Linus Torvalds Date: Sun Aug 19 09:56:38 2018 -0700 Merge tag 'riscv-for-linus-4.19-mw0' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux Pull RISC-V updates from Palmer Dabbelt: "This contains some major improvements to the RISC-V port, including the necessary interrupt controller and timer support to actually make it to userspace. Support for three devices has been added: - the ISA-mandated timers on RISC-V systems. - the ISA-mandated first-level interrupt controller on RISC-V systems, which is handled as part of our core arch code because it's very small and tightly tied to the ISA. - SiFive's platform-level interrupt controller, which talks to the actual devices. In addition to these new devices, there are a handful of cleanups all over the RISC-V tree: - build fixes for various configurations: * A fix to the vDSO build's makefile so it respects CFLAGS. * The addition of __lshrti3, a libgcc derived function necessary for some 32-bit configurations. * !SMP && PERF_EVENTS - Cleanups to the arch code to remove the remnants of old versions of the drivers that were just properly submitted. * Some dead code from the timer driver, most of which wasn't ever even compiled. * Cleanups of some interrupt #defines, which are now local to the interrupt handling code. - Fixes to ptrace(), which while not being sufficient to fully make GDB work are at least sufficient to get simple GDB tasks to work. - Early printk support via RISC-V's architecturally mandated SBI console device. - A fix to our early debug trap handler to ensure it's always aligned. These patches have all been through a fairly extensive review process, but as this enables a whole pile of functionality (ie, userspace) I'm confident we'll need to submit a few more patches. The only concrete issues I know about are the sys_riscv_flush_icache patches, but as I managed to screw those up on Friday I figured it'd be best to let them bake another week. This tag boots a Fedora root filesystem on QEMU's master branch for me, and before this morning's rebase (from 4.18-rc8 to 4.18) it booted on the HiFive Unleashed. Thanks to Christoph Hellwig and the other guys at WD for getting the new drivers in shape!" * tag 'riscv-for-linus-4.19-mw0' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux: dt-bindings: interrupt-controller: SiFive Plaform Level Interrupt Controller dt-bindings: interrupt-controller: RISC-V local interrupt controller RISC-V: Fix !CONFIG_SMP compilation error irqchip: add a SiFive PLIC driver RISC-V: Add the directive for alignment of stvec's value clocksource: new RISC-V SBI timer driver RISC-V: implement low-level interrupt handling RISC-V: add a definition for the SIE SEIE bit RISC-V: remove INTERRUPT_CAUSE_* defines from asm/irq.h RISC-V: simplify software interrupt / IPI code RISC-V: remove timer leftovers RISC-V: Add early printk support via the SBI console RISC-V: Don't increment sepc after breakpoint. RISC-V: implement __lshrti3. RISC-V: Use KBUILD_CFLAGS instead of KCFLAGS when building the vDSO commit 250ea7c5f56e350cdafebe6b87478b00db4f7af8 Author: Lihua Yao Date: Wed Aug 15 23:20:35 2018 +0800 ALSA: ac97: fix unbalanced pm_runtime_enable Runtime PM is enabled at ac97_bus_probe() and should be disabled at ac97_bus_remove(). Fixes: 74426fbff66e ("ALSA: ac97: add an ac97 bus") Signed-off-by: Lihua Yao Acked-by: Robert Jarzmik Cc: Signed-off-by: Takashi Iwai commit d15ec0b482ff502e4e19e43d15aa5072e4290199 Author: Lihua Yao Date: Wed Aug 15 23:20:34 2018 +0800 ALSA: ac97: fix check of pm_runtime_get_sync failure pm_runtime_get_sync returns negative on failure. Fixes: 74426fbff66e ("ALSA: ac97: add an ac97 bus") Signed-off-by: Lihua Yao Acked-by: Robert Jarzmik Cc: Signed-off-by: Takashi Iwai commit c7b8170790c19293acd835dc50b8247ec207d4a3 Author: Lihua Yao Date: Wed Aug 15 20:59:46 2018 +0800 ALSA: ac97: fix device initialization in the compat layer ac97->dev is an object of 'struct device' type. It should be initialized via device_initialize() or device_register(). Fixes: 74426fbff66e ("ALSA: ac97: add an ac97 bus") Signed-off-by: Lihua Yao Tested-by: Robert Jarzmik Acked-by: Robert Jarzmik Cc: Signed-off-by: Takashi Iwai commit 1d0926e99de7b486321e3db924b445531eea5e18 Merge: 08b5fa819970 3d27c4de8d4f Author: Linus Torvalds Date: Sun Aug 19 09:30:44 2018 -0700 Merge tag 'char-misc-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull UIO fix from Greg KH: "Here is a single UIO fix that I forgot to send before 4.18-final came out. It reverts a UIO patch that went in the 4.18 development window that was causing problems. This patch has been in linux-next for a while with no problems, I just forgot to send it earlier, or as part of the larger char/misc patch series from yesterday, my fault" * tag 'char-misc-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: Revert "uio: use request_threaded_irq instead" commit 08b5fa819970c318e58ab638f497633c25971813 Merge: 7f02e1ce4a13 13fe7056bebb Author: Linus Torvalds Date: Sat Aug 18 16:48:07 2018 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input updates from Dmitry Torokhov: - a new driver for Rohm BU21029 touch controller - new bitmap APIs: bitmap_alloc, bitmap_zalloc and bitmap_free - updates to Atmel, eeti. pxrc and iforce drivers - assorted driver cleanups and fixes. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: (57 commits) MAINTAINERS: Add PhoenixRC Flight Controller Adapter Input: do not use WARN() in input_alloc_absinfo() Input: mark expected switch fall-throughs Input: raydium_i2c_ts - use true and false for boolean values Input: evdev - switch to bitmap API Input: gpio-keys - switch to bitmap_zalloc() Input: elan_i2c_smbus - cast sizeof to int for comparison bitmap: Add bitmap_alloc(), bitmap_zalloc() and bitmap_free() md: Avoid namespace collision with bitmap API dm: Avoid namespace collision with bitmap API Input: pm8941-pwrkey - add resin entry Input: pm8941-pwrkey - abstract register offsets and event code Input: iforce - reorganize joystick configuration lists Input: atmel_mxt_ts - move completion to after config crc is updated Input: atmel_mxt_ts - don't report zero pressure from T9 Input: atmel_mxt_ts - zero terminate config firmware file Input: atmel_mxt_ts - refactor config update code to add context struct Input: atmel_mxt_ts - config CRC may start at T71 Input: atmel_mxt_ts - remove unnecessary debug on ENOMEM Input: atmel_mxt_ts - remove duplicate setup of ABS_MT_PRESSURE ... commit 7f02e1ce4a13edf295fcedbc663a8ca69bc1ff6e Merge: 9a96d63aa83c ddb34f480d1b Author: Linus Torvalds Date: Sat Aug 18 16:45:27 2018 -0700 Merge tag 'hwlock-v4.19' of git://github.com/andersson/remoteproc Pull hwspinlock updates from Bjorn Andersson: "This introduces devres helpers and an API to request a lock by name, then migrates the sprd SPI driver to use these" * tag 'hwlock-v4.19' of git://github.com/andersson/remoteproc: hwspinlock: Fix incorrect return pointers spi: sprd: Change to use devm_hwspin_lock_request_specific() spi: sprd: Replace of_hwspin_lock_get_id() with of_hwspin_lock_get_id_byname() hwspinlock: Fix one comment mistake hwspinlock: Remove redundant config hwspinlock: Add devm_xxx() APIs to register/unregister one hwlock controller hwspinlock: Add devm_xxx() APIs to request/free hwlock hwspinlock: Add one new API to support getting a specific hwlock by the name commit 9a96d63aa83c629e0c71f377fea7066fcf66d765 Merge: c54fc8658b50 00b645e0b4e4 Author: Linus Torvalds Date: Sat Aug 18 16:43:57 2018 -0700 Merge tag 'rpmsg-v4.19' of git://github.com/andersson/remoteproc Pull rpmsg updates from Bjorn Andersson: "This fixes a few compile and kerneldoc warnings, allows rpmsg devices to handle power domains, allow for labeling GLINK edges and supports compat for rpmsg_char" * tag 'rpmsg-v4.19' of git://github.com/andersson/remoteproc: rpmsg: Add compat ioctl for rpmsg char driver rpmsg: glink: Store edge name for glink device dt-bindings: soc: qcom: Add label for GLINK bindings rpmsg: core: add support to power domains for devices rpmsg: smd: fix kerneldoc warnings rpmsg: glink: Fix various kerneldoc warnings. rpmsg: glink: correctly annotate intent members rpmsg: smd: Add missing include of sizes.h commit c54fc8658b501b412d006886ebe3e8543a30a122 Merge: 6eaac34ff30e b2201ee554a5 Author: Linus Torvalds Date: Sat Aug 18 16:42:04 2018 -0700 Merge tag 'rproc-v4.19' of git://github.com/andersson/remoteproc Pull remoteproc updates from Bjorn Andersson: "This adds support for pre-start and post-shutdown hooks for remoteproc subdevices, refactors the Qualcomm Hexagon support to allow reuse between several drivers, makes authentication in the MDT file loader optional, migrates a few format strings to use %pK and migrates the Davinci driver to use the reset framework" * tag 'rproc-v4.19' of git://github.com/andersson/remoteproc: remoteproc/davinci: use the reset framework remoteproc/davinci: Mark error recovery as disabled remoteproc: st_slim: replace "%p" with "%pK" remoteproc: replace "%p" with "%pK" remoteproc: qcom: fix Q6V5_WCSS dependencies remoteproc: Reset table_ptr in rproc_start() failure paths remoteproc: qcom: q6v5-pil: fix modem hang on SDM845 after axis2 clk unvote remoteproc: qcom q6v5: fix modular build remoteproc: Introduce prepare and unprepare for subdevices remoteproc: rename subdev probe and remove functions remoteproc: Make client initialize ops in rproc_subdev remoteproc: Make start and stop in subdev optional remoteproc: Rename subdev functions to start/stop remoteproc: qcom: Introduce Hexagon V5 based WCSS driver remoteproc: qcom: q6v5-pil: Use common q6v5 helpers remoteproc: qcom: adsp: Use common q6v5 helpers remoteproc: q6v5: Extract common resource handling remoteproc: qcom: mdt_loader: Make the firmware authentication optional commit 6eaac34ff30e189fda28110298ca9fbfb2f51e28 Merge: 13bf2cf9e2d1 12aea518a202 Author: Linus Torvalds Date: Sat Aug 18 16:16:57 2018 -0700 Merge tag 'linux-watchdog-4.19-rc1' of git://www.linux-watchdog.org/linux-watchdog Pull watchdog updates from Wim Van Sebroeck: - add MEN 16z069 IP-Core driver - renesas-wdt: add support for the R8A77990 wdt - stm32_iwdg: Add stm32mp1 support and pclk feature - sp805_wdt, orion_wdt, sprd_wdt: several improvements - imx2_wdt, stmp3xxx: switch to SPDX identifier * tag 'linux-watchdog-4.19-rc1' of git://www.linux-watchdog.org/linux-watchdog: watchdog: fix dependencies of menz69_wdt.o watchdog: sp805: Add clock-frequency property watchdog: add driver for the MEN 16z069 IP-Core watchdog: sprd_wdt: Remove redundant dev_err call in sprd_wdt_probe() watchdog: stmp3xxx: Switch to SPDX identifier watchdog: imx2_wdt: Switch to SPDX identifier watchdog: sp805: set WDOG_HW_RUNNING when appropriate watchdog: sp805: add 'timeout-sec' DT property support dt-bindings: watchdog: Add optional 'timeout-sec' property for sp805 dt-bindings: watchdog: Consolidate SP805 binding docs watchdog: orion_wdt: Mark watchdog as active when running at probe watchdog: stm32: add pclk feature for stm32mp1 dt-bindings: watchdog: add stm32mp1 support dt-bindings: watchdog: renesas-wdt: Add support for the R8A77990 wdt commit 13bf2cf9e2d1e0e56088ec6342c2726704100647 Merge: bbd60bffaf78 3257d86182cc Author: Linus Torvalds Date: Sat Aug 18 15:55:59 2018 -0700 Merge tag 'dmaengine-4.19-rc1' of git://git.infradead.org/users/vkoul/slave-dma Pull DMAengine updates from Vinod Koul: "This round brings couple of framework changes, a new driver and usual driver updates: - new managed helper for dmaengine framework registration - split dmaengine pause capability to pause and resume and allow drivers to report that individually - update dma_request_chan_by_mask() to handle deferred probing - move imx-sdma to use virt-dma - new driver for Actions Semi Owl family S900 controller - minor updates to intel, renesas, mv_xor, pl330 etc" * tag 'dmaengine-4.19-rc1' of git://git.infradead.org/users/vkoul/slave-dma: (46 commits) dmaengine: Add Actions Semi Owl family S900 DMA driver dt-bindings: dmaengine: Add binding for Actions Semi Owl SoCs dmaengine: sh: rcar-dmac: Should not stop the DMAC by rcar_dmac_sync_tcr() dmaengine: mic_x100_dma: use the new helper to simplify the code dmaengine: add a new helper dmaenginem_async_device_register dmaengine: imx-sdma: add memcpy interface dmaengine: imx-sdma: add SDMA_BD_MAX_CNT to replace '0xffff' dmaengine: dma_request_chan_by_mask() to handle deferred probing dmaengine: pl330: fix irq race with terminate_all dmaengine: Revert "dmaengine: mv_xor_v2: enable COMPILE_TEST" dmaengine: mv_xor_v2: use {lower,upper}_32_bits to configure HW descriptor address dmaengine: mv_xor_v2: enable COMPILE_TEST dmaengine: mv_xor_v2: move unmap to before callback dmaengine: mv_xor_v2: convert callback to helper function dmaengine: mv_xor_v2: kill the tasklets upon exit dmaengine: mv_xor_v2: explicitly freeup irq dmaengine: sh: rcar-dmac: Add dma_pause operation dmaengine: sh: rcar-dmac: add a new function to clear CHCR.DE with barrier dmaengine: idma64: Support dmaengine_terminate_sync() dmaengine: hsu: Support dmaengine_terminate_sync() ... commit bbd60bffaf780464298cb7a39852f7f1065f1726 Merge: 307797159ac2 7f38abf220e2 Author: Linus Torvalds Date: Sat Aug 18 15:54:05 2018 -0700 Merge tag 'mmc-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC updates from Ulf Hansson: "Updates for MMC for v4.19. MMC core: - Add some fine-grained hooks to further support HS400 tuning - Improve error path for bus width setting for HS400es - Use a common method when checking R1 status MMC host: - renesas_sdhi: Add r8a77990 support - renesas_sdhi: Add eMMC HS400 mode support - tmio/renesas_sdhi: Improve tuning/clock management - tmio: Add eMMC HS400 mode support - sunxi: Add support for 3.3V eMMC DDR mode - mmci: Initial support to manage variant specific callbacks - sdhci: Don't try 3.3V I/O voltage if not supported - sdhci-pci-dwc-mshc: Add driver to support Synopsys dwc mshc SDHCI PCI - sdhci-of-dwcmshc: Add driver to support Synopsys DWC MSHC SDHCI - sdhci-msm: Add support for new version sdcc V5 - sdhci-pci-o2micro: Add support for O2 eMMC HS200 mode - sdhci-pci-o2micro: Add support for O2 hardware tuning - sdhci-pci-o2micro: Add MSI interrupt support for O2 SD host - sdhci-pci: Add support for Intel ICP - sdhci-tegra: Prevent ACMD23 and HS200 mode on Tegra 3 - sdhci-tegra: Fix eMMC DDR52 mode - sdhci-tegra: Improve clock management - dw_mmc-rockchip: Document compatible string for px30 - sdhci-esdhc-imx: Add support for 3.3V eMMC DDR mode - sdhci-of-esdhc: Set proper DMA mask for ls104x chips - sdhci-of-esdhc: Improve clock management - sdhci-of-arasan: Add a quirk to manage unstable clocks - dw_mmc-exynos: Address potential external abort during system resume - pxamci: Add support for common MMC DT bindings - pxamci: Several cleanups and improvements - pxamci: Merge immutable branch for pxa to switch to DMA slave maps" * tag 'mmc-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: (56 commits) mmc: core: improve reasonableness of bus width setting for HS400es mmc: tmio: remove unneeded variable in tmio_mmc_start_command() mmc: renesas_sdhi: Fix sampling clock position selecting mmc: tmio: Fix tuning flow mmc: sunxi: remove output of virtual base address dt-bindings: mmc: rockchip-dw-mshc: add description for px30 mmc: renesas_sdhi: Add r8a77990 support mmc: sunxi: allow 3.3V DDR when DDR is available mmc: mmci: Add and implement a ->dma_setup() callback for qcom dml mmc: mmci: Initial support to manage variant specific callbacks mmc: tegra: Force correct divider calculation on DDR50/52 mmc: sdhci: Add MSI interrupt support for O2 SD host mmc: sdhci: Add support for O2 hardware tuning mmc: sdhci: Export sdhci tuning function symbol mmc: sdhci: Change O2 Host HS200 mode clock frequency to 200MHz mmc: sdhci: Add support for O2 eMMC HS200 mode mmc: tegra: Add and use tegra_sdhci_get_max_clock() mmc: sdhci-esdhc-imx: fix indent mmc: sdhci-esdhc-imx: disable clocks before changing frequency mmc: tegra: prevent ACMD23 on Tegra 3 ... commit bb107456ba5a85e50567d56b0c8050c2ad199e9b Author: Haishuang Yan Date: Sat Aug 18 22:43:48 2018 +0800 ip6_vti: simplify stats handling in vti6_xmit Same as ip_vti, use iptunnel_xmit_stats to updates stats in tunnel xmit code path. Signed-off-by: Haishuang Yan Signed-off-by: David S. Miller commit 307797159ac25fe5a2048bf5c6a5718298edca57 Author: Linus Torvalds Date: Sat Aug 18 12:30:42 2018 -0700 pcmcia: remove long deprecated pcmcia_request_exclusive_irq() function This function was created as a deprecated fallback case back in 2010 by commit eb14120f743d ("pcmcia: re-work pcmcia_request_irq()") for legacy cases. Actual in-kernel users haven't been around for a long while. The last in-kernel user was apparently removed four years ago by commit 5f5316fcd08e ("am2150: Update nmclan_cs.c to use update PCMCIA API"). Just remove it entirely. Signed-off-by: Linus Torvalds commit 771c035372a036f83353eef46dbb829780330234 Author: Linus Torvalds Date: Sat Aug 18 12:19:56 2018 -0700 deprecate the '__deprecated' attribute warnings entirely and for good We haven't had lots of deprecation warnings lately, but the rdma use of it made them flare up again. They are not useful. They annoy everybody, and nobody ever does anything about them, because it's always "somebody elses problem". And when people start thinking that warnings are normal, they stop looking at them, and the real warnings that mean something go unnoticed. If you want to get rid of a function, just get rid of it. Convert every user to the new world order. And if you can't do that, then don't annoy everybody else with your marking that says "I couldn't be bothered to fix this, so I'll just spam everybody elses build logs with warnings about my laziness". Make a kernelnewbies wiki page about things that could be cleaned up, write a blog post about it, or talk to people on the mailing lists. But don't add warnings to the kernel build about cleanup that you think should happen but you aren't doing yourself. Don't. Just don't. Signed-off-by: Linus Torvalds commit a18d783fedfe6f9b720afe901db9501ce116ed81 Merge: d5acba26bfa0 d2fc88a61b4e Author: Linus Torvalds Date: Sat Aug 18 11:44:53 2018 -0700 Merge tag 'driver-core-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core updates from Greg KH: "Here are all of the driver core and related patches for 4.19-rc1. Nothing huge here, just a number of small cleanups and the ability to now stop the deferred probing after init happens. All of these have been in linux-next for a while with only a merge issue reported" * tag 'driver-core-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (21 commits) base: core: Remove WARN_ON from link dependencies check drivers/base: stop new probing during shutdown drivers: core: Remove glue dirs from sysfs earlier driver core: remove unnecessary function extern declare sysfs.h: fix non-kernel-doc comment PM / Domains: Stop deferring probe at the end of initcall iommu: Remove IOMMU_OF_DECLARE iommu: Stop deferring probe at end of initcalls pinctrl: Support stopping deferred probe after initcalls dt-bindings: pinctrl: add a 'pinctrl-use-default' property driver core: allow stopping deferred probe after init driver core: add a debugfs entry to show deferred devices sysfs: Fix internal_create_group() for named group updates base: fix order of OF initialization linux/device.h: fix kernel-doc notation warning Documentation: update firmware loader fallback reference kobject: Replace strncpy with memcpy drivers: base: cacheinfo: use OF property_read_u32 instead of get_property,read_number kernfs: Replace strncpy with memcpy device: Add #define dev_fmt similar to #define pr_fmt ... commit d5acba26bfa097a618be425522b1ec4269d3edaf Merge: 2475c515d403 128f38041035 Author: Linus Torvalds Date: Sat Aug 18 11:04:51 2018 -0700 Merge tag 'char-misc-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver updates from Greg KH: "Here is the bit set of char/misc drivers for 4.19-rc1 There is a lot here, much more than normal, seems like everyone is writing new driver subsystems these days... Anyway, major things here are: - new FSI driver subsystem, yet-another-powerpc low-level hardware bus - gnss, finally an in-kernel GPS subsystem to try to tame all of the crazy out-of-tree drivers that have been floating around for years, combined with some really hacky userspace implementations. This is only for GNSS receivers, but you have to start somewhere, and this is great to see. Other than that, there are new slimbus drivers, new coresight drivers, new fpga drivers, and loads of DT bindings for all of these and existing drivers. All of these have been in linux-next for a while with no reported issues" * tag 'char-misc-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (255 commits) android: binder: Rate-limit debug and userspace triggered err msgs fsi: sbefifo: Bump max command length fsi: scom: Fix NULL dereference misc: mic: SCIF Fix scif_get_new_port() error handling misc: cxl: changed asterisk position genwqe: card_base: Use true and false for boolean values misc: eeprom: assignment outside the if statement uio: potential double frees if __uio_register_device() fails eeprom: idt_89hpesx: clean up an error pointer vs NULL inconsistency misc: ti-st: Fix memory leak in the error path of probe() android: binder: Show extra_buffers_size in trace firmware: vpd: Fix section enabled flag on vpd_section_destroy platform: goldfish: Retire pdev_bus goldfish: Use dedicated macros instead of manual bit shifting goldfish: Add missing includes to goldfish.h mux: adgs1408: new driver for Analog Devices ADGS1408/1409 mux dt-bindings: mux: add adi,adgs1408 Drivers: hv: vmbus: Cleanup synic memory free path Drivers: hv: vmbus: Remove use of slow_virt_to_phys() Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() ... commit 2475c515d4031c494ff452508a8bf8c281ec6e56 Merge: 336722eb9d97 e4f6a44c4aec Author: Linus Torvalds Date: Sat Aug 18 11:00:00 2018 -0700 Merge tag 'staging-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging and IIO updates from Greg KH: "Here are the big staging/iio patches for 4.19-rc1. Lots of churn here, with tons of cleanups happening in staging drivers, a removal of an old crypto driver that no one was using (skein), and the addition of some new IIO drivers. Also added was a "gasket" driver from Google that needs loads of work and the erofs filesystem. Even with adding all of the new drivers and a new filesystem, we are only adding about 1000 lines overall to the kernel linecount, which shows just how much cleanup happened, and how big the unused crypto driver was. All of these have been in the linux-next tree for a while now with no reported issues" * tag 'staging-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (903 commits) staging:rtl8192u: Remove unused macro definitions - Style staging:rtl8192u: Add spaces around '+' operator - Style staging:rtl8192u: Remove stale comment - Style staging: rtl8188eu: remove unused mp_custom_oid.h staging: fbtft: Add spaces around / - Style staging: fbtft: Erases some repetitive usage of function name - Style staging: fbtft: Adjust some empty-line problems - Style staging: fbtft: Removes one nesting level to help readability - Style staging: fbtft: Changes gamma table to define. staging: fbtft: A bit more information on dev_err. staging: fbtft: Fixes some alignment issues - Style staging: fbtft: Puts macro arguments in parenthesis to avoid precedence issues - Style staging: rtl8188eu: remove unused array dB_Invert_Table staging: rtl8188eu: remove whitespace, add missing blank line staging: rtl8188eu: use is_multicast_ether_addr in rtw_sta_mgt.c staging: rtl8188eu: remove whitespace - style staging: rtl8188eu: cleanup block comment - style staging: rtl8188eu: use is_multicast_ether_addr in rtl8188eu_xmit.c staging: rtl8188eu: use is_multicast_ether_addr in recv_linux.c staging: rtlwifi: refactor rtl_get_tcb_desc ... commit 336722eb9d9732c5a497fb6299bf38cde413592b Merge: 5695d5d1970f 47ac76662ca9 Author: Linus Torvalds Date: Sat Aug 18 10:50:41 2018 -0700 Merge tag 'tty-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial driver updates from Greg KH: "Here is the big tty and serial driver pull request for 4.19-rc1. It's not all that big, just a number of small serial driver updates and fixes, along with some better vt handling for unicode characters for those using braille terminals. All of these patches have been in linux-next for a long time with no reported issues" * tag 'tty-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: (73 commits) tty: serial: 8250: Revert NXP SC16C2552 workaround serial: 8250_exar: Read INT0 from slave device, too tty: rocket: Fix possible buffer overwrite on register_PCI serial: 8250_dw: Add ACPI support for uart on Broadcom SoC serial: 8250_dw: always set baud rate in dw8250_set_termios dt-bindings: serial: Add binding for uartlite tty: serial: uartlite: Add support for suspend and resume tty: serial: uartlite: Add clock adaptation tty: serial: uartlite: Add structure for private data serial: sh-sci: Improve support for separate TEI and DRI interrupts serial: sh-sci: Remove SCIx_RZ_SCIFA_REGTYPE serial: sh-sci: Allow for compressed SCIF address serial: sh-sci: Improve interrupts description serial: 8250: Use cached port name directly in messages serial: 8250_exar: Drop unused variable in pci_xr17v35x_setup() vt: drop unused struct vt_struct vt: avoid a VLA in the unicode screen scroll function vt: add /dev/vcsu* to devices.txt vt: coherence validation code for the unicode screen buffer vt: selection: take screen contents from uniscr if available ... commit 5695d5d1970f975de059bb6dec76941440f62488 Merge: 1f7a4c73a739 29c692c96b3a Author: Linus Torvalds Date: Sat Aug 18 10:21:49 2018 -0700 Merge tag 'usb-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB/PHY updates from Greg KH: "Here is the big USB and phy driver patch set for 4.19-rc1. Nothing huge but there was a lot of work that happened this development cycle: - lots of type-c work, with drivers graduating out of staging, and displayport support being added. - new PHY drivers - the normal collection of gadget driver updates and fixes - code churn to work on the urb handling path, using irqsave() everywhere in anticipation of making this codepath a lot simpler in the future. - usbserial driver fixes and reworks - other misc changes All of these have been in linux-next with no reported issues for a while" * tag 'usb-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (159 commits) USB: serial: pl2303: add a new device id for ATEN usb: renesas_usbhs: Kconfig: convert to SPDX identifiers usb: dwc3: gadget: Check MaxPacketSize from descriptor usb: dwc2: Turn on uframe_sched on "stm32f4x9_fsotg" platforms usb: dwc2: Turn on uframe_sched on "amlogic" platforms usb: dwc2: Turn on uframe_sched on "his" platforms usb: dwc2: Turn on uframe_sched on "bcm" platforms usb: dwc2: gadget: ISOC's starting flow improvement usb: dwc2: Make dwc2_readl/writel functions endianness-agnostic. usb: dwc3: core: Enable AutoRetry feature in the controller usb: dwc3: Set default mode for dwc_usb31 usb: gadget: udc: renesas_usb3: Add register of usb role switch usb: dwc2: replace ioread32/iowrite32_rep with dwc2_readl/writel_rep usb: dwc2: Modify dwc2_readl/writel functions prototype usb: dwc3: pci: Intel Merrifield can be host usb: dwc3: pci: Supply device properties via driver data arm64: dts: dwc3: description of incr burst type usb: dwc3: Enable undefined length INCR burst type usb: dwc3: add global soc bus configuration reg0 usb: dwc3: Describe 'wakeup_work' field of struct dwc3_pci ... commit 6e3bf9b04f79a009a7ff336ba7353ab565daaec8 Merge: 3fe49d699a96 f6069b9aa993 Author: David S. Miller Date: Sat Aug 18 10:02:49 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Daniel Borkmann says: ==================== pull-request: bpf 2018-08-18 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Fix a BPF selftest failure in test_cgroup_storage due to rlimit restrictions, from Yonghong. 2) Fix a suspicious RCU rcu_dereference_check() warning triggered from removing a device's XDP memory allocator by using the correct rhashtable lookup function, from Tariq. 3) A batch of BPF sockmap and ULP fixes mainly fixing leaks and races as well as enforcing module aliases for ULPs. Another fix for BPF map redirect to make them work again with tail calls, from Daniel. 4) Fix XDP BPF samples to unload their programs upon SIGTERM, from Jesper. ==================== Signed-off-by: David S. Miller commit 3fe49d699a9604eed851eb45e1e0adab0e25688e Merge: bfdd19ad80f2 feb9f55c33e5 Author: David S. Miller Date: Sat Aug 18 09:59:19 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter/IPVS fixes for net The following patchset contains Netfilter/IPVS fixes for your net tree: 1) Infinite loop in IPVS when net namespace is released, from Tan Hu. 2) Do not show negative timeouts in ip_vs_conn by using the new jiffies_delta_to_msecs(), patches from Matteo Croce. 3) Set F_IFACE flag for linklocal addresses in ip6t_rpfilter, from Florian Westphal. 4) Fix overflow in set size allocation, from Taehee Yoo. 5) Use netlink_dump_start() from ctnetlink to fix memleak from the error path, again from Florian. 6) Register nfnetlink_subsys in last place, otherwise netns init path may lose race and see net->nft uninitialized data. This also reverts previous attempt to fix this by increase netns refcount, patches from Florian. 7) Remove conntrack entries on layer 4 protocol tracker module removal, from Florian. 8) Use GFP_KERNEL_ACCOUNT for xtables blob allocation, from Michal Hocko. 9) Get tproxy documentation in sync with existing codebase, from Mate Eckl. 10) Honor preset layer 3 protocol via ctx->family in the new nft_ct timeout infrastructure, from Harsha Sharma. 11) Let uapi nfnetlink_osf.h compile standalone with no errors, from Dmitry V. Levin. 12) Missing braces compilation warning in nft_tproxy, patch from Mate Eclk. 13) Disregard bogus check to bail out on non-anonymous sets from the dynamic set update extension. ==================== Signed-off-by: David S. Miller commit 5804b11034a21e4287daaf017c5ad60ad7af8d67 Merge: 13e091b6dd0e 6855dc41b246 Author: Ingo Molnar Date: Sat Aug 18 13:11:51 2018 +0200 Merge tag 'perf-core-for-mingo-4.19-20180815' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/core improvements and fixes from Arnaldo Carvalho de Melo: kernel: - kallsyms, x86: Export addresses of PTI entry trampolines (Alexander Shishkin) - kallsyms: Simplify update_iter_mod() (Adrian Hunter) - x86: Add entry trampolines to kcore (Adrian Hunter) Hardware tracing: - Fix auxtrace queue resize (Adrian Hunter) Arch specific: - Fix uninitialized ARM SPE record error variable (Kim Phillips) - Fix trace event post-processing in powerpc (Sandipan Das) Build: - Fix check-headers.sh AND list path of execution (Alexander Kapshuk) - Remove -mcet and -fcf-protection when building the python binding with older clang versions (Arnaldo Carvalho de Melo) - Make check-headers.sh check based on kernel dir (Jiri Olsa) - Move syscall_64.tbl check into check-headers.sh (Jiri Olsa) Infrastructure: - Check for null when copying nsinfo. (Benno Evers) Libraries: - Rename libtraceevent prefixes, prep work for making it a shared library generaly available (Tzvetomir Stoyanov (VMware)) Signed-off-by: Arnaldo Carvalho de Melo commit 1f7a4c73a739a63b3f108d8eda6f947fdc70dd65 Merge: 6ada4e282679 edcd9d977354 Author: Linus Torvalds Date: Fri Aug 17 17:27:58 2018 -0700 Merge tag '9p-for-4.19-2' of git://github.com/martinetd/linux Pull 9p updates from Dominique Martinet: "This contains mostly fixes (6 to be backported to stable) and a few changes, here is the breakdown: - rework how fids are attributed by replacing some custom tracking in a list by an idr - for packet-based transports (virtio/rdma) validate that the packet length matches what the header says - a few race condition fixes found by syzkaller - missing argument check when NULL device is passed in sys_mount - a few virtio fixes - some spelling and style fixes" * tag '9p-for-4.19-2' of git://github.com/martinetd/linux: (21 commits) net/9p/trans_virtio.c: add null terminal for mount tag 9p/virtio: fix off-by-one error in sg list bounds check 9p: fix whitespace issues 9p: fix multiple NULL-pointer-dereferences fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed 9p: validate PDU length net/9p/trans_fd.c: fix race by holding the lock net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() net/9p/virtio: Fix hard lockup in req_done net/9p/trans_virtio.c: fix some spell mistakes in comments 9p/net: Fix zero-copy path in the 9p virtio transport 9p: Embed wait_queue_head into p9_req_t 9p: Replace the fidlist with an IDR 9p: Change p9_fid_create calling convention 9p: Fix comment on smp_wmb net/9p/client.c: version pointer uninitialized fs/9p/v9fs.c: fix spelling mistake "Uknown" -> "Unknown" net/9p: fix error path of p9_virtio_probe 9p/net/protocol.c: return -ENOMEM when kmalloc() failed net/9p/client.c: add missing '\n' at the end of p9_debug() ... commit 6ada4e2826794bdf8d88f938a9ced0b80894b037 Merge: 9bd553929f68 1e9264192961 Author: Linus Torvalds Date: Fri Aug 17 16:49:31 2018 -0700 Merge branch 'akpm' (patches from Andrew) Merge updates from Andrew Morton: - a few misc things - a few Y2038 fixes - ntfs fixes - arch/sh tweaks - ocfs2 updates - most of MM * emailed patches from Andrew Morton : (111 commits) mm/hmm.c: remove unused variables align_start and align_end fs/userfaultfd.c: remove redundant pointer uwq mm, vmacache: hash addresses based on pmd mm/list_lru: introduce list_lru_shrink_walk_irq() mm/list_lru.c: pass struct list_lru_node* as an argument to __list_lru_walk_one() mm/list_lru.c: move locking from __list_lru_walk_one() to its caller mm/list_lru.c: use list_lru_walk_one() in list_lru_walk_node() mm, swap: make CONFIG_THP_SWAP depend on CONFIG_SWAP mm/sparse: delete old sparse_init and enable new one mm/sparse: add new sparse_init_nid() and sparse_init() mm/sparse: move buffer init/fini to the common place mm/sparse: use the new sparse buffer functions in non-vmemmap mm/sparse: abstract sparse buffer allocations mm/hugetlb.c: don't zero 1GiB bootmem pages mm, page_alloc: double zone's batchsize mm/oom_kill.c: document oom_lock mm/hugetlb: remove gigantic page support for HIGHMEM mm, oom: remove sleep from under oom_lock kernel/dma: remove unsupported gfp_mask parameter from dma_alloc_from_contiguous() mm/cma: remove unsupported gfp_mask parameter from cma_alloc() ... commit cfd54de3b0e4f82b3f2b80230726f74a6bec964f Author: Paul Burton Date: Fri Aug 17 15:36:24 2018 -0700 MIPS: Avoid move psuedo-instruction whilst using MIPS_ISA_LEVEL MIPS_ISA_LEVEL is always defined as the 64 bit ISA that is a compatible superset of the ISA that the kernel build is targeting, and is used to allow us to emit instructions that we may detect support for at runtime. When we use a .set MIPS_ISA_LEVEL directive & are building a 32-bit kernel, we therefore are temporarily allowing the assembler to generate MIPS64 instructions. Using the move pseudo-instruction whilst this is the case is problematic because the assembler is likely to emit a daddu instruction which will generate a reserved instruction exception when executed on a MIPS32 machine. Unfortunately the combination of commit a0a5ac3ce8fe ("MIPS: Fix delay slot bug in `atomic*_sub_if_positive' for R10000_LLSC_WAR") and commit 4936084c2ee2 ("MIPS: Cleanup R10000_LLSC_WAR logic in atomic.h") causes us to do exactly this in atomic_sub_if_positive(), and the result is MIPS64 daddu instructions in 32-bit kernels. Fix this by using .set mips0 to restore the default ISA after the ll instruction, and use .set MIPS_ISA_LEVEL again prior to the sc. This ensures everything but the ll & sc are assembled using the default ISA for the kernel build & the move pseudo-instruction is emitted as a MIPS32 addu instruction. We appear to have another pre-existing instance of the same issue in our atomic_fetch_*_relaxed() functions, and fix that up too by moving our .set move0 such that it occurs prior to use of the move pseudo-instruction. Signed-off-by: Paul Burton Fixes: a0a5ac3ce8fe ("MIPS: Fix delay slot bug in `atomic*_sub_if_positive' for R10000_LLSC_WAR") Fixes: 4936084c2ee2 ("MIPS: Cleanup R10000_LLSC_WAR logic in atomic.h") Patchwork: https://patchwork.linux-mips.org/patch/20253/ Cc: James Hogan Cc: Joshua Kinard Cc: Ralf Baechle Cc: linux-mips@linux-mips.org commit 1e9264192961aa519595170aa8b0f7651a2ad28e Author: Colin Ian King Date: Fri Aug 17 15:50:07 2018 -0700 mm/hmm.c: remove unused variables align_start and align_end Variables align_start and align_end are being assigned but are never used hence they are redundant and can be removed. Cleans up clang warnings: warning: variable 'align_start' set but not used [-Wunused-but-set-variable] warning: variable 'align_size' set but not used [-Wunused-but-set-variable] Link: http://lkml.kernel.org/r/20180714161124.3923-1-colin.king@canonical.com Signed-off-by: Colin Ian King Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 5241d4727479aad77af50b80757c38268bfa4560 Author: Colin Ian King Date: Fri Aug 17 15:50:01 2018 -0700 fs/userfaultfd.c: remove redundant pointer uwq Pointer uwq is being assigned but is never used hence it is redundant and can be removed. Cleans up clang warning: warning: variable 'uwq' set but not used [-Wunused-but-set-variable] Link: http://lkml.kernel.org/r/20180717090802.18357-1-colin.king@canonical.com Signed-off-by: Colin Ian King Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ddbf369c0a33924f76d092985bd20d9310f43d7f Author: David Rientjes Date: Fri Aug 17 15:49:58 2018 -0700 mm, vmacache: hash addresses based on pmd When perf profiling a wide variety of different workloads, it was found that vmacache_find() had higher than expected cost: up to 0.08% of cpu utilization in some cases. This was found to rival other core VM functions such as alloc_pages_vma() with thp enabled and default mempolicy, and the conditionals in __get_vma_policy(). VMACACHE_HASH() determines which of the four per-task_struct slots a vma is cached for a particular address. This currently depends on the pfn, so pfn 5212 occupies a different vmacache slot than its neighboring pfn 5213. vmacache_find() iterates through all four of current's vmacache slots when looking up an address. Hashing based on pfn, an address has ~1/VMACACHE_SIZE chance of being cached in the first vmacache slot, or about 25%, *if* the vma is cached. This patch hashes an address by its pmd instead of pte to optimize for workloads with good spatial locality. This results in a higher probability of vmas being cached in the first slot that is checked: normally ~70% on the same workloads instead of 25%. [rientjes@google.com: various updates] Link: http://lkml.kernel.org/r/alpine.DEB.2.21.1807231532290.109445@chino.kir.corp.google.com Link: http://lkml.kernel.org/r/alpine.DEB.2.21.1807091749150.114630@chino.kir.corp.google.com Signed-off-by: David Rientjes Reviewed-by: Andrew Morton Cc: Davidlohr Bueso Cc: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6b51e88199ca4f75ff647eff28efd30bfcb08dc4 Author: Sebastian Andrzej Siewior Date: Fri Aug 17 15:49:55 2018 -0700 mm/list_lru: introduce list_lru_shrink_walk_irq() Provide list_lru_shrink_walk_irq() and let it behave like list_lru_walk_one() except that it locks the spinlock with spin_lock_irq(). This is used by scan_shadow_nodes() because its lock nests within the i_pages lock which is acquired with IRQ. This change allows to use proper locking promitives instead hand crafted lock_irq_disable() plus spin_lock(). There is no EXPORT_SYMBOL provided because the current user is in-kernel only. Add list_lru_shrink_walk_irq() which acquires the spinlock with the proper locking primitives. Link: http://lkml.kernel.org/r/20180716111921.5365-5-bigeasy@linutronix.de Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Vladimir Davydov Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6e018968f8d384d84484eba8e4c90489a25d7095 Author: Sebastian Andrzej Siewior Date: Fri Aug 17 15:49:51 2018 -0700 mm/list_lru.c: pass struct list_lru_node* as an argument to __list_lru_walk_one() __list_lru_walk_one() is invoked with struct list_lru *lru, int nid as the first two argument. Those two are only used to retrieve struct list_lru_node. Since this is already done by the caller of the function for the locking, we can pass struct list_lru_node* directly and avoid the dance around it. Link: http://lkml.kernel.org/r/20180716111921.5365-4-bigeasy@linutronix.de Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Vladimir Davydov Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6cfe57a96ba33139c57056185d5eee9018e3dedc Author: Sebastian Andrzej Siewior Date: Fri Aug 17 15:49:48 2018 -0700 mm/list_lru.c: move locking from __list_lru_walk_one() to its caller Move the locking inside __list_lru_walk_one() to its caller. This is a preparation step in order to introduce list_lru_walk_one_irq() which does spin_lock_irq() instead of spin_lock() for the locking. Link: http://lkml.kernel.org/r/20180716111921.5365-3-bigeasy@linutronix.de Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Vladimir Davydov Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 87a5ffc163966b2eb675c9c863c0caccab3183f6 Author: Sebastian Andrzej Siewior Date: Fri Aug 17 15:49:45 2018 -0700 mm/list_lru.c: use list_lru_walk_one() in list_lru_walk_node() Patch series "mm/list_lru: Add list_lru_shrink_walk_irq() and a user". This series removes the local_irq_disable() around list_lru_shrink_walk() (as used by mm/workingset) by adding list_lru_shrink_walk_irq(). Vladimir Davydov preferred this over `irq' argument which I added to struct list_lru. The initial post (of this series) received a Reviewed-by tag by Vladimir Davydov which I added to each patch of the series. The series applies on top of akpm's tree which has Kirill's shrink_slab series and does not clash with it (akpm asked me to wait a week or so and repost it then). I tested the code paths by triggering the OOM-killer via memory over commit and lockdep did not complain (nor did I see any warnings). This patch (of 4): list_lru_walk_node() invokes __list_lru_walk_one() with -1 as the memcg_idx parameter. The same can be achieved by list_lru_walk_one() and passing NULL as memcg argument which then gets converted into -1. This is a preparation step when the spin_lock() function is lifted to the caller of __list_lru_walk_one(). Invoke list_lru_walk_one() instead __list_lru_walk_one() when possible. Link: http://lkml.kernel.org/r/20180716111921.5365-2-bigeasy@linutronix.de Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Vladimir Davydov Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 14fef28414c365a979311821bbf1018a8290cc0f Author: Huang Ying Date: Fri Aug 17 15:49:41 2018 -0700 mm, swap: make CONFIG_THP_SWAP depend on CONFIG_SWAP CONFIG_THP_SWAP should depend on CONFIG_SWAP, because it's unreasonable to optimize swapping for THP (Transparent Huge Page) without basic swapping support. In original code, when CONFIG_SWAP=n and CONFIG_THP_SWAP=y, split_swap_cluster() will not be built because it is in swapfile.c, but it will be called in huge_memory.c. This doesn't trigger a build error in practice because the call site is enclosed by PageSwapCache(), which is defined to be constant 0 when CONFIG_SWAP=n. But this is fragile and should be fixed. The comments are fixed too to reflect the latest progress. Link: http://lkml.kernel.org/r/20180713021228.439-1-ying.huang@intel.com Fixes: 38d8b4e6bdc8 ("mm, THP, swap: delay splitting THP during swap out") Signed-off-by: "Huang, Ying" Reviewed-by: Dan Williams Reviewed-by: Naoya Horiguchi Cc: Michal Hocko Cc: Johannes Weiner Cc: Shaohua Li Cc: Hugh Dickins Cc: Minchan Kim Cc: Rik van Riel Cc: Dave Hansen Cc: Zi Yan Cc: Daniel Jordan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 2a3cb8baef71e4dad4a6ec17f5f0db9e05f46a01 Author: Pavel Tatashin Date: Fri Aug 17 15:49:37 2018 -0700 mm/sparse: delete old sparse_init and enable new one Rename new_sparse_init() to sparse_init() which enables it. Delete old sparse_init() and all the code that became obsolete with. [pasha.tatashin@oracle.com: remove unused sparse_mem_maps_populate_node()] Link: http://lkml.kernel.org/r/20180716174447.14529-6-pasha.tatashin@oracle.com Link: http://lkml.kernel.org/r/20180712203730.8703-6-pasha.tatashin@oracle.com Signed-off-by: Pavel Tatashin Tested-by: Michael Ellerman [powerpc] Tested-by: Oscar Salvador Reviewed-by: Oscar Salvador Cc: Pasha Tatashin Cc: Abdul Haleem Cc: Baoquan He Cc: Daniel Jordan Cc: Dan Williams Cc: Dave Hansen Cc: David Rientjes Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: Jan Kara Cc: Jérôme Glisse Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Souptick Joarder Cc: Steven Sistare Cc: Vlastimil Babka Cc: Wei Yang Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 85c77f79139062901727cc3bd87a65212c8c0a32 Author: Pavel Tatashin Date: Fri Aug 17 15:49:33 2018 -0700 mm/sparse: add new sparse_init_nid() and sparse_init() sparse_init() requires to temporary allocate two large buffers: usemap_map and map_map. Baoquan He has identified that these buffers are so large that Linux is not bootable on small memory machines, such as a kdump boot. The buffers are especially large when CONFIG_X86_5LEVEL is set, as they are scaled to the maximum physical memory size. Baoquan provided a fix, which reduces these sizes of these buffers, but it is much better to get rid of them entirely. Add a new way to initialize sparse memory: sparse_init_nid(), which only operates within one memory node, and thus allocates memory either in large contiguous block or allocates section by section. This eliminates the need for use of temporary buffers. For simplified bisecting and review temporarly call sparse_init() new_sparse_init(), the new interface is going to be enabled as well as old code removed in the next patch. Link: http://lkml.kernel.org/r/20180712203730.8703-5-pasha.tatashin@oracle.com Signed-off-by: Pavel Tatashin Reviewed-by: Oscar Salvador Tested-by: Oscar Salvador Tested-by: Michael Ellerman [powerpc] Cc: Pasha Tatashin Cc: Abdul Haleem Cc: Baoquan He Cc: Daniel Jordan Cc: Dan Williams Cc: Dave Hansen Cc: David Rientjes Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: Jan Kara Cc: Jérôme Glisse Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Souptick Joarder Cc: Steven Sistare Cc: Vlastimil Babka Cc: Wei Yang Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit afda57bc13410459fc957e93341ade7bebca36e2 Author: Pavel Tatashin Date: Fri Aug 17 15:49:30 2018 -0700 mm/sparse: move buffer init/fini to the common place Now that both variants of sparse memory use the same buffers to populate memory map, we can move sparse_buffer_init()/sparse_buffer_fini() to the common place. Link: http://lkml.kernel.org/r/20180712203730.8703-4-pasha.tatashin@oracle.com Signed-off-by: Pavel Tatashin Tested-by: Michael Ellerman [powerpc] Tested-by: Oscar Salvador Reviewed-by: Andrew Morton Cc: Pasha Tatashin Cc: Abdul Haleem Cc: Baoquan He Cc: Daniel Jordan Cc: Dan Williams Cc: Dave Hansen Cc: David Rientjes Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: Jan Kara Cc: Jérôme Glisse Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Souptick Joarder Cc: Steven Sistare Cc: Vlastimil Babka Cc: Wei Yang Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit e131c06b14b8601e2b1dbc7ec9cc6418c293a067 Author: Pavel Tatashin Date: Fri Aug 17 15:49:26 2018 -0700 mm/sparse: use the new sparse buffer functions in non-vmemmap non-vmemmap sparse also allocated large contiguous chunk of memory, and if fails falls back to smaller allocations. Use the same functions to allocate buffer as the vmemmap-sparse Link: http://lkml.kernel.org/r/20180712203730.8703-3-pasha.tatashin@oracle.com Signed-off-by: Pavel Tatashin Tested-by: Michael Ellerman [powerpc] Reviewed-by: Oscar Salvador Tested-by: Oscar Salvador Cc: Pasha Tatashin Cc: Abdul Haleem Cc: Baoquan He Cc: Daniel Jordan Cc: Dan Williams Cc: Dave Hansen Cc: David Rientjes Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: Jan Kara Cc: Jérôme Glisse Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Souptick Joarder Cc: Steven Sistare Cc: Vlastimil Babka Cc: Wei Yang Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 35fd1eb1e8212c02f6eae24335a9e5b80f9519b4 Author: Pavel Tatashin Date: Fri Aug 17 15:49:21 2018 -0700 mm/sparse: abstract sparse buffer allocations Patch series "sparse_init rewrite", v6. In sparse_init() we allocate two large buffers to temporary hold usemap and memmap for the whole machine. However, we can avoid doing that if we changed sparse_init() to operated on per-node bases instead of doing it on the whole machine beforehand. As shown by Baoquan http://lkml.kernel.org/r/20180628062857.29658-1-bhe@redhat.com The buffers are large enough to cause machine stop to boot on small memory systems. Another benefit of these changes is that they also obsolete CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER. This patch (of 5): When struct pages are allocated for sparse-vmemmap VA layout, we first try to allocate one large buffer, and than if that fails allocate struct pages for each section as we go. The code that allocates buffer is uses global variables and is spread across several call sites. Cleanup the code by introducing three functions to handle the global buffer: sparse_buffer_init() initialize the buffer sparse_buffer_fini() free the remaining part of the buffer sparse_buffer_alloc() alloc from the buffer, and if buffer is empty return NULL Define these functions in sparse.c instead of sparse-vmemmap.c because later we will use them for non-vmemmap sparse allocations as well. [akpm@linux-foundation.org: use PTR_ALIGN()] [akpm@linux-foundation.org: s/BUG_ON/WARN_ON/] Link: http://lkml.kernel.org/r/20180712203730.8703-2-pasha.tatashin@oracle.com Signed-off-by: Pavel Tatashin Tested-by: Michael Ellerman [powerpc] Reviewed-by: Oscar Salvador Tested-by: Oscar Salvador Cc: Pasha Tatashin Cc: Steven Sistare Cc: Daniel Jordan Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Dan Williams Cc: Jan Kara Cc: Jérôme Glisse Cc: Souptick Joarder Cc: Baoquan He Cc: Greg Kroah-Hartman Cc: Vlastimil Babka Cc: Wei Yang Cc: Dave Hansen Cc: David Rientjes Cc: Ingo Molnar Cc: Abdul Haleem Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 330d6e489a0ab49136561d7f792b1d81bcdbb83c Author: Cannon Matthews Date: Fri Aug 17 15:49:17 2018 -0700 mm/hugetlb.c: don't zero 1GiB bootmem pages When using 1GiB pages during early boot, use the new memblock_virt_alloc_try_nid_raw() to allocate memory without zeroing it. Zeroing out hundreds or thousands of GiB in a single core memset() call is very slow, and can make early boot last upwards of 20-30 minutes on multi TiB machines. The memory does not need to be zero'd as the hugetlb pages are always zero'd on page fault. Tested: Booted with ~3800 1G pages, and it booted successfully in roughly the same amount of time as with 0, as opposed to the 25+ minutes it would take before. Link: http://lkml.kernel.org/r/20180711213313.92481-1-cannonmatthews@google.com Signed-off-by: Cannon Matthews Acked-by: Mike Kravetz Acked-by: Michal Hocko Cc: Andres Lagar-Cavilla Cc: Peter Feiner Cc: David Matlack Cc: Greg Thelen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d8a759b5703519d37fa5b752f825cbfc06b57906 Author: Aaron Lu Date: Fri Aug 17 15:49:14 2018 -0700 mm, page_alloc: double zone's batchsize To improve page allocator's performance for order-0 pages, each CPU has a Per-CPU-Pageset(PCP) per zone. Whenever an order-0 page is needed, PCP will be checked first before asking pages from Buddy. When PCP is used up, a batch of pages will be fetched from Buddy to improve performance and the size of batch can affect performance. zone's batch size gets doubled last time by commit ba56e91c9401("mm: page_alloc: increase size of per-cpu-pages") over ten years ago. Since then, CPU has envolved a lot and CPU's cache sizes also increased. Dave Hansen is concerned the current batch size doesn't fit well with modern hardware and suggested me to do two things: first, use a page allocator intensive benchmark, e.g. will-it-scale/page_fault1 to find out how performance changes with different batch sizes on various machines and then choose a new default batch size; second, see how this new batch size work with other workloads. In the first test, we saw performance gains on high-core-count systems and little to no effect on older systems with more modest core counts. In this phase's test data, two candidates: 63 and 127 are chosen. In the second step, ebizzy, oltp, kbuild, pigz, netperf, vm-scalability and more will-it-scale sub-tests are tested to see how these two candidates work with these workloads and decides a new default according to their results. Most test results are flat. will-it-scale/page_fault2 process mode has 10%-18% performance increase on 4-sockets Skylake and Broadwell. vm-scalability/lru-file-mmap-read has 17%-47% performance increase for 4-sockets servers while for 2-sockets servers, it caused 3%-8% performance drop. Further analysis showed that, with a larger pcp->batch and thus larger pcp->high(the relationship of pcp->high=6 * pcp->batch is maintained in this patch), zone lock contention shifted to LRU add side lock contention and that caused performance drop. This performance drop might be mitigated by others' work on optimizing LRU lock. Another downside of increasing pcp->batch is, when PCP is used up and need to fetch a batch of pages from Buddy, since batch is increased, that time can be longer than before. My understanding is, this doesn't affect slowpath where direct reclaim and compaction dominates. For fastpath, throughput is a win(according to will-it-scale/page_fault1) but worst latency can be larger now. Overall, I think double the batch size from 31 to 63 is relatively safe and provide good performance boost for high-core-count systems. The two phase's test results are listed below(all tests are done with THP disabled). Phase one(will-it-scale/page_fault1) test results: Skylake-EX: increased batch size has a good effect on zone->lock contention, though LRU contention will rise at the same time and limited the final performance increase. batch score change zone_contention lru_contention total_contention 31 15345900 +0.00% 64% 8% 72% 53 17903847 +16.67% 32% 38% 70% 63 17992886 +17.25% 24% 45% 69% 73 18022825 +17.44% 10% 61% 71% 119 18023401 +17.45% 4% 66% 70% 127 18029012 +17.48% 3% 66% 69% 137 18036075 +17.53% 4% 66% 70% 165 18035964 +17.53% 2% 67% 69% 188 18101105 +17.95% 2% 67% 69% 223 18130951 +18.15% 2% 67% 69% 255 18118898 +18.07% 2% 67% 69% 267 18101559 +17.96% 2% 67% 69% 299 18160468 +18.34% 2% 68% 70% 320 18139845 +18.21% 2% 67% 69% 393 18160869 +18.34% 2% 68% 70% 424 18170999 +18.41% 2% 68% 70% 458 18144868 +18.24% 2% 68% 70% 467 18142366 +18.22% 2% 68% 70% 498 18154549 +18.30% 1% 68% 69% 511 18134525 +18.17% 1% 69% 70% Broadwell-EX: similar pattern as Skylake-EX. batch score change zone_contention lru_contention total_contention 31 16703983 +0.00% 67% 7% 74% 53 18195393 +8.93% 43% 28% 71% 63 18288885 +9.49% 38% 33% 71% 73 18344329 +9.82% 35% 37% 72% 119 18535529 +10.96% 24% 46% 70% 127 18513596 +10.83% 23% 48% 71% 137 18514327 +10.84% 23% 48% 71% 165 18511840 +10.82% 22% 49% 71% 188 18593478 +11.31% 17% 53% 70% 223 18601667 +11.36% 17% 52% 69% 255 18774825 +12.40% 12% 58% 70% 267 18754781 +12.28% 9% 60% 69% 299 18892265 +13.10% 7% 63% 70% 320 18873812 +12.99% 8% 62% 70% 393 18891174 +13.09% 6% 64% 70% 424 18975108 +13.60% 6% 64% 70% 458 18932364 +13.34% 8% 62% 70% 467 18960891 +13.51% 5% 65% 70% 498 18944526 +13.41% 5% 64% 69% 511 18960839 +13.51% 5% 64% 69% Skylake-EP: although increased batch reduced zone->lock contention, but the effect is not as good as EX: zone->lock contention is still as high as 20% with a very high batch value instead of 1% on Skylake-EX or 5% on Broadwell-EX. Also, total_contention actually decreased with a higher batch but that doesn't translate to performance increase. batch score change zone_contention lru_contention total_contention 31 9554867 +0.00% 66% 3% 69% 53 9855486 +3.15% 63% 3% 66% 63 9980145 +4.45% 62% 4% 66% 73 10092774 +5.63% 62% 5% 67% 119 10310061 +7.90% 45% 19% 64% 127 10342019 +8.24% 42% 19% 61% 137 10358182 +8.41% 42% 21% 63% 165 10397060 +8.81% 37% 24% 61% 188 10341808 +8.24% 34% 26% 60% 223 10349135 +8.31% 31% 27% 58% 255 10327189 +8.08% 28% 29% 57% 267 10344204 +8.26% 27% 29% 56% 299 10325043 +8.06% 25% 30% 55% 320 10310325 +7.91% 25% 31% 56% 393 10293274 +7.73% 21% 31% 52% 424 10311099 +7.91% 21% 32% 53% 458 10321375 +8.02% 21% 32% 53% 467 10303881 +7.84% 21% 32% 53% 498 10332462 +8.14% 20% 33% 53% 511 10325016 +8.06% 20% 32% 52% Broadwell-EP: zone->lock and lru lock had an agreement to make sure performance doesn't increase and they successfully managed to keep total contention at 70%. batch score change zone_contention lru_contention total_contention 31 10121178 +0.00% 19% 50% 69% 53 10142366 +0.21% 6% 63% 69% 63 10117984 -0.03% 11% 58% 69% 73 10123330 +0.02% 7% 63% 70% 119 10108791 -0.12% 2% 67% 69% 127 10166074 +0.44% 3% 66% 69% 137 10141574 +0.20% 3% 66% 69% 165 10154499 +0.33% 2% 68% 70% 188 10124921 +0.04% 2% 67% 69% 223 10137399 +0.16% 2% 67% 69% 255 10143289 +0.22% 0% 68% 68% 267 10123535 +0.02% 1% 68% 69% 299 10140952 +0.20% 0% 68% 68% 320 10163170 +0.41% 0% 68% 68% 393 10000633 -1.19% 0% 69% 69% 424 10087998 -0.33% 0% 69% 69% 458 10187116 +0.65% 0% 69% 69% 467 10146790 +0.25% 0% 69% 69% 498 10197958 +0.76% 0% 69% 69% 511 10152326 +0.31% 0% 69% 69% Haswell-EP: similar to Broadwell-EP. batch score change zone_contention lru_contention total_contention 31 10442205 +0.00% 14% 48% 62% 53 10442255 +0.00% 5% 57% 62% 63 10452059 +0.09% 6% 57% 63% 73 10482349 +0.38% 5% 59% 64% 119 10454644 +0.12% 3% 60% 63% 127 10431514 -0.10% 3% 59% 62% 137 10423785 -0.18% 3% 60% 63% 165 10481216 +0.37% 2% 61% 63% 188 10448755 +0.06% 2% 61% 63% 223 10467144 +0.24% 2% 61% 63% 255 10480215 +0.36% 2% 61% 63% 267 10484279 +0.40% 2% 61% 63% 299 10466450 +0.23% 2% 61% 63% 320 10452578 +0.10% 2% 61% 63% 393 10499678 +0.55% 1% 62% 63% 424 10481454 +0.38% 1% 62% 63% 458 10473562 +0.30% 1% 62% 63% 467 10484269 +0.40% 0% 62% 62% 498 10505599 +0.61% 0% 62% 62% 511 10483395 +0.39% 0% 62% 62% Westmere-EP: contention is pretty small so not interesting. Note too high a batch value could hurt performance. batch score change zone_contention lru_contention total_contention 31 4831523 +0.00% 2% 3% 5% 53 4834086 +0.05% 2% 4% 6% 63 4834262 +0.06% 2% 3% 5% 73 4832851 +0.03% 2% 4% 6% 119 4830534 -0.02% 1% 3% 4% 127 4827461 -0.08% 1% 4% 5% 137 4827459 -0.08% 1% 3% 4% 165 4820534 -0.23% 0% 4% 4% 188 4817947 -0.28% 0% 3% 3% 223 4809671 -0.45% 0% 3% 3% 255 4802463 -0.60% 0% 4% 4% 267 4801634 -0.62% 0% 3% 3% 299 4798047 -0.69% 0% 3% 3% 320 4793084 -0.80% 0% 3% 3% 393 4785877 -0.94% 0% 3% 3% 424 4782911 -1.01% 0% 3% 3% 458 4779346 -1.08% 0% 3% 3% 467 4780306 -1.06% 0% 3% 3% 498 4780589 -1.05% 0% 3% 3% 511 4773724 -1.20% 0% 3% 3% Skylake-Desktop: similar to Westmere-EP, nothing interesting. batch score change zone_contention lru_contention total_contention 31 3906608 +0.00% 2% 3% 5% 53 3940164 +0.86% 2% 3% 5% 63 3937289 +0.79% 2% 3% 5% 73 3940201 +0.86% 2% 3% 5% 119 3933240 +0.68% 2% 3% 5% 127 3930514 +0.61% 2% 4% 6% 137 3938639 +0.82% 0% 3% 3% 165 3908755 +0.05% 0% 3% 3% 188 3905621 -0.03% 0% 3% 3% 223 3903015 -0.09% 0% 4% 4% 255 3889480 -0.44% 0% 3% 3% 267 3891669 -0.38% 0% 4% 4% 299 3898728 -0.20% 0% 4% 4% 320 3894547 -0.31% 0% 4% 4% 393 3875137 -0.81% 0% 4% 4% 424 3874521 -0.82% 0% 3% 3% 458 3880432 -0.67% 0% 4% 4% 467 3888715 -0.46% 0% 3% 3% 498 3888633 -0.46% 0% 4% 4% 511 3875305 -0.80% 0% 5% 5% Haswell-Desktop: zone->lock is pretty low as other desktops, though lru contention is higher than other desktops. batch score change zone_contention lru_contention total_contention 31 3511158 +0.00% 2% 5% 7% 53 3555445 +1.26% 2% 6% 8% 63 3561082 +1.42% 2% 6% 8% 73 3547218 +1.03% 2% 6% 8% 119 3571319 +1.71% 1% 7% 8% 127 3549375 +1.09% 0% 6% 6% 137 3560233 +1.40% 0% 6% 6% 165 3555176 +1.25% 2% 6% 8% 188 3551501 +1.15% 0% 8% 8% 223 3531462 +0.58% 0% 7% 7% 255 3570400 +1.69% 0% 7% 7% 267 3532235 +0.60% 1% 8% 9% 299 3562326 +1.46% 0% 6% 6% 320 3553569 +1.21% 0% 8% 8% 393 3539519 +0.81% 0% 7% 7% 424 3549271 +1.09% 0% 8% 8% 458 3528885 +0.50% 0% 8% 8% 467 3526554 +0.44% 0% 7% 7% 498 3525302 +0.40% 0% 9% 9% 511 3527556 +0.47% 0% 8% 8% Sandybridge-Desktop: the 0% contention isn't accurate but caused by dropped fractional part. Since multiple contention path's contentions are all under 1% here, with some arithmetic operations like add, the final deviation could be as large as 3%. batch score change zone_contention lru_contention total_contention 31 1744495 +0.00% 0% 0% 0% 53 1755341 +0.62% 0% 0% 0% 63 1758469 +0.80% 0% 0% 0% 73 1759626 +0.87% 0% 0% 0% 119 1770417 +1.49% 0% 0% 0% 127 1768252 +1.36% 0% 0% 0% 137 1767848 +1.34% 0% 0% 0% 165 1765088 +1.18% 0% 0% 0% 188 1766918 +1.29% 0% 0% 0% 223 1767866 +1.34% 0% 0% 0% 255 1768074 +1.35% 0% 0% 0% 267 1763187 +1.07% 0% 0% 0% 299 1765620 +1.21% 0% 0% 0% 320 1767603 +1.32% 0% 0% 0% 393 1764612 +1.15% 0% 0% 0% 424 1758476 +0.80% 0% 0% 0% 458 1758593 +0.81% 0% 0% 0% 467 1757915 +0.77% 0% 0% 0% 498 1753363 +0.51% 0% 0% 0% 511 1755548 +0.63% 0% 0% 0% Phase two test results: Note: all percent change is against base(batch=31). ebizzy.throughput (higer is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 2410037±7% 2600451±2% +7.9% 2602878 +8.0% lkp-bdw-ex1 1493328 1489243 -0.3% 1492145 -0.1% lkp-skl-2sp2 1329674 1345891 +1.2% 1351056 +1.6% lkp-bdw-ep2 711511 711511 0.0% 710708 -0.1% lkp-wsm-ep2 75750 75528 -0.3% 75441 -0.4% lkp-skl-d01 264126 262791 -0.5% 264113 +0.0% lkp-hsw-d01 176601 176328 -0.2% 176368 -0.1% lkp-sb02 98937 98937 +0.0% 99030 +0.1% kbuild.buildtime (less is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 107.00 107.67 +0.6% 107.11 +0.1% lkp-bdw-ex1 97.33 97.33 +0.0% 97.42 +0.1% lkp-skl-2sp2 180.00 179.83 -0.1% 179.83 -0.1% lkp-bdw-ep2 178.17 179.17 +0.6% 177.50 -0.4% lkp-wsm-ep2 737.00 738.00 +0.1% 738.00 +0.1% lkp-skl-d01 642.00 653.00 +1.7% 653.00 +1.7% lkp-hsw-d01 1310.00 1316.00 +0.5% 1311.00 +0.1% netperf/TCP_STREAM.Throughput_total_Mbps (higher is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 948790 947144 -0.2% 948333 -0.0% lkp-bdw-ex1 904224 904366 +0.0% 904926 +0.1% lkp-skl-2sp2 239731 239607 -0.1% 239565 -0.1% lk-bdw-ep2 365764 365933 +0.0% 365951 +0.1% lkp-wsm-ep2 93736 93803 +0.1% 93808 +0.1% lkp-skl-d01 77314 77303 -0.0% 77375 +0.1% lkp-hsw-d01 58617 60387 +3.0% 60208 +2.7% lkp-sb02 29990 30137 +0.5% 30103 +0.4% oltp.transactions (higer is better) machine batch=31 batch=63 batch=127 lkp-bdw-ex1 9073276 9100377 +0.3% 9036344 -0.4% lkp-skl-2sp2 8898717 8852054 -0.5% 8894459 -0.0% lkp-bdw-ep2 13426155 13384654 -0.3% 13333637 -0.7% lkp-hsw-ep2 13146314 13232784 +0.7% 13193163 +0.4% lkp-wsm-ep2 5035355 5019348 -0.3% 5033418 -0.0% lkp-skl-d01 418485 4413339 -0.1% 4419039 +0.0% lkp-hsw-d01 3517817±5% 3396120±3% -3.5% 3455138±3% -1.8% pigz.throughput (higer is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 1.513e+08 1.507e+08 -0.4% 1.511e+08 -0.2% lkp-bdw-ex1 2.060e+08 2.052e+08 -0.4% 2.044e+08 -0.8% lkp-skl-2sp2 8.836e+08 8.845e+08 +0.1% 8.836e+08 -0.0% lkp-bdw-ep2 8.275e+08 8.464e+08 +2.3% 8.330e+08 +0.7% lkp-wsm-ep2 2.224e+08 2.221e+08 -0.2% 2.218e+08 -0.3% lkp-skl-d01 1.177e+08 1.177e+08 -0.0% 1.176e+08 -0.1% lkp-hsw-d01 1.154e+08 1.154e+08 +0.1% 1.154e+08 -0.0% lkp-sb02 0.633e+08 0.633e+08 +0.1% 0.633e+08 +0.0% will-it-scale.malloc1.processes (higher is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 620181 620484 +0.0% 620240 +0.0% lkp-bdw-ex1 1403610 1401201 -0.2% 1417900 +1.0% lkp-skl-2sp2 1288097 1284145 -0.3% 1283907 -0.3% lkp-bdw-ep2 1427879 1427675 -0.0% 1428266 +0.0% lkp-hsw-ep2 1362546 1353965 -0.6% 1354759 -0.6% lkp-wsm-ep2 2099657 2107576 +0.4% 2100226 +0.0% lkp-skl-d01 1476835 1476358 -0.0% 1474487 -0.2% lkp-hsw-d01 1308810 1303429 -0.4% 1301299 -0.6% lkp-sb02 589286 589284 -0.0% 588101 -0.2% will-it-scale.malloc1.threads (higher is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 21289 21125 -0.8% 21241 -0.2% lkp-bdw-ex1 28114 28089 -0.1% 28007 -0.4% lkp-skl-2sp2 91866 91946 +0.1% 92723 +0.9% lkp-bdw-ep2 37637 37501 -0.4% 37317 -0.9% lkp-hsw-ep2 43673 43590 -0.2% 43754 +0.2% lkp-wsm-ep2 28577 28298 -1.0% 28545 -0.1% lkp-skl-d01 175277 173343 -1.1% 173082 -1.3% lkp-hsw-d01 130303 129566 -0.6% 129250 -0.8% lkp-sb02 113742±3% 116911 +2.8% 116417±3% +2.4% will-it-scale.malloc2.processes (higer is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 1.206e+09 1.206e+09 -0.0% 1.206e+09 +0.0% lkp-bdw-ex1 1.319e+09 1.319e+09 -0.0% 1.319e+09 +0.0% lkp-skl-2sp2 8.000e+08 8.021e+08 +0.3% 7.995e+08 -0.1% lkp-bdw-ep2 6.582e+08 6.634e+08 +0.8% 6.513e+08 -1.1% lkp-hsw-ep2 6.671e+08 6.669e+08 -0.0% 6.665e+08 -0.1% lkp-wsm-ep2 1.805e+08 1.806e+08 +0.0% 1.804e+08 -0.1% lkp-skl-d01 1.611e+08 1.611e+08 -0.0% 1.610e+08 -0.0% lkp-hsw-d01 1.333e+08 1.332e+08 -0.0% 1.332e+08 -0.0% lkp-sb02 82485104 82478206 -0.0% 82473546 -0.0% will-it-scale.malloc2.threads (higer is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 1.574e+09 1.574e+09 -0.0% 1.574e+09 -0.0% lkp-bdw-ex1 1.737e+09 1.737e+09 +0.0% 1.737e+09 -0.0% lkp-skl-2sp2 9.161e+08 9.162e+08 +0.0% 9.181e+08 +0.2% lkp-bdw-ep2 7.856e+08 8.015e+08 +2.0% 8.113e+08 +3.3% lkp-hsw-ep2 6.908e+08 6.904e+08 -0.1% 6.907e+08 -0.0% lkp-wsm-ep2 2.409e+08 2.409e+08 +0.0% 2.409e+08 -0.0% lkp-skl-d01 1.199e+08 1.199e+08 -0.0% 1.199e+08 -0.0% lkp-hsw-d01 1.029e+08 1.029e+08 -0.0% 1.029e+08 +0.0% lkp-sb02 68081213 68061423 -0.0% 68076037 -0.0% will-it-scale.page_fault2.processes (higer is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 14509125±4% 16472364 +13.5% 17123117 +18.0% lkp-bdw-ex1 14736381 16196588 +9.9% 16364011 +11.0% lkp-skl-2sp2 6354925 6435444 +1.3% 6436644 +1.3% lkp-bdw-ep2 8749584 8834422 +1.0% 8827179 +0.9% lkp-hsw-ep2 8762591 8845920 +1.0% 8825697 +0.7% lkp-wsm-ep2 3036083 3030428 -0.2% 3021741 -0.5% lkp-skl-d01 2307834 2304731 -0.1% 2286142 -0.9% lkp-hsw-d01 1806237 1800786 -0.3% 1795943 -0.6% lkp-sb02 842616 837844 -0.6% 833921 -1.0% will-it-scale.page_fault2.threads machine batch=31 batch=63 batch=127 lkp-skl-4sp1 1623294 1615132±2% -0.5% 1656777 +2.1% lkp-bdw-ex1 1995714 2025948 +1.5% 2113753±3% +5.9% lkp-skl-2sp2 2346708 2415591 +2.9% 2416919 +3.0% lkp-bdw-ep2 2342564 2344882 +0.1% 2300206 -1.8% lkp-hsw-ep2 1820658 1831681 +0.6% 1844057 +1.3% lkp-wsm-ep2 1725482 1733774 +0.5% 1740517 +0.9% lkp-skl-d01 1832833 1823628 -0.5% 1806489 -1.4% lkp-hsw-d01 1427913 1427287 -0.0% 1420226 -0.5% lkp-sb02 750626 748615 -0.3% 746621 -0.5% will-it-scale.page_fault3.processes (higher is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 24382726 24400317 +0.1% 24668774 +1.2% lkp-bdw-ex1 35399750 35683124 +0.8% 35829492 +1.2% lkp-skl-2sp2 28136820 28068248 -0.2% 28147989 +0.0% lkp-bdw-ep2 37269077 37459490 +0.5% 37373073 +0.3% lkp-hsw-ep2 36224967 36114085 -0.3% 36104908 -0.3% lkp-wsm-ep2 16820457 16911005 +0.5% 16968596 +0.9% lkp-skl-d01 7721138 7725904 +0.1% 7756740 +0.5% lkp-hsw-d01 7611979 7650928 +0.5% 7651323 +0.5% lkp-sb02 3781546 3796502 +0.4% 3796827 +0.4% will-it-scale.page_fault3.threads (higer is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 1865820±3% 1900917±2% +1.9% 1826245±4% -2.1% lkp-bdw-ex1 3094060 3148326 +1.8% 3150036 +1.8% lkp-skl-2sp2 3952940 3953898 +0.0% 3989360 +0.9% lkp-bdw-ep2 3420373±3% 3643964 +6.5% 3644910±5% +6.6% lkp-hsw-ep2 2609635±2% 2582310±3% -1.0% 2780459 +6.5% lkp-wsm-ep2 4395001 4417196 +0.5% 4432499 +0.9% lkp-skl-d01 5363977 5400003 +0.7% 5411370 +0.9% lkp-hsw-d01 5274131 5311294 +0.7% 5319359 +0.9% lkp-sb02 2917314 2913004 -0.1% 2935286 +0.6% will-it-scale.read1.processes (higer is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 73762279±14% 69322519±10% -6.0% 69349855±13% -6.0% (result unstable) lkp-bdw-ex1 1.701e+08 1.704e+08 +0.1% 1.705e+08 +0.2% lkp-skl-2sp2 63111570 63113953 +0.0% 63836573 +1.1% lkp-bdw-ep2 79247409 79424610 +0.2% 78012656 -1.6% lkp-hsw-ep2 67677026 68308800 +0.9% 67539106 -0.2% lkp-wsm-ep2 13339630 13939817 +4.5% 13766865 +3.2% lkp-skl-d01 10969487 10972650 +0.0% no data lkp-hsw-d01 9857342±2% 10080592±2% +2.3% 10131560 +2.8% lkp-sb02 5189076 5197473 +0.2% 5163253 -0.5% will-it-scale.read1.threads (higher is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 62468045±12% 73666726±7% +17.9% 79553123±12% +27.4% (result unstable) lkp-bdw-ex1 1.62e+08 1.624e+08 +0.3% 1.614e+08 -0.3% lkp-skl-2sp2 58319780 59181032 +1.5% 59821353 +2.6% lkp-bdw-ep2 74057992 75698171 +2.2% 74990869 +1.3% lkp-hsw-ep2 63672959 63639652 -0.1% 64387051 +1.1% lkp-wsm-ep2 13489943 13526058 +0.3% 13259032 -1.7% lkp-skl-d01 10297906 10338796 +0.4% 10407328 +1.1% lkp-hsw-d01 9636721 9667376 +0.3% 9341147 -3.1% lkp-sb02 4801938 4804496 +0.1% 4802290 +0.0% will-it-scale.write1.processes (higer is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 1.111e+08 1.104e+08±2% -0.7% 1.122e+08±2% +1.0% lkp-bdw-ex1 1.392e+08 1.399e+08 +0.5% 1.397e+08 +0.4% lkp-skl-2sp2 59369233 58994841 -0.6% 58715168 -1.1% lkp-bdw-ep2 61820979 CPU throttle 63593123 +2.9% lkp-hsw-ep2 57897587 57435605 -0.8% 56347450 -2.7% lkp-wsm-ep2 7814203 7918017±2% +1.3% 7669068 -1.9% lkp-skl-d01 8886557 8971422 +1.0% 8818366 -0.8% lkp-hsw-d01 9171001±5% 9189915 +0.2% 9483909 +3.4% lkp-sb02 4475406 4475294 -0.0% 4501756 +0.6% will-it-scale.write1.threads (higer is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 1.058e+08 1.055e+08±2% -0.2% 1.065e+08 +0.7% lkp-bdw-ex1 1.316e+08 1.300e+08 -1.2% 1.308e+08 -0.6% lkp-skl-2sp2 54492421 56086678 +2.9% 55975657 +2.7% lkp-bdw-ep2 59360449 59003957 -0.6% 58101262 -2.1% lkp-hsw-ep2 53346346±2% 52530876 -1.5% 52902487 -0.8% lkp-wsm-ep2 7774006 7800092±2% +0.3% 7558833 -2.8% lkp-skl-d01 8346174 8235695 -1.3% no data lkp-hsw-d01 8636244 8655731 +0.2% 8658868 +0.3% lkp-sb02 4181820 4204107 +0.5% 4182992 +0.0% vm-scalability.anon-r-rand.throughput (higher is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 11933873±3% 12356544±2% +3.5% 12188624 +2.1% lkp-bdw-ex1 7114424±2% 7330949±2% +3.0% 7392419 +3.9% lkp-skl-2sp2 6773277±5% 6492332±8% -4.1% 6543962 -3.4% lkp-bdw-ep2 7133846±4% 7233508 +1.4% 7013518±3% -1.7% lkp-hsw-ep2 4576626 4527098 -1.1% 4551679 -0.5% lkp-wsm-ep2 2583599 2592492 +0.3% 2588039 +0.2% lkp-hsw-d01 998199±2% 1028311 +3.0% 1006460±2% +0.8% lkp-sb02 570572 567854 -0.5% 568449 -0.4% vm-scalability.anon-r-rand-mt.throughput (higher is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 1789419 1787830 -0.1% 1788208 -0.1% lkp-bdw-ex1 3492595±2% 3554966±2% +1.8% 3558835±3% +1.9% lkp-skl-2sp2 3856238±2% 3975403±4% +3.1% 3994600 +3.6% lkp-bdw-ep2 3726963±11% 3809292±6% +2.2% 3871924±4% +3.9% lkp-hsw-ep2 2131760±3% 2033578±4% -4.6% 2130727±6% -0.0% lkp-wsm-ep2 2369731 2368384 -0.1% 2370252 +0.0% lkp-skl-d01 1207128 1206220 -0.1% 1205801 -0.1% lkp-hsw-d01 964317 992329±2% +2.9% 992099±2% +2.9% lkp-sb02 567137 567346 +0.0% 566144 -0.2% vm-scalability.lru-file-mmap-read.throughput (higher is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 19560469±6% 23018999 +17.7% 23418800 +19.7% lkp-bdw-ex1 17769135±14% 26141676±3% +47.1% 26284723±5% +47.9% lkp-skl-2sp2 14056512 13578884 -3.4% 13146214 -6.5% lkp-bdw-ep2 15336542 14737654 -3.9% 14088159 -8.1% lkp-hsw-ep2 16275498 15756296 -3.2% 15018090 -7.7% lkp-wsm-ep2 11272160 11237231 -0.3% 11310047 +0.3% lkp-skl-d01 7322119 7324569 +0.0% 7184148 -1.9% lkp-hsw-d01 6449234 6404542 -0.7% 6356141 -1.4% lkp-sb02 3517943 3520668 +0.1% 3527309 +0.3% vm-scalability.lru-file-mmap-read-rand.throughput (higher is better) machine batch=31 batch=63 batch=127 lkp-skl-4sp1 1689052 1697553 +0.5% 1698726 +0.6% lkp-bdw-ex1 1675246 1699764 +1.5% 1712226 +2.2% lkp-skl-2sp2 1800533 1799749 -0.0% 1800581 +0.0% lkp-bdw-ep2 1807422 1807758 +0.0% 1804932 -0.1% lkp-hsw-ep2 1809807 1808781 -0.1% 1807811 -0.1% lkp-wsm-ep2 1800198 1802434 +0.1% 1801236 +0.1% lkp-skl-d01 696689 695537 -0.2% 694106 -0.4% lkp-hsw-d01 698364 698666 +0.0% 696686 -0.2% lkp-sb02 258939 258787 -0.1% 258199 -0.3% Link: http://lkml.kernel.org/r/20180711055855.29072-1-aaron.lu@intel.com Signed-off-by: Aaron Lu Suggested-by: Dave Hansen Acked-by: Michal Hocko Acked-by: Jesper Dangaard Brouer Cc: Huang Ying Cc: Kemi Wang Cc: Tim Chen Cc: Andi Kleen Cc: Vlastimil Babka Cc: Mel Gorman Cc: Jesper Dangaard Brouer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a195d3f5b74f3f45a6742f9063b5e95a2522b46d Author: Michal Hocko Date: Fri Aug 17 15:49:10 2018 -0700 mm/oom_kill.c: document oom_lock Add comments describing oom_lock's scope. Requested-by: David Rientjes Link: http://lkml.kernel.org/r/20180711120121.25635-1-mhocko@kernel.org Signed-off-by: Michal Hocko Reviewed-by: Andrew Morton Cc: David Rientjes Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 40d18ebffb3974272a920c41f2d74431152cae98 Author: Mike Kravetz Date: Fri Aug 17 15:49:07 2018 -0700 mm/hugetlb: remove gigantic page support for HIGHMEM This reverts ee8f248d266e ("hugetlb: add phys addr to struct huge_bootmem_page"). At one time powerpc used this field and supporting code. However that was removed with commit 79cc38ded1e1 ("powerpc/mm/hugetlb: Add support for reserving gigantic huge pages via kernel command line"). There are no users of this field and supporting code, so remove it. Link: http://lkml.kernel.org/r/20180711195913.1294-1-mike.kravetz@oracle.com Signed-off-by: Mike Kravetz Reviewed-by: Andrew Morton Acked-by: Michal Hocko Cc: "Aneesh Kumar K . V" Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Cannon Matthews Cc: Becky Bruce Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 9bfe5ded054b8e28a94c78580f233d6879a00146 Author: Michal Hocko Date: Fri Aug 17 15:49:04 2018 -0700 mm, oom: remove sleep from under oom_lock Tetsuo has pointed out that since 27ae357fa82b ("mm, oom: fix concurrent munlock and oom reaper unmap, v3") we have a strong synchronization between the oom_killer and victim's exiting because both have to take the oom_lock. Therefore the original heuristic to sleep for a short time in out_of_memory doesn't serve the original purpose. Moreover Tetsuo has noticed that the short sleep can be more harmful than actually useful. Hammering the system with many processes can lead to a starvation when the task holding the oom_lock can block for a long time (minutes) and block any further progress because the oom_reaper depends on the oom_lock as well. Drop the short sleep from out_of_memory when we hold the lock. Keep the sleep when the trylock fails to throttle the concurrent OOM paths a bit. This should be solved in a more reasonable way (e.g. sleep proportional to the time spent in the active reclaiming etc.) but this is much more complex thing to achieve. This is a quick fixup to remove a stale code. Link: http://lkml.kernel.org/r/20180709074706.30635-1-mhocko@kernel.org Signed-off-by: Michal Hocko Reported-by: Tetsuo Handa Reviewed-by: Andrew Morton Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d834c5ab83febf9624ad3b16c3c348aa1e02014c Author: Marek Szyprowski Date: Fri Aug 17 15:49:00 2018 -0700 kernel/dma: remove unsupported gfp_mask parameter from dma_alloc_from_contiguous() The CMA memory allocator doesn't support standard gfp flags for memory allocation, so there is no point having it as a parameter for dma_alloc_from_contiguous() function. Replace it by a boolean no_warn argument, which covers all the underlaying cma_alloc() function supports. This will help to avoid giving false feeling that this function supports standard gfp flags and callers can pass __GFP_ZERO to get zeroed buffer, what has already been an issue: see commit dd65a941f6ba ("arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag"). Link: http://lkml.kernel.org/r/20180709122020eucas1p21a71b092975cb4a3b9954ffc63f699d1~-sqUFoa-h2939329393eucas1p2Y@eucas1p2.samsung.com Signed-off-by: Marek Szyprowski Acked-by: Michał Nazarewicz Acked-by: Vlastimil Babka Reviewed-by: Christoph Hellwig Cc: Laura Abbott Cc: Michal Hocko Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6518202970c1052148daaef9a8096711775e43a2 Author: Marek Szyprowski Date: Fri Aug 17 15:48:57 2018 -0700 mm/cma: remove unsupported gfp_mask parameter from cma_alloc() cma_alloc() doesn't really support gfp flags other than __GFP_NOWARN, so convert gfp_mask parameter to boolean no_warn parameter. This will help to avoid giving false feeling that this function supports standard gfp flags and callers can pass __GFP_ZERO to get zeroed buffer, what has already been an issue: see commit dd65a941f6ba ("arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag"). Link: http://lkml.kernel.org/r/20180709122019eucas1p2340da484acfcc932537e6014f4fd2c29~-sqTPJKij2939229392eucas1p2j@eucas1p2.samsung.com Signed-off-by: Marek Szyprowski Acked-by: Michal Hocko Acked-by: Michał Nazarewicz Acked-by: Laura Abbott Acked-by: Vlastimil Babka Reviewed-by: Christoph Hellwig Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 50c150f26261e723523f077a67378736fa7511a4 Author: Rik van Riel Date: Fri Aug 17 15:48:53 2018 -0700 Revert "mm: always flush VMA ranges affected by zap_page_range" There was a bug in Linux that could cause madvise (and mprotect?) system calls to return to userspace without the TLB having been flushed for all the pages involved. This could happen when multiple threads of a process made simultaneous madvise and/or mprotect calls. This was noticed in the summer of 2017, at which time two solutions were created: 56236a59556c ("mm: refactor TLB gathering API") 99baac21e458 ("mm: fix MADV_[FREE|DONTNEED] TLB flush miss problem") and 4647706ebeee ("mm: always flush VMA ranges affected by zap_page_range") We need only one of these solutions, and the former appears to be a little more efficient than the latter, so revert that one. This reverts 4647706ebeee6e50 ("mm: always flush VMA ranges affected by zap_page_range") Link: http://lkml.kernel.org/r/20180706131019.51e3a5f0@imladris.surriel.com Signed-off-by: Rik van Riel Acked-by: Mel Gorman Cc: Andy Lutomirski Cc: Michal Hocko Cc: Minchan Kim Cc: "Kirill A. Shutemov" Cc: Mel Gorman Cc: "Aneesh Kumar K.V" Cc: Nicholas Piggin Cc: Nadav Amit Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c98aff649349d9147915a19d378c9c3c1bd85de0 Author: Baoquan He Date: Fri Aug 17 15:48:49 2018 -0700 mm/sparse: optimize memmap allocation during sparse_init() In sparse_init(), two temporary pointer arrays, usemap_map and map_map are allocated with the size of NR_MEM_SECTIONS. They are used to store each memory section's usemap and mem map if marked as present. With the help of these two arrays, continuous memory chunk is allocated for usemap and memmap for memory sections on one node. This avoids too many memory fragmentations. Like below diagram, '1' indicates the present memory section, '0' means absent one. The number 'n' could be much smaller than NR_MEM_SECTIONS on most of systems. |1|1|1|1|0|0|0|0|1|1|0|0|...|1|0||1|0|...|1||0|1|...|0| ------------------------------------------------------- 0 1 2 3 4 5 i i+1 n-1 n If we fail to populate the page tables to map one section's memmap, its ->section_mem_map will be cleared finally to indicate that it's not present. After use, these two arrays will be released at the end of sparse_init(). In 4-level paging mode, each array costs 4M which can be ignorable. While in 5-level paging, they costs 256M each, 512M altogether. Kdump kernel Usually only reserves very few memory, e.g 256M. So, even thouth they are temporarily allocated, still not acceptable. In fact, there's no need to allocate them with the size of NR_MEM_SECTIONS. Since the ->section_mem_map clearing has been deferred to the last, the number of present memory sections are kept the same during sparse_init() until we finally clear out the memory section's ->section_mem_map if its usemap or memmap is not correctly handled. Thus in the middle whenever for_each_present_section_nr() loop is taken, the i-th present memory section is always the same one. Here only allocate usemap_map and map_map with the size of 'nr_present_sections'. For the i-th present memory section, install its usemap and memmap to usemap_map[i] and mam_map[i] during allocation. Then in the last for_each_present_section_nr() loop which clears the failed memory section's ->section_mem_map, fetch usemap and memmap from usemap_map[] and map_map[] array and set them into mem_section[] accordingly. [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20180628062857.29658-5-bhe@redhat.com Signed-off-by: Baoquan He Reviewed-by: Pavel Tatashin Cc: Pasha Tatashin Cc: Dave Hansen Cc: Kirill A. Shutemov Cc: Oscar Salvador Cc: Pankaj Gupta Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 9258631b33374f20d856032c3542b76ad7f5a312 Author: Baoquan He Date: Fri Aug 17 15:48:45 2018 -0700 mm/sparse.c: add a new parameter 'data_unit_size' for alloc_usemap_and_memmap It's used to pass the size of map data unit into alloc_usemap_and_memmap, and is preparation for next patch. Link: http://lkml.kernel.org/r/20180228032657.32385-4-bhe@redhat.com Signed-off-by: Baoquan He Reviewed-by: Pavel Tatashin Reviewed-by: Oscar Salvador Cc: Pasha Tatashin Cc: Kirill A. Shutemov Cc: Pankaj Gupta Cc: Dave Hansen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 07a34a8c36521c37119259d937d1389c3f5f6db9 Author: Baoquan He Date: Fri Aug 17 15:48:42 2018 -0700 mm/sparsemem.c: defer the ms->section_mem_map clearing In sparse_init(), if CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y, system will allocate one continuous memory chunk for mem maps on one node and populate the relevant page tables to map memory section one by one. If fail to populate for a certain mem section, print warning and its ->section_mem_map will be cleared to cancel the marking of being present. Like this, the number of mem sections marked as present could become less during sparse_init() execution. Here just defer the ms->section_mem_map clearing if failed to populate its page tables until the last for_each_present_section_nr() loop. This is in preparation for later optimizing the mem map allocation. [akpm@linux-foundation.org: remove now-unused local `ms', per Oscar] Link: http://lkml.kernel.org/r/20180228032657.32385-3-bhe@redhat.com Signed-off-by: Baoquan He Acked-by: Dave Hansen Reviewed-by: Pavel Tatashin Reviewed-by: Oscar Salvador Cc: Pasha Tatashin Cc: Kirill A. Shutemov Cc: Pankaj Gupta Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f2fc10e0b3fe7d1aecbd2cab6bf0007b6771e16d Author: Baoquan He Date: Fri Aug 17 15:48:38 2018 -0700 mm/sparse.c: add a static variable nr_present_sections Patch series "mm/sparse: Optimize memmap allocation during sparse_init()", v6. In sparse_init(), two temporary pointer arrays, usemap_map and map_map are allocated with the size of NR_MEM_SECTIONS. They are used to store each memory section's usemap and mem map if marked as present. In 5-level paging mode, this will cost 512M memory though they will be released at the end of sparse_init(). System with few memory, like kdump kernel which usually only has about 256M, will fail to boot because of allocation failure if CONFIG_X86_5LEVEL=y. In this patchset, optimize the memmap allocation code to only use usemap_map and map_map with the size of nr_present_sections. This makes kdump kernel boot up with normal crashkernel='' setting when CONFIG_X86_5LEVEL=y. This patch (of 5): nr_present_sections is used to record how many memory sections are marked as present during system boot up, and will be used in the later patch. Link: http://lkml.kernel.org/r/20180228032657.32385-2-bhe@redhat.com Signed-off-by: Baoquan He Acked-by: Dave Hansen Reviewed-by: Andrew Morton Reviewed-by: Pavel Tatashin Reviewed-by: Oscar Salvador Cc: Pasha Tatashin Cc: Kirill A. Shutemov Cc: Pankaj Gupta Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7e010df53c80197b23119e7d7b95892aa13629df Author: Kirill Tkhai Date: Fri Aug 17 15:48:34 2018 -0700 mm: use special value SHRINKER_REGISTERING instead of list_empty() check The patch introduces a special value SHRINKER_REGISTERING to use instead of list_empty() to differ a registering shrinker from unregistered shrinker. Why we need that at all? Shrinker registration is split in two parts. The first one is prealloc_shrinker(), which allocates shrinker memory and reserves ID in shrinker_idr. This function can fail. The second is register_shrinker_prepared(), and it finalizes the registration. This function actually makes shrinker available to be used from shrink_slab(), and it can't fail. One shrinker may be based on more then one LRU lists. So, we never clear the bit in memcg shrinker maps, when (one of) corresponding LRU list becomes empty, since other LRU lists may be not empty. See superblock shrinker for example: it is based on two LRU lists: s_inode_lru and s_dentry_lru. We do not want to clear shrinker bit, when there are no inodes in s_inode_lru, as s_dentry_lru may contain dentries. Instead of that, we use special algorithm to detect shrinkers having no elements at all its LRU lists, and this is made in shrink_slab_memcg(). See the comment in this function for the details. Also, in shrink_slab_memcg() we clear shrinker bit in the map, when we meet unregistered shrinker (bit is set, while there is no a shrinker in IDR). Otherwise, we would have done that at the moment of shrinker unregistration for all memcgs (and this looks worse, since iteration over all memcg may take much time). Also this would have imposed restrictions on shrinker unregistration order for its users: they would have had to guarantee, there are no new elements after unregister_shrinker() (otherwise, a new added element would have set a bit). So, if we meet a set bit in map and no shrinker in IDR when we're iterating over the map in shrink_slab_memcg(), this means the corresponding shrinker is unregistered, and we must clear the bit. Another case is shrinker registration. We want two things there: 1) do_shrink_slab() can be called only for completely registered shrinkers; 2) shrinker internal lists may be populated in any order with register_shrinker_prepared() (let's talk on the example with sb). Both of: a)list_lru_add(&inode->i_sb->s_inode_lru, &inode->i_lru); [cpu0] memcg_set_shrinker_bit(); [cpu0] ... register_shrinker_prepared(); [cpu1] and b)register_shrinker_prepared(); [cpu0] ... list_lru_add(&inode->i_sb->s_inode_lru, &inode->i_lru); [cpu1] memcg_set_shrinker_bit(); [cpu1] are legitimate. We don't want to impose restriction here and to force people to use only (b) variant. We don't want to force people to care, there is no elements in LRU lists before the shrinker is completely registered. Internal users of LRU lists and shrinker code are two different subsystems, and they have to be closed in themselves each other. In (a) case we have the bit set before shrinker is completely registered. We don't want do_shrink_slab() is called at this moment, so we have to detect such the registering shrinkers. Before this patch list_empty() (shrinker is not linked to the list) check was used for that. So, in (a) there could be a bit set, but we don't call do_shrink_slab() unless shrinker is linked to the list. It's just an indicator, I just overloaded linking to the list. This was not the best solution, since it's better not to touch the shrinker memory from shrink_slab_memcg() before it's completely registered (this also will be useful in the future to make shrink_slab() completely lockless). So, this patch introduces better way to detect registering shrinker, which allows not to dereference shrinker memory. It's just a ~0UL value, which we insert into the IDR during ID allocation. After shrinker is ready to be used, we insert actual shrinker pointer in the IDR, and it becomes available to shrink_slab_memcg(). We can't use NULL instead of this new value for this purpose as: shrink_slab_memcg() already uses NULL to detect unregistered shrinkers, and we don't want the function sees NULL and clears the bit, otherwise (a) won't work. This is the only thing the patch makes: the better way to detect registering shrinker. Nothing else this patch makes. Also this gives a better assembler, but it's minor side of the patch: Before: callq mov %rax,%r15 test %rax,%rax je mov 0x20(%rax),%rax lea 0x20(%r15),%rdx cmp %rax,%rdx je mov 0x8(%rsp),%edx mov %r15,%rsi lea 0x10(%rsp),%rdi callq After: callq mov %rax,%r15 lea -0x1(%rax),%rax cmp $0xfffffffffffffffd,%rax ja mov 0x8(%rsp),%edx mov %r15,%rsi lea 0x10(%rsp),%rdi callq ffffffff810cefd0 [ktkhai@virtuozzo.com: add #ifdef CONFIG_MEMCG_KMEM around idr_replace()] Link: http://lkml.kernel.org/r/758b8fec-7573-47eb-b26a-7b2847ae7b8c@virtuozzo.com Link: http://lkml.kernel.org/r/153355467546.11522.4518015068123480218.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Reviewed-by: Andrew Morton Cc: Vladimir Davydov Cc: Michal Hocko Cc: Andrey Ryabinin Cc: "Huang, Ying" Cc: Tetsuo Handa Cc: Matthew Wilcox Cc: Shakeel Butt Cc: Josef Bacik Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ac7fb3ad2717c56cee70456ffe9d808230db528e Author: Kirill Tkhai Date: Fri Aug 17 15:48:30 2018 -0700 mm/vmscan.c: move check for SHRINKER_NUMA_AWARE to do_shrink_slab() In case of shrink_slab_memcg() we do not zero nid, when shrinker is not numa-aware. This is not a real problem, since currently all memcg-aware shrinkers are numa-aware too (we have two: super_block shrinker and workingset shrinker), but something may change in the future. Link: http://lkml.kernel.org/r/153320759911.18959.8842396230157677671.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Reviewed-by: Andrew Morton Cc: Vladimir Davydov Cc: Michal Hocko Cc: Andrey Ryabinin Cc: "Huang, Ying" Cc: Tetsuo Handa Cc: Matthew Wilcox Cc: Shakeel Butt Cc: Josef Bacik Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f90280d6b7963fa8925258ed66b4f567fe73dfea Author: Kirill Tkhai Date: Fri Aug 17 15:48:25 2018 -0700 mm/vmscan.c: clear shrinker bit if there are no objects related to memcg To avoid further unneed calls of do_shrink_slab() for shrinkers, which already do not have any charged objects in a memcg, their bits have to be cleared. This patch introduces a lockless mechanism to do that without races without parallel list lru add. After do_shrink_slab() returns SHRINK_EMPTY the first time, we clear the bit and call it once again. Then we restore the bit, if the new return value is different. Note, that single smp_mb__after_atomic() in shrink_slab_memcg() covers two situations: 1)list_lru_add() shrink_slab_memcg list_add_tail() for_each_set_bit() <--- read bit do_shrink_slab() <--- missed list update (no barrier) set_bit() do_shrink_slab() <--- seen list update This situation, when the first do_shrink_slab() sees set bit, but it doesn't see list update (i.e., race with the first element queueing), is rare. So we don't add before the first call of do_shrink_slab() instead of this to do not slow down generic case. Also, it's need the second call as seen in below in (2). 2)list_lru_add() shrink_slab_memcg() list_add_tail() ... set_bit() ... ... for_each_set_bit() do_shrink_slab() do_shrink_slab() clear_bit() ... ... ... list_lru_add() ... list_add_tail() clear_bit() set_bit() do_shrink_slab() The barriers guarantee that the second do_shrink_slab() in the right side task sees list update if really cleared the bit. This case is drawn in the code comment. [Results/performance of the patchset] After the whole patchset applied the below test shows signify increase of performance: $echo 1 > /sys/fs/cgroup/memory/memory.use_hierarchy $mkdir /sys/fs/cgroup/memory/ct $echo 4000M > /sys/fs/cgroup/memory/ct/memory.kmem.limit_in_bytes $for i in `seq 0 4000`; do mkdir /sys/fs/cgroup/memory/ct/$i; echo $$ > /sys/fs/cgroup/memory/ct/$i/cgroup.procs; mkdir -p s/$i; mount -t tmpfs $i s/$i; touch s/$i/file; done Then, 5 sequential calls of drop caches: $time echo 3 > /proc/sys/vm/drop_caches 1)Before: 0.00user 13.78system 0:13.78elapsed 99%CPU 0.00user 5.59system 0:05.60elapsed 99%CPU 0.00user 5.48system 0:05.48elapsed 99%CPU 0.00user 8.35system 0:08.35elapsed 99%CPU 0.00user 8.34system 0:08.35elapsed 99%CPU 2)After 0.00user 1.10system 0:01.10elapsed 99%CPU 0.00user 0.00system 0:00.01elapsed 64%CPU 0.00user 0.01system 0:00.01elapsed 82%CPU 0.00user 0.00system 0:00.01elapsed 64%CPU 0.00user 0.01system 0:00.01elapsed 82%CPU The results show the performance increases at least in 548 times. Shakeel Butt tested this patchset with fork-bomb on his configuration: > I created 255 memcgs, 255 ext4 mounts and made each memcg create a > file containing few KiBs on corresponding mount. Then in a separate > memcg of 200 MiB limit ran a fork-bomb. > > I ran the "perf record -ag -- sleep 60" and below are the results: > > Without the patch series: > Samples: 4M of event 'cycles', Event count (approx.): 3279403076005 > + 36.40% fb.sh [kernel.kallsyms] [k] shrink_slab > + 18.97% fb.sh [kernel.kallsyms] [k] list_lru_count_one > + 6.75% fb.sh [kernel.kallsyms] [k] super_cache_count > + 0.49% fb.sh [kernel.kallsyms] [k] down_read_trylock > + 0.44% fb.sh [kernel.kallsyms] [k] mem_cgroup_iter > + 0.27% fb.sh [kernel.kallsyms] [k] up_read > + 0.21% fb.sh [kernel.kallsyms] [k] osq_lock > + 0.13% fb.sh [kernel.kallsyms] [k] shmem_unused_huge_count > + 0.08% fb.sh [kernel.kallsyms] [k] shrink_node_memcg > + 0.08% fb.sh [kernel.kallsyms] [k] shrink_node > > With the patch series: > Samples: 4M of event 'cycles', Event count (approx.): 2756866824946 > + 47.49% fb.sh [kernel.kallsyms] [k] down_read_trylock > + 30.72% fb.sh [kernel.kallsyms] [k] up_read > + 9.51% fb.sh [kernel.kallsyms] [k] mem_cgroup_iter > + 1.69% fb.sh [kernel.kallsyms] [k] shrink_node_memcg > + 1.35% fb.sh [kernel.kallsyms] [k] mem_cgroup_protected > + 1.05% fb.sh [kernel.kallsyms] [k] queued_spin_lock_slowpath > + 0.85% fb.sh [kernel.kallsyms] [k] _raw_spin_lock > + 0.78% fb.sh [kernel.kallsyms] [k] lruvec_lru_size > + 0.57% fb.sh [kernel.kallsyms] [k] shrink_node > + 0.54% fb.sh [kernel.kallsyms] [k] queue_work_on > + 0.46% fb.sh [kernel.kallsyms] [k] shrink_slab_memcg [ktkhai@virtuozzo.com: v9] Link: http://lkml.kernel.org/r/153112561772.4097.11011071937553113003.stgit@localhost.localdomain Link: http://lkml.kernel.org/r/153063070859.1818.11870882950920963480.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 9b996468cfdba09f688f52dba4287de596194613 Author: Kirill Tkhai Date: Fri Aug 17 15:48:21 2018 -0700 mm: add SHRINK_EMPTY shrinker methods return value We need to distinguish the situations when shrinker has very small amount of objects (see vfs_pressure_ratio() called from super_cache_count()), and when it has no objects at all. Currently, in the both of these cases, shrinker::count_objects() returns 0. The patch introduces new SHRINK_EMPTY return value, which will be used for "no objects at all" case. It's is a refactoring mostly, as SHRINK_EMPTY is replaced by 0 by all callers of do_shrink_slab() in this patch, and all the magic will happen in further. Link: http://lkml.kernel.org/r/153063069574.1818.11037751256699341813.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit aeed1d325d429ac9699c4bf62d17156d60905519 Author: Vladimir Davydov Date: Fri Aug 17 15:48:17 2018 -0700 mm/vmscan.c: generalize shrink_slab() calls in shrink_node() The patch makes shrink_slab() be called for root_mem_cgroup in the same way as it's called for the rest of cgroups. This simplifies the logic and improves the readability. [ktkhai@virtuozzo.com: wrote changelog] Link: http://lkml.kernel.org/r/153063068338.1818.11496084754797453962.stgit@localhost.localdomain Signed-off-by: Vladimir Davydov Signed-off-by: Kirill Tkhai Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b0dedc49a2daa0f44ddc51fbf686b2ef012fccbf Author: Kirill Tkhai Date: Fri Aug 17 15:48:14 2018 -0700 mm/vmscan.c: iterate only over charged shrinkers during memcg shrink_slab() Using the preparations made in previous patches, in case of memcg shrink, we may avoid shrinkers, which are not set in memcg's shrinkers bitmap. To do that, we separate iterations over memcg-aware and !memcg-aware shrinkers, and memcg-aware shrinkers are chosen via for_each_set_bit() from the bitmap. In case of big nodes, having many isolated environments, this gives significant performance growth. See next patches for the details. Note that the patch does not respect to empty memcg shrinkers, since we never clear the bitmap bits after we set it once. Their shrinkers will be called again, with no shrinked objects as result. This functionality is provided by next patches. [ktkhai@virtuozzo.com: v9] Link: http://lkml.kernel.org/r/153112558507.4097.12713813335683345488.stgit@localhost.localdomain Link: http://lkml.kernel.org/r/153063066653.1818.976035462801487910.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit fae91d6d8be5e20c47e459dbeb3d43bd5f9486f4 Author: Kirill Tkhai Date: Fri Aug 17 15:48:10 2018 -0700 mm/list_lru.c: set bit in memcg shrinker bitmap on first list_lru item appearance Introduce set_shrinker_bit() function to set shrinker-related bit in memcg shrinker bitmap, and set the bit after the first item is added and in case of reparenting destroyed memcg's items. This will allow next patch to make shrinkers be called only, in case of they have charged objects at the moment, and to improve shrink_slab() performance. [ktkhai@virtuozzo.com: v9] Link: http://lkml.kernel.org/r/153112557572.4097.17315791419810749985.stgit@localhost.localdomain Link: http://lkml.kernel.org/r/153063065671.1818.15914674956134687268.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit dfd2f10ccfd7e6bd2a096eaf42e76a7229776322 Author: Kirill Tkhai Date: Fri Aug 17 15:48:06 2018 -0700 mm/memcontrol.c: export mem_cgroup_is_root() This will be used in next patch. Link: http://lkml.kernel.org/r/153063064347.1818.1987011484100392706.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3b82c4dcc2f0f98f2aca3b9dc9b88721e962eec9 Author: Kirill Tkhai Date: Fri Aug 17 15:48:01 2018 -0700 mm/list_lru.c: pass lru argument to memcg_drain_list_lru_node() This is just refactoring to allow next patches to have lru pointer in memcg_drain_list_lru_node(). Link: http://lkml.kernel.org/r/153063063164.1818.55009531386089350.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 9bec5c35bfa3d41b046594b5890f772ed737f1fd Author: Kirill Tkhai Date: Fri Aug 17 15:47:58 2018 -0700 mm/list_lru: pass dst_memcg argument to memcg_drain_list_lru_node() This is just refactoring to allow the next patches to have dst_memcg pointer in memcg_drain_list_lru_node(). Link: http://lkml.kernel.org/r/153063062118.1818.2761273817739499749.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 44bd4a4759d5a714767aa6be7e806ab54b7fa3a8 Author: Kirill Tkhai Date: Fri Aug 17 15:47:54 2018 -0700 mm/list_lru.c: add memcg argument to list_lru_from_kmem() This is just refactoring to allow the next patches to have memcg pointer in list_lru_from_kmem(). Link: http://lkml.kernel.org/r/153063060664.1818.9541345386733498582.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c92e8e10cafeaaedc84f23fed1bfcf9cf07399c2 Author: Kirill Tkhai Date: Fri Aug 17 15:47:50 2018 -0700 fs: propagate shrinker::id to list_lru Add list_lru::shrinker_id field and populate it by registered shrinker id. This will be used to set correct bit in memcg shrinkers map by lru code in next patches, after there appeared the first related to memcg element in list_lru. Link: http://lkml.kernel.org/r/153063059758.1818.14866596416857717800.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 2b3648a6ff83bd2a59b427d3537cc570933659b5 Author: Kirill Tkhai Date: Fri Aug 17 15:47:45 2018 -0700 fs/super.c: refactor alloc_super() Do two list_lru_init_memcg() calls after prealloc_super(). destroy_unused_super() in fail path is OK with this. Next patch needs such the order. Link: http://lkml.kernel.org/r/153063058712.1818.3382490999719078571.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 39887653aab4cffb0074d0d3c4f392e61b67d22b Author: Kirill Tkhai Date: Fri Aug 17 15:47:41 2018 -0700 mm/workingset.c: refactor workingset_init() Use prealloc_shrinker()/register_shrinker_prepared() instead of register_shrinker(). This will be used in next patch. [ktkhai@virtuozzo.com: v9] Link: http://lkml.kernel.org/r/153112550112.4097.16606173020912323761.stgit@localhost.localdomain Link: http://lkml.kernel.org/r/153063057666.1818.17625951186610808734.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 0a4465d340282f92719f4e3a56545a848e638d15 Author: Kirill Tkhai Date: Fri Aug 17 15:47:37 2018 -0700 mm, memcg: assign memcg-aware shrinkers bitmap to memcg Imagine a big node with many cpus, memory cgroups and containers. Let we have 200 containers, every container has 10 mounts, and 10 cgroups. All container tasks don't touch foreign containers mounts. If there is intensive pages write, and global reclaim happens, a writing task has to iterate over all memcgs to shrink slab, before it's able to go to shrink_page_list(). Iteration over all the memcg slabs is very expensive: the task has to visit 200 * 10 = 2000 shrinkers for every memcg, and since there are 2000 memcgs, the total calls are 2000 * 2000 = 4000000. So, the shrinker makes 4 million do_shrink_slab() calls just to try to isolate SWAP_CLUSTER_MAX pages in one of the actively writing memcg via shrink_page_list(). I've observed a node spending almost 100% in kernel, making useless iteration over already shrinked slab. This patch adds bitmap of memcg-aware shrinkers to memcg. The size of the bitmap depends on bitmap_nr_ids, and during memcg life it's maintained to be enough to fit bitmap_nr_ids shrinkers. Every bit in the map is related to corresponding shrinker id. Next patches will maintain set bit only for really charged memcg. This will allow shrink_slab() to increase its performance in significant way. See the last patch for the numbers. [ktkhai@virtuozzo.com: v9] Link: http://lkml.kernel.org/r/153112549031.4097.3576147070498769979.stgit@localhost.localdomain [ktkhai@virtuozzo.com: add comment to mem_cgroup_css_online()] Link: http://lkml.kernel.org/r/521f9e5f-c436-b388-fe83-4dc870bfb489@virtuozzo.com Link: http://lkml.kernel.org/r/153063056619.1818.12550500883688681076.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b05706f1001fe662bafe198814c5999fd996dce0 Author: Kirill Tkhai Date: Fri Aug 17 15:47:33 2018 -0700 mm/memcontrol.c: move up for_each_mem_cgroup{, _tree} defines Next patch requires these defines are above their current position, so here they are moved to declarations. Link: http://lkml.kernel.org/r/153063055665.1818.5200425793649695598.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b4c2b231c3ba155623591fb6301ed97b95e1c039 Author: Kirill Tkhai Date: Fri Aug 17 15:47:29 2018 -0700 mm: assign id to every memcg-aware shrinker Introduce shrinker::id number, which is used to enumerate memcg-aware shrinkers. The number start from 0, and the code tries to maintain it as small as possible. This will be used to represent a memcg-aware shrinkers in memcg shrinkers map. Since all memcg-aware shrinkers are based on list_lru, which is per-memcg in case of !CONFIG_MEMCG_KMEM only, the new functionality will be under this config option. [ktkhai@virtuozzo.com: v9] Link: http://lkml.kernel.org/r/153112546435.4097.10607140323811756557.stgit@localhost.localdomain Link: http://lkml.kernel.org/r/153063054586.1818.6041047871606697364.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 84c07d11aa619c6d24c682f469b10f344f0c02aa Author: Kirill Tkhai Date: Fri Aug 17 15:47:25 2018 -0700 mm: introduce CONFIG_MEMCG_KMEM as combination of CONFIG_MEMCG && !CONFIG_SLOB Introduce new config option, which is used to replace repeating CONFIG_MEMCG && !CONFIG_SLOB pattern. Next patches add a little more memcg+kmem related code, so let's keep the defines more clearly. Link: http://lkml.kernel.org/r/153063053670.1818.15013136946600481138.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Andrey Ryabinin Cc: Chris Wilson Cc: Greg Kroah-Hartman Cc: Guenter Roeck Cc: "Huang, Ying" Cc: Johannes Weiner Cc: Josef Bacik Cc: Li RongQing Cc: Matthew Wilcox Cc: Matthias Kaehlcke Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Philippe Ombredanne Cc: Roman Gushchin Cc: Sahitya Tummala Cc: Stephen Rothwell Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: Waiman Long Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit e0295238e50f1aa16d4c902c837fd8d17861b698 Author: Kirill Tkhai Date: Fri Aug 17 15:47:21 2018 -0700 mm/list_lru.c: combine code under the same define Patch series "Improve shrink_slab() scalability (old complexity was O(n^2), new is O(n))", v8. This patcheset solves the problem with slow shrink_slab() occuring on the machines having many shrinkers and memory cgroups (i.e., with many containers). The problem is complexity of shrink_slab() is O(n^2) and it grows too fast with the growth of containers numbers. Let us have 200 containers, and every container has 10 mounts and 10 cgroups. All container tasks are isolated, and they don't touch foreign containers mounts. In case of global reclaim, a task has to iterate all over the memcgs and to call all the memcg-aware shrinkers for all of them. This means, the task has to visit 200 * 10 = 2000 shrinkers for every memcg, and since there are 2000 memcgs, the total calls of do_shrink_slab() are 2000 * 2000 = 4000000. 4 million calls are not a number operations, which can takes 1 cpu cycle. E.g., super_cache_count() accesses at least two lists, and makes arifmetical calculations. Even, if there are no charged objects, we do these calculations, and replaces cpu caches by read memory. I observed nodes spending almost 100% time in kernel, in case of intensive writing and global reclaim. The writer consumes pages fast, but it's need to shrink_slab() before the reclaimer reached shrink pages function (and frees SWAP_CLUSTER_MAX pages). Even if there is no writing, the iterations just waste the time, and slows reclaim down. Let's see the small test below: $echo 1 > /sys/fs/cgroup/memory/memory.use_hierarchy $mkdir /sys/fs/cgroup/memory/ct $echo 4000M > /sys/fs/cgroup/memory/ct/memory.kmem.limit_in_bytes $for i in `seq 0 4000`; do mkdir /sys/fs/cgroup/memory/ct/$i; echo $$ > /sys/fs/cgroup/memory/ct/$i/cgroup.procs; mkdir -p s/$i; mount -t tmpfs $i s/$i; touch s/$i/file; done Then, let's see drop caches time (5 sequential calls): $time echo 3 > /proc/sys/vm/drop_caches 0.00user 13.78system 0:13.78elapsed 99%CPU 0.00user 5.59system 0:05.60elapsed 99%CPU 0.00user 5.48system 0:05.48elapsed 99%CPU 0.00user 8.35system 0:08.35elapsed 99%CPU 0.00user 8.34system 0:08.35elapsed 99%CPU The last four calls don't actually shrink anything. So, the iterations over slab shrinkers take 5.48 seconds. Not so good for scalability. The patchset solves the problem by making shrink_slab() of O(n) complexity. There are following functional actions: 1) Assign id to every registered memcg-aware shrinker. 2) Maintain per-memcgroup bitmap of memcg-aware shrinkers, and set a shrinker-related bit after the first element is added to lru list (also, when removed child memcg elements are reparanted). 3) Split memcg-aware shrinkers and !memcg-aware shrinkers, and call a shrinker if its bit is set in memcg's shrinker bitmap. (Also, there is a functionality to clear the bit, after last element is shrinked). This gives significant performance increase. The result after patchset is applied: $time echo 3 > /proc/sys/vm/drop_caches 0.00user 1.10system 0:01.10elapsed 99%CPU 0.00user 0.00system 0:00.01elapsed 64%CPU 0.00user 0.01system 0:00.01elapsed 82%CPU 0.00user 0.00system 0:00.01elapsed 64%CPU 0.00user 0.01system 0:00.01elapsed 82%CPU The results show the performance increases at least in 548 times. So, the patchset makes shrink_slab() of less complexity and improves the performance in such types of load I pointed. This will give a profit in case of !global reclaim case, since there also will be less do_shrink_slab() calls. This patch (of 17): These two pairs of blocks of code are under the same #ifdef #else #endif. Link: http://lkml.kernel.org/r/153063052519.1818.9393587113056959488.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai Acked-by: Vladimir Davydov Tested-by: Shakeel Butt Cc: Al Viro Cc: Johannes Weiner Cc: Michal Hocko Cc: Thomas Gleixner Cc: Philippe Ombredanne Cc: Sahitya Tummala Cc: Greg Kroah-Hartman Cc: Stephen Rothwell Cc: Roman Gushchin Cc: Matthias Kaehlcke Cc: Tetsuo Handa Cc: Chris Wilson Cc: Waiman Long Cc: Minchan Kim Cc: "Huang, Ying" Cc: Mel Gorman Cc: Josef Bacik Cc: Guenter Roeck Cc: Matthew Wilcox Cc: Li RongQing Cc: Andrey Ryabinin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a36aab890c2166744e6299dc55ef2c38cb6616c0 Author: Mike Rapoport Date: Fri Aug 17 15:47:17 2018 -0700 mm/memblock.c: replace u64 with phys_addr_t where appropriate Most functions in memblock already use phys_addr_t to represent a physical address with __memblock_free_late() being an exception. This patch replaces u64 with phys_addr_t in __memblock_free_late() and switches several format strings from %llx to %pa to avoid casting from phys_addr_t to u64. Link: http://lkml.kernel.org/r/1530637506-1256-1-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Reviewed-by: Pavel Tatashin Acked-by: Michal Hocko Cc: Pasha Tatashin Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 4e40987f12de2f244d0d2ef64730aca92922c95a Author: Oscar Salvador Date: Fri Aug 17 15:47:14 2018 -0700 mm/sparse.c: make sparse_init_one_section void and remove check sparse_init_one_section() is being called from two sites: sparse_init() and sparse_add_one_section(). The former calls it from a for_each_present_section_nr() loop, and the latter marks the section as present before calling it. This means that when sparse_init_one_section() gets called, we already know that the section is present. So there is no point to double check that in the function. This removes the check and makes the function void. [ross.zwisler@linux.intel.com: fix error path in sparse_add_one_section] Link: http://lkml.kernel.org/r/20180706190658.6873-1-ross.zwisler@linux.intel.com [ross.zwisler@linux.intel.com: simplification suggested by Oscar] Link: http://lkml.kernel.org/r/20180706223358.742-1-ross.zwisler@linux.intel.com Link: http://lkml.kernel.org/r/20180702154325.12196-1-osalvador@techadventures.net Signed-off-by: Oscar Salvador Acked-by: Michal Hocko Reviewed-by: Pavel Tatashin Reviewed-by: Andrew Morton Cc: Pasha Tatashin Cc: Oscar Salvador Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 29ef680ae7c21110af8e6416d84d8a72fc147b14 Author: Michal Hocko Date: Fri Aug 17 15:47:11 2018 -0700 memcg, oom: move out_of_memory back to the charge path Commit 3812c8c8f395 ("mm: memcg: do not trap chargers with full callstack on OOM") has changed the ENOMEM semantic of memcg charges. Rather than invoking the oom killer from the charging context it delays the oom killer to the page fault path (pagefault_out_of_memory). This in turn means that many users (e.g. slab or g-u-p) will get ENOMEM when the corresponding memcg hits the hard limit and the memcg is is OOM. This is behavior is inconsistent with !memcg case where the oom killer is invoked from the allocation context and the allocator keeps retrying until it succeeds. The difference in the behavior is user visible. mmap(MAP_POPULATE) might result in not fully populated ranges while the mmap return code doesn't tell that to the userspace. Random syscalls might fail with ENOMEM etc. The primary motivation of the different memcg oom semantic was the deadlock avoidance. Things have changed since then, though. We have an async oom teardown by the oom reaper now and so we do not have to rely on the victim to tear down its memory anymore. Therefore we can return to the original semantic as long as the memcg oom killer is not handed over to the users space. There is still one thing to be careful about here though. If the oom killer is not able to make any forward progress - e.g. because there is no eligible task to kill - then we have to bail out of the charge path to prevent from same class of deadlocks. We have basically two options here. Either we fail the charge with ENOMEM or force the charge and allow overcharge. The first option has been considered more harmful than useful because rare inconsistencies in the ENOMEM behavior is hard to test for and error prone. Basically the same reason why the page allocator doesn't fail allocations under such conditions. The later might allow runaways but those should be really unlikely unless somebody misconfigures the system. E.g. allowing to migrate tasks away from the memcg to a different unlimited memcg with move_charge_at_immigrate disabled. Link: http://lkml.kernel.org/r/20180628151101.25307-1-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Greg Thelen Cc: Johannes Weiner Cc: Shakeel Butt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d39f8fb4b7776dcb09ec3bf7a321547083078ee3 Author: Mike Rapoport Date: Fri Aug 17 15:47:07 2018 -0700 mm: make DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM The deferred memory initialization relies on section definitions, e.g PAGES_PER_SECTION, that are only available when CONFIG_SPARSEMEM=y on most architectures. Initially DEFERRED_STRUCT_PAGE_INIT depended on explicit ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT configuration option, but since the commit 2e3ca40f03bb13709df4 ("mm: relax deferred struct page requirements") this requirement was relaxed and now it is possible to enable DEFERRED_STRUCT_PAGE_INIT on architectures that support DISCONTINGMEM and NO_BOOTMEM which causes build failures. For instance, setting SMP=y and DEFERRED_STRUCT_PAGE_INIT=y on arc causes the following build failure: CC mm/page_alloc.o mm/page_alloc.c: In function 'update_defer_init': mm/page_alloc.c:321:14: error: 'PAGES_PER_SECTION' undeclared (first use in this function); did you mean 'USEC_PER_SEC'? (pfn & (PAGES_PER_SECTION - 1)) == 0) { ^~~~~~~~~~~~~~~~~ USEC_PER_SEC mm/page_alloc.c:321:14: note: each undeclared identifier is reported only once for each function it appears in In file included from include/linux/cache.h:5:0, from include/linux/printk.h:9, from include/linux/kernel.h:14, from include/asm-generic/bug.h:18, from arch/arc/include/asm/bug.h:32, from include/linux/bug.h:5, from include/linux/mmdebug.h:5, from include/linux/mm.h:9, from mm/page_alloc.c:18: mm/page_alloc.c: In function 'deferred_grow_zone': mm/page_alloc.c:1624:52: error: 'PAGES_PER_SECTION' undeclared (first use in this function); did you mean 'USEC_PER_SEC'? unsigned long nr_pages_needed = ALIGN(1 << order, PAGES_PER_SECTION); ^ include/uapi/linux/kernel.h:11:47: note: in definition of macro '__ALIGN_KERNEL_MASK' #define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask)) ^~~~ include/linux/kernel.h:58:22: note: in expansion of macro '__ALIGN_KERNEL' #define ALIGN(x, a) __ALIGN_KERNEL((x), (a)) ^~~~~~~~~~~~~~ mm/page_alloc.c:1624:34: note: in expansion of macro 'ALIGN' unsigned long nr_pages_needed = ALIGN(1 << order, PAGES_PER_SECTION); ^~~~~ In file included from include/asm-generic/bug.h:18:0, from arch/arc/include/asm/bug.h:32, from include/linux/bug.h:5, from include/linux/mmdebug.h:5, from include/linux/mm.h:9, from mm/page_alloc.c:18: mm/page_alloc.c: In function 'free_area_init_node': mm/page_alloc.c:6379:50: error: 'PAGES_PER_SECTION' undeclared (first use in this function); did you mean 'USEC_PER_SEC'? pgdat->static_init_pgcnt = min_t(unsigned long, PAGES_PER_SECTION, ^ include/linux/kernel.h:812:22: note: in definition of macro '__typecheck' (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1))) ^ include/linux/kernel.h:836:24: note: in expansion of macro '__safe_cmp' __builtin_choose_expr(__safe_cmp(x, y), \ ^~~~~~~~~~ include/linux/kernel.h:904:27: note: in expansion of macro '__careful_cmp' #define min_t(type, x, y) __careful_cmp((type)(x), (type)(y), <) ^~~~~~~~~~~~~ mm/page_alloc.c:6379:29: note: in expansion of macro 'min_t' pgdat->static_init_pgcnt = min_t(unsigned long, PAGES_PER_SECTION, ^~~~~ include/linux/kernel.h:836:2: error: first argument to '__builtin_choose_expr' not a constant __builtin_choose_expr(__safe_cmp(x, y), \ ^ include/linux/kernel.h:904:27: note: in expansion of macro '__careful_cmp' #define min_t(type, x, y) __careful_cmp((type)(x), (type)(y), <) ^~~~~~~~~~~~~ mm/page_alloc.c:6379:29: note: in expansion of macro 'min_t' pgdat->static_init_pgcnt = min_t(unsigned long, PAGES_PER_SECTION, ^~~~~ scripts/Makefile.build:317: recipe for target 'mm/page_alloc.o' failed Let's make the DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM as the systems that support DISCONTIGMEM do not seem to have that huge amounts of memory that would make DEFERRED_STRUCT_PAGE_INIT relevant. Link: http://lkml.kernel.org/r/1530279308-24988-1-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Acked-by: Michal Hocko Reviewed-by: Pavel Tatashin Tested-by: Randy Dunlap Cc: Pasha Tatashin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 0207df4fa1a869281ddbf72db6203dbf036b3e1a Author: Andrey Ryabinin Date: Fri Aug 17 15:47:04 2018 -0700 kernel/memremap, kasan: make ZONE_DEVICE with work with KASAN KASAN learns about hotadded memory via the memory hotplug notifier. devm_memremap_pages() intentionally skips calling memory hotplug notifiers. So KASAN doesn't know anything about new memory added by devm_memremap_pages(). This causes a crash when KASAN tries to access non-existent shadow memory: BUG: unable to handle kernel paging request at ffffed0078000000 RIP: 0010:check_memory_region+0x82/0x1e0 Call Trace: memcpy+0x1f/0x50 pmem_do_bvec+0x163/0x720 pmem_make_request+0x305/0xac0 generic_make_request+0x54f/0xcf0 submit_bio+0x9c/0x370 submit_bh_wbc+0x4c7/0x700 block_read_full_page+0x5ef/0x870 do_read_cache_page+0x2b8/0xb30 read_dev_sector+0xbd/0x3f0 read_lba.isra.0+0x277/0x670 efi_partition+0x41a/0x18f0 check_partition+0x30d/0x5e9 rescan_partitions+0x18c/0x840 __blkdev_get+0x859/0x1060 blkdev_get+0x23f/0x810 __device_add_disk+0x9c8/0xde0 pmem_attach_disk+0x9a8/0xf50 nvdimm_bus_probe+0xf3/0x3c0 driver_probe_device+0x493/0xbd0 bus_for_each_drv+0x118/0x1b0 __device_attach+0x1cd/0x2b0 bus_probe_device+0x1ac/0x260 device_add+0x90d/0x1380 nd_async_device_register+0xe/0x50 async_run_entry_fn+0xc3/0x5d0 process_one_work+0xa0a/0x1810 worker_thread+0x87/0xe80 kthread+0x2d7/0x390 ret_from_fork+0x3a/0x50 Add kasan_add_zero_shadow()/kasan_remove_zero_shadow() - post mm_init() interface to map/unmap kasan_zero_page at requested virtual addresses. And use it to add/remove the shadow memory for hotplugged/unplugged device memory. Link: http://lkml.kernel.org/r/20180629164932.740-1-aryabinin@virtuozzo.com Fixes: 41e94a851304 ("add devm_memremap_pages") Signed-off-by: Andrey Ryabinin Reported-by: Dave Chinner Reviewed-by: Dan Williams Tested-by: Dan Williams Cc: Dmitry Vyukov Cc: Alexander Potapenko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 50f8b92f21d23789bd4ada593e8ddc56cc4f79fe Author: Song Liu Date: Fri Aug 17 15:47:00 2018 -0700 mm: thp: pass correct vm_flags to hugepage_vma_check() khugepaged_enter_vma_merge() passes a stale vma->vm_flags to hugepage_vma_check(). The argument vm_flags contains the latest value. Therefore, it is necessary to pass this vm_flags into hugepage_vma_check(). With this bug, madvise(MADV_HUGEPAGE) for mmap files in shmem fails to put memory in huge pages. Here is an example of failed madvise(): /* mount /dev/shm with huge=advise: * mount -o remount,huge=advise /dev/shm */ /* create file /dev/shm/huge */ #define HUGE_FILE "/dev/shm/huge" fd = open(HUGE_FILE, O_RDONLY); ptr = mmap(NULL, FILE_SIZE, PROT_READ, MAP_PRIVATE, fd, 0); ret = madvise(ptr, FILE_SIZE, MADV_HUGEPAGE); madvise() will return 0, but this memory region is never put in huge page (check from /proc/meminfo: ShmemHugePages). Link: http://lkml.kernel.org/r/20180629181752.792831-1-songliubraving@fb.com Fixes: 02b75dc8160d ("mm: thp: register mm for khugepaged when merging vma for shmem") Signed-off-by: Song Liu Reviewed-by: Rik van Riel Reviewed-by: Yang Shi Cc: Kirill A. Shutemov Cc: Hugh Dickins Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a718e28f538441a3b6612da9ff226973376cdf0f Author: Andrey Ryabinin Date: Fri Aug 17 15:46:57 2018 -0700 mm/fadvise.c: fix signed overflow UBSAN complaint Signed integer overflow is undefined according to the C standard. The overflow in ksys_fadvise64_64() is deliberate, but since it is signed overflow, UBSAN complains: UBSAN: Undefined behaviour in mm/fadvise.c:76:10 signed integer overflow: 4 + 9223372036854775805 cannot be represented in type 'long long int' Use unsigned types to do math. Unsigned overflow is defined so UBSAN will not complain about it. This patch doesn't change generated code. [akpm@linux-foundation.org: add comment explaining the casts] Link: http://lkml.kernel.org/r/20180629184453.7614-1-aryabinin@virtuozzo.com Signed-off-by: Andrey Ryabinin Reported-by: Reviewed-by: Andrew Morton Cc: Alexander Potapenko Cc: Dmitry Vyukov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 31f21da18132fc971297175077fafa3bd4184dc1 Author: Colin Ian King Date: Fri Aug 17 15:46:54 2018 -0700 mm/swap_slots.c: make swap_slots_cache_mutex and swap_slots_cache_enable_mutex static The mutexes swap_slots_cache_mutex and swap_slots_cache_enable_mutex are local to the source and do not need to be in global scope, so make them static. Cleans up sparse warnings: symbol 'swap_slots_cache_mutex' was not declared. Should it be static? symbol 'swap_slots_cache_enable_mutex' was not declared. Should it be static? Link: http://lkml.kernel.org/r/20180624182536.4937-1-colin.king@canonical.com Signed-off-by: Colin Ian King Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 4d0a5402f505eafe5b0a77f2dc77bb6c2e25a714 Author: Colin Ian King Date: Fri Aug 17 15:46:50 2018 -0700 mm/zsmalloc.c: make several functions and a struct static The functions zs_page_isolate, zs_page_migrate, zs_page_putback, lock_zspage, trylock_zspage and structure zsmalloc_aops are local to source and do not need to be in global scope, so make them static. Cleans up sparse warnings: symbol 'zs_page_isolate' was not declared. Should it be static? symbol 'zs_page_migrate' was not declared. Should it be static? symbol 'zs_page_putback' was not declared. Should it be static? symbol 'zsmalloc_aops' was not declared. Should it be static? symbol 'lock_zspage' was not declared. Should it be static? symbol 'trylock_zspage' was not declared. Should it be static? [arnd@arndb.de: hide unused lock_zspage] Link: http://lkml.kernel.org/r/20180706130924.3891230-1-arnd@arndb.de Link: http://lkml.kernel.org/r/20180624213322.13776-1-colin.king@canonical.com Signed-off-by: Colin Ian King Reviewed-by: Sergey Senozhatsky Reviewed-by: Andrew Morton Cc: Minchan Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit dcfe4df3d57f08f7bf4acdd36c89763fe188cf3c Author: Greg Thelen Date: Fri Aug 17 15:46:47 2018 -0700 mm/page-writeback.c: update stale account_page_redirty() comment Commit 93f78d882865 ("writeback: move backing_dev_info->bdi_stat[] into bdi_writeback") replaced BDI_DIRTIED with WB_DIRTIED in account_page_redirty(). Update comment to track that change. BDI_DIRTIED => WB_DIRTIED BDI_WRITTEN => WB_WRITTEN Link: http://lkml.kernel.org/r/20180625171526.173483-1-gthelen@google.com Signed-off-by: Greg Thelen Reviewed-by: Jan Kara Acked-by: Tejun Heo Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f745c6f5fe75734f3b35d9d4e6ebe2a7d010ddda Author: Shakeel Butt Date: Fri Aug 17 15:46:44 2018 -0700 fs, mm: account buffer_head to kmemcg The buffer_head can consume a significant amount of system memory and is directly related to the amount of page cache. In our production environment we have observed that a lot of machines are spending a significant amount of memory as buffer_head and can not be left as system memory overhead. Charging buffer_head is not as simple as adding __GFP_ACCOUNT to the allocation. The buffer_heads can be allocated in a memcg different from the memcg of the page for which buffer_heads are being allocated. One concrete example is memory reclaim. The reclaim can trigger I/O of pages of any memcg on the system. So, the right way to charge buffer_head is to extract the memcg from the page for which buffer_heads are being allocated and then use targeted memcg charging API. [shakeelb@google.com: use __GFP_ACCOUNT for directed memcg charging] Link: http://lkml.kernel.org/r/20180702220208.213380-1-shakeelb@google.com Link: http://lkml.kernel.org/r/20180627191250.209150-3-shakeelb@google.com Signed-off-by: Shakeel Butt Acked-by: Johannes Weiner Cc: Michal Hocko Cc: Jan Kara Cc: Amir Goldstein Cc: Greg Thelen Cc: Vladimir Davydov Cc: Roman Gushchin Cc: Alexander Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d46eb14b735b11927d4bdc2d1854c311af19de6d Author: Shakeel Butt Date: Fri Aug 17 15:46:39 2018 -0700 fs: fsnotify: account fsnotify metadata to kmemcg Patch series "Directed kmem charging", v8. The Linux kernel's memory cgroup allows limiting the memory usage of the jobs running on the system to provide isolation between the jobs. All the kernel memory allocated in the context of the job and marked with __GFP_ACCOUNT will also be included in the memory usage and be limited by the job's limit. The kernel memory can only be charged to the memcg of the process in whose context kernel memory was allocated. However there are cases where the allocated kernel memory should be charged to the memcg different from the current processes's memcg. This patch series contains two such concrete use-cases i.e. fsnotify and buffer_head. The fsnotify event objects can consume a lot of system memory for large or unlimited queues if there is either no or slow listener. The events are allocated in the context of the event producer. However they should be charged to the event consumer. Similarly the buffer_head objects can be allocated in a memcg different from the memcg of the page for which buffer_head objects are being allocated. To solve this issue, this patch series introduces mechanism to charge kernel memory to a given memcg. In case of fsnotify events, the memcg of the consumer can be used for charging and for buffer_head, the memcg of the page can be charged. For directed charging, the caller can use the scope API memalloc_[un]use_memcg() to specify the memcg to charge for all the __GFP_ACCOUNT allocations within the scope. This patch (of 2): A lot of memory can be consumed by the events generated for the huge or unlimited queues if there is either no or slow listener. This can cause system level memory pressure or OOMs. So, it's better to account the fsnotify kmem caches to the memcg of the listener. However the listener can be in a different memcg than the memcg of the producer and these allocations happen in the context of the event producer. This patch introduces remote memcg charging API which the producer can use to charge the allocations to the memcg of the listener. There are seven fsnotify kmem caches and among them allocations from dnotify_struct_cache, dnotify_mark_cache, fanotify_mark_cache and inotify_inode_mark_cachep happens in the context of syscall from the listener. So, SLAB_ACCOUNT is enough for these caches. The objects from fsnotify_mark_connector_cachep are not accounted as they are small compared to the notification mark or events and it is unclear whom to account connector to since it is shared by all events attached to the inode. The allocations from the event caches happen in the context of the event producer. For such caches we will need to remote charge the allocations to the listener's memcg. Thus we save the memcg reference in the fsnotify_group structure of the listener. This patch has also moved the members of fsnotify_group to keep the size same, at least for 64 bit build, even with additional member by filling the holes. [shakeelb@google.com: use GFP_KERNEL_ACCOUNT rather than open-coding it] Link: http://lkml.kernel.org/r/20180702215439.211597-1-shakeelb@google.com Link: http://lkml.kernel.org/r/20180627191250.209150-2-shakeelb@google.com Signed-off-by: Shakeel Butt Acked-by: Johannes Weiner Cc: Michal Hocko Cc: Jan Kara Cc: Amir Goldstein Cc: Greg Thelen Cc: Vladimir Davydov Cc: Roman Gushchin Cc: Alexander Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit dc0b58643aff8b378086f25cce6789ccba68cbcb Author: Roman Gushchin Date: Fri Aug 17 15:46:36 2018 -0700 mm: introduce mem_cgroup_put() helper Introduce the mem_cgroup_put() helper, which helps to eliminate guarding memcg css release with "#ifdef CONFIG_MEMCG" in multiple places. Link: http://lkml.kernel.org/r/20180623000600.5818-2-guro@fb.com Signed-off-by: Roman Gushchin Reviewed-by: Shakeel Butt Reviewed-by: Andrew Morton Acked-by: Johannes Weiner Acked-by: Michal Hocko Acked-by: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 1a9b4b3d75679fbe8c3bb8fb7e957ea693b6a89c Author: Luis R. Rodriguez Date: Fri Aug 17 15:46:32 2018 -0700 mm: provide a fallback for PAGE_KERNEL_EXEC for architectures Some architectures just don't have PAGE_KERNEL_EXEC. The mm/nommu.c and mm/vmalloc.c code have been using PAGE_KERNEL as a fallback for years. Move this fallback to asm-generic. Link: http://lkml.kernel.org/r/20180510185507.2439-3-mcgrof@kernel.org Signed-off-by: Luis R. Rodriguez Suggested-by: Matthew Wilcox Reviewed-by: Andrew Morton Cc: Arnd Bergmann Cc: Greg Kroah-Hartman Cc: Geert Uytterhoeven Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a3266bd49c721e2e0a71f352d83713fbd60caadb Author: Luis R. Rodriguez Date: Fri Aug 17 15:46:29 2018 -0700 mm: provide a fallback for PAGE_KERNEL_RO for architectures Some architectures do not define certain PAGE_KERNEL_* flags, this is either because: a) The way to implement some of these flags is *not yet ported*, or b) The architecture *has no way* to describe them Over time we have accumulated a few PAGE_KERNEL_* fallback workarounds for architectures in the kernel which do not define them using *relatively safe* equivalents. Move these scattered fallback hacks into asm-generic. We start off with PAGE_KERNEL_RO using PAGE_KERNEL as a fallback. This has been in place on the firmware loader for years. Move the fallback into the respective asm-generic header. Link: http://lkml.kernel.org/r/20180510185507.2439-2-mcgrof@kernel.org Signed-off-by: Luis R. Rodriguez Reviewed-by: Andrew Morton Cc: Arnd Bergmann Cc: Greg Kroah-Hartman Cc: Matthew Wilcox Cc: Geert Uytterhoeven Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3172e5e61c8a78f690c50f221fdeedce35d0b1e4 Author: Oscar Salvador Date: Fri Aug 17 15:46:25 2018 -0700 mm/memory_hotplug.c: drop unnecessary checks from register_mem_sect_under_node() Callers of register_mem_sect_under_node() are always passing a valid memory_block (not NULL), so we can safely drop the check for NULL. In the same way, register_mem_sect_under_node() is only called in case the node is online, so we can safely remove that check as well. Link: http://lkml.kernel.org/r/20180622111839.10071-5-osalvador@techadventures.net Signed-off-by: Oscar Salvador Reviewed-by: Pavel Tatashin Tested-by: Reza Arbab Tested-by: Jonathan Cameron Cc: Pasha Tatashin Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 4fbce633910ed80b135b84160a22b219080c8082 Author: Oscar Salvador Date: Fri Aug 17 15:46:22 2018 -0700 mm/memory_hotplug.c: make register_mem_sect_under_node() a callback of walk_memory_range() link_mem_sections() and walk_memory_range() share most of the code, so we can use convert link_mem_sections() into a dummy function that calls walk_memory_range() with a callback to register_mem_sect_under_node(). This patch converts register_mem_sect_under_node() in order to match a walk_memory_range's callback, getting rid of the check_nid argument and checking instead if the system is still boothing, since we only have to check for the nid if the system is in such state. Link: http://lkml.kernel.org/r/20180622111839.10071-4-osalvador@techadventures.net Signed-off-by: Oscar Salvador Suggested-by: Pavel Tatashin Tested-by: Reza Arbab Tested-by: Jonathan Cameron Reviewed-by: Pavel Tatashin Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d5b6f6a3610b05e6712cb9c61a85a6dff16e91cf Author: Oscar Salvador Date: Fri Aug 17 15:46:18 2018 -0700 mm/memory_hotplug.c: call register_mem_sect_under_node() When hotplugging memory, it is possible that two calls are being made to register_mem_sect_under_node(). One comes from __add_section()->hotplug_memory_register() and the other from add_memory_resource()->link_mem_sections() if we had to register a new node. In case we had to register a new node, hotplug_memory_register() will only handle/allocate the memory_block's since register_mem_sect_under_node() will return right away because the node it is not online yet. I think it is better if we leave hotplug_memory_register() to handle/allocate only memory_block's and make link_mem_sections() to call register_mem_sect_under_node(). So this patch removes the call to register_mem_sect_under_node() from hotplug_memory_register(), and moves the call to link_mem_sections() out of the condition, so it will always be called. In this way we only have one place where the memory sections are registered. Link: http://lkml.kernel.org/r/20180622111839.10071-3-osalvador@techadventures.net Signed-off-by: Oscar Salvador Reviewed-by: Pavel Tatashin Tested-by: Reza Arbab Tested-by: Jonathan Cameron Cc: Pasha Tatashin Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b9ff036082cd1793a59b35c4432644fe44620664 Author: Oscar Salvador Date: Fri Aug 17 15:46:15 2018 -0700 mm/memory_hotplug.c: make add_memory_resource use __try_online_node This is a small cleanup for the memhotplug code. A lot more could be done, but it is better to start somewhere. I tried to unify/remove duplicated code. The following is what this patchset does: 1) add_memory_resource() has code to allocate a node in case it was offline. Since try_online_node has some code for that as well, I just made add_memory_resource() to use that so we can remove duplicated code.. This is better explained in patch 1/4. 2) register_mem_sect_under_node() will be called only from link_mem_sections() 3) Make register_mem_sect_under_node() a callback of walk_memory_range() 4) Drop unnecessary checks from register_mem_sect_under_node() I have done some tests and I could not see anything broken because of this patchset. add_memory_resource() contains code to allocate a new node in case it is necessary. Since try_online_node() also has some code for this purpose, let us make use of that and remove duplicate code. This introduces __try_online_node(), which is called by add_memory_resource() and try_online_node(). __try_online_node() has two new parameters, start_addr of the node, and if the node should be onlined and registered right away. This is always wanted if we are calling from do_cpu_up(), but not when we are calling from memhotplug code. Nothing changes from the point of view of the users of try_online_node(), since try_online_node passes start_addr=0 and online_node=true to __try_online_node(). Link: http://lkml.kernel.org/r/20180622111839.10071-2-osalvador@techadventures.net Signed-off-by: Oscar Salvador Reviewed-by: Pavel Tatashin Tested-by: Reza Arbab Tested-by: Jonathan Cameron Cc: Pasha Tatashin Cc: Michal Hocko Cc: Vlastimil Babka Cc: Pavel Tatashin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 930eaac5eed23bb52061a50f674753a319216041 Author: Andrew Morton Date: Fri Aug 17 15:46:11 2018 -0700 mm/list_lru.c: fold __list_lru_count_one() into its caller __list_lru_count_one() has a single callsite. Acked-by: Vladimir Davydov Cc: Sebastian Andrzej Siewior Cc: Kirill Tkhai Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6ca342d020e8b8315d430d3a7d7c65daadfb4d8b Author: Sebastian Andrzej Siewior Date: Fri Aug 17 15:46:08 2018 -0700 mm: workingset: make shadow_lru_isolate() use locking suffix shadow_lru_isolate() disables interrupts and acquires a lock. It could use spin_lock_irq() instead. It also uses local_irq_enable() while it could use spin_unlock_irq()/xa_unlock_irq(). Use proper suffix for lock/unlock in order to enable/disable interrupts during release/acquire of a lock. Link: http://lkml.kernel.org/r/20180622151221.28167-3-bigeasy@linutronix.de Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Andrew Morton Cc: Vladimir Davydov Cc: Kirill Tkhai Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ae1e16da14b2bca94272c9f23c930be48994b2bb Author: Sebastian Andrzej Siewior Date: Fri Aug 17 15:46:05 2018 -0700 mm: workingset: remove local_irq_disable() from count_shadow_nodes() Patch series "mm: use irq locking suffix instead local_irq_disable()". A small series which avoids using local_irq_disable()/local_irq_enable() but instead does spin_lock_irq()/spin_unlock_irq() so it is within the context of the lock which it belongs to. Patch #1 is a cleanup where local_irq_.*() remained after the lock was removed. This patch (of 2): In 0c7c1bed7e13 ("mm: make counting of list_lru_one::nr_items lockless") the spin_lock(&nlru->lock); statement was replaced with rcu_read_lock(); in __list_lru_count_one(). The comment in count_shadow_nodes() says that the local_irq_disable() is required because the lock must be acquired with disabled interrupts and (spin_lock()) does not do so. Since the lock is replaced with rcu_read_lock() the local_irq_disable() is no longer needed. The code path is list_lru_shrink_count() -> list_lru_count_one() -> __list_lru_count_one() -> rcu_read_lock() -> list_lru_from_memcg_idx() -> rcu_read_unlock() Remove the local_irq_disable() statement. Link: http://lkml.kernel.org/r/20180622151221.28167-2-bigeasy@linutronix.de Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Andrew Morton Reviewed-by: Kirill Tkhai Acked-by: Vladimir Davydov Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 9ea9a68064035dee70f465f605a3e63990e33bd9 Author: Michal Hocko Date: Fri Aug 17 15:46:01 2018 -0700 mm: drop VM_BUG_ON from __get_free_pages There is no real reason to blow up just because the caller doesn't know that __get_free_pages cannot return highmem pages. Simply fix that up silently. Even if we have some confused users such a fixup will not be harmful. [akpm@linux-foundation.org: mask off __GFP_HIGHMEM] Link: http://lkml.kernel.org/r/20180622162841.25114-1-mhocko@kernel.org Signed-off-by: Michal Hocko Reviewed-by: Andrew Morton Cc: Jiankang Chen Cc: Mel Gorman Cc: Johannes Weiner Cc: Yisheng Xie Cc: Hanjun Guo Cc: Kefeng Wang Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 974e6d66b6b5c6e2d6a3ccc18b2f9a0b472be5b4 Author: Huang Ying Date: Fri Aug 17 15:45:57 2018 -0700 mm, hugetlbfs: pass fault address to cow handler This is to take better advantage of the general huge page copying optimization. Where, the target subpage will be copied last to avoid the cache lines of target subpage to be evicted when copying other subpages. This works better if the address of the target subpage is available when copying huge page. So hugetlbfs page fault handlers are changed to pass that information to hugetlb_cow(). This will benefit workloads which don't access the begin of the hugetlbfs huge page after the page fault under heavy cache contention. Link: http://lkml.kernel.org/r/20180524005851.4079-5-ying.huang@intel.com Signed-off-by: "Huang, Ying" Reviewed-by: Mike Kravetz Cc: Michal Hocko Cc: David Rientjes Cc: Andrea Arcangeli Cc: "Kirill A. Shutemov" Cc: Andi Kleen Cc: Jan Kara Cc: Matthew Wilcox Cc: Hugh Dickins Cc: Minchan Kim Cc: Shaohua Li Cc: Christopher Lameter Cc: "Aneesh Kumar K.V" Cc: Punit Agrawal Cc: Anshuman Khandual Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 5b7a1d406062449a4d51aea1df37a73285ced1dc Author: Huang Ying Date: Fri Aug 17 15:45:53 2018 -0700 mm, hugetlbfs: rename address to haddr in hugetlb_cow() To take better advantage of general huge page copying optimization, the target subpage address will be passed to hugetlb_cow(), then copy_user_huge_page(). So we will use both target subpage address and huge page size aligned address in hugetlb_cow(). To distinguish between them, "haddr" is used for huge page size aligned address to be consistent with Transparent Huge Page naming convention. Now, only huge page size aligned address is used in hugetlb_cow(), so the "address" is renamed to "haddr" in hugetlb_cow() in this patch. Next patch will use target subpage address in hugetlb_cow() too. The patch is just code cleanup without any functionality changes. Link: http://lkml.kernel.org/r/20180524005851.4079-4-ying.huang@intel.com Signed-off-by: "Huang, Ying" Suggested-by: Mike Kravetz Suggested-by: Michal Hocko Reviewed-by: Mike Kravetz Cc: David Rientjes Cc: Andrea Arcangeli Cc: "Kirill A. Shutemov" Cc: Andi Kleen Cc: Jan Kara Cc: Matthew Wilcox Cc: Hugh Dickins Cc: Minchan Kim Cc: Shaohua Li Cc: Christopher Lameter Cc: "Aneesh Kumar K.V" Cc: Punit Agrawal Cc: Anshuman Khandual Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c9f4cd71383576a916e7fca99c490fc92a289f5a Author: Huang Ying Date: Fri Aug 17 15:45:49 2018 -0700 mm, huge page: copy target sub-page last when copy huge page Huge page helps to reduce TLB miss rate, but it has higher cache footprint, sometimes this may cause some issue. For example, when copying huge page on x86_64 platform, the cache footprint is 4M. But on a Xeon E5 v3 2699 CPU, there are 18 cores, 36 threads, and only 45M LLC (last level cache). That is, in average, there are 2.5M LLC for each core and 1.25M LLC for each thread. If the cache contention is heavy when copying the huge page, and we copy the huge page from the begin to the end, it is possible that the begin of huge page is evicted from the cache after we finishing copying the end of the huge page. And it is possible for the application to access the begin of the huge page after copying the huge page. In c79b57e462b5d ("mm: hugetlb: clear target sub-page last when clearing huge page"), to keep the cache lines of the target subpage hot, the order to clear the subpages in the huge page in clear_huge_page() is changed to clearing the subpage which is furthest from the target subpage firstly, and the target subpage last. The similar order changing helps huge page copying too. That is implemented in this patch. Because we have put the order algorithm into a separate function, the implementation is quite simple. The patch is a generic optimization which should benefit quite some workloads, not for a specific use case. To demonstrate the performance benefit of the patch, we tested it with vm-scalability run on transparent huge page. With this patch, the throughput increases ~16.6% in vm-scalability anon-cow-seq test case with 36 processes on a 2 socket Xeon E5 v3 2699 system (36 cores, 72 threads). The test case set /sys/kernel/mm/transparent_hugepage/enabled to be always, mmap() a big anonymous memory area and populate it, then forked 36 child processes, each writes to the anonymous memory area from the begin to the end, so cause copy on write. For each child process, other child processes could be seen as other workloads which generate heavy cache pressure. At the same time, the IPC (instruction per cycle) increased from 0.63 to 0.78, and the time spent in user space is reduced ~7.2%. Link: http://lkml.kernel.org/r/20180524005851.4079-3-ying.huang@intel.com Signed-off-by: "Huang, Ying" Reviewed-by: Mike Kravetz Cc: Andi Kleen Cc: Jan Kara Cc: Michal Hocko Cc: Andrea Arcangeli Cc: "Kirill A. Shutemov" Cc: Matthew Wilcox Cc: Hugh Dickins Cc: Minchan Kim Cc: Shaohua Li Cc: Christopher Lameter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c6ddfb6c58903262d2d77042c41dba58cf775d88 Author: Huang Ying Date: Fri Aug 17 15:45:46 2018 -0700 mm, clear_huge_page: move order algorithm into a separate function Patch series "mm, huge page: Copy target sub-page last when copy huge page", v2. Huge page helps to reduce TLB miss rate, but it has higher cache footprint, sometimes this may cause some issue. For example, when copying huge page on x86_64 platform, the cache footprint is 4M. But on a Xeon E5 v3 2699 CPU, there are 18 cores, 36 threads, and only 45M LLC (last level cache). That is, in average, there are 2.5M LLC for each core and 1.25M LLC for each thread. If the cache contention is heavy when copying the huge page, and we copy the huge page from the begin to the end, it is possible that the begin of huge page is evicted from the cache after we finishing copying the end of the huge page. And it is possible for the application to access the begin of the huge page after copying the huge page. In c79b57e462b5d ("mm: hugetlb: clear target sub-page last when clearing huge page"), to keep the cache lines of the target subpage hot, the order to clear the subpages in the huge page in clear_huge_page() is changed to clearing the subpage which is furthest from the target subpage firstly, and the target subpage last. The similar order changing helps huge page copying too. That is implemented in this patchset. The patchset is a generic optimization which should benefit quite some workloads, not for a specific use case. To demonstrate the performance benefit of the patchset, we have tested it with vm-scalability run on transparent huge page. With this patchset, the throughput increases ~16.6% in vm-scalability anon-cow-seq test case with 36 processes on a 2 socket Xeon E5 v3 2699 system (36 cores, 72 threads). The test case set /sys/kernel/mm/transparent_hugepage/enabled to be always, mmap() a big anonymous memory area and populate it, then forked 36 child processes, each writes to the anonymous memory area from the begin to the end, so cause copy on write. For each child process, other child processes could be seen as other workloads which generate heavy cache pressure. At the same time, the IPC (instruction per cycle) increased from 0.63 to 0.78, and the time spent in user space is reduced ~7.2%. This patch (of 4): In c79b57e462b5d ("mm: hugetlb: clear target sub-page last when clearing huge page"), to keep the cache lines of the target subpage hot, the order to clear the subpages in the huge page in clear_huge_page() is changed to clearing the subpage which is furthest from the target subpage firstly, and the target subpage last. This optimization could be applied to copying huge page too with the same order algorithm. To avoid code duplication and reduce maintenance overhead, in this patch, the order algorithm is moved out of clear_huge_page() into a separate function: process_huge_page(). So that we can use it for copying huge page too. This will change the direct calls to clear_user_highpage() into the indirect calls. But with the proper inline support of the compilers, the indirect call will be optimized to be the direct call. Our tests show no performance change with the patch. This patch is a code cleanup without functionality change. Link: http://lkml.kernel.org/r/20180524005851.4079-2-ying.huang@intel.com Signed-off-by: "Huang, Ying" Suggested-by: Mike Kravetz Reviewed-by: Mike Kravetz Cc: Andi Kleen Cc: Jan Kara Cc: Michal Hocko Cc: Andrea Arcangeli Cc: "Kirill A. Shutemov" Cc: Matthew Wilcox Cc: Hugh Dickins Cc: Minchan Kim Cc: Shaohua Li Cc: Christopher Lameter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ac22b46a0b65dbeccbf4d458db95687e825bde90 Author: Jens Axboe Date: Fri Aug 17 15:45:42 2018 -0700 ext4: readpages() should submit IO as read-ahead a_ops->readpages() is only ever used for read-ahead. Ensure that we pass this information down to the block layer. Link: http://lkml.kernel.org/r/20180621010725.17813-5-axboe@kernel.dk Signed-off-by: Jens Axboe Reviewed-by: Andrew Morton Cc: Al Viro Cc: Chris Mason Cc: Christoph Hellwig Cc: Theodore Ts'o Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 5e9d398240b2292b1091f921d29bbab374b755fd Author: Jens Axboe Date: Fri Aug 17 15:45:39 2018 -0700 btrfs: readpages() should submit IO as read-ahead a_ops->readpages() is only ever used for read-ahead. Ensure that we pass this information down to the block layer. Link: http://lkml.kernel.org/r/20180621010725.17813-4-axboe@kernel.dk Signed-off-by: Jens Axboe Reviewed-by: Andrew Morton Cc: Al Viro Cc: Chris Mason Cc: Christoph Hellwig Cc: Theodore Ts'o Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 74c8164e1cdb1eb22f1d49d54e515e81821a8ad0 Author: Jens Axboe Date: Fri Aug 17 15:45:36 2018 -0700 mpage: mpage_readpages() should submit IO as read-ahead a_ops->readpages() is only ever used for read-ahead, yet we don't flag the IO being submitted as such. Fix that up. Any file system that uses mpage_readpages() as its ->readpages() implementation will now get this right. Since we're passing in whether the IO is read-ahead or not, we don't need to pass in the 'gfp' separately, as it is dependent on the IO being read-ahead. Kill off that member. Add some documentation notes on ->readpages() being purely for read-ahead. Link: http://lkml.kernel.org/r/20180621010725.17813-3-axboe@kernel.dk Signed-off-by: Jens Axboe Reviewed-by: Andrew Morton Cc: Al Viro Cc: Chris Mason Cc: Christoph Hellwig Cc: Theodore Ts'o Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 357c1206520da7a40e383fe329ce379bda722cd9 Author: Jens Axboe Date: Fri Aug 17 15:45:32 2018 -0700 mpage: add argument structure for do_mpage_readpage() Patch series "Submit ->readpages() IO as read-ahead", v4. The only caller of ->readpages() is from read-ahead, yet we don't submit IO flagged with REQ_RAHEAD. This means we don't see it in blktrace, for instance, which is a shame. Additionally, it's preventing further functional changes in the block layer for deadling with read-ahead more intelligently. We already make assumptions about ->readpages() just being for read-ahead in the mpage implementation, using readahead_gfp_mask(mapping) as out GFP mask of choice. This small series fixes up mpage_readpages() to submit with REQ_RAHEAD, which takes care of file systems using mpage_readpages(). The first patch is a prep patch, that makes do_mpage_readpage() take an argument structure. This patch (of 4): We're currently passing 8 arguments to this function, clean it up a bit by packing the arguments in an args structure we pass to it. No intentional functional changes in this patch. [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20180621010725.17813-2-axboe@kernel.dk Signed-off-by: Jens Axboe Reviewed-by: Andrew Morton Cc: Al Viro Cc: Christoph Hellwig Cc: Theodore Ts'o Cc: Chris Mason Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 87aa752906ecf69842ef5ac1d0677aa75a4e0aac Author: Yang Shi Date: Fri Aug 17 15:45:29 2018 -0700 mm: thp: inc counter for collapsed shmem THP /sys/kernel/mm/transparent_hugepage/khugepaged/pages_collapsed is used to record the counter of collapsed THP, but it just gets inc'ed in anonymous THP collapse path, do this for shmem THP collapse too. Link: http://lkml.kernel.org/r/1529622949-75504-2-git-send-email-yang.shi@linux.alibaba.com Signed-off-by: Yang Shi Acked-by: Kirill A. Shutemov Cc: Hugh Dickins Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c2231020ea7b53d486395dbd8d3216e0dd1fc7ee Author: Yang Shi Date: Fri Aug 17 15:45:26 2018 -0700 mm: thp: register mm for khugepaged when merging vma for shmem When merging anonymous page vma, if the size of the vma can fit in at least one hugepage, the mm will be registered for khugepaged for collapsing THP in the future. But it skips shmem vmas. Do so for shmem also, but not for file-private mappings when merging a vma in order to increase the odds of collapsing a hugepage via khugepaged. hugepage_vma_check() sounds like a good fit to do the check. And move the definition of it before khugepaged_enter_vma_merge() to avoid a build error. Link: http://lkml.kernel.org/r/1529697791-6950-1-git-send-email-yang.shi@linux.alibaba.com Signed-off-by: Yang Shi Acked-by: Kirill A. Shutemov Cc: Hugh Dickins Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8cded8668e1f49ab9b90682bca76e861782416e9 Author: Jia-Ju Bai Date: Fri Aug 17 15:45:22 2018 -0700 mm/mempool.c: remove unused argument in kasan_unpoison_element() and remove_element() The argument "gfp_t flags" is not used in kasan_unpoison_element() and remove_element(), so remove it. Link: http://lkml.kernel.org/r/20180621070332.16633-1-baijiaju1990@gmail.com Signed-off-by: Jia-Ju Bai Reviewed-by: Matthew Wilcox Acked-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit bb451fdf3d058dfecee1c0b965342d344e7d8317 Author: Greg Thelen Date: Fri Aug 17 15:45:19 2018 -0700 mm/vmscan.c: condense scan_control Use smaller scan_control fields for order, priority, and reclaim_idx. Convert fields from int => s8. All easily fit within a byte: - allocation order range: 0..MAX_ORDER(64?) - priority range: 0..12(DEF_PRIORITY) - reclaim_idx range: 0..6(__MAX_NR_ZONES) Since 6538b8ea886e ("x86_64: expand kernel stack to 16K") x86_64 stack overflows are not an issue. But it's inefficient to use ints. Use s8 (signed byte) rather than u8 to allow for loops like: do { ... } while (--sc.priority >= 0); Add BUILD_BUG_ON to verify that s8 is capable of storing max values. This reduces sizeof(struct scan_control): - 96 => 80 bytes (x86_64) - 68 => 56 bytes (i386) scan_control structure field order is changed to utilize padding. After this patch there is 1 bit of scan_control padding. akpm: makes my vmscan.o's .text 572 bytes smaller as well. Link: http://lkml.kernel.org/r/20180530061212.84915-1-gthelen@google.com Signed-off-by: Greg Thelen Suggested-by: Matthew Wilcox Reviewed-by: Andrew Morton Cc: Michal Hocko Cc: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 10ed63415223b16d7e80ba528556500231814232 Author: Kirill A. Shutemov Date: Fri Aug 17 15:45:15 2018 -0700 mm/page_ext.c: constify lookup_page_ext() argument lookup_page_ext() finds 'struct page_ext' for a given page. It requires only read access to the given struct page. Current implemnentation takes 'struct page *' as an argument. It makes compiler complain when 'const struct page *' passed. Change the argument to 'const struct page *'. Link: http://lkml.kernel.org/r/20180531135457.20167-3-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Reviewed-by: Andrew Morton Cc: Vinayak Menon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b3a2369692fedcc439dfaa4f215cf5323a886c88 Author: Kirill A. Shutemov Date: Fri Aug 17 15:45:12 2018 -0700 include/linux/page_ext.h: drop definition of unused PAGE_EXT_DEBUG_POISON After commit bd33ef368135 ("mm: enable page poisoning early at boot") PAGE_EXT_DEBUG_POISON is not longer used. Remove it. Link: http://lkml.kernel.org/r/20180531135457.20167-2-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Reviewed-by: Vinayak Menon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 46c9a946d766fa830a85d6599de5891fe9e717d2 Author: Arnd Bergmann Date: Fri Aug 17 15:45:09 2018 -0700 shmem: use monotonic time for i_generation get_seconds() is deprecated because it will lead to a 32-bit overflow in 2038 or 2106. We don't need the i_generation to be strictly monotonic anyway, and other file systems like ext4 and xfs just use prandom_u32(), so let's use the same one here. If this is considered too slow, we could also use ktime_get_seconds() or ktime_get_real_seconds() to keep the previous behavior. Both of these return a time64_t and are not deprecated, but only return a unique value once per second, and are predictable. Link: http://lkml.kernel.org/r/20180620082556.581543-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Reviewed-by: Andrew Morton Cc: Hugh Dickins Cc: Mike Kravetz Cc: "Kirill A. Shutemov" Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d6a24df00638a09abd8fb99bdb5a1c7fdd536e59 Author: Vlastimil Babka Date: Fri Aug 17 15:45:05 2018 -0700 mm, page_alloc: actually ignore mempolicies for high priority allocations __alloc_pages_slowpath() has for a long time contained code to ignore node restrictions from memory policies for high priority allocations. The current code that resets the zonelist iterator however does effectively nothing after commit 7810e6781e0f ("mm, page_alloc: do not break __GFP_THISNODE by zonelist reset") removed a buggy zonelist reset. Even before that commit, mempolicy restrictions were still not ignored, as they are passed in ac->nodemask which is untouched by the code. We can either remove the code, or make it work as intended. Since ac->nodemask can be set from task's mempolicy via alloc_pages_current() and thus also alloc_pages(), it may indeed affect kernel allocations, and it makes sense to ignore it to allow progress for high priority allocations. Thus, this patch resets ac->nodemask to NULL in such cases. This assumes all callers can handle it (i.e. there are no guarantees as in the case of __GFP_THISNODE) which seems to be the case. The same assumption is already present in check_retry_cpuset() for some time. The expected effect is that high priority kernel allocations in the context of userspace tasks (e.g. OOM victims) restricted by mempolicies will have higher chance to succeed if they are restricted to nodes with depleted memory, while there are other nodes with free memory left. It's not a new intention, but for the first time the code will match the intention, AFAICS. It was intended by commit 183f6371aac2 ("mm: ignore mempolicies when using ALLOC_NO_WATERMARK") in v3.6 but I think it never really worked, as mempolicy restriction was already encoded in nodemask, not zonelist, at that time. So originally that was for ALLOC_NO_WATERMARK only. Then it was adjusted by e46e7b77c909 ("mm, page_alloc: recalculate the preferred zoneref if the context can ignore memory policies") and cd04ae1e2dc8 ("mm, oom: do not rely on TIF_MEMDIE for memory reserves access") to the current state. So even GFP_ATOMIC would now ignore mempolicies after the initial attempts fail - if the code worked as people thought it does. Link: http://lkml.kernel.org/r/20180612122624.8045-1-vbabka@suse.cz Signed-off-by: Vlastimil Babka Acked-by: Michal Hocko Acked-by: Mel Gorman Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 59ae96ffc3a6731c3b85f9925e07e893d392e814 Author: Christian Hansen Date: Fri Aug 17 15:45:02 2018 -0700 tools/vm/page-types.c: add support for idle page tracking Add a flag which causes page-types to use the kernels's idle page tracking to mark pages idle. As the tool already prints the idle flag if set, subsequent runs will show which pages have been accessed since last run. [akpm@linux-foundation.org: simplify mark_page_idle()] [chansen3@cisco.com: reorganize mark_page_idle() logic, add docs] Link: http://lkml.kernel.org/r/20180706172237.21691-1-chansen3@cisco.com Link: http://lkml.kernel.org/r/20180612153223.13174-1-chansen3@cisco.com Signed-off-by: Christian Hansen Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7f1d23e607185e07e5df2a806a989c24627aef41 Author: Christian Hansen Date: Fri Aug 17 15:44:59 2018 -0700 tools/vm/page-types.c: include shared map counts Add a new flag that will read kpagecount for each PFN and print out the number of times the page is mapped along with the flags in the listing view. This information is useful in understanding and optimizing memory usage. Identifying pages which are not shared allows us to focus on adjusting the memory layout or access patterns for the sole owning process. Knowing the number of processes that share a page tells us how many other times we must make the same adjustments or how many processes to potentially disable. Truncated sample output: voffset map-cnt offset len flags 561a3591e 1 15fe8 1 ___U_lA____Ma_b___________________________ 561a3591f 1 2b103 1 ___U_lA____Ma_b___________________________ 561a36ca4 1 2cc78 1 ___U_lA____Ma_b___________________________ 7f588bb4e 14 2273c 1 __RU_lA____M______________________________ [akpm@linux-foundation.org: coding-style fixes] [chansen3@cisco.com: add documentation, tweak whitespace] Link: http://lkml.kernel.org/r/20180705181204.5529-1-chansen3@cisco.com Link: http://lkml.kernel.org/r/20180612153205.12879-1-chansen3@cisco.com Signed-off-by: Christian Hansen Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit fadae2953072e9005c5f1d64e1049edb043494dc Author: Yang Shi Date: Fri Aug 17 15:44:55 2018 -0700 thp: use mm_file_counter to determine update which rss counter Since commit eca56ff906bd ("mm, shmem: add internal shmem resident memory accounting"), MM_SHMEMPAGES is added to separate the shmem accounting from regular files. So, all shmem pages should be accounted to MM_SHMEMPAGES instead of MM_FILEPAGES. And, normal 4K shmem pages have been accounted to MM_SHMEMPAGES, so shmem thp pages should be not treated differently. Account them to MM_SHMEMPAGES via mm_counter_file() since shmem pages are swap backed to keep consistent with normal 4K shmem pages. This will not change the rss counter of processes since shmem pages are still a part of it. The /proc/pid/status and /proc/pid/statm counters will however be more accurate wrt shmem usage, as originally intended. And as eca56ff906bd ("mm, shmem: add internal shmem resident memory accounting") mentioned, oom also could report more accurate "shmem-rss". Link: http://lkml.kernel.org/r/1529442518-17398-1-git-send-email-yang.shi@linux.alibaba.com Signed-off-by: Yang Shi Acked-by: Vlastimil Babka Cc: Hugh Dickins Cc: Kirill A. Shutemov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 720e14ebec642bc56c44e5e60a2d595900e5bbf0 Author: Pavel Tatashin Date: Fri Aug 17 15:44:52 2018 -0700 mm: skip invalid pages block at a time in zero_resv_unresv() The role of zero_resv_unavail() is to make sure that every struct page that is allocated but is not backed by memory that is accessible by kernel is zeroed and not in some uninitialized state. Since struct pages are allocated in blocks (2M pages in x86 case), we can skip pageblock_nr_pages at a time, when the first one is found to be invalid. This optimization may help since now on x86 every hole in e820 maps is marked as reserved in memblock, and thus will go through this function. This function is called before sched_clock() is initialized, so I used my x86 early boot clock patches to measure the performance improvement. With 1T hole on i7-8700 currently we would take 0.606918s of boot time, but with this optimization 0.001103s. Link: http://lkml.kernel.org/r/20180615155733.1175-1-pasha.tatashin@oracle.com Signed-off-by: Pavel Tatashin Reviewed-by: Oscar Salvador Reviewed-by: Naoya Horiguchi Cc: Pasha Tatashin Cc: Steven Sistare Cc: Daniel Jordan Cc: Michal Hocko Cc: Matthew Wilcox Cc: Ingo Molnar Cc: Dan Williams Cc: "Huang, Ying" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 50a7ca3c6fc86955f99fc432fc8a186b968b365b Author: Souptick Joarder Date: Fri Aug 17 15:44:47 2018 -0700 mm: convert return type of handle_mm_fault() caller to vm_fault_t Use new return type vm_fault_t for fault handler. For now, this is just documenting that the function returns a VM_FAULT value rather than an errno. Once all instances are converted, vm_fault_t will become a distinct type. Ref-> commit 1c8f422059ae ("mm: change return type to vm_fault_t") In this patch all the caller of handle_mm_fault() are changed to return vm_fault_t type. Link: http://lkml.kernel.org/r/20180617084810.GA6730@jordon-HP-15-Notebook-PC Signed-off-by: Souptick Joarder Cc: Matthew Wilcox Cc: Richard Henderson Cc: Tony Luck Cc: Matt Turner Cc: Vineet Gupta Cc: Russell King Cc: Catalin Marinas Cc: Will Deacon Cc: Richard Kuo Cc: Geert Uytterhoeven Cc: Michal Simek Cc: James Hogan Cc: Ley Foon Tan Cc: Jonas Bonn Cc: James E.J. Bottomley Cc: Benjamin Herrenschmidt Cc: Palmer Dabbelt Cc: Yoshinori Sato Cc: David S. Miller Cc: Richard Weinberger Cc: Guan Xuetao Cc: Thomas Gleixner Cc: "H. Peter Anvin" Cc: "Levin, Alexander (Sasha Levin)" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 0882ff9190e3bc51e2d78c3aadd7c690eeaa91d5 Author: Vlastimil Babka Date: Fri Aug 17 15:44:44 2018 -0700 mm, slub: restore the original intention of prefetch_freepointer() In SLUB, prefetch_freepointer() is used when allocating an object from cache's freelist, to make sure the next object in the list is cache-hot, since it's probable it will be allocated soon. Commit 2482ddec670f ("mm: add SLUB free list pointer obfuscation") has unintentionally changed the prefetch in a way where the prefetch is turned to a real fetch, and only the next->next pointer is prefetched. In case there is not a stream of allocations that would benefit from prefetching, the extra real fetch might add a useless cache miss to the allocation. Restore the previous behavior. Link: http://lkml.kernel.org/r/20180809085245.22448-1-vbabka@suse.cz Fixes: 2482ddec670f ("mm: add SLUB free list pointer obfuscation") Signed-off-by: Vlastimil Babka Acked-by: Kees Cook Cc: Daniel Micay Cc: Eric Dumazet Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 1f4aace60b0edc2d885aaa263abf4df42c8c65a8 Author: NeilBrown Date: Fri Aug 17 15:44:41 2018 -0700 fs/seq_file.c: simplify seq_file iteration code and interface The documentation for seq_file suggests that it is necessary to be able to move the iterator to a given offset, however that is not the case. If the iterator is stored in the private data and is stable from one read() syscall to the next, it is only necessary to support first/next interactions. Implementing this in a client is a little clumsy. - if ->start() is given a pos of zero, it should go to start of sequence. - if ->start() is given the name pos that was given to the most recent next() or start(), it should restore the iterator to state just before that last call - if ->start is given another number, it should set the iterator one beyond the start just before the last ->start or ->next call. Also, the documentation says that the implementation can interpret the pos however it likes (other than zero meaning start), but seq_file increments the pos sometimes which does impose on the implementation. This patch simplifies the interface for first/next iteration and simplifies the code, while maintaining complete backward compatability. Now: - if ->start() is given a pos of zero, it should return an iterator placed at the start of the sequence - if ->start() is given a non-zero pos, it should return the iterator in the same state it was after the last ->start or ->next. This is particularly useful for interators which walk the multiple chains in a hash table, e.g. using rhashtable_walk*. See fs/gfs2/glock.c and drivers/staging/lustre/lustre/llite/vvp_dev.c A large part of achieving this is to *always* call ->next after ->show has successfully stored all of an entry in the buffer. Never just increment the index instead. Also: - always pass &m->index to ->start() and ->next(), never a temp variable - don't clear ->from when ->count is zero, as ->from is dead when ->count is zero. Some ->next functions do not increment *pos when they return NULL. To maintain compatability with this, we still need to increment m->index in one place, if ->next didn't increment it. Note that such ->next functions are buggy and should be fixed. A simple demonstration is dd if=/proc/swaps bs=1000 skip=1 Choose any block size larger than the size of /proc/swaps. This will always show the whole last line of /proc/swaps. This patch doesn't work around buggy next() functions for this case. [neilb@suse.com: ensure ->from is valid] Link: http://lkml.kernel.org/r/87601ryb8a.fsf@notabene.neil.brown.name Signed-off-by: NeilBrown Acked-by: Jonathan Corbet [docs] Tested-by: Jann Horn Cc: Alexander Viro Cc: Kees Cook Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 4cdfffc8722e99be8d400d8fa1fcd615d078ad43 Author: NeilBrown Date: Fri Aug 17 15:44:37 2018 -0700 vfs: discard ATTR_ATTR_FLAG This flag was introduce in 2.1.37pre1 and the only place it was tested was removed in 2.1.43pre1. The flag was never set. Let's discard it properly. Link: http://lkml.kernel.org/r/877en0hewz.fsf@notabene.neil.brown.name Signed-off-by: NeilBrown Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6cd00a01f0c1ae6a852b09c59b8dd55cc6c35d1d Author: Tetsuo Handa Date: Fri Aug 17 15:44:34 2018 -0700 fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() Since only dentry->d_name.len + 1 bytes out of DNAME_INLINE_LEN bytes are initialized at __d_alloc(), we can't copy the whole size unconditionally. WARNING: kmemcheck: Caught 32-bit read from uninitialized memory (ffff8fa27465ac50) 636f6e66696766732e746d70000000000010000000000000020000000188ffff i i i i i i i i i i i i i u u u u u u u u u u i i i i i u u u u ^ RIP: 0010:take_dentry_name_snapshot+0x28/0x50 RSP: 0018:ffffa83000f5bdf8 EFLAGS: 00010246 RAX: 0000000000000020 RBX: ffff8fa274b20550 RCX: 0000000000000002 RDX: ffffa83000f5be40 RSI: ffff8fa27465ac50 RDI: ffffa83000f5be60 RBP: ffffa83000f5bdf8 R08: ffffa83000f5be48 R09: 0000000000000001 R10: ffff8fa27465ac00 R11: ffff8fa27465acc0 R12: ffff8fa27465ac00 R13: ffff8fa27465acc0 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f79737ac8c0(0000) GS:ffffffff8fc30000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff8fa274c0b000 CR3: 0000000134aa7002 CR4: 00000000000606f0 take_dentry_name_snapshot+0x28/0x50 vfs_rename+0x128/0x870 SyS_rename+0x3b2/0x3d0 entry_SYSCALL_64_fastpath+0x1a/0xa4 0xffffffffffffffff Link: http://lkml.kernel.org/r/201709131912.GBG39012.QMJLOVFSFFOOtH@I-love.SAKURA.ne.jp Signed-off-by: Tetsuo Handa Cc: Vegard Nossum Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 480bd56485b77c36e17a411921266c6f06623d98 Author: Colin Ian King Date: Fri Aug 17 15:44:31 2018 -0700 ocfs2: make several functions and variables static (and some const) There are a variety of functions and variables that are local to the source and do not need to be in global scope, so make them static. Also make a couple of char arrays static const. Cleans up sparse warnings: symbol 'o2hb_heartbeat_mode_desc' was not declared. Should it be static? symbol 'o2hb_heartbeat_mode' was not declared. Should it be static? symbol 'o2hb_dependent_users' was not declared. Should it be static? symbol 'o2hb_region_dec_user' was not declared. Should it be static? symbol 'o2nm_fence_method_desc' was not declared. Should it be static? symbol 'lockdep_keys' was not declared. Should it be static? Link: http://lkml.kernel.org/r/20180628131659.12133-1-colin.king@canonical.com Signed-off-by: Colin Ian King Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 229ba1f82abe4c942e2ab5862daafdfe471fedd8 Author: wangyan Date: Fri Aug 17 15:44:27 2018 -0700 ocfs2: clean up some unnecessary code Several functions have some unnecessary code, clean up these code. Link: http://lkml.kernel.org/r/5B14DF72.5020800@huawei.com Signed-off-by: Yan Wang Reviewed-by: Jun Piao Reviewed-by: Andrew Morton Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Cc: Changwei Ge Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 93f5920d8607c5e3f2d3b159377a7e7d7875ffdd Author: Jun Piao Date: Fri Aug 17 15:44:24 2018 -0700 ocfs2: return -EROFS when filesystem becomes read-only We should return -EROFS rather than other errno if filesystem becomes read-only. [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/5B191B26.9010501@huawei.com Signed-off-by: Jun Piao Reviewed-by: Yiwen Jiang Acked-by: Joseph Qi Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Changwei Ge Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8d00d0c00c0720c43b0eec0e86a6e916192f35d0 Author: Nick Desaulniers Date: Fri Aug 17 15:44:21 2018 -0700 sh: prefer _THIS_IP_ to current_text_addr As part of the effort to reduce the code duplication between _THIS_IP_ and current_text_addr(), let's consolidate callers of current_text_addr() to use _THIS_IP_. Link: http://lkml.kernel.org/r/20180801185331.39535-1-ndesaulniers@google.com Signed-off-by: Nick Desaulniers Cc: Yoshinori Sato Cc: Rich Felker Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 82f7c5103dcdd714486a64cfc5783cc4608d124c Author: Dmitry Torokhov Date: Fri Aug 17 15:44:17 2018 -0700 sh: make use of for_each_node_by_type() Instead of open-coding the loop, let's use canned macro. Also make sure we are not leaking "cpus" node reference. Link: http://lkml.kernel.org/r/20180624224252.GA220395@dtor-ws Signed-off-by: Dmitry Torokhov Reviewed-by: Andrew Morton Cc: Yoshinori Sato Cc: Rich Felker Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ab62ef82ea49b8814f4b0e2fe61426acda793fb9 Author: Kees Cook Date: Fri Aug 17 15:44:14 2018 -0700 ntfs: mft: remove VLA usage In the quest to remove all stack VLA usage from the kernel[1], this allocates the maximum size stack buffer. Existing checks already require that blocksize >= NTFS_BLOCK_SIZE and mft_record_size <= PAGE_SIZE, so max_bhs can be at most PAGE_SIZE / NTFS_BLOCK_SIZE. Sanity checks are added for robustness. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Link: http://lkml.kernel.org/r/20180626172909.41453-4-keescook@chromium.org Signed-off-by: Kees Cook Cc: Anton Altaparmakov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 2c27ce915078a5822aefb5db7bc2481664b26044 Author: Kees Cook Date: Fri Aug 17 15:44:11 2018 -0700 ntfs: decompress: remove VLA usage In the quest to remove all stack VLA usage from the kernel[1], this moves the stack buffer used during decompression to be allocated externally. The existing "dest_max_index" used in the VLA is bounded by cb_max_page. cb_max_page is bounded by max_page, and max_page is bounded by nr_pages. Since nr_pages is used for the "pages" allocation, it can similarly be used for the "completed_pages" allocation and passed into the decompression function. The error paths are updated to free the new allocation. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Link: http://lkml.kernel.org/r/20180626172909.41453-3-keescook@chromium.org Signed-off-by: Kees Cook Cc: Anton Altaparmakov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ac4ecf968acb9e54c335f99d842d56d6b90e28fb Author: Kees Cook Date: Fri Aug 17 15:44:07 2018 -0700 ntfs: aops: remove VLA usage In the quest to remove all stack VLA usage from the kernel[1], this uses the maximum size needed on the stack and adds a sanity check for robustness: index.block_size cannot be larger than PAGE_SIZE nor less than NTFS_BLOCK_SIZE. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Link: http://lkml.kernel.org/r/20180626172909.41453-2-keescook@chromium.org Signed-off-by: Kees Cook Cc: Anton Altaparmakov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a10dcebacdb0cf6eb29c211e99cf190cd131a16a Author: Sebastian Andrzej Siewior Date: Fri Aug 17 15:44:04 2018 -0700 fs/ntfs/aops.c: don't disable interrupts during kmap_atomic() ntfs_end_buffer_async_read() disables interrupts around kmap_atomic(). This is a leftover from the old kmap_atomic() implementation which relied on fixed mapping slots, so the caller had to make sure that the same slot could not be reused from an interrupting context. kmap_atomic() was changed to dynamic slots long ago and commit 1ec9c5ddc17a ("include/linux/highmem.h: remove the second argument of k[un]map_atomic()") removed the slot assignements, but the callers were not checked for now redundant interrupt disabling. Remove the conditional interrupt disable. Link: http://lkml.kernel.org/r/20180611144913.gln5mklhqcrfsoom@linutronix.de Signed-off-by: Sebastian Andrzej Siewior Cc: Anton Altaparmakov Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit bed95c43c15eb6b1ccc5b09e5ae08cac726c456d Author: Jeremy Cline Date: Fri Aug 17 15:44:01 2018 -0700 scripts: add Python 3 compatibility to spdxcheck.py "dict.has_key(key)" on dictionaries has been replaced with "key in dict". Additionally, when run under Python 3 some files don't decode with the default encoding (tested with UTF-8). To handle that, don't open the file in text mode and decode text line-by-line, ignoring encoding errors. This remains compatible with Python 2 and should have no functional change. Link: http://lkml.kernel.org/r/20180717190635.29467-1-jcline@redhat.com Signed-off-by: Jeremy Cline Acked-by: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit fde5e903fb5893415fa49d280e998be226d0898f Author: Joe Perches Date: Fri Aug 17 15:43:57 2018 -0700 scripts/spdxcheck.py: work with current HEAD LICENSES/ directory Depending on how old your -next tree is, it may not have a master that has the LICENSES directory. Change the lookup to HEAD and find whatever LICENSE directory files are used in that branch. Miscellanea: - Remove the checkpatch test as it will have its own SPDX license identifier. Link: http://lkml.kernel.org/r/7eeefc862194930c773e662cb2152e178441d3b8.camel@perches.com Signed-off-by: Joe Perches Reviewed-by: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f08957d0ffe91f346c47cef95139c54aa7275cfe Author: Arnd Bergmann Date: Fri Aug 17 15:43:54 2018 -0700 fs/hpfs: extend gmt_to_local() conversion to 64-bit times The VFS timestamps are all 64-bit now, the only missing piece for hpfs is the internal conversion function. One interesting bit about hpfs is that it can already deal with moving the 136 year window of its timestamps to support a much wider range than other file systems with 32-bit timestamps. It also treats the timestamps as 'unsigned' on 64-bit architectures (but signed on 32-bit, because time_t always around to negative numbers in 2038). Changing the conversion to use time64_t makes 32-bit architectures behave the same way as 64-bit. For completeness, this also adds a clamp_t call for each conversion, so we don't wrap the timestamps but instead stay within the [0..U32_MAX] range of the on-disk timestamps. Link: http://lkml.kernel.org/r/20180718115017.742609-3-arnd@arndb.de Signed-off-by: Arnd Bergmann Cc: Mikulas Patocka Cc: Al Viro Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit bcf451ecfc8d45618d13c9e4abcbbd770af20cc9 Author: Arnd Bergmann Date: Fri Aug 17 15:43:50 2018 -0700 fs/ntfs: use timespec64 directly for timestamp conversion Now that the VFS has been converted from timespec to timespec64 timestamps, only the conversion to/from ntfs timestamps uses 32-bit seconds. This changes that last missing piece to get the ntfs implementation y2038 safe on 32-bit architectures. Link: http://lkml.kernel.org/r/20180718115017.742609-2-arnd@arndb.de Signed-off-by: Arnd Bergmann Cc: Anton Altaparmakov Cc: Al Viro Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a3fda0ffeaf0114328024aee4a9ec3b08af4b077 Author: Arnd Bergmann Date: Fri Aug 17 15:43:47 2018 -0700 fs/ufs: use ktime_get_real_seconds for sb and cg timestamps get_seconds() is deprecated because of the 32-bit overflow and will be removed. All callers in ufs also truncate to a 32-bit number, so nothing changes during the conversion, but this should be harmless as the superblock and cylinder group timestamps are not visible to user space, except for checking the fs-dirty state, wich works fine across the overflow. This moves the call to get_seconds() into a new inline function, with a comment explaining the constraints, while converting it to ktime_get_real_seconds(). Link: http://lkml.kernel.org/r/20180718115017.742609-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Acked-by: Thomas Gleixner Cc: Al Viro Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 2c1bb29aa6e7b0e52d84bd06bc199b0a5076a781 Author: Arnd Bergmann Date: Fri Aug 17 15:43:44 2018 -0700 firewire: use 64-bit time_t based interfaces 32-bit CLOCK_REALTIME timestamps overflow in year 2038, so all such interfaces are deprecated now. For the FW_CDEV_IOC_GET_CYCLE_TIMER2 ioctl, we already support 64-bit timestamps, but the implementation still uses timespec. This changes the code to use timespec64 instead with the appropriate accessor functions. Link: http://lkml.kernel.org/r/20180711124456.1023039-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Cc: Stefan Richter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit e1fb4a0864958fac2fb1b23f9f4562a9f90e3e8f Author: Dave Jiang Date: Fri Aug 17 15:43:40 2018 -0700 dax: remove VM_MIXEDMAP for fsdax and device dax This patch is reworked from an earlier patch that Dan has posted: https://patchwork.kernel.org/patch/10131727/ VM_MIXEDMAP is used by dax to direct mm paths like vm_normal_page() that the memory page it is dealing with is not typical memory from the linear map. The get_user_pages_fast() path, since it does not resolve the vma, is already using {pte,pmd}_devmap() as a stand-in for VM_MIXEDMAP, so we use that as a VM_MIXEDMAP replacement in some locations. In the cases where there is no pte to consult we fallback to using vma_is_dax() to detect the VM_MIXEDMAP special case. Now that we have explicit driver pfn_t-flag opt-in/opt-out for get_user_pages() support for DAX we can stop setting VM_MIXEDMAP. This also means we no longer need to worry about safely manipulating vm_flags in a future where we support dynamically changing the dax mode of a file. DAX should also now be supported with madvise_behavior(), vma_merge(), and copy_page_range(). This patch has been tested against ndctl unit test. It has also been tested against xfstests commit: 625515d using fake pmem created by memmap and no additional issues have been observed. Link: http://lkml.kernel.org/r/152847720311.55924.16999195879201817653.stgit@djiang5-desk3.ch.intel.com Signed-off-by: Dave Jiang Acked-by: Dan Williams Cc: Jan Kara Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit e36488c83b6d871b35dd555afb2d434bd61687cf Author: Arnd Bergmann Date: Fri Aug 17 15:43:36 2018 -0700 bitfield: avoid gcc-8 -Wint-in-bool-context warning Passing an enum into FIELD_GET() produces a long but harmless warning on newer compilers: from include/linux/linkage.h:7, from include/linux/kernel.h:7, from include/linux/skbuff.h:17, from include/linux/if_ether.h:23, from include/linux/etherdevice.h:25, from drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c:63: drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c: In function 'iwl_mvm_rx_mpdu_mq': include/linux/bitfield.h:56:20: error: enum constant in boolean context [-Werror=int-in-bool-context] BUILD_BUG_ON_MSG(!(_mask), _pfx "mask is zero"); \ ^ ... include/linux/bitfield.h:103:3: note: in expansion of macro '__BF_FIELD_CHECK' __BF_FIELD_CHECK(_mask, _reg, 0U, "FIELD_GET: "); \ ^~~~~~~~~~~~~~~~ drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c:1025:21: note: in expansion of macro 'FIELD_GET' le16_encode_bits(FIELD_GET(IWL_RX_HE_PHY_SIBG_SYM_OR_USER_NUM_MASK, The problem here is that the caller has no idea how the macro gets expanding, leading to a false-positive. It can be trivially avoided by doing a comparison against zero. This only recently started appearing as the iwlwifi driver was patched to use FIELD_GET. Link: http://lkml.kernel.org/r/20180813220950.194841-1-arnd@arndb.de Fixes: 514c30696fbc ("iwlwifi: add support for IEEE802.11ax") Signed-off-by: Arnd Bergmann Cc: Masahiro Yamada Cc: Johannes Berg Cc: Jakub Kicinski Cc: Andy Shevchenko Cc: Al Viro Cc: David Laight Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6ed191ca9045e595d02cdf206fd7d494a1573bdd Author: Dominique Martinet Date: Fri Aug 17 15:43:33 2018 -0700 9p: add Dominique Martinet to MAINTAINERS Link: http://lkml.kernel.org/r/1533869305-29325-1-git-send-email-asmadeus@codewreck.org Signed-off-by: Dominique Martinet Acked-by: Andrew Morton Cc: Eric Van Hensbergen Cc: Latchesar Ionkov Cc: Ron Minnich Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6b69cbd8b1fba2641bab1a68bb964fbab4277736 Author: Dominique Martinet Date: Fri Aug 17 15:43:29 2018 -0700 9p: remove Ron Minnich from MAINTAINERS Ron Minnich has left Sandia in 2011, and has not been involved in any 9p commit in recent years. Also add a CREDITS entry to record his contributions. Link: http://lkml.kernel.org/r/1534486244-1055-1-git-send-email-asmadeus@codewreck.org Signed-off-by: Dominique Martinet Cc: Eric Van Hensbergen Cc: Ron Minnich Cc: Ronald G. Minnich Cc: Latchesar Ionkov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f6069b9aa9934ede26f41ac0781fce241279ad43 Author: Daniel Borkmann Date: Fri Aug 17 23:26:14 2018 +0200 bpf: fix redirect to map under tail calls Commits 109980b894e9 ("bpf: don't select potentially stale ri->map from buggy xdp progs") and 7c3001313396 ("bpf: fix ri->map_owner pointer on bpf_prog_realloc") tried to mitigate that buggy programs using bpf_redirect_map() helper call do not leave stale maps behind. Idea was to add a map_owner cookie into the per CPU struct redirect_info which was set to prog->aux by the prog making the helper call as a proof that the map is not stale since the prog is implicitly holding a reference to it. This owner cookie could later on get compared with the program calling into BPF whether they match and therefore the redirect could proceed with processing the map safely. In (obvious) hindsight, this approach breaks down when tail calls are involved since the original caller's prog->aux pointer does not have to match the one from one of the progs out of the tail call chain, and therefore the xdp buffer will be dropped instead of redirected. A way around that would be to fix the issue differently (which also allows to remove related work in fast path at the same time): once the life-time of a redirect map has come to its end we use it's map free callback where we need to wait on synchronize_rcu() for current outstanding xdp buffers and remove such a map pointer from the redirect info if found to be present. At that time no program is using this map anymore so we simply invalidate the map pointers to NULL iff they previously pointed to that instance while making sure that the redirect path only reads out the map once. Fixes: 97f91a7cf04f ("bpf: add bpf_redirect_map helper routine") Fixes: 109980b894e9 ("bpf: don't select potentially stale ri->map from buggy xdp progs") Reported-by: Sebastiano Miano Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Signed-off-by: Alexei Starovoitov commit b4c296f9c96420b8e7e92466ea5960f10ee20aae Author: Jason Gunthorpe Date: Fri Aug 17 16:45:51 2018 -0600 RDMA/smc: Replace ib_query_gid with rdma_get_gid_attr All RDMA ULPs should be using rdma_get_gid_attr instead of ib_query_gid. Convert SMC to use the new API. In the process correct some confusion with gid_type - if attr->ndev is !NULL then gid_type can never be IB_GID_TYPE_IB by definition. IB_GID_TYPE_ROCE shares the same enum value and is probably what was intended here. Reviewed-by: Parav Pandit Signed-off-by: Jason Gunthorpe commit 9bd553929f68921be0f2014dd06561e0c8249a0d Merge: 022ff62c3d8c 0a3173a5f09b Author: Linus Torvalds Date: Fri Aug 17 12:44:48 2018 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Pull rdma updates from Jason Gunthorpe: "This has been a large cycle for RDMA, with several major patch series reworking parts of the core code. - Rework the so-called 'gid cache' and internal APIs to use a kref'd pointer to a struct instead of copying, push this upwards into the callers and add more stuff to the struct. The new design avoids some ugly races the old one suffered with. This is part of the namespace enablement work as the new struct is learning to be namespace aware. - Various uapi cleanups, moving more stuff to include/uapi and fixing some long standing bugs that have recently been discovered. - Driver updates for mlx5, mlx4 i40iw, rxe, cxgb4, hfi1, usnic, pvrdma, and hns - Provide max_send_sge and max_recv_sge attributes to better support HW where these values are asymmetric. - mlx5 user API 'devx' allows sending commands directly to the device FW, instead of trying to cram every wild and niche feature into the common API. Sort of like what GPU does. - Major write() and ioctl() API rework to cleanly support PCI device hot unplug and advance the ioctl conversion work - Sparse and compile warning cleanups - Add 'const' to the ib_poll_cq() signature, and permit a NULL 'bad_wr', which is the common use case - Various patches to avoid high order allocations across the stack - SRQ support for cxgb4, hns and qedr - Changes to IPoIB to better follow the netdev model for working with struct net_device liftime" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: (312 commits) Revert "net/smc: Replace ib_query_gid with rdma_get_gid_attr" RDMA/hns: Fix usage of bitmap allocation functions return values IB/core: Change filter function return type from int to bool IB/core: Update GID entries for netdevice whose mac address changes IB/core: Add default GIDs of the bond master netdev IB/core: Consider adding default GIDs of bond device IB/core: Delete lower netdevice default GID entries in bonding scenario IB/core: Avoid confusing del_netdev_default_ips IB/core: Add comment for change upper netevent handling qedr: Add user space support for SRQ qedr: Add support for kernel mode SRQ's qedr: Add wrapping generic structure for qpidr and adjust idr routines. IB/mlx5: Fix leaking stack memory to userspace Update the e-mail address of Bart Van Assche IB/ucm: Fix compiling ucm.c IB/uverbs: Do not check for device disassociation during ioctl IB/uverbs: Remove struct uverbs_root_spec and all supporting code IB/uverbs: Use uverbs_api to unmarshal ioctl commands IB/uverbs: Use uverbs_alloc for allocations IB/uverbs: Add a simple allocator to uverbs_attr_bundle ... commit bfdd19ad80f203f42f05fd32a31c678c9c524ef9 Author: Heiner Kallweit Date: Fri Aug 17 20:42:16 2018 +0200 r8169: add missing Kconfig dependency Now that we switched the r8169 driver to use phylib, there's a dependency on the Realtek PHY drivers. This dependency was missing in Kconfig. Reported-by: Jouni Mettälä Fixes: f1e911d5d0df ("r8169: add basic phylib support") Signed-off-by: Heiner Kallweit Acked-by: Florian Fainelli Signed-off-by: David S. Miller commit a85da34e97f553d27b520757ffc9b31232694a78 Author: Yonghong Song Date: Fri Aug 17 08:54:15 2018 -0700 tools/bpf: fix bpf selftest test_cgroup_storage failure The bpf selftest test_cgroup_storage failed in one of our production test servers. # sudo ./test_cgroup_storage Failed to create map: Operation not permitted It turns out this is due to insufficient locked memory with system default 16KB. Similar to other self tests, let us arm the process with unlimited locked memory. With this change, the test passed. # sudo ./test_cgroup_storage test_cgroup_storage:PASS Fixes: 68cfa3ac6b8d ("selftests/bpf: add a cgroup storage test") Cc: Roman Gushchin Signed-off-by: Yonghong Song Acked-by: Roman Gushchin Signed-off-by: Alexei Starovoitov commit 022ff62c3d8c3758d15ccc6b58615fd8f257ba85 Merge: f80a71b0c411 3d63a3c14741 Author: Linus Torvalds Date: Fri Aug 17 12:13:15 2018 -0700 Merge tag 'drm-next-2018-08-17-1' of git://anongit.freedesktop.org/drm/drm Pull drm msm support for adreno a6xx from Dave Airlie: "This is the support for new Qualcomm Snapdragon SoCs with the A6xx core. Userspace support is in mesa now" * tag 'drm-next-2018-08-17-1' of git://anongit.freedesktop.org/drm/drm: drm/msm: a6xx: fix spelling mistake: "initalization" -> "initialization" drm/msm: Add A6XX device support drm/msm: update generated headers drm/msm/adreno: Load the firmware before bringing up the hardware drm/msm: Add a helper function to parse clock names commit f80a71b0c4111e26433744721ad68f05c169ad39 Merge: edb0a2000936 0258d7a5e261 Author: Linus Torvalds Date: Fri Aug 17 12:10:22 2018 -0700 Merge tag 'drm-next-2018-08-17' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "First round of fixes for -rc1. I'll follow this up with the msm new hw support pull request. This just has three sets of fixes, some for msm before the new hw, a bunch of AMD fixes (includiing some required firmware changes for new hw), and a set of i915 (+gvt) fixes" * tag 'drm-next-2018-08-17' of git://anongit.freedesktop.org/drm/drm: (30 commits) drm/amdgpu: Use kvmalloc for allocating UVD/VCE/VCN BO backup memory drm/i915: set DP Main Stream Attribute for color range on DDI platforms drm/i915/selftests: Hold rpm for unparking drm/i915: Restore user forcewake domains across suspend drm/i915: Unmask user interrupts writes into HWSP on snb/ivb/vlv/hsw drm/i915/gvt: fix memory leak in intel_vgpu_ioctl() drm/i915/gvt: Off by one in intel_vgpu_write_fence() drm/i915/kvmgt: Fix potential Spectre v1 drm/i915/gvt: return error on cmd access drm/i915/gvt: initialize dmabuf mutex in vgpu_create drm/i915/gvt: fix cleanup sequence in intel_gvt_clean_device drm/amd/display: Guard against null crtc in CRC IRQ drm/amd/display: Pass connector id when executing VBIOS CT drm/amd/display: Check if clock source in use before disabling drm/amd/display: Allow clock sharing b/w HDMI and DVI drm/amd/display: Fix warning observed in mode change on Vega drm/amd/display: fix single link DVI has no display drm/amdgpu/vce: VCE entity initialization relies on ring initializtion drm/amdgpu/uvd: UVD entity initialization relys on ring initialization drm/amdgpu:add VCN booting with firmware loaded by PSP ... commit edb0a20009363ae787bfe0d6fd52abb504f05113 Merge: 5e2d059b52e3 5ad356eabc47 Author: Linus Torvalds Date: Fri Aug 17 11:48:04 2018 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "A couple of arm64 fixes - Fix boot on Hikey-960 by avoiding an IPI with interrupts disabled - Fix address truncation in pfn_valid() implementation" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() arm64: Avoid calling stop_machine() when patching jump labels commit fcedba42d94ecdc14ca13d3797cba1ccbf743fa4 Author: Chaitanya Kulkarni Date: Thu Aug 16 15:45:29 2018 -0700 block: remove duplicate initialization This patch removes the duplicate initialization of q->queue_head in the blk_alloc_queue_node(). This removes the 2nd initialization so that we preserve the initialization order same as declaration present in struct request_queue. Reviewed-by: Omar Sandoval Signed-off-by: Chaitanya Kulkarni Signed-off-by: Jens Axboe commit 5e2d059b52e397d9ac42f4c4d9d9a841887b5818 Merge: d190775206d0 a2dc009afa9a Author: Linus Torvalds Date: Fri Aug 17 11:32:50 2018 -0700 Merge tag 'powerpc-4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc updates from Michael Ellerman: "Notable changes: - A fix for a bug in our page table fragment allocator, where a page table page could be freed and reallocated for something else while still in use, leading to memory corruption etc. The fix reuses pt_mm in struct page (x86 only) for a powerpc only refcount. - Fixes to our pkey support. Several are user-visible changes, but bring us in to line with x86 behaviour and/or fix outright bugs. Thanks to Florian Weimer for reporting many of these. - A series to improve the hvc driver & related OPAL console code, which have been seen to cause hardlockups at times. The hvc driver changes in particular have been in linux-next for ~month. - Increase our MAX_PHYSMEM_BITS to 128TB when SPARSEMEM_VMEMMAP=y. - Remove Power8 DD1 and Power9 DD1 support, neither chip should be in use anywhere other than as a paper weight. - An optimised memcmp implementation using Power7-or-later VMX instructions - Support for barrier_nospec on some NXP CPUs. - Support for flushing the count cache on context switch on some IBM CPUs (controlled by firmware), as a Spectre v2 mitigation. - A series to enhance the information we print on unhandled signals to bring it into line with other arches, including showing the offending VMA and dumping the instructions around the fault. Thanks to: Aaro Koskinen, Akshay Adiga, Alastair D'Silva, Alexey Kardashevskiy, Alexey Spirkov, Alistair Popple, Andrew Donnellan, Aneesh Kumar K.V, Anju T Sudhakar, Arnd Bergmann, Bartosz Golaszewski, Benjamin Herrenschmidt, Bharat Bhushan, Bjoern Noetel, Boqun Feng, Breno Leitao, Bryant G. Ly, Camelia Groza, Christophe Leroy, Christoph Hellwig, Cyril Bur, Dan Carpenter, Daniel Klamt, Darren Stevens, Dave Young, David Gibson, Diana Craciun, Finn Thain, Florian Weimer, Frederic Barrat, Gautham R. Shenoy, Geert Uytterhoeven, Geoff Levand, Guenter Roeck, Gustavo Romero, Haren Myneni, Hari Bathini, Joel Stanley, Jonathan Neuschäfer, Kees Cook, Madhavan Srinivasan, Mahesh Salgaonkar, Markus Elfring, Mathieu Malaterre, Mauro S. M. Rodrigues, Michael Hanselmann, Michael Neuling, Michael Schmitz, Mukesh Ojha, Murilo Opsfelder Araujo, Nicholas Piggin, Parth Y Shah, Paul Mackerras, Paul Menzel, Ram Pai, Randy Dunlap, Rashmica Gupta, Reza Arbab, Rodrigo R. Galvao, Russell Currey, Sam Bobroff, Scott Wood, Shilpasri G Bhat, Simon Guo, Souptick Joarder, Stan Johnson, Thiago Jung Bauermann, Tyrel Datwyler, Vaibhav Jain, Vasant Hegde, Venkat Rao, zhong jiang" * tag 'powerpc-4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (234 commits) powerpc/mm/book3s/radix: Add mapping statistics powerpc/uaccess: Enable get_user(u64, *p) on 32-bit powerpc/mm/hash: Remove unnecessary do { } while(0) loop powerpc/64s: move machine check SLB flushing to mm/slb.c powerpc/powernv/idle: Fix build error powerpc/mm/tlbflush: update the mmu_gather page size while iterating address range powerpc/mm: remove warning about ‘type’ being set powerpc/32: Include setup.h header file to fix warnings powerpc: Move `path` variable inside DEBUG_PROM powerpc/powermac: Make some functions static powerpc/powermac: Remove variable x that's never read cxl: remove a dead branch powerpc/powermac: Add missing include of header pmac.h powerpc/kexec: Use common error handling code in setup_new_fdt() powerpc/xmon: Add address lookup for percpu symbols powerpc/mm: remove huge_pte_offset_and_shift() prototype powerpc/lib: Use patch_site to patch copy_32 functions once cache is enabled powerpc/pseries: Fix endianness while restoring of r3 in MCE handler. powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements powerpc/fadump: handle crash memory ranges array index overflow ... commit d190775206d06397a9309421cac5ba2f2c243521 Merge: 84f5685230c6 9be936f4b3a2 Author: Linus Torvalds Date: Fri Aug 17 10:51:22 2018 -0700 Merge tag 'modules-for-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux Pull modules updates from Jessica Yu: "Summary of modules changes for the 4.19 merge window: - Fix modules kallsyms for livepatch. Livepatch modules can have SHN_UNDEF symbols in their module symbol tables for later symbol resolution, but kallsyms shouldn't be returning these symbols - Some code cleanups and minor reshuffling in load_module() were done to log the module name when module signature verification fails" * tag 'modules-for-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux: kernel/module: Use kmemdup to replace kmalloc+memcpy ARM: module: fix modsign build error modsign: log module name in the event of an error module: replace VMLINUX_SYMBOL_STR() with __stringify() or string literal module: print sensible error code module: setup load info before module_sig_check() module: make it clear when we're handling the module copy in info->hdr module: exclude SHN_UNDEF symbols from kallsyms api commit 84f5685230c6aeb427947a2299dcb54c77863df0 Merge: f19f5c49bbc3 d8dfa59f5a51 Author: Linus Torvalds Date: Fri Aug 17 10:40:09 2018 -0700 Merge tag 'vla-leftovers-v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull VLA removal leftovers from Kees Cook: - bus/imx-weim: Use maximum register count to avoid VLA - drm/i2c/tda9950: Use maximum CEC message size to avoid VLA * tag 'vla-leftovers-v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: bus: imx-weim: Remove VLA usage drm/i2c: tda9950: Remove VLA usage commit f19f5c49bbc3ffcc9126cc245fc1b24cc29f4a37 Author: Sean Christopherson Date: Fri Aug 17 10:27:36 2018 -0700 x86/speculation/l1tf: Exempt zeroed PTEs from inversion It turns out that we should *not* invert all not-present mappings, because the all zeroes case is obviously special. clear_page() does not undergo the XOR logic to invert the address bits, i.e. PTE, PMD and PUD entries that have not been individually written will have val=0 and so will trigger __pte_needs_invert(). As a result, {pte,pmd,pud}_pfn() will return the wrong PFN value, i.e. all ones (adjusted by the max PFN mask) instead of zero. A zeroed entry is ok because the page at physical address 0 is reserved early in boot specifically to mitigate L1TF, so explicitly exempt them from the inversion when reading the PFN. Manifested as an unexpected mprotect(..., PROT_NONE) failure when called on a VMA that has VM_PFNMAP and was mmap'd to as something other than PROT_NONE but never used. mprotect() sends the PROT_NONE request down prot_none_walk(), which walks the PTEs to check the PFNs. prot_none_pte_entry() gets the bogus PFN from pte_pfn() and returns -EACCES because it thinks mprotect() is trying to adjust a high MMIO address. [ This is a very modified version of Sean's original patch, but all credit goes to Sean for doing this and also pointing out that sometimes the __pte_needs_invert() function only gets the protection bits, not the full eventual pte. But zero remains special even in just protection bits, so that's ok. - Linus ] Fixes: f22cc87f6c1f ("x86/speculation/l1tf: Invert all not present mappings") Signed-off-by: Sean Christopherson Acked-by: Andi Kleen Cc: Thomas Gleixner Cc: Josh Poimboeuf Cc: Michal Hocko Cc: Vlastimil Babka Cc: Dave Hansen Cc: Greg Kroah-Hartman Signed-off-by: Linus Torvalds commit b0e5c29426940bd6f137b6a3222fe87766323ae5 Merge: 2645b9d1a49c 1e1132ea21da Author: Linus Torvalds Date: Fri Aug 17 09:52:15 2018 -0700 Merge tag 'for-4.19/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper updates from Mike Snitzer: - A couple stable fixes for the DM writecache target. - A stable fix for the DM cache target that fixes the potential for data corruption after an unclean shutdown of a cache device using writeback mode. - Update DM integrity target to allow the metadata to be stored on a separate device from data. - Fix DM kcopyd and the snapshot target to cond_resched() where appropriate and be more efficient with processing completed work. - A few fixes and improvements for DM crypt. - Add DM delay target feature to configure delay of flushes independent of writes. - Update DM thin-provisioning target to include metadata_low_watermark threshold in pool status. - Fix stale DM thin-provisioning Documentation. * tag 'for-4.19/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: (26 commits) dm writecache: fix a crash due to reading past end of dirty_bitmap dm crypt: don't decrease device limits dm cache metadata: set dirty on all cache blocks after a crash dm snapshot: remove stale FIXME in snapshot_map() dm snapshot: improve performance by switching out_of_order_list to rbtree dm kcopyd: avoid softlockup in run_complete_job dm cache metadata: save in-core policy_hint_size to on-disk superblock dm thin: stop no_space_timeout worker when switching to write-mode dm kcopyd: return void from dm_kcopyd_copy() dm thin: include metadata_low_watermark threshold in pool status dm writecache: report start_sector in status line dm crypt: convert essiv from ahash to shash dm crypt: use wake_up_process() instead of a wait queue dm integrity: recalculate checksums on creation dm integrity: flush journal on suspend when using separate metadata device dm integrity: use version 2 for separate metadata dm integrity: allow separate metadata device dm integrity: add ic->start in get_data_sector() dm integrity: report provided data sectors in the status dm integrity: implement fair range locks ... commit 2645b9d1a49c2c2cf23895657bdf9a56e07a4da8 Merge: 46e62a072a82 4d97f7d53da7 Author: Linus Torvalds Date: Fri Aug 17 09:41:28 2018 -0700 Merge tag 'fsnotify_for_v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull fsnotify updates from Jan Kara: "fsnotify cleanups from Amir and a small inotify improvement" * tag 'fsnotify_for_v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: inotify: Add flag IN_MASK_CREATE for inotify_add_watch() fanotify: factor out helpers to add/remove mark fsnotify: add helper to get mask from connector fsnotify: let connector point to an abstract object fsnotify: pass connp and object type to fsnotify_add_mark() fsnotify: use typedef fsnotify_connp_t for brevity commit 46e62a072a8254e9e3765fdc999aba325b7918df Merge: 5c60a7389d79 fe2c32545bfc Author: Linus Torvalds Date: Fri Aug 17 09:38:39 2018 -0700 Merge tag 'for_v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull UDF and ext2 update from Jan Kara. * tag 'for_v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: ext2: use ktime_get_real_seconds for timestamps udf: convert inode stamps to timespec64 commit 8ecebf4d767e2307a946c8905278d6358eda35c3 Author: Robbie Ko Date: Mon Aug 6 10:30:30 2018 +0800 Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space Commit e9894fd3e3b3 ("Btrfs: fix snapshot vs nocow writting") forced nocow writes to fallback to COW, during writeback, when a snapshot is created. This resulted in writes made before creating the snapshot to unexpectedly fail with ENOSPC during writeback when success (0) was returned to user space through the write system call. The steps leading to this problem are: 1. When it's not possible to allocate data space for a write, the buffered write path checks if a NOCOW write is possible. If it is, it will not reserve space and success (0) is returned to user space. 2. Then when a snapshot is created, the root's will_be_snapshotted atomic is incremented and writeback is triggered for all inode's that belong to the root being snapshotted. Incrementing that atomic forces all previous writes to fallback to COW during writeback (running delalloc). 3. This results in the writeback for the inodes to fail and therefore setting the ENOSPC error in their mappings, so that a subsequent fsync on them will report the error to user space. So it's not a completely silent data loss (since fsync will report ENOSPC) but it's a very unexpected and undesirable behaviour, because if a clean shutdown/unmount of the filesystem happens without previous calls to fsync, it is expected to have the data present in the files after mounting the filesystem again. So fix this by adding a new atomic named snapshot_force_cow to the root structure which prevents this behaviour and works the following way: 1. It is incremented when we start to create a snapshot after triggering writeback and before waiting for writeback to finish. 2. This new atomic is now what is used by writeback (running delalloc) to decide whether we need to fallback to COW or not. Because we incremented this new atomic after triggering writeback in the snapshot creation ioctl, we ensure that all buffered writes that happened before snapshot creation will succeed and not fallback to COW (which would make them fail with ENOSPC). 3. The existing atomic, will_be_snapshotted, is kept because it is used to force new buffered writes, that start after we started snapshotting, to reserve data space even when NOCOW is possible. This makes these writes fail early with ENOSPC when there's no available space to allocate, preventing the unexpected behaviour of writeback later failing with ENOSPC due to a fallback to COW mode. Fixes: e9894fd3e3b3 ("Btrfs: fix snapshot vs nocow writting") Signed-off-by: Robbie Ko Reviewed-by: Filipe Manana Signed-off-by: David Sterba commit 9e0d5c451f9e559dd06af3fff49a0d2068c634c4 Author: Helge Deller Date: Fri Aug 17 17:00:08 2018 +0200 parisc: Consolidate unwind initialization calls Signed-off-by: Helge Deller commit 54c770da992387abfa7df4817404d000ef034fa8 Author: Helge Deller Date: Thu Aug 16 22:36:26 2018 +0200 parisc: Update comments in syscall.S regarding wide userland We do support running 64-bit userspace processes, although there isn't yet full gcc and glibc support. Anyway, fix the comments to reflect the reality. Signed-off-by: Helge Deller commit b6fc0cccb6b35815a7d1cfc9279cdbfc2c61d00d Author: Helge Deller Date: Thu Aug 16 22:33:04 2018 +0200 parisc: Fix ptraced 64-bit applications to call 64-bit syscalls Fix the strace code path to call 64-bit syscalls in case we are executing by a 64-bit application. Signed-off-by: Helge Deller commit 5b00ca0b8035e49ef7c466e959c5cb457a654351 Author: Helge Deller Date: Thu Aug 16 22:39:50 2018 +0200 parisc: Restore possibility to execute 64-bit applications Executing 64-bit applications was broken. This patch restores this support and cleans up some code paths. Signed-off-by: Helge Deller commit 0ef8e3bb974af56346b34393e643d491d9141c66 Author: Tony Lindgren Date: Wed Aug 8 01:07:05 2018 -0700 bus: ti-sysc: Fix module register ioremap for larger offsets We can have the interconnect target module control registers pretty much anywhere within the module range. The current code attempts an incomplete optimization of the ioremap size but does it wrong and it only works for registers at the beginning of the module. Let's just use the largest control register to calculate the ioremap size. The ioremapped range is for most part cached anyways so there is no need for size optimization. Let's also update the comments accordingly. Fixes: 0eecc636e5a2 ("bus: ti-sysc: Add minimal TI sysc interconnect target driver") Signed-off-by: Tony Lindgren commit 1dbcb97c656eed1a244c960b8b3a469c3d20ce7b Author: Tony Lindgren Date: Wed Aug 8 01:07:04 2018 -0700 ARM: OMAP2+: Fix module address for modules using mpu_rt_idx If we use device tree data for a module interconnect target we want to map the control registers from the module start. Legacy hwmod platform data however is using child IP offsets for cpsw module with mpu_rt_idx. In cases where we have the interconnect target module already using device tree data with legacy hwmod platform data still around, the sysc register area is not adjusted for mpu_rt_idx causing wrong registers being accessed. Let's fix the issue for mixed dts and platform data mode by ioremapping the module registers using child IP offset if mpu_rt_idx is set. For device tree only data there's no reason to use mpu_rt_idx. Fixes: 6c72b3550672 ("ARM: OMAP2+: Parse module IO range from dts for legacy "ti,hwmods" support") Signed-off-by: Tony Lindgren commit 4769c003e0fcff0ee001a9102e2605bdaa5880f0 Author: Tony Lindgren Date: Wed Aug 8 01:07:03 2018 -0700 ARM: OMAP2+: Fix null hwmod for ti-sysc debug We may call omap_hwmod_parse_module_range() with no hwmod allocated yet and may have debug enabled. Let's fix this by checking for hwmod before trying to use it's name. Fixes: 6c72b3550672 ("ARM: OMAP2+: Parse module IO range from dts for legacy Signed-off-by: Tony Lindgren commit b748f2de4b2f578599f46c6000683a8da755bf68 Author: Takashi Iwai Date: Fri Aug 10 16:14:26 2018 +0200 EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] The edac_mem_types[] array misses a MEM_LRDDR4 entry, which leads to NULL pointer dereference when accessed via sysfs or such. Signed-off-by: Takashi Iwai Cc: Mauro Carvalho Chehab Cc: Yazen Ghannam Cc: linux-edac Cc: Link: http://lkml.kernel.org/r/20180810141426.8918-1-tiwai@suse.de Fixes: 1e8096bb2031 ("EDAC: Add LRDDR4 DRAM type") Signed-off-by: Borislav Petkov commit 3257d86182cc27eda83d6854787256641f7c574b Merge: baab8537a12b e49756544a21 Author: Vinod Koul Date: Fri Aug 17 18:00:29 2018 +0530 Merge branch 'topic/pl330' into for-linus commit baab8537a12b108d7a37c0618f3438117aecb09b Merge: 4d4424823951 0f06c0275588 Author: Vinod Koul Date: Fri Aug 17 17:59:27 2018 +0530 Merge branch 'topic/imx' into for-linus commit 4d44248239510de89d48f22a4f52bd6f2883ad2f Merge: de764fdc9b42 0894aa28aece Author: Vinod Koul Date: Fri Aug 17 17:59:01 2018 +0530 Merge branch 'topic/xilinx' into for-linus commit de764fdc9b42756dfde5db23e917587d6f7ebd9f Merge: 89b7e78fb22a 90ec93cb6bca Author: Vinod Koul Date: Fri Aug 17 17:58:50 2018 +0530 Merge branch 'topic/ste' into for-linus commit 89b7e78fb22a59fe96f07b87afaec1d5b60f8484 Merge: 35e0db66a88d 218c21043d00 Author: Vinod Koul Date: Fri Aug 17 17:58:44 2018 +0530 Merge branch 'topic/renesas' into for-linus commit 35e0db66a88de30a2d069248f6357cb9f125892f Merge: e48696fb2076 47e20577c24d Author: Vinod Koul Date: Fri Aug 17 17:58:40 2018 +0530 Merge branch 'topic/owl' into for-linus commit e48696fb207645ca381aa77a15d00fbf2aaf4086 Merge: 531dabc7a629 38fce264b12b Author: Vinod Koul Date: Fri Aug 17 17:58:31 2018 +0530 Merge branch 'topic/nbpfaxi' into for-linus commit 531dabc7a62919035f84ec994b21adbcffa7f519 Merge: 2cc50b9f92dc 4bcde3a53edd Author: Vinod Koul Date: Fri Aug 17 17:58:24 2018 +0530 Merge branch 'topic/mv_xor' into for-linus commit 2cc50b9f92dc55a0f8c379a48893d8afde33628b Merge: d3df935e35f5 4cb0e6011216 Author: Vinod Koul Date: Fri Aug 17 17:58:07 2018 +0530 Merge branch 'topic/ioat' into for-linus commit d3df935e35f5be0cf2647e281bda60214c92dc79 Merge: d0c993f6acaf bbacb8e78a3b Author: Vinod Koul Date: Fri Aug 17 17:57:59 2018 +0530 Merge branch 'topic/intel' into for-linus commit d0c993f6acafb8e30000192c837aa7337de68d3b Merge: f6206f00d8c5 89a7e2f75285 Author: Vinod Koul Date: Fri Aug 17 17:57:48 2018 +0530 Merge branch 'topic/async_tx' into for-linus commit 340fd4cff43f18bace9358d4decdc9b6ed0715be Author: Randy Dunlap Date: Wed Aug 15 09:12:07 2018 -0700 platform/x86: intel_punit_ipc: fix build errors Fix build errors by #including . ../drivers/platform/x86/intel_punit_ipc.c: In function 'ipc_read_status': ../drivers/platform/x86/intel_punit_ipc.c:55:2: error: implicit declaration of function 'readl' [-Werror=implicit-function-declaration] return readl(ipcdev->base[type][BASE_IFACE]); ../drivers/platform/x86/intel_punit_ipc.c: In function 'ipc_write_cmd': ../drivers/platform/x86/intel_punit_ipc.c:60:2: error: implicit declaration of function 'writel' [-Werror=implicit-function-declaration] writel(cmd, ipcdev->base[type][BASE_IFACE]); Fixes: 447ae3166702 ("x86: Don't include linux/irq.h from asm/hardirq.h") Signed-off-by: Randy Dunlap Cc: Zha Qipeng Cc: platform-driver-x86@vger.kernel.org Signed-off-by: Andy Shevchenko commit 5ad356eabc47d26a92140a0c4b20eba471c10de3 Author: Greg Hackmann Date: Wed Aug 15 12:51:21 2018 -0700 arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() ARM64's pfn_valid() shifts away the upper PAGE_SHIFT bits of the input before seeing if the PFN is valid. This leads to false positives when some of the upper bits are set, but the lower bits match a valid PFN. For example, the following userspace code looks up a bogus entry in /proc/kpageflags: int pagemap = open("/proc/self/pagemap", O_RDONLY); int pageflags = open("/proc/kpageflags", O_RDONLY); uint64_t pfn, val; lseek64(pagemap, [...], SEEK_SET); read(pagemap, &pfn, sizeof(pfn)); if (pfn & (1UL << 63)) { /* valid PFN */ pfn &= ((1UL << 55) - 1); /* clear flag bits */ pfn |= (1UL << 55); lseek64(pageflags, pfn * sizeof(uint64_t), SEEK_SET); read(pageflags, &val, sizeof(val)); } On ARM64 this causes the userspace process to crash with SIGSEGV rather than reading (1 << KPF_NOPAGE). kpageflags_read() treats the offset as valid, and stable_page_flags() will try to access an address between the user and kernel address ranges. Fixes: c1cc1552616d ("arm64: MMU initialisation") Cc: stable@vger.kernel.org Signed-off-by: Greg Hackmann Signed-off-by: Will Deacon commit f6cc0c50164994afd538911603b4a8f8029aeba7 Author: Will Deacon Date: Thu Aug 16 11:45:50 2018 +0100 arm64: Avoid calling stop_machine() when patching jump labels Patching a jump label involves patching a single instruction at a time, swizzling between a branch and a NOP. The architecture treats these instructions specially, so a concurrently executing CPU is guaranteed to see either the NOP or the branch, rather than an amalgamation of the two instruction encodings. However, in order to guarantee that the new instruction is visible, it is necessary to send an IPI to the concurrently executing CPU so that it discards any previously fetched instructions from its pipeline. This operation therefore cannot be completed from a context with IRQs disabled, but this is exactly what happens on the jump label path where the hotplug lock is held and irqs are subsequently disabled by stop_machine_cpuslocked(). This results in a deadlock during boot on Hikey-960. Due to the architectural guarantees around patching NOPs and branches, we don't actually need to stop_machine() at all on the jump label path, so we can avoid the deadlock by using the "nosync" variant of our instruction patching routine. Fixes: 693350a79980 ("arm64: insn: Don't fallback on nosync path for general insn patching") Reported-by: Tuomas Tynkkynen Reported-by: John Stultz Tested-by: Valentin Schneider Tested-by: Tuomas Tynkkynen Tested-by: John Stultz Signed-off-by: Will Deacon commit 9d64b539b738fc181442caab95f1f76d9bd58539 Author: Rafael J. Wysocki Date: Thu Aug 16 12:56:46 2018 +0200 PCI / ACPI / PM: Resume all bridges on suspend-to-RAM Commit 26112ddc254c (PCI / ACPI / PM: Resume bridges w/o drivers on suspend-to-RAM) attempted to fix a functional regression resulting from commit c62ec4610c40 (PM / core: Fix direct_complete handling for devices with no callbacks) by resuming PCI bridges without drivers (that is, "parallel PCI" ones) during system-wide suspend if the target system state is not ACPI S0 (working state). That turns out insufficient, however, as it is reported that, at least in one case, the platform firmware gets confused if a PCIe root port is suspended before entering the ACPI S3 sleep state. That issue was exposed by commit 77b3729ca03 (PCI / PM: Use SMART_SUSPEND and LEAVE_SUSPENDED flags for PCIe ports) that allowed PCIe ports to stay in runtime suspend during system-wide suspend (which is OK for suspend-to-idle, but turns out to be problematic otherwise). For this reason, drop the driver check from acpi_pci_need_resume() and resume all bridges (including PCIe ports with drivers) during system-wide suspend if the target system state is not ACPI S0. [If the target system state is ACPI S0, it means suspend-to-idle and the platform firmware is not going to be invoked to actually suspend the system, so there is no need to resume the bridges in that case.] Fixes: 77b3729ca03 (PCI / PM: Use SMART_SUSPEND and LEAVE_SUSPENDED flags for PCIe ports) Link: https://bugzilla.kernel.org/show_bug.cgi?id=200675 Reported-by: teika kazura Tested-by: teika kazura Reviewed-by: Mika Westerberg Acked-by: Bjorn Helgaas Cc: 4.16+ # 4.16+: 26112ddc254c (PCI / ACPI / PM: Resume bridges ...) Signed-off-by: Rafael J. Wysocki commit 3d63a3c14741ed015948943076f3c6a2f2cd7b27 Merge: 0258d7a5e261 546907de9952 Author: Dave Airlie Date: Fri Aug 17 10:46:45 2018 +1000 Merge tag 'drm-msm-next-2018-08-10' of git://people.freedesktop.org/~robclark/linux into drm-next An optional follow-on PR for 4.19, on top of previous -fixes PR, which brings in a6xx support. These patches have been on list since earlier in the year (mostly waiting for userspace). They have been in linux-next since earlier in the week, now that we have freedreno userspace working on a6xx[1][2]. So far glmark2, Chromium/ChromiumOS, gnome-shell, glamor, xonotic, etc, are working. And a healthy chuck of deqp works, and I've been busy fixing things. The needed libdrm changes (no new uapi changes needed) are already on master, and the 2nd branch is rebased on that. Signed-off-by: Dave Airlie From: Rob Clark Link: https://patchwork.freedesktop.org/patch/msgid/CAF6AEGuCKekZ2Dho80qxODT1BEUGg4hbq33ACUy5VXs3dHbDLA@mail.gmail.com commit b2201ee554a5811f569f31280b0079e7d6177606 Author: Bartosz Golaszewski Date: Thu Jun 21 09:37:03 2018 +0200 remoteproc/davinci: use the reset framework Switch to using the reset framework instead of handcoded reset routines we used so far. Reviewed-by: Sekhar Nori Reviewed-by: Philipp Zabel Signed-off-by: Bartosz Golaszewski Signed-off-by: Bjorn Andersson commit 0258d7a5e261b3ce0d730f6f8f66f833058ce2b6 Merge: 637319c67849 4795ac626a2f Author: Dave Airlie Date: Fri Aug 17 09:26:51 2018 +1000 Merge tag 'drm-intel-next-fixes-2018-08-16-1' of git://anongit.freedesktop.org/drm/drm-intel into drm-next Fixes for: - DP full color range. - selftest for gem_object - forcewake on suspend - GPU reset This also include accumulated fixes from GVT: - Fix an error code in gvt_dma_map_page() (Dan) - Fix off by one error in intel_vgpu_write_fence() (Dan) - Fix potential Spectre v1 (Gustavo) - Fix workload free in vgpu release (Henry) - Fix cleanup sequence in intel_gvt_clean_device (Henry) - dmabuf mutex init place fix (Henry) - possible memory leak in intel_vgpu_ioctl() err path (Yi) - return error on cmd access check failure (Yan) Signed-off-by: Dave Airlie From: Rodrigo Vivi Link: https://patchwork.freedesktop.org/patch/msgid/20180816190335.GA7765@intel.com commit 637319c67849baceea6ba466e62b70f9e674d85b Merge: d32e2c6de78f c9533d1bca33 Author: Dave Airlie Date: Fri Aug 17 09:26:07 2018 +1000 Merge branch 'drm-next-4.19' of git://people.freedesktop.org/~agd5f/linux into drm-next Fixes for 4.19: - Add VCN PSP FW loading for RV (this is required on upcoming parts) - Fix scheduler setup ordering for VCE and UVD - Few misc display fixes Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20180816181840.2786-1-alexander.deucher@amd.com commit d32e2c6de78f7be0b6ddc0f5267d17fe0cb1bbc1 Merge: 557ce95051c8 77a209cd7153 Author: Dave Airlie Date: Fri Aug 17 09:24:46 2018 +1000 Merge tag 'drm-msm-fixes-2018-08-10' of git://people.freedesktop.org/~robclark/linux into drm-next Some small msm fixes. Signed-off-by: Dave Airlie From: Rob Clark Link: https://patchwork.freedesktop.org/patch/msgid/CAF6AEGuZE0VEpatrtxGZtUB6FaQYr6Gf07UVpMsD15ook+5_WQ@mail.gmail.com commit bb730b5833b5bddf5cb226865e5f4496770d00b0 Author: Steven Rostedt (VMware) Date: Thu Aug 16 11:26:55 2018 -0400 tracing: Fix SPDX format headers to use C++ style comments The Linux kernel adopted the SPDX License format headers to ease license compliance management, and uses the C++ '//' style comments for the SPDX header tags. Some files in the tracing directory used the C style /* */ comments for them. To be consistent across all files, replace the /* */ C style SPDX tags with the C++ // SPDX tags. Signed-off-by: Steven Rostedt (VMware) commit bcea3f96e11cf2f0232d851e0fdb854f5ada425a Author: Steven Rostedt (VMware) Date: Thu Aug 16 11:23:53 2018 -0400 tracing: Add SPDX License format tags to tracing files Add the SPDX License header to ease license compliance management. Signed-off-by: Steven Rostedt (VMware) commit 179a0cc4e0e14216b3c46b5538436532cb9ed39a Author: Steven Rostedt (VMware) Date: Thu Aug 16 11:20:54 2018 -0400 tracing: Add SPDX License format to bpf_trace.c Add the SPDX License header to ease license compliance management. Acked-by: Alexei Starovoitov Acked-by: Daniel Borkmann Signed-off-by: Steven Rostedt (VMware) commit cbb2fb13db3209cf4264aa5f76393a12add91315 Merge: 965931e3a803 585f5a6252ee Author: Alexei Starovoitov Date: Thu Aug 16 14:58:08 2018 -0700 Merge branch 'sockmap-ulp-fixes' Daniel Borkmann says: ==================== Batch of various fixes related to BPF sockmap and ULP, including adding module alias to restrict module requests, races and memory leaks in sockmap code. For details please refer to the individual patches. Thanks! ==================== Signed-off-by: Alexei Starovoitov commit 585f5a6252ee43ec8feeee07387e3fcc7e8bb292 Author: Daniel Borkmann Date: Thu Aug 16 21:49:10 2018 +0200 bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist The current code in sock_map_ctx_update_elem() allows for BPF_EXIST and BPF_NOEXIST map update flags. While on array-like maps this approach is rather uncommon, e.g. bpf_fd_array_map_update_elem() and others enforce map update flags to be BPF_ANY such that xchg() can be used directly, the current implementation in sock map does not guarantee that such operation with BPF_EXIST / BPF_NOEXIST is atomic. The initial test does a READ_ONCE(stab->sock_map[i]) to fetch the socket from the slot which is then tested for NULL / non-NULL. However later after __sock_map_ctx_update_elem(), the actual update is done through osock = xchg(&stab->sock_map[i], sock). Problem is that in the meantime a different CPU could have updated / deleted a socket on that specific slot and thus flag contraints won't hold anymore. I've been thinking whether best would be to just break UAPI and do an enforcement of BPF_ANY to check if someone actually complains, however trouble is that already in BPF kselftest we use BPF_NOEXIST for the map update, and therefore it might have been copied into applications already. The fix to keep the current behavior intact would be to add a map lock similar to the sock hash bucket lock only for covering the whole map. Fixes: 174a79ff9515 ("bpf: sockmap with sk redirect support") Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Acked-by: Song Liu Signed-off-by: Alexei Starovoitov commit 166ab6f0a0702fdd4d865ad5090bf3094ed83428 Author: Daniel Borkmann Date: Thu Aug 16 21:49:09 2018 +0200 bpf, sockmap: fix map elem deletion race with smap_stop_sock The smap_start_sock() and smap_stop_sock() are each protected under the sock->sk_callback_lock from their call-sites except in the case of sock_map_delete_elem() where we drop the old socket from the map slot. This is racy because the same sock could be part of multiple sock maps, so we run smap_stop_sock() in parallel, and given at that point psock->strp_enabled might be true on both CPUs, we might for example wrongly restore the sk->sk_data_ready / sk->sk_write_space. Therefore, hold the sock->sk_callback_lock as well on delete. Looks like 2f857d04601a ("bpf: sockmap, remove STRPARSER map_flags and add multi-map support") had this right, but later on e9db4ef6bf4c ("bpf: sockhash fix omitted bucket lock in sock_close") removed it again from delete leaving this smap_stop_sock() instance unprotected. Fixes: e9db4ef6bf4c ("bpf: sockhash fix omitted bucket lock in sock_close") Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Acked-by: Song Liu Signed-off-by: Alexei Starovoitov commit d40b0116c94bd8fc2b63aae35ce8e66bb53bba42 Author: Daniel Borkmann Date: Thu Aug 16 21:49:08 2018 +0200 bpf, sockmap: fix leakage of smap_psock_map_entry While working on sockmap I noticed that we do not always kfree the struct smap_psock_map_entry list elements which track psocks attached to maps. In the case of sock_hash_ctx_update_elem(), these map entries are allocated outside of __sock_map_ctx_update_elem() with their linkage to the socket hash table filled. In the case of sock array, the map entries are allocated inside of __sock_map_ctx_update_elem() and added with their linkage to the psock->maps. Both additions are under psock->maps_lock each. Now, we drop these elements from their psock->maps list in a few occasions: i) in sock array via smap_list_map_remove() when an entry is either deleted from the map from user space, or updated via user space or BPF program where we drop the old socket at that map slot, or the sock array is freed via sock_map_free() and drops all its elements; ii) for sock hash via smap_list_hash_remove() in exactly the same occasions as just described for sock array; iii) in the bpf_tcp_close() where we remove the elements from the list via psock_map_pop() and iterate over them dropping themselves from either sock array or sock hash; and last but not least iv) once again in smap_gc_work() which is a callback for deferring the work once the psock refcount hit zero and thus the socket is being destroyed. Problem is that the only case where we kfree() the list entry is in case iv), which at that point should have an empty list in normal cases. So in cases from i) to iii) we unlink the elements without freeing where they go out of reach from us. Hence fix is to properly kfree() them as well to stop the leakage. Given these are all handled under psock->maps_lock there is no need for deferred RCU freeing. I later also ran with kmemleak detector and it confirmed the finding as well where in the state before the fix the object goes unreferenced while after the patch no kmemleak report related to BPF showed up. [...] unreferenced object 0xffff880378eadae0 (size 64): comm "test_sockmap", pid 2225, jiffies 4294720701 (age 43.504s) hex dump (first 32 bytes): 00 01 00 00 00 00 ad de 00 02 00 00 00 00 ad de ................ 50 4d 75 5d 03 88 ff ff 00 00 00 00 00 00 00 00 PMu]............ backtrace: [<000000005225ac3c>] sock_map_ctx_update_elem.isra.21+0xd8/0x210 [<0000000045dd6d3c>] bpf_sock_map_update+0x29/0x60 [<00000000877723aa>] ___bpf_prog_run+0x1e1f/0x4960 [<000000002ef89e83>] 0xffffffffffffffff unreferenced object 0xffff880378ead240 (size 64): comm "test_sockmap", pid 2225, jiffies 4294720701 (age 43.504s) hex dump (first 32 bytes): 00 01 00 00 00 00 ad de 00 02 00 00 00 00 ad de ................ 00 44 75 5d 03 88 ff ff 00 00 00 00 00 00 00 00 .Du]............ backtrace: [<000000005225ac3c>] sock_map_ctx_update_elem.isra.21+0xd8/0x210 [<0000000030e37a3a>] sock_map_update_elem+0x125/0x240 [<000000002e5ce36e>] map_update_elem+0x4eb/0x7b0 [<00000000db453cc9>] __x64_sys_bpf+0x1f9/0x360 [<0000000000763660>] do_syscall_64+0x9a/0x300 [<00000000422a2bb2>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [<000000002ef89e83>] 0xffffffffffffffff [...] Fixes: e9db4ef6bf4c ("bpf: sockhash fix omitted bucket lock in sock_close") Fixes: 54fedb42c653 ("bpf: sockmap, fix smap_list_map_remove when psock is in many maps") Fixes: 2f857d04601a ("bpf: sockmap, remove STRPARSER map_flags and add multi-map support") Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Acked-by: Song Liu Signed-off-by: Alexei Starovoitov commit 90545cdc3f2b2ea700e24335610cd181e73756da Author: Daniel Borkmann Date: Thu Aug 16 21:49:07 2018 +0200 tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach I found that in BPF sockmap programs once we either delete a socket from the map or we updated a map slot and the old socket was purged from the map that these socket can never get reattached into a map even though their related psock has been dropped entirely at that point. Reason is that tcp_cleanup_ulp() leaves the old icsk->icsk_ulp_ops intact, so that on the next tcp_set_ulp_id() the kernel returns an -EEXIST thinking there is still some active ULP attached. BPF sockmap is the only one that has this issue as the other user, kTLS, only calls tcp_cleanup_ulp() from tcp_v4_destroy_sock() whereas sockmap semantics allow dropping the socket from the map with all related psock state being cleaned up. Fixes: 1aa12bdf1bfb ("bpf: sockmap, add sock close() hook to remove socks") Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Acked-by: Song Liu Signed-off-by: Alexei Starovoitov commit 037b0b86ecf5646f8eae777d8b52ff8b401692ec Author: Daniel Borkmann Date: Thu Aug 16 21:49:06 2018 +0200 tcp, ulp: add alias for all ulp modules Lets not turn the TCP ULP lookup into an arbitrary module loader as we only intend to load ULP modules through this mechanism, not other unrelated kernel modules: [root@bar]# cat foo.c #include #include #include #include int main(void) { int sock = socket(PF_INET, SOCK_STREAM, 0); setsockopt(sock, IPPROTO_TCP, TCP_ULP, "sctp", sizeof("sctp")); return 0; } [root@bar]# gcc foo.c -O2 -Wall [root@bar]# lsmod | grep sctp [root@bar]# ./a.out [root@bar]# lsmod | grep sctp sctp 1077248 4 libcrc32c 16384 3 nf_conntrack,nf_nat,sctp [root@bar]# Fix it by adding module alias to TCP ULP modules, so probing module via request_module() will be limited to tcp-ulp-[name]. The existing modules like kTLS will load fine given tcp-ulp-tls alias, but others will fail to load: [root@bar]# lsmod | grep sctp [root@bar]# ./a.out [root@bar]# lsmod | grep sctp [root@bar]# Sockmap is not affected from this since it's either built-in or not. Fixes: 734942cc4ea6 ("tcp: ULP infrastructure") Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Acked-by: Song Liu Signed-off-by: Alexei Starovoitov commit 50f7ccc64750610f57983720613713b2c14f0e9c Author: Rafael J. Wysocki Date: Thu Aug 16 12:55:01 2018 +0200 cpuidle: menu: Update stale polling override comment The comment to explain why the menu governor uses idle state 1 instead of idle state 0 as the first one sometimes is stale (among other things it mentions a user setting not present any more), so update it. Signed-off-by: Rafael J. Wysocki commit 2a3eb51e30b9ac66fe1b75877627a7e4aaeca24a Author: Henry Willard Date: Tue Aug 14 17:01:02 2018 -0700 cpufreq: governor: Avoid accessing invalid governor_data If cppc_cpufreq.ko is deleted at the same time that tuned-adm is changing profiles, there is a small chance that a race can occur between cpufreq_dbs_governor_exit() and cpufreq_dbs_governor_limits() resulting in a system failure when the latter tries to use policy->governor_data that has been freed by the former. This patch uses gov_dbs_data_mutex to synchronize access. Fixes: e788892ba3cc (cpufreq: governor: Get rid of governor events) Signed-off-by: Henry Willard [ rjw: Subject, minor white space adjustment ] Cc: 4.8+ # 4.8+ Signed-off-by: Rafael J. Wysocki commit 0a3173a5f09bc58a3638ecfd0a80bdbae55e123c Merge: 92f4e77c8591 5c60a7389d79 Author: Jason Gunthorpe Date: Thu Aug 16 14:13:03 2018 -0600 Merge branch 'linus/master' into rdma.git for-next rdma.git merge resolution for the 4.19 merge window Conflicts: drivers/infiniband/core/rdma_core.c - Use the rdma code and revise with the new spelling for atomic_fetch_add_unless drivers/nvme/host/rdma.c - Replace max_sge with max_send_sge in new blk code drivers/nvme/target/rdma.c - Use the blk code and revise to use NULL for ib_post_recv when appropriate - Replace max_sge with max_recv_sge in new blk code net/rds/ib_send.c - Use the net code and revise to use NULL for ib_post_recv when appropriate Signed-off-by: Jason Gunthorpe commit 5198a48381455969aa1053a0ca2e4ce409be2fc2 Merge: 3d779180c692 cc44ba91166b Author: Sebastian Reichel Date: Thu Aug 16 22:19:22 2018 +0200 Merge branch 'psy-fixes' into psy-next Signed-off-by: Sebastian Reichel commit 757d9140072054528b13bbe291583d9823cde195 Author: Steven Rostedt (VMware) Date: Thu Aug 16 16:08:37 2018 -0400 tracing/blktrace: Fix to allow setting same value Masami Hiramatsu reported: Current trace-enable attribute in sysfs returns an error if user writes the same setting value as current one, e.g. # cat /sys/block/sda/trace/enable 0 # echo 0 > /sys/block/sda/trace/enable bash: echo: write error: Invalid argument # echo 1 > /sys/block/sda/trace/enable # echo 1 > /sys/block/sda/trace/enable bash: echo: write error: Device or resource busy But this is not a preferred behavior, it should ignore if new setting is same as current one. This fixes the problem as below. # cat /sys/block/sda/trace/enable 0 # echo 0 > /sys/block/sda/trace/enable # echo 1 > /sys/block/sda/trace/enable # echo 1 > /sys/block/sda/trace/enable Link: http://lkml.kernel.org/r/20180816103802.08678002@gandalf.local.home Cc: Ingo Molnar Cc: Jens Axboe Cc: linux-block@vger.kernel.org Cc: stable@vger.kernel.org Fixes: cd649b8bb830d ("blktrace: remove sysfs_blk_trace_enable_show/store()") Reported-by: Masami Hiramatsu Tested-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Jens Axboe commit 566484a9e84c89d9875e8d5d1aac3dbc2d8f0ff4 Author: Jens Axboe Date: Thu Aug 16 14:09:28 2018 -0600 pktcdvd: fix setting of 'ret' error return for a few cases We initialize it to -ENOMEM, but then later overwrite it. After overwriting, we don't set it again for two later failure cases. Reported-by: Jason Wood Signed-off-by: Jens Axboe commit 92f4e77c85918eab5e5803d7e28ab89a7e6bd3a2 Author: Jason Gunthorpe Date: Wed Aug 15 16:52:58 2018 -0600 Revert "net/smc: Replace ib_query_gid with rdma_get_gid_attr" This reverts commit ddb457c6993babbcdd41fca638b870d2a2fc3941. The include rdma/ib_cache.h is kept, and we have to add a memset to the compat wrapper to avoid compiler warnings in gcc-7 This revert is done to avoid extensive merge conflicts with SMC changes in netdev during the 4.19 merge window. Signed-off-by: Jason Gunthorpe commit 965931e3a803a506482616f89239eff6901c17b8 Author: Yonghong Song Date: Tue Aug 14 11:01:12 2018 -0700 bpf: fix a rcu usage warning in bpf_prog_array_copy_core() Commit 394e40a29788 ("bpf: extend bpf_prog_array to store pointers to the cgroup storage") refactored the bpf_prog_array_copy_core() to accommodate new structure bpf_prog_array_item which contains bpf_prog array itself. In the old code, we had perf_event_query_prog_array(): mutex_lock(...) bpf_prog_array_copy_call(): prog = rcu_dereference_check(array, 1)->progs bpf_prog_array_copy_core(prog, ...) mutex_unlock(...) With the above commit, we had perf_event_query_prog_array(): mutex_lock(...) bpf_prog_array_copy_call(): bpf_prog_array_copy_core(array, ...): item = rcu_dereference(array)->items; ... mutex_unlock(...) The new code will trigger a lockdep rcu checking warning. The fix is to change rcu_dereference() to rcu_dereference_check() to prevent such a warning. Reported-by: syzbot+6e72317008eef84a216b@syzkaller.appspotmail.com Fixes: 394e40a29788 ("bpf: extend bpf_prog_array to store pointers to the cgroup storage") Cc: Roman Gushchin Signed-off-by: Yonghong Song Acked-by: Alexei Starovoitov Acked-by: Roman Gushchin Signed-off-by: Daniel Borkmann commit 817b89beb9d8876450fcde9155e17425c329569d Author: Jesper Dangaard Brouer Date: Wed Aug 15 16:57:14 2018 +0200 samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM It is common XDP practice to unload/deattach the XDP bpf program, when the XDP sample program is Ctrl-C interrupted (SIGINT) or killed (SIGTERM). The samples/bpf programs xdp_redirect_cpu and xdp_rxq_info, forgot to trap signal SIGTERM (which is the default signal used by the kill command). This was discovered by Red Hat QA, which automated scripts depend on killing the XDP sample program after a timeout period. Fixes: fad3917e361b ("samples/bpf: add cpumap sample program xdp_redirect_cpu") Fixes: 0fca931a6f21 ("samples/bpf: program demonstrating access to xdp_rxq_info") Reported-by: Jean-Tsung Hsiao Signed-off-by: Jesper Dangaard Brouer Acked-by: Yonghong Song Signed-off-by: Daniel Borkmann commit 21b172ee11b6ec260bd7e6a27b11a8a8d392fce5 Author: Tariq Toukan Date: Mon Aug 13 12:21:58 2018 +0300 net/xdp: Fix suspicious RCU usage warning Fix the warning below by calling rhashtable_lookup_fast. Also, make some code movements for better quality and human readability. [ 342.450870] WARNING: suspicious RCU usage [ 342.455856] 4.18.0-rc2+ #17 Tainted: G O [ 342.462210] ----------------------------- [ 342.467202] ./include/linux/rhashtable.h:481 suspicious rcu_dereference_check() usage! [ 342.476568] [ 342.476568] other info that might help us debug this: [ 342.476568] [ 342.486978] [ 342.486978] rcu_scheduler_active = 2, debug_locks = 1 [ 342.495211] 4 locks held by modprobe/3934: [ 342.500265] #0: 00000000e23116b2 (mlx5_intf_mutex){+.+.}, at: mlx5_unregister_interface+0x18/0x90 [mlx5_core] [ 342.511953] #1: 00000000ca16db96 (rtnl_mutex){+.+.}, at: unregister_netdev+0xe/0x20 [ 342.521109] #2: 00000000a46e2c4b (&priv->state_lock){+.+.}, at: mlx5e_close+0x29/0x60 [mlx5_core] [ 342.531642] #3: 0000000060c5bde3 (mem_id_lock){+.+.}, at: xdp_rxq_info_unreg+0x93/0x6b0 [ 342.541206] [ 342.541206] stack backtrace: [ 342.547075] CPU: 12 PID: 3934 Comm: modprobe Tainted: G O 4.18.0-rc2+ #17 [ 342.556621] Hardware name: Dell Inc. PowerEdge R730/0H21J3, BIOS 1.5.4 10/002/2015 [ 342.565606] Call Trace: [ 342.568861] dump_stack+0x78/0xb3 [ 342.573086] xdp_rxq_info_unreg+0x3f5/0x6b0 [ 342.578285] ? __call_rcu+0x220/0x300 [ 342.582911] mlx5e_free_rq+0x38/0xc0 [mlx5_core] [ 342.588602] mlx5e_close_channel+0x20/0x120 [mlx5_core] [ 342.594976] mlx5e_close_channels+0x26/0x40 [mlx5_core] [ 342.601345] mlx5e_close_locked+0x44/0x50 [mlx5_core] [ 342.607519] mlx5e_close+0x42/0x60 [mlx5_core] [ 342.613005] __dev_close_many+0xb1/0x120 [ 342.617911] dev_close_many+0xa2/0x170 [ 342.622622] rollback_registered_many+0x148/0x460 [ 342.628401] ? __lock_acquire+0x48d/0x11b0 [ 342.633498] ? unregister_netdev+0xe/0x20 [ 342.638495] rollback_registered+0x56/0x90 [ 342.643588] unregister_netdevice_queue+0x7e/0x100 [ 342.649461] unregister_netdev+0x18/0x20 [ 342.654362] mlx5e_remove+0x2a/0x50 [mlx5_core] [ 342.659944] mlx5_remove_device+0xe5/0x110 [mlx5_core] [ 342.666208] mlx5_unregister_interface+0x39/0x90 [mlx5_core] [ 342.673038] cleanup+0x5/0xbfc [mlx5_core] [ 342.678094] __x64_sys_delete_module+0x16b/0x240 [ 342.683725] ? do_syscall_64+0x1c/0x210 [ 342.688476] do_syscall_64+0x5a/0x210 [ 342.693025] entry_SYSCALL_64_after_hwframe+0x49/0xbe Fixes: 8d5d88527587 ("xdp: rhashtable with allocator ID to pointer mapping") Signed-off-by: Tariq Toukan Suggested-by: Daniel Borkmann Cc: Jesper Dangaard Brouer Acked-by: Jesper Dangaard Brouer Signed-off-by: Daniel Borkmann commit 91c1e6ba39cf7f20d4b1c8510d51fff8d91f207c Author: Steven Rostedt (VMware) Date: Thu Aug 16 11:19:04 2018 -0400 blktrace: Add SPDX License format header Add the SPDX License header to ease license compliance management. Acked-by: Jens Axboe Signed-off-by: Steven Rostedt (VMware) commit 599d067dd3c1b9697b786c992b17cd6529c0459c Author: Chengguang Xu Date: Thu Aug 16 22:51:40 2018 +0800 block: change return type to bool Because blk_do_io_stat() only does a judgement about the request contributes to IO statistics, it better changes return type to bool. Signed-off-by: Chengguang Xu Signed-off-by: Jens Axboe commit 54c73f8651500181a948aa6767ae8c2bcfbe9f35 Author: Yuval Shaia Date: Thu Aug 16 12:02:20 2018 +0300 net/mlx5e: Delete unneeded function argument priv argument is not used by the function, delete it. Fixes: a89842811ea98 ("net/mlx5e: Merge per priority stats groups") Signed-off-by: Yuval Shaia Reviewed-by: Leon Romanovsky Signed-off-by: David S. Miller commit 70fd8036d0d77bd93ae12185c66504a409d5b54e Author: Ivan Khoronzhuk Date: Wed Aug 15 23:29:53 2018 +0300 Documentation: networking: ti-cpsw: correct cbs parameters for Eth1 100Mb If set cbs parameters calculated for 1000Mb, but use on 100Mb port w/o h/w offload (for cpsw offload it doesn't matter), it works incorrectly. According to the example and testing board, second port is 100Mb interface. Correct them on recalculated for 100Mb interface. It allows to use the same command for CBS software implementation for board in example. Signed-off-by: Ivan Khoronzhuk Signed-off-by: David S. Miller commit 5e22002aa8809e2efab2da95855f73f63e14a36c Author: Kees Cook Date: Wed Aug 15 12:14:05 2018 -0700 isdn: Disable IIOCDBGVAR It was possible to directly leak the kernel address where the isdn_dev structure pointer was stored. This is a kernel ASLR bypass for anyone with access to the ioctl. The code had been present since the beginning of git history, though this shouldn't ever be needed for normal operation, therefore remove it. Reported-by: Al Viro Cc: Karsten Keil Signed-off-by: Kees Cook Signed-off-by: David S. Miller commit 45316818371d1fb3ecbffa4d4a2d0550e1822e92 Author: Lad, Prabhakar Date: Wed Aug 15 16:51:23 2018 +0100 net: dsa: add support for ksz9897 ethernet switch ksz9477 is superset of ksz9xx series, driver just works out of the box for ksz9897 chip with this patch. Signed-off-by: Lad, Prabhakar Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 7797b93b756dabffd1a8db3e7e7b778fb07ef0a6 Author: Toshiaki Makita Date: Wed Aug 15 17:07:29 2018 +0900 veth: Free queues on link delete David Ahern reported memory leak in veth. ======================================================================= $ cat /sys/kernel/debug/kmemleak unreferenced object 0xffff8800354d5c00 (size 1024): comm "ip", pid 836, jiffies 4294722952 (age 25.904s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<(____ptrval____)>] kmemleak_alloc+0x70/0x94 [<(____ptrval____)>] slab_post_alloc_hook+0x42/0x52 [<(____ptrval____)>] __kmalloc+0x101/0x142 [<(____ptrval____)>] kmalloc_array.constprop.20+0x1e/0x26 [veth] [<(____ptrval____)>] veth_newlink+0x147/0x3ac [veth] ... unreferenced object 0xffff88002e009c00 (size 1024): comm "ip", pid 836, jiffies 4294722958 (age 25.898s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<(____ptrval____)>] kmemleak_alloc+0x70/0x94 [<(____ptrval____)>] slab_post_alloc_hook+0x42/0x52 [<(____ptrval____)>] __kmalloc+0x101/0x142 [<(____ptrval____)>] kmalloc_array.constprop.20+0x1e/0x26 [veth] [<(____ptrval____)>] veth_newlink+0x219/0x3ac [veth] ======================================================================= veth_rq allocated in veth_newlink() was not freed on dellink. We need to free up them after veth_close() so that any packets will not reference the queues afterwards. Thus free them in veth_dev_free() in the same way as freeing stats structure (vstats). Also move queues allocation to veth_dev_init() to be in line with stats allocation. Fixes: 638264dc90227 ("veth: Support per queue XDP ring") Reported-by: David Ahern Signed-off-by: Toshiaki Makita Reviewed-by: David Ahern Tested-by: David Ahern Signed-off-by: David S. Miller commit ff93bca769925a2d8fd7f910cdf543d992e17f07 Author: Cong Wang Date: Tue Aug 14 15:21:31 2018 -0700 ila: make lockdep happy again Previously, alloc_ila_locks() and bucket_table_alloc() call spin_lock_init() separately, therefore they have two different lock names and lock class keys. However, after commit b893281715ab ("ila: Call library function alloc_bucket_locks") they both call helper alloc_bucket_spinlocks() which now only has one lock name and lock class key. This causes a few bogus lockdep warnings as reported by syzbot. Fix this by making alloc_bucket_locks() a macro and pass declaration name as lock name and a static lock class key inside the macro. Fixes: b893281715ab ("ila: Call library function alloc_bucket_locks") Reported-by: Cc: Tom Herbert Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 32039eac4c48f70dfaad36a84f30356ededc7ea8 Author: Vlad Buslov Date: Tue Aug 14 20:29:56 2018 +0300 net: sched: act_ife: always release ife action on init error Action init API was changed to always take reference to action, even when overwriting existing action. Substitute conditional action release, which was executed only if action is newly created, with unconditional release in tcf_ife_init() error handling code to prevent double free or memory leak in case of overwrite. Fixes: 4e8ddd7f1758 ("net: sched: don't release reference on action overwrite") Reported-by: Cong Wang Signed-off-by: Vlad Buslov Acked-by: Cong Wang Signed-off-by: David S. Miller commit 89982f7ccee2fcd8fea7936b81eec6defbf0f131 Merge: a1ceeca679dc 94710cac0ef4 Author: Jason Gunthorpe Date: Thu Aug 16 13:08:18 2018 -0600 Merge tag 'v4.18' into rdma.git for-next Resolve merge conflicts from the -rc cycle against the rdma.git tree: Conflicts: drivers/infiniband/core/uverbs_cmd.c - New ifs added to ib_uverbs_ex_create_flow in -rc and for-next - Merge removal of file->ucontext in for-next with new code in -rc drivers/infiniband/core/uverbs_main.c - for-next removed code from ib_uverbs_write() that was modified in for-rc Signed-off-by: Jason Gunthorpe commit fc8ebd01deeb12728c83381f6ec923e4a192ffd3 Author: Maciej S. Szmigiero Date: Wed Aug 15 23:56:45 2018 +0200 block, bfq: return nbytes and not zero from struct cftype .write() method The value that struct cftype .write() method returns is then directly returned to userspace as the value returned by write() syscall, so it should be the number of bytes actually written (or consumed) and not zero. Returning zero from write() syscall makes programs like /bin/echo or bash spin. Signed-off-by: Maciej S. Szmigiero Fixes: e21b7a0b9887 ("block, bfq: add full hierarchical scheduling and cgroups support") Cc: stable@vger.kernel.org Signed-off-by: Jens Axboe commit 5f34f69ede27dea1f167a0a6d8996f0194b27ba8 Author: Fabrizio Castro Date: Tue Aug 14 13:33:37 2018 +0100 dt-bindings: net: ravb: Add support for r8a774a1 SoC Document RZ/G2M (R8A774A1) SoC bindings. Signed-off-by: Fabrizio Castro Reviewed-by: Biju Das Reviewed-by: Sergei Shtylyov Reviewed-by: Rob Herring Signed-off-by: David S. Miller commit a51c76b4dfb30496dc65396a957ef0f06af7fb22 Author: Hangbin Liu Date: Tue Aug 14 17:28:26 2018 +0800 cls_matchall: fix tcf_unbind_filter missing Fix tcf_unbind_filter missing in cls_matchall as this will trigger WARN_ON() in cbq_destroy_class(). Fixes: fd62d9f5c575f ("net/sched: matchall: Fix configuration race") Reported-by: Li Shuang Signed-off-by: Hangbin Liu Acked-by: Cong Wang Signed-off-by: David S. Miller commit f812164869b98d81d692ce12bfed76621a5c8908 Author: Paolo Valente Date: Thu Aug 16 18:51:18 2018 +0200 block, bfq: improve code of bfq_bfqq_charge_time bfq_bfqq_charge_time contains some lengthy and redundant code. This commit trims and condenses that code. Signed-off-by: Paolo Valente Signed-off-by: Jens Axboe commit d5801088a7bd210dd8fd7add04745e35f0f6ea72 Author: Paolo Valente Date: Thu Aug 16 18:51:17 2018 +0200 block, bfq: reduce write overcharge When a sync request is dispatched, the queue that contains that request, and all the ancestor entities of that queue, are charged with the number of sectors of the request. In constrast, if the request is async, then the queue and its ancestor entities are charged with the number of sectors of the request, multiplied by an overcharge factor. This throttles the bandwidth for async I/O, w.r.t. to sync I/O, and it is done to counter the tendency of async writes to steal I/O throughput to reads. On the opposite end, the lower this parameter, the stabler I/O control, in the following respect. The lower this parameter is, the less the bandwidth enjoyed by a group decreases - when the group does writes, w.r.t. to when it does reads; - when other groups do reads, w.r.t. to when they do writes. The fixes "block, bfq: always update the budget of an entity when needed" and "block, bfq: readd missing reset of parent-entity service" improved I/O control in bfq to such an extent that it has been possible to revise this overcharge factor downwards. This commit introduces the resulting, new value. Signed-off-by: Paolo Valente Signed-off-by: Jens Axboe commit e02a0aa26bf61b6e481a3d7453a150e692b0df80 Author: Paolo Valente Date: Thu Aug 16 18:51:16 2018 +0200 block, bfq: always update the budget of an entity when needed When the next child entity to serve changes for a given parent entity, the budget of that parent entity must be updated accordingly. Unfortunately, this update is not performed, by mistake, for the entities that happen to switch from having no child entity to serve, to having one child entity to serve. Signed-off-by: Paolo Valente Signed-off-by: Jens Axboe commit 8a511ba5feec5947bee0635cff8bd796d5f77e3e Author: Paolo Valente Date: Thu Aug 16 18:51:15 2018 +0200 block, bfq: readd missing reset of parent-entity service The received-service counter needs to be equal to 0 when an entity is set in service. Unfortunately, commit "block, bfq: fix service being wrongly set to zero in case of preemption" mistakenly removed the resetting of this counter for the parent entities of the bfq_queue being set in service. This commit fixes this issue by resetting service for parent entities, directly on the expiration of the in-service bfq_queue. Fixes: 9fae8dd59ff3 ("block, bfq: fix service being wrongly set to zero in case of preemption") Signed-off-by: Paolo Valente Signed-off-by: Jens Axboe commit 13fe7056bebb4015c6231a07a1be4d3aebbfe979 Merge: ed9800100f1a 100294cee9a9 Author: Dmitry Torokhov Date: Thu Aug 16 11:10:56 2018 -0700 Merge branch 'next' into for-linus Prepare input updates for 4.19 merge window. commit c9533d1bca3393fbdfe5b24ccb4cfe6a1a02d794 Author: Michel Dänzer Date: Fri Aug 3 17:24:32 2018 +0200 drm/amdgpu: Use kvmalloc for allocating UVD/VCE/VCN BO backup memory The allocated size can be (at least?) as large as megabytes, and there's no need for it to be physically contiguous. May avoid spurious failures to initialize / suspend the corresponding block while there's memory pressure. Bugzilla: https://bugs.freedesktop.org/107432 Reviewed-by: Christian König Signed-off-by: Michel Dänzer Signed-off-by: Alex Deucher commit 5c60a7389d795e001c8748b458eb76e3a5b6008c Merge: b6d6a3076ac4 e1b437691a62 Author: Linus Torvalds Date: Thu Aug 16 10:53:45 2018 -0700 Merge tag 'for-linus-4.19-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux Pull orangefs updates from Mike Marshall: "Orangefs: one cleanup and Souptick's vm_fault_t patch: - add new return type vm_fault_t (Souptick Joarder) - remove redundant pointer (Colin Ian King)" * tag 'for-linus-4.19-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux: orangefs: remove redundant pointer orangefs_inode orangefs: Adding new return type vm_fault_t commit ea51f94b45a0fd657c61206c1b648cc72f95befa Author: Trond Myklebust Date: Wed Aug 15 21:35:45 2018 -0400 pNFS: Treat RECALLCONFLICT like DELAY... Yes, it is possible to get trapped in a loop, but the server should be administratively revoking the recalled layout if it never gets returned. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 1e1132ea21da6d7be92a72195204379c819cb70b Author: Mikulas Patocka Date: Thu Aug 16 12:23:19 2018 -0400 dm writecache: fix a crash due to reading past end of dirty_bitmap wc->dirty_bitmap_size is in bytes so must multiply it by 8, not by BITS_PER_LONG, to get number of bitmap_bits. Fixes crash in find_next_bit() that was reported: https://bugzilla.kernel.org/show_bug.cgi?id=200819 Reported-by: edo.rus@gmail.com Fixes: 48debafe4f2f ("dm: add writecache target") Cc: stable@vger.kernel.org # 4.18 Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer commit feb9f55c33e5114127238a2c87c069b4f30d1f23 Author: Pablo Neira Ayuso Date: Wed Aug 15 15:37:23 2018 +0200 netfilter: nft_dynset: allow dynamic updates of non-anonymous set This check is superfluous since it breaks valid configurations, remove it. Signed-off-by: Pablo Neira Ayuso commit 90d827f06bebbd9aded00c152e6c9eb2db4db1a3 Author: Máté Eckl Date: Tue Aug 14 22:09:10 2018 +0200 netfilter: nft_tproxy: Fix missing-braces warning This patch fixes a warning reported by the kbuild test robot (from linux-next tree): net/netfilter/nft_tproxy.c: In function 'nft_tproxy_eval_v6': >> net/netfilter/nft_tproxy.c:85:9: warning: missing braces around initializer [-Wmissing-braces] struct in6_addr taddr = {0}; ^ net/netfilter/nft_tproxy.c:85:9: warning: (near initialization for 'taddr.in6_u') [-Wmissing-braces] This warning is actually caused by a gcc bug already resolved in newer versions (kbuild used 4.9) so this kind of initialization is omitted and memset is used instead. Fixes: 4ed8eb6570a4 ("netfilter: nf_tables: Add native tproxy support") Signed-off-by: Máté Eckl Signed-off-by: Pablo Neira Ayuso commit cdb2f401246ef70b37eeedd9c6f9c28d611d8255 Author: Dmitry V. Levin Date: Mon Aug 13 18:43:36 2018 +0300 netfilter: uapi: fix linux/netfilter/nf_osf.h userspace compilation errors Move inclusion of and from linux/netfilter/xt_osf.h to linux/netfilter/nf_osf.h to fix the following linux/netfilter/nf_osf.h userspace compilation errors: /usr/include/linux/netfilter/nf_osf.h:59:24: error: 'MAX_IPOPTLEN' undeclared here (not in a function) struct nf_osf_opt opt[MAX_IPOPTLEN]; /usr/include/linux/netfilter/nf_osf.h:64:17: error: field 'ip' has incomplete type struct iphdr ip; /usr/include/linux/netfilter/nf_osf.h:65:18: error: field 'tcp' has incomplete type struct tcphdr tcp; Fixes: bfb15f2a95cb ("netfilter: extract Passive OS fingerprint infrastructure from xt_osf") Signed-off-by: Dmitry V. Levin Signed-off-by: Pablo Neira Ayuso commit 3206c516ce4e4b56d7b99341814c261ec190f6df Author: Harsha Sharma Date: Fri Aug 10 22:52:37 2018 +0530 netfilter: nft_ct: make l3 protocol field optional for timeout object If l3 protocol value is not specified for ct timeout object then use the value from nft_ctx protocol family. Signed-off-by: Harsha Sharma Signed-off-by: Pablo Neira Ayuso commit 1bfc2bc7ad8ac045045e99e33aa1ba727d2d291d Author: Máté Eckl Date: Fri Aug 10 12:58:39 2018 +0200 netfilter: doc: Add nf_tables part in tproxy.txt Recently, transparent proxy support has been added to nf_tables so that this document should be updated with the new information. - Nft commands are added as alternatives to iptables ones. - The link for a patched iptables is removed as it is already part of the mainline iptables implementation (and the link is dead). - tcprdr is added as an example implementation of a transparent proxy Cc: "David S. Miller" Cc: Jonathan Corbet Cc: Florian Westphal Cc: KOVACS Krisztian Cc: Pablo Neira Ayuso Cc: linux-doc@vger.kernel.org Signed-off-by: Máté Eckl Signed-off-by: Pablo Neira Ayuso commit a148ce15375fc664ad64762c751c0c2aecb2cafe Author: Michal Hocko Date: Tue Aug 7 21:54:00 2018 +0200 netfilter: x_tables: do not fail xt_alloc_table_info too easilly eacd86ca3b03 ("net/netfilter/x_tables.c: use kvmalloc() in xt_alloc_table_info()") has unintentionally fortified xt_alloc_table_info allocation when __GFP_RETRY has been dropped from the vmalloc fallback. Later on there was a syzbot report that this can lead to OOM killer invocations when tables are too large and 0537250fdc6c ("netfilter: x_tables: make allocation less aggressive") has been merged to restore the original behavior. Georgi Nikolov however noticed that he is not able to install his iptables anymore so this can be seen as a regression. The primary argument for 0537250fdc6c was that this allocation path shouldn't really trigger the OOM killer and kill innocent tasks. On the other hand the interface requires root and as such should allow what the admin asks for. Root inside a namespaces makes this more complicated because those might be not trusted in general. If they are not then such namespaces should be restricted anyway. Therefore drop the __GFP_NORETRY and replace it by __GFP_ACCOUNT to enfore memcg constrains on it. Fixes: 0537250fdc6c ("netfilter: x_tables: make allocation less aggressive") Reported-by: Georgi Nikolov Suggested-by: Vlastimil Babka Acked-by: Florian Westphal Signed-off-by: Michal Hocko Acked-by: Vlastimil Babka Signed-off-by: Pablo Neira Ayuso commit 1c117d3b721a2678020d522ff1bf33984d4f0a5a Author: Florian Westphal Date: Thu Aug 2 12:30:09 2018 +0200 netfilter: conntrack: fix removal of conntrack entries when l4tracker is removed nf_ct_l4proto_unregister_one() leaves conntracks added by to-be-removed tracker behind, nf_ct_l4proto_unregister has to iterate for each protocol to be removed. v2: call nf_ct_iterate_destroy without holding nf_ct_proto_mutex. Fixes: 2c41f33c1b703 ("netfilter: move table iteration out of netns exit paths") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit 6a48de0144767f2c6880540c0a4ac6741e3c440b Author: Florian Westphal Date: Thu Aug 2 21:44:41 2018 +0200 netfilter: nf_tables: don't prevent event handler from device cleanup on netns exit When a netnsamespace exits, the nf_tables pernet_ops will remove all rules. However, there is one caveat: Base chains that register ingress hooks will cause use-after-free: device is already gone at that point. The device event handlers prevent this from happening: netns exit synthesizes unregister events for all devices. However, an improper fix for a race condition made the notifiers a no-op in case they get called from netns exit path, so revert that part. This is safe now as the previous patch fixed nf_tables pernet ops and device notifier initialisation ordering. Fixes: 0a2cf5ee432c2 ("netfilter: nf_tables: close race between netns exit and rmmod") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit d209df3e7f7002d9099fdb0f6df0f972b4386a63 Author: Florian Westphal Date: Thu Aug 2 21:44:40 2018 +0200 netfilter: nf_tables: fix register ordering We must register nfnetlink ops last, as that exposes nf_tables to userspace. Without this, we could theoretically get nfnetlink request before net->nft state has been initialized. Fixes: 99633ab29b213 ("netfilter: nf_tables: complete net namespace support") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit 3e673b23b541b8e7f773b2d378d6eb99831741cd Author: Florian Westphal Date: Tue Jul 31 13:41:23 2018 +0200 netfilter: fix memory leaks on netlink_dump_start error Shaochun Chen points out we leak dumper filter state allocations stored in dump_control->data in case there is an error before netlink sets cb_running (after which ->done will be called at some point). In order to fix this, add .start functions and move allocations there. Same pattern as used in commit 90fd131afc565159c9e0ea742f082b337e10f8c6 ("netfilter: nf_tables: move dumper state allocation into ->start"). Reported-by: shaochun chen Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit 4ef360dd6a65f6ef337645e1b65e744034754b19 Author: Taehee Yoo Date: Thu Jul 26 00:39:51 2018 +0900 netfilter: nft_set: fix allocation size overflow in privsize callback. In order to determine allocation size of set, ->privsize is invoked. At this point, both desc->size and size of each data structure of set are used. desc->size means number of element that is given by user. desc->size is u32 type. so that upperlimit of set element is 4294967295. but return type of ->privsize is also u32. hence overflow can occurred. test commands: %nft add table ip filter %nft add set ip filter hash1 { type ipv4_addr \; size 4294967295 \; } %nft list ruleset splat looks like: [ 1239.202910] kasan: CONFIG_KASAN_INLINE enabled [ 1239.208788] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 1239.217625] general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI [ 1239.219329] CPU: 0 PID: 1603 Comm: nft Not tainted 4.18.0-rc5+ #7 [ 1239.229091] RIP: 0010:nft_hash_walk+0x1d2/0x310 [nf_tables_set] [ 1239.229091] Code: 84 d2 7f 10 4c 89 e7 89 44 24 38 e8 d8 5a 17 e0 8b 44 24 38 48 8d 7b 10 41 0f b6 0c 24 48 89 fa 48 89 fe 48 c1 ea 03 83 e6 07 <42> 0f b6 14 3a 40 38 f2 7f 1a 84 d2 74 16 [ 1239.229091] RSP: 0018:ffff8801118cf358 EFLAGS: 00010246 [ 1239.229091] RAX: 0000000000000000 RBX: 0000000000020400 RCX: 0000000000000001 [ 1239.229091] RDX: 0000000000004082 RSI: 0000000000000000 RDI: 0000000000020410 [ 1239.229091] RBP: ffff880114d5a988 R08: 0000000000007e94 R09: ffff880114dd8030 [ 1239.229091] R10: ffff880114d5a988 R11: ffffed00229bb006 R12: ffff8801118cf4d0 [ 1239.229091] R13: ffff8801118cf4d8 R14: 0000000000000000 R15: dffffc0000000000 [ 1239.229091] FS: 00007f5a8fe0b700(0000) GS:ffff88011b600000(0000) knlGS:0000000000000000 [ 1239.229091] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1239.229091] CR2: 00007f5a8ecc27b0 CR3: 000000010608e000 CR4: 00000000001006f0 [ 1239.229091] Call Trace: [ 1239.229091] ? nft_hash_remove+0xf0/0xf0 [nf_tables_set] [ 1239.229091] ? memset+0x1f/0x40 [ 1239.229091] ? __nla_reserve+0x9f/0xb0 [ 1239.229091] ? memcpy+0x34/0x50 [ 1239.229091] nf_tables_dump_set+0x9a1/0xda0 [nf_tables] [ 1239.229091] ? __kmalloc_reserve.isra.29+0x2e/0xa0 [ 1239.229091] ? nft_chain_hash_obj+0x630/0x630 [nf_tables] [ 1239.229091] ? nf_tables_commit+0x2c60/0x2c60 [nf_tables] [ 1239.229091] netlink_dump+0x470/0xa20 [ 1239.229091] __netlink_dump_start+0x5ae/0x690 [ 1239.229091] nft_netlink_dump_start_rcu+0xd1/0x160 [nf_tables] [ 1239.229091] nf_tables_getsetelem+0x2e5/0x4b0 [nf_tables] [ 1239.229091] ? nft_get_set_elem+0x440/0x440 [nf_tables] [ 1239.229091] ? nft_chain_hash_obj+0x630/0x630 [nf_tables] [ 1239.229091] ? nf_tables_dump_obj_done+0x70/0x70 [nf_tables] [ 1239.229091] ? nla_parse+0xab/0x230 [ 1239.229091] ? nft_get_set_elem+0x440/0x440 [nf_tables] [ 1239.229091] nfnetlink_rcv_msg+0x7f0/0xab0 [nfnetlink] [ 1239.229091] ? nfnetlink_bind+0x1d0/0x1d0 [nfnetlink] [ 1239.229091] ? debug_show_all_locks+0x290/0x290 [ 1239.229091] ? sched_clock_cpu+0x132/0x170 [ 1239.229091] ? find_held_lock+0x39/0x1b0 [ 1239.229091] ? sched_clock_local+0x10d/0x130 [ 1239.229091] netlink_rcv_skb+0x211/0x320 [ 1239.229091] ? nfnetlink_bind+0x1d0/0x1d0 [nfnetlink] [ 1239.229091] ? netlink_ack+0x7b0/0x7b0 [ 1239.229091] ? ns_capable_common+0x6e/0x110 [ 1239.229091] nfnetlink_rcv+0x2d1/0x310 [nfnetlink] [ 1239.229091] ? nfnetlink_rcv_batch+0x10f0/0x10f0 [nfnetlink] [ 1239.229091] ? netlink_deliver_tap+0x829/0x930 [ 1239.229091] ? lock_acquire+0x265/0x2e0 [ 1239.229091] netlink_unicast+0x406/0x520 [ 1239.509725] ? netlink_attachskb+0x5b0/0x5b0 [ 1239.509725] ? find_held_lock+0x39/0x1b0 [ 1239.509725] netlink_sendmsg+0x987/0xa20 [ 1239.509725] ? netlink_unicast+0x520/0x520 [ 1239.509725] ? _copy_from_user+0xa9/0xc0 [ 1239.509725] __sys_sendto+0x21a/0x2c0 [ 1239.509725] ? __ia32_sys_getpeername+0xa0/0xa0 [ 1239.509725] ? retint_kernel+0x10/0x10 [ 1239.509725] ? sched_clock_cpu+0x132/0x170 [ 1239.509725] ? find_held_lock+0x39/0x1b0 [ 1239.509725] ? lock_downgrade+0x540/0x540 [ 1239.509725] ? up_read+0x1c/0x100 [ 1239.509725] ? __do_page_fault+0x763/0x970 [ 1239.509725] ? retint_user+0x18/0x18 [ 1239.509725] __x64_sys_sendto+0x177/0x180 [ 1239.509725] do_syscall_64+0xaa/0x360 [ 1239.509725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1239.509725] RIP: 0033:0x7f5a8f468e03 [ 1239.509725] Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb d0 0f 1f 84 00 00 00 00 00 83 3d 49 c9 2b 00 00 75 13 49 89 ca b8 2c 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 [ 1239.509725] RSP: 002b:00007ffd78d0b778 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1239.509725] RAX: ffffffffffffffda RBX: 00007ffd78d0c890 RCX: 00007f5a8f468e03 [ 1239.509725] RDX: 0000000000000034 RSI: 00007ffd78d0b7e0 RDI: 0000000000000003 [ 1239.509725] RBP: 00007ffd78d0b7d0 R08: 00007f5a8f15c160 R09: 000000000000000c [ 1239.509725] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd78d0b7e0 [ 1239.509725] R13: 0000000000000034 R14: 00007f5a8f9aff60 R15: 00005648040094b0 [ 1239.509725] Modules linked in: nf_tables_set nf_tables nfnetlink ip_tables x_tables [ 1239.670713] ---[ end trace 39375adcda140f11 ]--- [ 1239.676016] RIP: 0010:nft_hash_walk+0x1d2/0x310 [nf_tables_set] [ 1239.682834] Code: 84 d2 7f 10 4c 89 e7 89 44 24 38 e8 d8 5a 17 e0 8b 44 24 38 48 8d 7b 10 41 0f b6 0c 24 48 89 fa 48 89 fe 48 c1 ea 03 83 e6 07 <42> 0f b6 14 3a 40 38 f2 7f 1a 84 d2 74 16 [ 1239.705108] RSP: 0018:ffff8801118cf358 EFLAGS: 00010246 [ 1239.711115] RAX: 0000000000000000 RBX: 0000000000020400 RCX: 0000000000000001 [ 1239.719269] RDX: 0000000000004082 RSI: 0000000000000000 RDI: 0000000000020410 [ 1239.727401] RBP: ffff880114d5a988 R08: 0000000000007e94 R09: ffff880114dd8030 [ 1239.735530] R10: ffff880114d5a988 R11: ffffed00229bb006 R12: ffff8801118cf4d0 [ 1239.743658] R13: ffff8801118cf4d8 R14: 0000000000000000 R15: dffffc0000000000 [ 1239.751785] FS: 00007f5a8fe0b700(0000) GS:ffff88011b600000(0000) knlGS:0000000000000000 [ 1239.760993] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1239.767560] CR2: 00007f5a8ecc27b0 CR3: 000000010608e000 CR4: 00000000001006f0 [ 1239.775679] Kernel panic - not syncing: Fatal exception [ 1239.776630] Kernel Offset: 0x1f000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 1239.776630] Rebooting in 5 seconds.. Fixes: 20a69341f2d0 ("netfilter: nf_tables: add netlink set API") Signed-off-by: Taehee Yoo Signed-off-by: Pablo Neira Ayuso commit da786717e0894886301ed2536843c13f9e8fd53e Author: Florian Westphal Date: Wed Jul 25 21:38:43 2018 +0200 netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses Roman reports that DHCPv6 client no longer sees replies from server due to ip6tables -t raw -A PREROUTING -m rpfilter --invert -j DROP rule. We need to set the F_IFACE flag for linklocal addresses, they are scoped per-device. Fixes: 47b7e7f82802 ("netfilter: don't set F_IFACE on ipv6 fib lookups") Reported-by: Roman Mamedov Tested-by: Roman Mamedov Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit b71ed54dc2a1dbb4328f7d7c98d712747aee92ba Author: Matteo Croce Date: Tue Jul 31 18:03:33 2018 +0200 ipvs: don't show negative times in ip_vs_conn Since commit 500462a9de65 ("timers: Switch to a non-cascading wheel"), timers duration can last even 12.5% more than the scheduled interval. IPVS has two handlers, /proc/net/ip_vs_conn and /proc/net/ip_vs_conn_sync, which shows the remaining time before that a connection expires. The default expire time for a connection is 60 seconds, and the expiration timer can fire even 4 seconds later than the scheduled time. The expiration time is calculated subtracting jiffies to the scheduled expiration time, and it's shown as a huge number when the timer fires late, since both values are unsigned. This can confuse script and tools which relies on it, like ipvsadm: root@mcroce-redhat:~# while ipvsadm -lc |grep SYN_RECV; do sleep 1 ; done TCP 00:05 SYN_RECV [fc00:1::1]:55732 [fc00:1::2]:8000 [fc00:2000::1]:8000 TCP 00:04 SYN_RECV [fc00:1::1]:55732 [fc00:1::2]:8000 [fc00:2000::1]:8000 TCP 00:03 SYN_RECV [fc00:1::1]:55732 [fc00:1::2]:8000 [fc00:2000::1]:8000 TCP 00:02 SYN_RECV [fc00:1::1]:55732 [fc00:1::2]:8000 [fc00:2000::1]:8000 TCP 00:01 SYN_RECV [fc00:1::1]:55732 [fc00:1::2]:8000 [fc00:2000::1]:8000 TCP 00:00 SYN_RECV [fc00:1::1]:55732 [fc00:1::2]:8000 [fc00:2000::1]:8000 TCP 68719476:44 SYN_RECV [fc00:1::1]:55732 [fc00:1::2]:8000 [fc00:2000::1]:8000 TCP 68719476:43 SYN_RECV [fc00:1::1]:55732 [fc00:1::2]:8000 [fc00:2000::1]:8000 TCP 68719476:42 SYN_RECV [fc00:1::1]:55732 [fc00:1::2]:8000 [fc00:2000::1]:8000 TCP 68719476:41 SYN_RECV [fc00:1::1]:55732 [fc00:1::2]:8000 [fc00:2000::1]:8000 TCP 68719476:40 SYN_RECV [fc00:1::1]:55732 [fc00:1::2]:8000 [fc00:2000::1]:8000 TCP 68719476:39 SYN_RECV [fc00:1::1]:55732 [fc00:1::2]:8000 [fc00:2000::1]:8000 Signed-off-by: Matteo Croce Acked-by: Simon Horman Signed-off-by: Pablo Neira Ayuso commit 14d32b2525dd3a21c29b0d9edf1748f5dabc1bbc Author: Matteo Croce Date: Tue Jul 31 18:03:32 2018 +0200 jiffies: add utility function to calculate delta in ms add jiffies_delta_to_msecs() helper func to calculate the delta between two times and eventually 0 if negative. Suggested-by: Eric Dumazet Signed-off-by: Matteo Croce Reviewed-by: Eric Dumazet Acked-by: Simon Horman Signed-off-by: Pablo Neira Ayuso commit a53b42c11815d2357e31a9403ae3950517525894 Author: Tan Hu Date: Wed Jul 25 15:23:07 2018 +0800 ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() We came across infinite loop in ipvs when using ipvs in docker env. When ipvs receives new packets and cannot find an ipvs connection, it will create a new connection, then if the dest is unavailable (i.e. IP_VS_DEST_F_AVAILABLE), the packet will be dropped sliently. But if the dropped packet is the first packet of this connection, the connection control timer never has a chance to start and the ipvs connection cannot be released. This will lead to memory leak, or infinite loop in cleanup_net() when net namespace is released like this: ip_vs_conn_net_cleanup at ffffffffa0a9f31a [ip_vs] __ip_vs_cleanup at ffffffffa0a9f60a [ip_vs] ops_exit_list at ffffffff81567a49 cleanup_net at ffffffff81568b40 process_one_work at ffffffff810a851b worker_thread at ffffffff810a9356 kthread at ffffffff810b0b6f ret_from_fork at ffffffff81697a18 race condition: CPU1 CPU2 ip_vs_in() ip_vs_conn_new() ip_vs_del_dest() __ip_vs_unlink_dest() ~IP_VS_DEST_F_AVAILABLE cp->dest && !IP_VS_DEST_F_AVAILABLE __ip_vs_conn_put ... cleanup_net ---> infinite looping Fix this by checking whether the timer already started. Signed-off-by: Tan Hu Reviewed-by: Jiang Biao Acked-by: Julian Anastasov Acked-by: Simon Horman Signed-off-by: Pablo Neira Ayuso commit b6d6a3076ac4eecb2d9cbcf17730fc160b94cadc Merge: d01e12dd3f42 0dd0e297f0ec Author: Linus Torvalds Date: Thu Aug 16 10:34:05 2018 -0700 Merge tag 'vfio-v4.19-rc1' of git://github.com/awilliam/linux-vfio Pull VFIO updates from Alex Williamson: - mark switch fall-through cases (Gustavo A. R. Silva) - disable binding SR-IOV enabled PFs (Alex Williamson) * tag 'vfio-v4.19-rc1' of git://github.com/awilliam/linux-vfio: vfio-pci: Disable binding to PFs with SR-IOV enabled vfio: Mark expected switch fall-throughs commit ecf8402603d4df1278231439bbe5e92af4e02a17 Author: Trond Myklebust Date: Wed Aug 15 21:35:46 2018 -0400 pNFS: When updating the stateid in layoutreturn, also update the recall range When we update the layout stateid in nfs4_layoutreturn_refresh_stateid, we should also update the range in order to let the server know we're actually returning everything. Fixes: 16c278dbfa63 ("pnfs: Fix handling of NFS4ERR_OLD_STATEID replies...") Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit d01e12dd3f4227f1be5d7c5bffa7b8240787bec1 Merge: 9502f0d1d905 84b64de597bc Author: Linus Torvalds Date: Thu Aug 16 10:21:18 2018 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal Pull thermal management updates from Eduardo Valentin: - rework tsens driver to add support for tsens-v2 (Amit Kucheria) - rework armada thermal driver to use syscon and multichannel support (Miquel Raynal) - fixes to TI SoC, IMX, Exynos, RCar, and hwmon drivers * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal: (34 commits) thermal: armada: fix copy-paste error in armada_thermal_probe() thermal: rcar_thermal: avoid NULL dereference in absence of IRQ resources thermal: samsung: Remove Exynos5440 clock handling left-overs thermal: tsens: Fix negative temperature reporting thermal: tsens: switch from of_iomap() to devm_ioremap_resource() thermal: tsens: Rename variable thermal: tsens: Add generic support for TSENS v2 IP thermal: tsens: Rename tsens-8996 to tsens-v2 for reuse thermal: tsens: Add support to split up register address space into two dt: thermal: tsens: Document the fallback DT property for v2 of TSENS IP thermal: tsens: Get rid of unused fields in structure thermal_hwmon: Pass the originating device down to hwmon_device_register_with_info thermal_hwmon: Sanitize attribute name passed to hwmon dt-bindings: thermal: armada: add reference to new bindings dt-bindings: cp110: add the thermal node in the syscon file dt-bindings: cp110: update documentation since DT de-duplication dt-bindings: ap806: add the thermal node in the syscon file dt-bindings: cp110: prepare the syscon file to list other syscons nodes dt-bindings: ap806: prepare the syscon file to list other syscons nodes dt-bindings: cp110: rename cp110 syscon file ... commit 9502f0d1d9059988ca4edc566f81ba864568f39e Merge: ea93102f3224 2bb7005696e2 Author: Linus Torvalds Date: Thu Aug 16 10:16:08 2018 -0700 Merge tag 'mailbox-v4.19' of git://git.linaro.org/landing-teams/working/fujitsu/integration Pull mailbox updates from Jassi Brar: - xgene: potential null pointer fix - omap: switch to spdx license and use of_device_get_match_data() to match data - ti-msgmgr: cleanup and optimisation. New TI specific feature - secure proxy thread. - mediatek: add driver for CMDQ controller. - nxp: add driver for MU controller * tag 'mailbox-v4.19' of git://git.linaro.org/landing-teams/working/fujitsu/integration: mailbox: Add support for i.MX messaging unit dt-bindings: mailbox: imx-mu: add generic MU channel support dt-bindings: arm: fsl: add mu binding doc mailbox: add MODULE_LICENSE() for mtk-cmdq-mailbox.c mailbox: mediatek: Add Mediatek CMDQ driver dt-bindings: soc: Add documentation for the MediaTek GCE unit mailbox: ti-msgmgr: Add support for Secure Proxy dt-bindings: mailbox: Add support for secure proxy threads mailbox: ti-msgmgr: Move the memory region name to descriptor mailbox: ti-msgmgr: Change message count mask to be descriptor based mailbox: ti-msgmgr: Allocate Rx channel resources only on request mailbox: ti-msgmgr: Get rid of unused structure members mailbox/omap: use of_device_get_match_data() to get match data mailbox/omap: switch to SPDX license identifier mailbox: xgene-slimpro: Fix potential NULL pointer dereference commit ea93102f32244e3f45c8b26260be77ed0cc1d16c Author: Yannik Sembritzki Date: Thu Aug 16 14:05:23 2018 +0100 Fix kexec forbidding kernels signed with keys in the secondary keyring to boot The split of .system_keyring into .builtin_trusted_keys and .secondary_trusted_keys broke kexec, thereby preventing kernels signed by keys which are now in the secondary keyring from being kexec'd. Fix this by passing VERIFY_USE_SECONDARY_KEYRING to verify_pefile_signature(). Fixes: d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically") Signed-off-by: Yannik Sembritzki Signed-off-by: David Howells Cc: kexec@lists.infradead.org Cc: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org Cc: stable@kernel.org Signed-off-by: Linus Torvalds commit 817aef260037f33ee0f44c17fe341323d3aebd6d Author: Yannik Sembritzki Date: Thu Aug 16 14:05:10 2018 +0100 Replace magic for trusting the secondary keyring with #define Replace the use of a magic number that indicates that verify_*_signature() should use the secondary keyring with a symbol. Signed-off-by: Yannik Sembritzki Signed-off-by: David Howells Cc: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Linus Torvalds commit 4e31843f681c34f7185e7d169fe627c9d891ce2c Merge: f91e654474d4 fa687fb9ced4 Author: Linus Torvalds Date: Thu Aug 16 09:21:54 2018 -0700 Merge tag 'pci-v4.19-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull pci updates from Bjorn Helgaas: - Decode AER errors with names similar to "lspci" (Tyler Baicar) - Expose AER statistics in sysfs (Rajat Jain) - Clear AER status bits selectively based on the type of recovery (Oza Pawandeep) - Honor "pcie_ports=native" even if HEST sets FIRMWARE_FIRST (Alexandru Gagniuc) - Don't clear AER status bits if we're using the "Firmware-First" strategy where firmware owns the registers (Alexandru Gagniuc) - Use sysfs_match_string() to simplify ASPM sysfs parsing (Andy Shevchenko) - Remove unnecessary includes of (Bjorn Helgaas) - Defer DPC event handling to work queue (Keith Busch) - Use threaded IRQ for DPC bottom half (Keith Busch) - Print AER status while handling DPC events (Keith Busch) - Work around IDT switch ACS Source Validation erratum (James Puthukattukaran) - Emit diagnostics for all cases of PCIe Link downtraining (Links operating slower than they're capable of) (Alexandru Gagniuc) - Skip VFs when configuring Max Payload Size (Myron Stowe) - Reduce Root Port Max Payload Size if necessary when hot-adding a device below it (Myron Stowe) - Simplify SHPC existence/permission checks (Bjorn Helgaas) - Remove hotplug sample skeleton driver (Lukas Wunner) - Convert pciehp to threaded IRQ handling (Lukas Wunner) - Improve pciehp tolerance of missed events and initially unstable links (Lukas Wunner) - Clear spurious pciehp events on resume (Lukas Wunner) - Add pciehp runtime PM support, including for Thunderbolt controllers (Lukas Wunner) - Support interrupts from pciehp bridges in D3hot (Lukas Wunner) - Mark fall-through switch cases before enabling -Wimplicit-fallthrough (Gustavo A. R. Silva) - Move DMA-debug PCI init from arch code to PCI core (Christoph Hellwig) - Fix pci_request_irq() usage of IRQF_ONESHOT when no handler is supplied (Heiner Kallweit) - Unify PCI and DMA direction #defines (Shunyong Yang) - Add PCI_DEVICE_DATA() macro (Andy Shevchenko) - Check for VPD completion before checking for timeout (Bert Kenward) - Limit Netronome NFP5000 config space size to work around erratum (Jakub Kicinski) - Set IRQCHIP_ONESHOT_SAFE for PCI MSI irqchips (Heiner Kallweit) - Document ACPI description of PCI host bridges (Bjorn Helgaas) - Add "pci=disable_acs_redir=" parameter to disable ACS redirection for peer-to-peer DMA support (we don't have the peer-to-peer support yet; this is just one piece) (Logan Gunthorpe) - Clean up devm_of_pci_get_host_bridge_resources() resource allocation (Jan Kiszka) - Fixup resizable BARs after suspend/resume (Christian König) - Make "pci=earlydump" generic (Sinan Kaya) - Fix ROM BAR access routines to stay in bounds and check for signature correctly (Rex Zhu) - Add DMA alias quirk for Microsemi Switchtec NTB (Doug Meyer) - Expand documentation for pci_add_dma_alias() (Logan Gunthorpe) - To avoid bus errors, enable PASID only if entire path supports End-End TLP prefixes (Sinan Kaya) - Unify slot and bus reset functions and remove hotplug knowledge from callers (Sinan Kaya) - Add Function-Level Reset quirks for Intel and Samsung NVMe devices to fix guest reboot issues (Alex Williamson) - Add function 1 DMA alias quirk for Marvell 88SS9183 PCIe SSD Controller (Bjorn Helgaas) - Remove Xilinx AXI-PCIe host bridge arch dependency (Palmer Dabbelt) - Remove Aardvark outbound window configuration (Evan Wang) - Fix Aardvark bridge window sizing issue (Zachary Zhang) - Convert Aardvark to use pci_host_probe() to reduce code duplication (Thomas Petazzoni) - Correct the Cadence cdns_pcie_writel() signature (Alan Douglas) - Add Cadence support for optional generic PHYs (Alan Douglas) - Add Cadence power management ops (Alan Douglas) - Remove redundant variable from Cadence driver (Colin Ian King) - Add Kirin MSI support (Xiaowei Song) - Drop unnecessary root_bus_nr setting from exynos, imx6, keystone, armada8k, artpec6, designware-plat, histb, qcom, spear13xx (Shawn Guo) - Move link notification settings from DesignWare core to individual drivers (Gustavo Pimentel) - Add endpoint library MSI-X interfaces (Gustavo Pimentel) - Correct signature of endpoint library IRQ interfaces (Gustavo Pimentel) - Add DesignWare endpoint library MSI-X callbacks (Gustavo Pimentel) - Add endpoint library MSI-X test support (Gustavo Pimentel) - Remove unnecessary GFP_ATOMIC from Hyper-V "new child" allocation (Jia-Ju Bai) - Add more devices to Broadcom PAXC quirk (Ray Jui) - Work around corrupted Broadcom PAXC config space to enable SMMU and GICv3 ITS (Ray Jui) - Disable MSI parsing to work around broken Broadcom PAXC logic in some devices (Ray Jui) - Hide unconfigured functions to work around a Broadcom PAXC defect (Ray Jui) - Lower iproc log level to reduce console output during boot (Ray Jui) - Fix mobiveil iomem/phys_addr_t type usage (Lorenzo Pieralisi) - Fix mobiveil missing include file (Lorenzo Pieralisi) - Add mobiveil Kconfig/Makefile support (Lorenzo Pieralisi) - Fix mvebu I/O space remapping issues (Thomas Petazzoni) - Use generic pci_host_bridge in mvebu instead of ARM-specific API (Thomas Petazzoni) - Whitelist VMD devices with fast interrupt handlers to avoid sharing vectors with slow handlers (Keith Busch) * tag 'pci-v4.19-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: (153 commits) PCI/AER: Don't clear AER bits if error handling is Firmware-First PCI: Limit config space size for Netronome NFP5000 PCI/MSI: Set IRQCHIP_ONESHOT_SAFE for PCI-MSI irqchips PCI/VPD: Check for VPD access completion before checking for timeout PCI: Add PCI_DEVICE_DATA() macro to fully describe device ID entry PCI: Match Root Port's MPS to endpoint's MPSS as necessary PCI: Skip MPS logic for Virtual Functions (VFs) PCI: Add function 1 DMA alias quirk for Marvell 88SS9183 PCI: Check for PCIe Link downtraining PCI: Add ACS Redirect disable quirk for Intel Sunrise Point PCI: Add device-specific ACS Redirect disable infrastructure PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE PCI: Add "pci=disable_acs_redir=" parameter for peer-to-peer support PCI: Allow specifying devices using a base bus and path of devfns PCI: Make specifying PCI devices in kernel parameters reusable PCI: Hide ACS quirk declarations inside PCI core PCI: Delay after FLR of Intel DC P3700 NVMe PCI: Disable Samsung SM961/PM961 NVMe before FLR PCI: Export pcie_has_flr() PCI: mvebu: Drop bogus comment above mvebu_pcie_map_registers() ... commit 4acd8d01a2393f2145ad1db10b2d5c764582a98d Author: Sean Paul Date: Wed Aug 15 11:35:29 2018 -0400 MAINTAINERS: drm-misc: Change seanpaul's email address Since chromium.org is now enforcing DMARC, my mails are going to people's spam folders. While this development might be desirable for people I communicate with, it's undesirable for me :-) Cc: Dave Airlie Cc: Gustavo Padovan Cc: Maarten Lankhorst Acked-by: Daniel Vetter Signed-off-by: Sean Paul Signed-off-by: Sean Paul Link: https://patchwork.freedesktop.org/patch/msgid/20180815153604.90152-1-sean@poorly.run commit 28b7465376b9f9633bb774e45c0421dc4db7f303 Author: Philipp Rudo Date: Mon Aug 13 12:45:06 2018 +0200 s390/kdump: Remove kzalloc_panic For this function there are only two users, when 1) the elfcorehdr and 2) the vmcoreinfo is allocated. However a missing vmcoreinfo is not critical for kdump. So panicking when it cannot be allocated is not required. Remove kzalloc_panic and adjust its callers accordingly. Signed-off-by: Philipp Rudo Acked-by: Heiko Carstens Signed-off-by: Heiko Carstens commit 2d2e7075b87181ed0c675e4936e20bdadba02e1f Author: Philipp Rudo Date: Mon Aug 13 11:16:57 2018 +0200 s390/kdump: Fix memleak in nt_vmcoreinfo The vmcoreinfo of a crashed system is potentially fragmented. Thus the crash kernel has an intermediate step where the vmcoreinfo is copied into a temporary, continuous buffer in the crash kernel memory. This temporary buffer is never freed. Free it now to prevent the memleak. While at it replace all occurrences of "VMCOREINFO" by its corresponding macro to prevent potential renaming issues. Signed-off-by: Philipp Rudo Acked-by: Heiko Carstens Signed-off-by: Heiko Carstens commit 263b0e480c9b0fda77a89f5d6375d8a39de5c166 Author: Philipp Rudo Date: Mon Aug 6 13:39:52 2018 +0200 s390/kdump: Make elfcorehdr size calculation ABI compliant There are two ways to pass the vmcoreinfo to the crash kernel 1) via the os_info mechanism and 2) via the lowcore->vmcore_info field. In the Linux kernel only the second way is used. However, the first way is ABI for stand-alone kdump. So other OSes use it to pass additional debug info. Make the elfcorehdr size calculation aware of both possible ways. Fixes: 8cce437fbb5c ("s390/kdump: Fix elfcorehdr size calculation") Signed-off-by: Philipp Rudo Acked-by: Heiko Carstens Signed-off-by: Heiko Carstens commit 2abe24b4b095c9a7bfd8157daa8aea5c464b7aa9 Author: Sebastian Ott Date: Tue Jul 24 20:16:29 2018 +0200 s390/pci: remove fmb address from debug output This information was never useful and is nowadays replaced with random data. Just get rid of it. Signed-off-by: Sebastian Ott Signed-off-by: Heiko Carstens commit 38204071a024bb6b62e669e971799152809f1722 Author: Sebastian Ott Date: Mon Aug 13 11:27:23 2018 +0200 s390/pci: remove stale rc Get rid of a leftover return code in arch_setup_msi_irqs. Signed-off-by: Sebastian Ott Signed-off-by: Heiko Carstens commit 866f3576a72b2233a76dffb80290f8086dc49e17 Author: Sebastian Ott Date: Mon Aug 13 11:26:46 2018 +0200 s390/pci: fix out of bounds access during irq setup During interrupt setup we allocate interrupt vectors, walk the list of msi descriptors, and fill in the message data. Requesting more interrupts than supported on s390 can lead to an out of bounds access. When we restrict the number of interrupts we should also stop walking the msi list after all supported interrupts are handled. Cc: stable@vger.kernel.org Signed-off-by: Sebastian Ott Signed-off-by: Heiko Carstens commit 2395103b3fbf2553d94a64ac3e29595cb040474b Author: Harald Freudenberger Date: Thu Aug 9 11:59:34 2018 +0200 s390/zcrypt: fix ap_instructions_available() returncodes During review of KVM patches it was complained that the ap_instructions_available() function returns 0 if AP instructions are available and -ENODEV if not. The function acts like a boolean function to check for AP instructions available and thus should return 0 on failure and != 0 on success. Changed to the suggested behaviour and adapted the one and only caller of this function which is the ap bus core code. Signed-off-by: Harald Freudenberger Acked-by: Cornelia Huck Signed-off-by: Heiko Carstens commit 6f0a256253f48095ba2e5bcdfbed41f21643c105 Author: Oder Chiou Date: Wed Aug 15 14:47:49 2018 +0800 ASoC: rt5514: Fix the issue of the delay volume applied again After our evaluation, we need to modify the default values to make sure the volume applied immediately. Signed-off-by: Oder Chiou Signed-off-by: Mark Brown commit 0d22825255f25adb6a609f130b42c752d3fd0f5d Author: Ryan Lee Date: Wed Aug 15 18:53:38 2018 -0700 ASoC: max98373: Added speaker FS gain cotnrol register to volatile. Signed-off-by: Ryan Lee Signed-off-by: Mark Brown commit d2c9281c184bf2b768ac141a7a10586e0643695d Author: Richard Fitzgerald Date: Tue Aug 7 10:08:12 2018 +0100 mfd: madera: Add register definitions for accessory detect Add some register definitions for accessory detection, used by the extcon driver. Signed-off-by: Richard Fitzgerald Signed-off-by: Lee Jones commit 2f606da78230f09cf1a71fde6ee91d0c710fa2b2 Author: Guenter Roeck Date: Fri Aug 3 20:59:51 2018 -0700 mfd: sm501: Set coherent_dma_mask when creating subdevices Instantiating the sm501 OHCI subdevice results in a kernel warning. sm501-usb sm501-usb: SM501 OHCI sm501-usb sm501-usb: new USB bus registered, assigned bus number 1 WARNING: CPU: 0 PID: 1 at ./include/linux/dma-mapping.h:516 ohci_init+0x194/0x2d8 Modules linked in: CPU: 0 PID: 1 Comm: swapper Tainted: G W 4.18.0-rc7-00178-g0b5b1f9a78b5 #1 PC is at ohci_init+0x194/0x2d8 PR is at ohci_init+0x168/0x2d8 PC : 8c27844c SP : 8f81dd94 SR : 40008001 TEA : 29613060 R0 : 00000000 R1 : 00000000 R2 : 00000000 R3 : 00000202 R4 : 8fa98b88 R5 : 8c277e68 R6 : 00000000 R7 : 00000000 R8 : 8f965814 R9 : 8c388100 R10 : 8fa98800 R11 : 8fa98928 R12 : 8c48302c R13 : 8fa98920 R14 : 8c48302c MACH: 00000096 MACL: 0000017c GBR : 00000000 PR : 8c278420 Call trace: [<(ptrval)>] usb_add_hcd+0x1e8/0x6ec [<(ptrval)>] _dev_info+0x0/0x54 [<(ptrval)>] arch_local_save_flags+0x0/0x8 [<(ptrval)>] arch_local_irq_restore+0x0/0x24 [<(ptrval)>] ohci_hcd_sm501_drv_probe+0x114/0x2d8 ... Initialize coherent_dma_mask when creating SM501 subdevices to fix the problem. Fixes: b6d6454fdb66f ("mfd: SM501 core driver") Signed-off-by: Guenter Roeck Signed-off-by: Lee Jones commit 8d5a5ba9a8b93e70f77d7ab6b7d4f015c08a8e7e Author: Matti Vaittinen Date: Fri Aug 3 14:09:12 2018 +0300 mfd: bd71837: Devicetree bindings for ROHM BD71837 PMIC Document devicetree bindings for ROHM BD71837 PMIC MFD. Signed-off-by: Matti Vaittinen Reviewed-by: Rob Herring Signed-off-by: Lee Jones commit 30107fa6908b6c2747ee9100b40af813f99483c3 Author: Matti Vaittinen Date: Fri Aug 3 14:08:14 2018 +0300 mfd: bd71837: Core driver for ROHM BD71837 PMIC ROHM BD71837 PMIC MFD driver providing interrupts and support for three subsystems: - clk - Regulators - input/power-key Signed-off-by: Matti Vaittinen Reviewed-by: Enric Balletbo i Serra Signed-off-by: Lee Jones commit f863ae594d33e57aa12cdde47e767e6e7942ee51 Author: Arnd Bergmann Date: Tue Jul 24 11:35:59 2018 +0200 media: platform: cros-ec-cec: Fix dependency on MFD_CROS_EC Without the MFD driver, we run into a link error: drivers/media/platform/cros-ec-cec/cros-ec-cec.o: In function `cros_ec_cec_transmit': cros-ec-cec.c:(.text+0x474): undefined reference to `cros_ec_cmd_xfer_status' drivers/media/platform/cros-ec-cec/cros-ec-cec.o: In function `cros_ec_cec_set_log_addr': cros-ec-cec.c:(.text+0x60b): undefined reference to `cros_ec_cmd_xfer_status' drivers/media/platform/cros-ec-cec/cros-ec-cec.o: In function `cros_ec_cec_adap_enable': cros-ec-cec.c:(.text+0x77d): undefined reference to `cros_ec_cmd_xfer_status' As we can compile-test all the dependency, the extra '| COMPILE_TEST' is not needed to get the build coverage, and we can simply turn MFD_CROS_EC into a hard dependency to make it build in all configurations. Fixes: cd70de2d356e ("media: platform: Add ChromeOS EC CEC driver") Signed-off-by: Arnd Bergmann Signed-off-by: Lee Jones commit f91e654474d413201ae578820fb63f8a811f6c4e Merge: c715ebeb0303 3dd0f18c70d9 Author: Linus Torvalds Date: Wed Aug 15 22:54:12 2018 -0700 Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull integrity updates from James Morris: "This adds support for EVM signatures based on larger digests, contains a new audit record AUDIT_INTEGRITY_POLICY_RULE to differentiate the IMA policy rules from the IMA-audit messages, addresses two deadlocks due to either loading or searching for crypto algorithms, and cleans up the audit messages" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: EVM: fix return value check in evm_write_xattrs() integrity: prevent deadlock during digsig verification. evm: Allow non-SHA1 digital signatures evm: Don't deadlock if a crypto algorithm is unavailable integrity: silence warning when CONFIG_SECURITYFS is not enabled ima: Differentiate auditing policy rules from "audit" actions ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set ima: Use audit_log_format() rather than audit_log_string() ima: Call audit_log_string() rather than logging it untrusted commit c715ebeb0303b196f17376f189ae4e168d98b563 Merge: 04743f89bcad 5da08f7d0169 Author: Linus Torvalds Date: Wed Aug 15 22:51:12 2018 -0700 Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull TPM updates from James Morris: - Migrate away from PM runtime as explicit cmdReady/goIdle transactions for every command is a spec requirement. PM runtime adds only a layer of complexity on our case. - tpm_tis drivers can now specify the hwrng quality. - TPM 2.0 code uses now tpm_buf for constructing messages. Jarkko thinks Tomas Winkler has done the same for TPM 1.2, and will start digging those changes from the patchwork in the near future. - Bug fixes and clean ups * 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: ima: Get rid of ima_used_chip and use ima_tpm_chip != NULL instead ima: Use tpm_default_chip() and call TPM functions with a tpm_chip tpm: replace TPM_TRANSMIT_RAW with TPM_TRANSMIT_NESTED tpm: Convert tpm_find_get_ops() to use tpm_default_chip() tpm: Implement tpm_default_chip() to find a TPM chip tpm: rename tpm_chip_find_get() to tpm_find_get_ops() tpm: Allow tpm_tis drivers to set hwrng quality. tpm: Return the actual size when receiving an unsupported command tpm: separate cmd_ready/go_idle from runtime_pm tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) tpm_tis_spi: Pass the SPI IRQ down to the driver tpm: migrate tpm2_get_random() to use struct tpm_buf tpm: migrate tpm2_get_tpm_pt() to use struct tpm_buf tpm: migrate tpm2_probe() to use struct tpm_buf tpm: migrate tpm2_shutdown() to use struct tpm_buf commit 04743f89bcad30a438ef4f38840caddd7978dbaa Merge: 5bae2be4efd5 df6b4e6608ee Author: Linus Torvalds Date: Wed Aug 15 22:49:04 2018 -0700 Merge branch 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull smack updates from James Morris: "Minor fixes from Piotr Sawicki" * 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: Smack: Inform peer that IPv6 traffic has been blocked Smack: Check UDP-Lite and DCCP protocols during IPv6 handling Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets commit 5bae2be4efd557ba3ec18f125d18c546f6b03cd2 Merge: 2b2f2aedba98 bd646104ac5a Author: Linus Torvalds Date: Wed Aug 15 22:47:23 2018 -0700 Merge tag 'jfs-4.19' of git://github.com/kleikamp/linux-shaggy Pull jfs update from David Kleikamp: "Just one jfs patch for 4.19" * tag 'jfs-4.19' of git://github.com/kleikamp/linux-shaggy: jfs: use time64_t for otime commit 6b583a64fd1e019fd01626b46892ebf2361951c5 Author: Heiner Kallweit Date: Wed Sep 27 22:41:26 2017 +0200 rtc: ds1307: simplify hwmon config We don't have to define an extra config symbol, IS_REACHABLE does what we need. And having this config symbol just to save the few bytes of hwmon support on non-DS3231 chips isn't worth it IMO (especially as the symbol is set per default). Signed-off-by: Heiner Kallweit Signed-off-by: Alexandre Belloni commit 2b2f2aedba985108cbc92a761ac0d9fc4c774616 Merge: 72f02ba66bd8 f5580d0f8bf6 Author: Linus Torvalds Date: Wed Aug 15 22:40:03 2018 -0700 Merge tag 'gfs2-4.19.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 Pull gfs2 updates from Andreas Gruenbacher: - iomap support for buffered writes and for direct I/O - two patches that reduce the size of struct gfs2_inode - lots of fixes and cleanups * tag 'gfs2-4.19.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: (25 commits) gfs2: eliminate update_rgrp_lvb_unlinked gfs2: Fix gfs2_testbit to use clone bitmaps gfs2: Get rid of gfs2_ea_strlen gfs2: cleanup: call gfs2_rgrp_ondisk2lvb from gfs2_rgrp_out gfs2: Special-case rindex for gfs2_grow GFS2: rgrp free blocks used incorrectly gfs2: remove redundant variable 'moved' gfs2: use iomap_readpage for blocksize == PAGE_SIZE gfs2: Use iomap for stuffed direct I/O reads gfs2: fallocate_chunk: Always initialize struct iomap GFS2: Fix recovery issues for spectators fs: gfs2: Adding new return type vm_fault_t gfs2: using posix_acl_xattr_size instead of posix_acl_to_xattr gfs2: Don't reject a supposedly full bitmap if we have blocks reserved gfs2: Eliminate redundant ip->i_rgd gfs2: Stop messing with ip->i_rgd in the rlist code gfs2: Remove gfs2_write_{begin,end} gfs2: iomap direct I/O support gfs2: gfs2_extent_length cleanup gfs2: iomap buffered write support ... commit 72f02ba66bd83b54054da20eae550123de84da6f Merge: db06f826ec12 51372570ac3c Author: Linus Torvalds Date: Wed Aug 15 22:06:26 2018 -0700 Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI updates from James Bottomley: "This is mostly updates to the usual drivers: mpt3sas, lpfc, qla2xxx, hisi_sas, smartpqi, megaraid_sas, arcmsr. In addition, with the continuing absence of Nic we have target updates for tcmu and target core (all with reviews and acks). The biggest observable change is going to be that we're (again) trying to switch to mulitqueue as the default (a user can still override the setting on the kernel command line). Other major core stuff is the removal of the remaining Microchannel drivers, an update of the internal timers and some reworks of completion and result handling" * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (203 commits) scsi: core: use blk_mq_run_hw_queues in scsi_kick_queue scsi: ufs: remove unnecessary query(DM) UPIU trace scsi: qla2xxx: Fix issue reported by static checker for qla2x00_els_dcmd2_sp_done() scsi: aacraid: Spelling fix in comment scsi: mpt3sas: Fix calltrace observed while running IO & reset scsi: aic94xx: fix an error code in aic94xx_init() scsi: st: remove redundant pointer STbuffer scsi: qla2xxx: Update driver version to 10.00.00.08-k scsi: qla2xxx: Migrate NVME N2N handling into state machine scsi: qla2xxx: Save frame payload size from ICB scsi: qla2xxx: Fix stalled relogin scsi: qla2xxx: Fix race between switch cmd completion and timeout scsi: qla2xxx: Fix Management Server NPort handle reservation logic scsi: qla2xxx: Flush mailbox commands on chip reset scsi: qla2xxx: Fix unintended Logout scsi: qla2xxx: Fix session state stuck in Get Port DB scsi: qla2xxx: Fix redundant fc_rport registration scsi: qla2xxx: Silent erroneous message scsi: qla2xxx: Prevent sysfs access when chip is down scsi: qla2xxx: Add longer window for chip reset ... commit db06f826ec12bf0701ea7fc0a3c0aa00b84417c8 Merge: 6de4c691eab8 ac7da1b787d9 Author: Linus Torvalds Date: Wed Aug 15 21:41:21 2018 -0700 Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk updates from Stephen Boyd: "The new and exciting feature this time around is in the clk core. We've added duty cycle support to the clk API so that clk signal duty cycle ratios can be adjusted while taking into account things like clk dividers and clk tree hierarchy. So far only one SoC has implemented support for this, but I expect there will be more to come in the future. Outside of the core, we have the usual pile of clk driver updates and additions. The Amlogic meson driver got the most lines in the diffstat this time around because it added support for a whole bunch of hardware and duty cycle configuration. After that the Rockchip PX30, Qualcomm SDM845, and Renesas SoC drivers fill in a majority of the diff. We're left with the collection of non-critical fixes after that. Overall it looks pretty quiet this time. Core: - Clk duty cycle support - Proper CLK_SET_RATE_GATE support throughout the tree New Drivers: - Actions Semi Owl series S700 SoC clk driver - Qualcomm SDM845 display clock controller - i.MX6SX ocram_s clk support - Uniphier NAND, USB3 PHY, and SPI clk support - Qualcomm RPMh clk driver - i.MX7D mailbox clk support - Maxim 9485 Programmable Clock Generator - expose 32 kHz PLL on PXA SoCs - imx6sll GPIO clk gate support - Atmel at91 I2S audio clk support - SI544/SI514 clk on/off support - i.MX6UL GPIO clock gates in CCM CCGR - Renesas Crypto Engine clocks on R-Car H3 - Renesas clk support for the new RZ/N1D SoC - Allwinner A64 display engine clock support - support for Rockchip's PX30 SoC - Amlogic Meson axg PCIe and audio clocks - Amlogic Meson GEN CLK on gxbb, gxl and axg Updates: - remove an unused variable from Exynos4412 ISP driver - fix a thinko bug in SCMI clk division logic - add missing of_node_put()s in some i.MX clk drivers - Tegra SDMMC clk jitter improvements with high speed signaling modes - SPDX tagging for qcom and cs2000-cp drivers - stop leaking con ids in __clk_put() - fix a corner case in fixed factor clk probing where node is in DT but parent clk is registered much later - Marvell Armada 3700 clk_pm_cpu_get_parent() had an invalid return value - i.MX clk init arrays removed in place of CLK_IS_CRITICAL - convert to CLK_IS_CRITICAL for i.MX51/53 driver - fix Tegra BPMP driver oops when xlating a NULL clk - proper default configuration for vic03 and vde clks on Tegra124 - mark Tegra memory controller clks as critical - fix array bounds clamp in Tegra's emc determine_rate() op - Ingenic i2s bit update and allow UDC clk to gate - fix name of aspeed SDC clk define to have only one 'CLK' - fix i.MX6QDL video clk parent - critical clk markings for qcom SDM845 - fix Stratix10 mpu_free_clk and sdmmc_free_clk parents - mark Rockchip's pclk_rkpwm_pmu as critical clock, due to it supplying the pwm used to drive the logic supply of the rk3399 core" * tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (85 commits) clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 clk: cs2000-cp: convert to SPDX identifiers clk: scmi: Fix the rounding of clock rate clk: qcom: Add display clock controller driver for SDM845 clk: mvebu: armada-37xx-periph: Remove unused var num_parents clk: samsung: Remove unused mout_user_aclk400_mcuisp_p4x12 variable clk: actions: Add S700 SoC clock support dt-bindings: clock: Add S700 support for Actions Semi Soc's clk: actions: Add missing REGMAP_MMIO dependency clk: uniphier: add clock frequency support for SPI clk: uniphier: add more USB3 PHY clocks clk: uniphier: add NAND 200MHz clock clk: tegra: make sdmmc2 and sdmmc4 as sdmmc clocks clk: tegra: Add sdmmc mux divider clock clk: tegra: Refactor fractional divider calculation clk: tegra: Fix includes required by fence_udelay() clk: imx6sll: fix missing of_node_put() clk: imx6ul: fix missing of_node_put() clk: imx: add ocram_s clock for i.mx6sx clk: mvebu: armada-37xx-periph: Fix wrong return value in get_parent ... commit 6de4c691eab8f421e34c5250f63bf3f477d30eec Merge: c1c2ad82c772 a5ec96ddfd55 Author: Linus Torvalds Date: Wed Aug 15 21:35:38 2018 -0700 Merge tag 'gpio-v4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO updates from Linus Walleij: "This is the bulk of GPIO changes for the v4.19 kernel cycle. I don't know if anything in particular stands out. Maybe the Aspeed coprocessor thing from Benji: Aspeed is doing baseboard management chips (BMC's) for servers etc. These Aspeed's are ARM processors that exist inside (I guess) Intel servers, and they are moving forward to using mainline Linux in those. This is one of the pieces of the puzzle to achive that. They are doing OpenBMC, it's pretty cool: https://lwn.net/Articles/683320/ Summary: Core changes: - Add a new API for explicitly naming GPIO consumers, when needed. - Don't let userspace set values on input lines. While we do not think anyone would do this crazy thing we better plug the hole before someone uses it and think it's a nifty feature. - Avoid calling chip->request() for unused GPIOs. New drivers/subdrivers: - The Mediatek MT7621 is supported which is a big win for OpenWRT and similar router distributions using this chip, as it seems every major router manufacturer on the planet has made products using this chip: https://wikidevi.com/wiki/MediaTek_MT7621 - The Tegra 194 is now supported. - The IT87 driver now supports IT8786E and IT8718F super-IO chips. - Add support for Rockchip RK3328 in the syscon GPIO driver. Driver changes: - Handle the get/set_multiple() properly on MMIO chips with inverted direction registers. We didn't have this problem until a new chip appear that has get/set registers AND inverted direction bits, OK now we handle it. - A patch series making more error codes percolate upward properly for different errors on gpiochip_lock_as_irq(). - Get/set multiple for the OMAP driver, accelerating these multiple line operations if possible. - A coprocessor interface for the Aspeed driver. Sometimes a few GPIO lines need to be grabbed by a co-processor for doing automated tasks, sometimes they are available as GPIO lines. By adding an explicit API in this driver we make it possible for the two line consumers to coexist. (This work was made available on the ib-aspeed branch, which may be appearing in other pull requests.) - Implemented .get_direction() and open drain in the SCH311x driver. - Continuing cleanup of included headers in GPIO drivers" * tag 'gpio-v4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (80 commits) gpio: it87: Add support for IT8613 gpio: it87: add support for IT8718F Super I/O. gpiolib: Avoid calling chip->request() for unused gpios gpio: tegra: Include the right header gpio: mmio: Fix up inverted direction registers gpio: xilinx: Use the right include gpio: timberdale: Include the right header gpio: tb10x: Use the right include gpiolib: Fix of_node inconsistency gpio: vr41xx: Bail out on gpiochip_lock_as_irq() error gpio: uniphier: Bail out on gpiochip_lock_as_irq() error gpio: xgene-sb: Don't shadow error code of gpiochip_lock_as_irq() gpio: em: Don't shadow error code of gpiochip_lock_as_irq() gpio: dwapb: Don't shadow error code of gpiochip_lock_as_irq() gpio: bcm-kona: Don't shadow error code of gpiochip_lock_as_irq() gpiolib: Don't shadow error code of gpiochip_lock_as_irq() gpio: syscon: rockchip: add GRF GPIO support for rk3328 gpio: omap: Add get/set_multiple() callbacks gpio: pxa: remove set but not used variable 'gpio_offset' gpio-it87: add support for IT8786E Super I/O ... commit c1c2ad82c772966d3cdb9a4852329fa2cf71853a Merge: 99a2c789ddeb 190bd6e98afc Author: Linus Torvalds Date: Wed Aug 15 21:31:19 2018 -0700 Merge tag 'edac_for_4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp Pull EDAC updates from Borislav Petkov: - Add support for systems with PCI segmented buses to sb_edac, by Masayoshi Mizuma - The usual pile of fixes and cleanups * tag 'edac_for_4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp: EDAC, sb_edac: Add support for systems with segmented PCI buses EDAC, thunderx: Remove VLA usage EDAC, i7core: Fix memleaks and use-after-free on probe and remove EDAC: Fix memleak in module init error path EDAC, altera: Fix an error handling path in altr_s10_sdram_probe() commit 99a2c789ddeb703cf7b0a3d889ab1a25cf4cbbaf Merge: fa3b39cdafbf 9a47249d444d Author: Linus Torvalds Date: Wed Aug 15 21:16:02 2018 -0700 Merge tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random Pull random updates from Ted Ts'o: "Some changes to trust cpu-based hwrng (such as RDRAND) for initializing hashed pointers and (optionally, controlled by a config option) to initialize the CRNG to avoid boot hangs" * tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random: random: Make crng state queryable random: remove preempt disabled region random: add a config option to trust the CPU's hwrng vsprintf: Add command line option debug_boot_weak_hash vsprintf: Use hw RNG for ptr_key random: Return nbytes filled from hw RNG random: Fix whitespace pre random-bytes work commit 84fe4cc09abc1a5ef3a282db3ed10f4d3f1e6a0b Author: Eric W. Biederman Date: Wed Aug 15 21:20:46 2018 -0500 signal: Don't send signals to tasks that don't exist Recently syzbot reported crashes in send_sigio_to_task and send_sigurg_to_task in linux-next. Despite finding a reproducer syzbot apparently did not bisected this or otherwise track down the offending commit in linux-next. I happened to see this report and examined the code because I had recently changed these functions as part of making PIDTYPE_TGID a real pid type so that fork would does not need to restart when receiving a signal. By examination I see that I spotted a bug in the code that could explain the reported crashes. When I took Oleg's suggestion and optimized send_sigurg and send_sigio to only send to a single task when type is PIDTYPE_PID or PIDTYPE_TGID I failed to handle pids that no longer point to tasks. The macro do_each_pid_task simply iterates for zero iterations. With pid_task an explicit NULL test is needed. Update the code to include the missing NULL test. Fixes: 019191342fec ("signal: Use PIDTYPE_TGID to clearly store where file signals will be sent") Reported-by: syzkaller-bugs@googlegroups.com Signed-off-by: "Eric W. Biederman" commit fa3b39cdafbfd5d9b1d064f5cf63cf0314f1d070 Merge: 25ca1d74c673 16b7db4c8150 Author: Linus Torvalds Date: Wed Aug 15 20:38:23 2018 -0700 Merge tag 'clang-format-for-linus-v4.19' of git://github.com/ojeda/linux Pull clang-format updates from Miguel Ojeda: "Two improvements for .clang-format: - Set IndentWrappedFunctionNames false (Jason Gunthorpe) - Add MAINTAINERS entry (Miguel Ojeda)" * tag 'clang-format-for-linus-v4.19' of git://github.com/ojeda/linux: MAINTAINERS: Add .clang-format entry clang-format: Set IndentWrappedFunctionNames false commit d983c89cc96a87db0c00821e81aa3d8296c12225 Author: Vasily Gorbik Date: Mon Aug 6 15:17:47 2018 +0200 s390/ftrace: Add -mfentry and -mnop-mcount support Utilize -mfentry and -mnop-mcount gcc options together with -mrecord-mcount to get compiler generated calls to the profiling functions as nops which are compatible with current -mhotpatch=0,3 approach. At the same time -mrecord-mcount enables __mcount_loc section generation by the compiler which allows to avoid using scripts/recordmcount.pl script. Link: http://lkml.kernel.org/r/patch-4.thread-aa7b8d.git-aa7b8dbf236f.your-ad-here.call-01533557518-ext-9465@work.hours Reviewed-by: Heiko Carstens Signed-off-by: Vasily Gorbik Signed-off-by: Steven Rostedt (VMware) commit 2f4df0017baedd535254d987c6b10f855f1fb11f Author: Vasily Gorbik Date: Mon Aug 6 15:17:46 2018 +0200 tracing: Add -mcount-nop option support -mcount-nop gcc option generates the calls to the profiling functions as nops which allows to avoid patching mcount jump with NOP instructions initially. -mcount-nop gcc option will be activated if platform selects HAVE_NOP_MCOUNT and gcc actually supports it. In addition to that CC_USING_NOP_MCOUNT is defined and could be used by architectures to adapt ftrace patching behavior. Link: http://lkml.kernel.org/r/patch-3.thread-aa7b8d.git-e02ed2dc082b.your-ad-here.call-01533557518-ext-9465@work.hours Signed-off-by: Vasily Gorbik Signed-off-by: Steven Rostedt (VMware) commit 07d0408120216b60625c9a5b8012d1c3a907984d Author: Vasily Gorbik Date: Mon Aug 6 15:17:44 2018 +0200 tracing: Avoid calling cc-option -mrecord-mcount for every Makefile Currently if CONFIG_FTRACE_MCOUNT_RECORD is enabled -mrecord-mcount compiler flag support is tested for every Makefile. Top 4 cc-option usages: 511 -mrecord-mcount 11 -fno-stack-protector 9 -Wno-override-init 2 -fsched-pressure To address that move cc-option from scripts/Makefile.build to top Makefile and export CC_USING_RECORD_MCOUNT to be used in original place. While doing that also add -mrecord-mcount to CC_FLAGS_FTRACE (if gcc actually supports it). Link: http://lkml.kernel.org/r/patch-2.thread-aa7b8d.git-de935bace15a.your-ad-here.call-01533557518-ext-9465@work.hours Acked-by: Andi Kleen Signed-off-by: Vasily Gorbik Signed-off-by: Steven Rostedt (VMware) commit f28bc3c32c059ab4d13f52155fabd3e20f477f65 Author: Vasily Gorbik Date: Mon Aug 6 15:17:42 2018 +0200 tracing: Handle CC_FLAGS_FTRACE more accurately CC_FLAGS_FTRACE is exported and later used to remove ftrace relevant build flags from files which should be built without ftrace support. For that reason add -mfentry to CC_FLAGS_FTRACE as well. That fixes a problem with vdso32 build on s390, where -mfentry could not be used together with -m31 flag. At the same time flags like -pg and -mfentry are not relevant for asm files, so avoid adding them to KBUILD_AFLAGS. Introduce CC_FLAGS_USING instead of CC_USING_FENTRY to collect -DCC_USING_FENTRY (and future alike) which are relevant for both KBUILD_CFLAGS and KBUILD_AFLAGS. Link: http://lkml.kernel.org/r/patch-1.thread-aa7b8d.git-42971afe87de.your-ad-here.call-01533557518-ext-9465@work.hours Signed-off-by: Vasily Gorbik Signed-off-by: Steven Rostedt (VMware) commit 25ca1d74c6731d9d5f8e660195235050252a33ef Merge: 70b20dd7f897 ada953de4486 Author: Linus Torvalds Date: Wed Aug 15 19:23:24 2018 -0700 Merge tag 'auxdisplay-for-linus-v4.19' of git://github.com/ojeda/linux Pull auxdisplay updates from Miguel Ojeda: "Two cleanups for char_lcd: - simplify getting .drvdata (Wolfram Sang) - delete mdelay in long_sleep (Jia-Ju Bai)" * tag 'auxdisplay-for-linus-v4.19' of git://github.com/ojeda/linux: auxdisplay: simplify getting .drvdata auxdisplay: charlcd: delete mdelay in long_sleep commit 70b20dd7f897c6c14ab9e0d8400aed520ab5f09b Author: Linus Torvalds Date: Wed Aug 15 19:08:10 2018 -0700 ALSA: update dell-wmi mic-mute registration to new world order Commit c647f806b8c2 ("ALSA: hda - Allow multiple ADCs for mic mute LED controls") changed the return value of the snd_hda_gen_add_micmute_led() without actually updating the callers. Admittedly, almost no callers actually cared about the return value. But one call site very much did: the Dell wmi code. It would see the registration return zero, which _used_ to mean "failed" but now means "success", and clear the dell_micmute_led_set_func pointer. End result: the successful registration would end up calling the Dell code that thought it had all failed, and call through a NULL pointer. To make matters worse, it ends up being a tail-call, and with the retpoline sequence you don't even see the caller (dell_micmute_update()) in the stack trace, so the error ended up way less obvious than it should have been. Fixes: c647f806b8c2 "ALSA: hda - Allow multiple ADCs for mic mute LED controls" Cc: Takashi Iwai Signed-off-by: Linus Torvalds commit 71f3a82fab1b631ae9cb1feb677f498d4ca5007d Merge: 54dbe75bbf1e da2048b7348a Author: Linus Torvalds Date: Wed Aug 15 18:29:14 2018 -0700 Merge tag 'media/v4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media updates from Mauro Carvalho Chehab: - new Socionext MN88443x ISDB-S/T demodulator driver: mn88443x - new sensor drivers: ak7375, ov2680 and rj54n1cb0c - an old soc-camera sensor driver converted to the V4L2 framework: mt9v111 - a new Voice-Coil Motor (VCM) driver: dw9807-vcm - some cleanups at cx25821, removing legacy unused code - some improvements at ddbridge driver - new platform driver: vicodec - some DVB API cleanups, removing ioctls and compat code for old out-of-tree drivers that were never merged upstream - improvements at DVB core to support frontents that support both Satellite and non-satellite delivery systems - got rid of the unused VIDIOC_RESERVED V4L2 ioctl - some cleanups/improvements at gl861 ISDB driver - several improvements on ov772x, ov7670 and ov5640, imx274, ov5645, and smiapp sensor drivers - fixes at em28xx to support dual TS devices - some cleanups at V4L2/VB2 locking logic - some API improvements at media controller - some cec core and drivers improvements - some uvcvideo improvements - some improvements at platform drivers: stm32-dcmi, rcar-vin, coda, reneseas-ceu, imx, vsp1, venus, camss - lots of other cleanups and fixes * tag 'media/v4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (406 commits) Revert "media: vivid: shut up warnings due to a non-trivial logic" siano: get rid of an unused return code for debugfs register media: isp: fix a warning about a wrong struct initializer media: radio-wl1273: fix return code for the polling routine media: s3c-camif: fix return code for the polling routine media: saa7164: fix return codes for the polling routine media: exynos-gsc: fix return code if mutex was interrupted media: mt9v111: Fix build error with no VIDEO_V4L2_SUBDEV_API media: xc4000: get rid of uneeded casts media: drxj: get rid of uneeded casts media: tuner-xc2028: don't use casts for printing sizes media: cleanup fall-through comments media: vivid: shut up warnings due to a non-trivial logic media: rtl28xxu: be sure that it won't go past the array size media: mt9v111: avoid going past the buffer media: vsp1_dl: add a description for cmdpool field media: sta2x11: add a missing parameter description media: v4l2-mem2mem: add descriptions to MC fields media: i2c: fix warning in Aptina MT9V111 media: imx: shut up a false positive warning ... commit 54dbe75bbf1e189982516de179147208e90b5e45 Merge: dafa5f6577a9 557ce95051c8 Author: Linus Torvalds Date: Wed Aug 15 17:39:07 2018 -0700 Merge tag 'drm-next-2018-08-15' of git://anongit.freedesktop.org/drm/drm Pull drm updates from Dave Airlie: "This is the main drm pull request for 4.19. Rob has some new hardware support for new qualcomm hw that I'll send along separately. This has the display part of it, the remaining pull is for the acceleration engine. This also contains a wound-wait/wait-die mutex rework, Peter has acked it for merging via my tree. Otherwise mostly the usual level of activity. Summary: core: - Wound-wait/wait-die mutex rework - Add writeback connector type - Add "content type" property for HDMI - Move GEM bo to drm_framebuffer - Initial gpu scheduler documentation - GPU scheduler fixes for dying processes - Console deferred fbcon takeover support - Displayport support for CEC tunneling over AUX panel: - otm8009a panel driver fixes - Innolux TV123WAM and G070Y2-L01 panel driver - Ilitek ILI9881c panel driver - Rocktech RK070ER9427 LCD - EDT ETM0700G0EDH6 and EDT ETM0700G0BDH6 - DLC DLC0700YZG-1 - BOE HV070WSA-100 - newhaven, nhd-4.3-480272ef-atxl LCD - DataImage SCF0700C48GGU18 - Sharp LQ035Q7DB03 - p079zca: Refactor to support multiple panels tinydrm: - ILI9341 display panel New driver: - vkms - virtual kms driver to testing. i915: - Icelake: Display enablement DSI support IRQ support Powerwell support - GPU reset fixes and improvements - Full ppgtt support refactoring - PSR fixes and improvements - Execlist improvments - GuC related fixes amdgpu: - Initial amdgpu documentation - JPEG engine support on VCN - CIK uses powerplay by default - Move to using core PCIE functionality for gens/lanes - DC/Powerplay interface rework - Stutter mode support for RV - Vega12 Powerplay updates - GFXOFF fixes - GPUVM fault debugging - Vega12 GFXOFF - DC improvements - DC i2c/aux changes - UVD 7.2 fixes - Powerplay fixes for Polaris12, CZ/ST - command submission bo_list fixes amdkfd: - Raven support - Power management fixes udl: - Cleanups and fixes nouveau: - misc fixes and cleanups. msm: - DPU1 support display controller in sdm845 - GPU coredump support. vmwgfx: - Atomic modesetting validation fixes - Support for multisample surfaces armada: - Atomic modesetting support completed. exynos: - IPPv2 fixes - Move g2d to component framework - Suspend/resume support cleanups - Driver cleanups imx: - CSI configuration improvements - Driver cleanups - Use atomic suspend/resume helpers - ipu-v3 V4L2 XRGB32/XBGR32 support pl111: - Add Nomadik LCDC variant v3d: - GPU scheduler jobs management sun4i: - R40 display engine support - TCON TOP driver mediatek: - MT2712 SoC support rockchip: - vop fixes omapdrm: - Workaround for DRA7 errata i932 - Fix mm_list locking mali-dp: - Writeback implementation PM improvements - Internal error reporting debugfs tilcdc: - Single fix for deferred probing hdlcd: - Teardown fixes tda998x: - Converted to a bridge driver. etnaviv: - Misc fixes" * tag 'drm-next-2018-08-15' of git://anongit.freedesktop.org/drm/drm: (1506 commits) drm/amdgpu/sriov: give 8s for recover vram under RUNTIME drm/scheduler: fix param documentation drm/i2c: tda998x: correct PLL divider calculation drm/i2c: tda998x: get rid of private fill_modes function drm/i2c: tda998x: move mode_valid() to bridge drm/i2c: tda998x: register bridge outside of component helper drm/i2c: tda998x: cleanup from previous changes drm/i2c: tda998x: allocate tda998x_priv inside tda998x_create() drm/i2c: tda998x: convert to bridge driver drm/scheduler: fix timeout worker setup for out of order job completions drm/amd/display: display connected to dp-1 does not light up drm/amd/display: update clk for various HDMI color depths drm/amd/display: program display clock on cache match drm/amd/display: Add NULL check for enabling dp ss drm/amd/display: add vbios table check for enabling dp ss drm/amd/display: Don't share clk source between DP and HDMI drm/amd/display: Fix DP HBR2 Eye Diagram Pattern on Carrizo drm/amd/display: Use calculated disp_clk_khz value for dce110 drm/amd/display: Implement custom degamma lut on dcn drm/amd/display: Destroy aux_engines only once ... commit dafa5f6577a9eecd2941add553d1672c30b02364 Merge: 9a76aba02a37 22240df7ac6d Author: Linus Torvalds Date: Wed Aug 15 16:01:47 2018 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto updates from Herbert Xu: "API: - Fix dcache flushing crash in skcipher. - Add hash finup self-tests. - Reschedule during speed tests. Algorithms: - Remove insecure vmac and replace it with vmac64. - Add public key verification for DH/ECDH. Drivers: - Decrease priority of sha-mb on x86. - Improve NEON latency/throughput on ARM64. - Add md5/sha384/sha512/des/3des to inside-secure. - Support eip197d in inside-secure. - Only register algorithms supported by the host in virtio. - Add cts and remove incompatible cts1 from ccree. - Add hisilicon SEC security accelerator driver. - Replace msm hwrng driver with qcom pseudo rng driver. Misc: - Centralize CRC polynomials" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (121 commits) crypto: arm64/ghash-ce - implement 4-way aggregation crypto: arm64/ghash-ce - replace NEON yield check with block limit crypto: hisilicon - sec_send_request() can be static lib/mpi: remove redundant variable esign crypto: arm64/aes-ce-gcm - don't reload key schedule if avoidable crypto: arm64/aes-ce-gcm - implement 2-way aggregation crypto: arm64/aes-ce-gcm - operate on two input blocks at a time crypto: dh - make crypto_dh_encode_key() make robust crypto: dh - fix calculating encoded key size crypto: ccp - Check for NULL PSP pointer at module unload crypto: arm/chacha20 - always use vrev for 16-bit rotates crypto: ccree - allow bigger than sector XTS op crypto: ccree - zero all of request ctx before use crypto: ccree - remove cipher ivgen left overs crypto: ccree - drop useless type flag during reg crypto: ablkcipher - fix crash flushing dcache in error path crypto: blkcipher - fix crash flushing dcache in error path crypto: skcipher - fix crash flushing dcache in error path crypto: skcipher - remove unnecessary setting of walk->nbytes crypto: scatterwalk - remove scatterwalk_samebuf() ... commit 9a76aba02a37718242d7cdc294f0a3901928aa57 Merge: 0a957467c5fd 26a1ccc6c117 Author: Linus Torvalds Date: Wed Aug 15 15:04:25 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next Pull networking updates from David Miller: "Highlights: - Gustavo A. R. Silva keeps working on the implicit switch fallthru changes. - Support 802.11ax High-Efficiency wireless in cfg80211 et al, From Luca Coelho. - Re-enable ASPM in r8169, from Kai-Heng Feng. - Add virtual XFRM interfaces, which avoids all of the limitations of existing IPSEC tunnels. From Steffen Klassert. - Convert GRO over to use a hash table, so that when we have many flows active we don't traverse a long list during accumluation. - Many new self tests for routing, TC, tunnels, etc. Too many contributors to mention them all, but I'm really happy to keep seeing this stuff. - Hardware timestamping support for dpaa_eth/fsl-fman from Yangbo Lu. - Lots of cleanups and fixes in L2TP code from Guillaume Nault. - Add IPSEC offload support to netdevsim, from Shannon Nelson. - Add support for slotting with non-uniform distribution to netem packet scheduler, from Yousuk Seung. - Add UDP GSO support to mlx5e, from Boris Pismenny. - Support offloading of Team LAG in NFP, from John Hurley. - Allow to configure TX queue selection based upon RX queue, from Amritha Nambiar. - Support ethtool ring size configuration in aquantia, from Anton Mikaev. - Support DSCP and flowlabel per-transport in SCTP, from Xin Long. - Support list based batching and stack traversal of SKBs, this is very exciting work. From Edward Cree. - Busyloop optimizations in vhost_net, from Toshiaki Makita. - Introduce the ETF qdisc, which allows time based transmissions. IGB can offload this in hardware. From Vinicius Costa Gomes. - Add parameter support to devlink, from Moshe Shemesh. - Several multiplication and division optimizations for BPF JIT in nfp driver, from Jiong Wang. - Lots of prepatory work to make more of the packet scheduler layer lockless, when possible, from Vlad Buslov. - Add ACK filter and NAT awareness to sch_cake packet scheduler, from Toke Høiland-Jørgensen. - Support regions and region snapshots in devlink, from Alex Vesker. - Allow to attach XDP programs to both HW and SW at the same time on a given device, with initial support in nfp. From Jakub Kicinski. - Add TLS RX offload and support in mlx5, from Ilya Lesokhin. - Use PHYLIB in r8169 driver, from Heiner Kallweit. - All sorts of changes to support Spectrum 2 in mlxsw driver, from Ido Schimmel. - PTP support in mv88e6xxx DSA driver, from Andrew Lunn. - Make TCP_USER_TIMEOUT socket option more accurate, from Jon Maxwell. - Support for templates in packet scheduler classifier, from Jiri Pirko. - IPV6 support in RDS, from Ka-Cheong Poon. - Native tproxy support in nf_tables, from Máté Eckl. - Maintain IP fragment queue in an rbtree, but optimize properly for in-order frags. From Peter Oskolkov. - Improvde handling of ACKs on hole repairs, from Yuchung Cheng" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1996 commits) bpf: test: fix spelling mistake "REUSEEPORT" -> "REUSEPORT" hv/netvsc: Fix NULL dereference at single queue mode fallback net: filter: mark expected switch fall-through xen-netfront: fix warn message as irq device name has '/' cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 net: dsa: mv88e6xxx: missing unlock on error path rds: fix building with IPV6=m inet/connection_sock: prefer _THIS_IP_ to current_text_addr net: dsa: mv88e6xxx: bitwise vs logical bug net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() ieee802154: hwsim: using right kind of iteration net: hns3: Add vlan filter setting by ethtool command -K net: hns3: Set tx ring' tc info when netdev is up net: hns3: Remove tx ring BD len register in hns3_enet net: hns3: Fix desc num set to default when setting channel net: hns3: Fix for phy link issue when using marvell phy driver net: hns3: Fix for information of phydev lost problem when down/up net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero net: hns3: Add support for serdes loopback selftest bnxt_en: take coredump_record structure off stack ... commit a1ceeca679dccc492235f0f629d9e9f7b3d51ca8 Author: Gal Pressman Date: Thu Aug 9 22:00:47 2018 +0300 RDMA/hns: Fix usage of bitmap allocation functions return values hns bitmap allocation functions return 0 on success and -1 on failure. Callers of these functions wrongly used their return value as an errno, fix that by making a proper conversion. Fixes: a598c6f4c5a8 ("IB/hns: Simplify function of pd alloc and qp alloc") Signed-off-by: Gal Pressman Acked-by: Lijun Ou Signed-off-by: Jason Gunthorpe commit 0a957467c5fd46142bc9c52758ffc552d4c5e2f7 Author: Guenter Roeck Date: Wed Aug 15 13:22:27 2018 -0700 x86: i8259: Add missing include file i8259.h uses inb/outb and thus needs to include asm/io.h to avoid the following build error, as seen with x86_64:defconfig and CONFIG_SMP=n. In file included from drivers/rtc/rtc-cmos.c:45:0: arch/x86/include/asm/i8259.h: In function 'inb_pic': arch/x86/include/asm/i8259.h:32:24: error: implicit declaration of function 'inb' arch/x86/include/asm/i8259.h: In function 'outb_pic': arch/x86/include/asm/i8259.h:45:2: error: implicit declaration of function 'outb' Reported-by: Sebastian Gottschall Suggested-by: Sebastian Gottschall Fixes: 447ae3166702 ("x86: Don't include linux/irq.h from asm/hardirq.h") Signed-off-by: Guenter Roeck Signed-off-by: Linus Torvalds commit 4795ac626a2fe5ce99ff788080ace343faf4c886 Merge: 6209c285e7a5 7590ebb8b456 Author: Rodrigo Vivi Date: Wed Aug 15 13:42:31 2018 -0700 Merge tag 'gvt-next-fixes-2018-08-14' of https://github.com/intel/gvt-linux into drm-intel-next-fixes gvt-next-fixes-2018-08-14 - Fix an error code in gvt_dma_map_page() (Dan) - Fix off by one error in intel_vgpu_write_fence() (Dan) - Fix potential Spectre v1 (Gustavo) - Fix workload free in vgpu release (Henry) - Fix cleanup sequence in intel_gvt_clean_device (Henry) - dmabuf mutex init place fix (Henry) - possible memory leak in intel_vgpu_ioctl() err path (Yi) - return error on cmd access check failure (Yan) Signed-off-by: Rodrigo Vivi From: Zhenyu Wang Link: https://patchwork.freedesktop.org/patch/msgid/20180814073140.GJ22630@zhen-hp.sh.intel.com commit 6209c285e7a5e68dbcdf8fd2456c6dd68433806b Author: Jani Nikula Date: Tue Aug 14 09:00:01 2018 +0300 drm/i915: set DP Main Stream Attribute for color range on DDI platforms Since Haswell we have no color range indication either in the pipe or port registers for DP. Instead, there's a separate register for setting the DP Main Stream Attributes (MSA) directly. The MSA register definition makes no references to colorimetry, just a vague reference to the DP spec. The connection to the color range was lost. Apparently we've failed to set the proper MSA bit for limited, or CEA, range ever since the first DDI platforms. We've started setting other MSA parameters since commit dae847991a43 ("drm/i915: add intel_ddi_set_pipe_settings"). Without the crucial bit of information, the DP sink has no way of knowing the source is actually transmitting limited range RGB, leading to "washed out" colors. With the colorimetry information, compliant sinks should be able to handle the limited range properly. Native (i.e. non-LSPCON) HDMI was not affected because we do pass the color range via AVI infoframes. Though not the root cause, the problem was made worse for DDI platforms with commit 55bc60db5988 ("drm/i915: Add "Automatic" mode for the "Broadcast RGB" property"), which selects limited range RGB automatically based on the mode, as per the DP, HDMI and CEA specs. After all these years, the fix boils down to flipping one bit. [Per testing reports, this fixes DP sinks, but not the LSPCON. My educated guess is that the LSPCON fails to turn the CEA range MSA into AVI infoframes for HDMI.] Reported-by: Michał Kopeć Reported-by: N. W. Reported-by: Nicholas Stommel Reported-by: Tom Yan Tested-by: Nicholas Stommel References: https://bugs.freedesktop.org/show_bug.cgi?id=100023 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107476 Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=94921 Cc: Paulo Zanoni Cc: Rodrigo Vivi Cc: Ville Syrjälä Cc: # v3.9+ Reviewed-by: Rodrigo Vivi Signed-off-by: Jani Nikula Link: https://patchwork.freedesktop.org/patch/msgid/20180814060001.18224-1-jani.nikula@intel.com (cherry picked from commit dc5977da99ea28094b8fa4e9bacbd29bedc41de5) Signed-off-by: Rodrigo Vivi commit 3012ea60c57dbdf21206c7e787d6d0cde76a18a7 Author: Chris Wilson Date: Thu Aug 9 07:34:49 2018 +0100 drm/i915/selftests: Hold rpm for unparking The call to i915_gem_unpark() checks that we hold a rpm wakeref before taking a long term wakeref for i915->gt.awake. We should therefore make sure we do hold the wakeref when directly calling unpark to disable the retire worker. Fixes: 932cac10c8fb ("drm/i915/selftests: Prevent background reaping of active objects") Signed-off-by: Chris Wilson Cc: Mika Kuoppala Cc: Matthew Auld Reviewed-by: Mika Kuoppala Link: https://patchwork.freedesktop.org/patch/msgid/20180809063449.4474-1-chris@chris-wilson.co.uk (cherry picked from commit 7b5ee80a5da3ea44c5abff48e3621135ae9d8177) Signed-off-by: Rodrigo Vivi commit 3af71f649d22f359790b4032446456a967a81742 Author: Chris Wilson Date: Wed Aug 8 22:08:42 2018 +0100 drm/i915: Restore user forcewake domains across suspend On suspend, we cancel the automatic forcewake and clear all other sources of forcewake so the machine can sleep before we do suspend. However, we expose the forcewake to userspace (only via debugfs, but nevertheless we do) and want to restore that upon resume or else our accounting will be off and we may not acquire the forcewake before we use it. So record which domains we cleared on suspend and reacquire them early on resume. v2: Hold the spinlock to appease our sanitychecks v3: s/fw_domains_user/fw_domains_saved/ to convey intent more clearly Reported-by: Imre Deak Fixes: b8473050805f ("drm/i915: Fix forcewake active domain tracking") Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Cc: Mika Kuoppala Cc: Imre Deak Reviewed-by: Imre Deak Reviewed-by: Tvrtko Ursulin Link: https://patchwork.freedesktop.org/patch/msgid/20180808210842.3555-1-chris@chris-wilson.co.uk (cherry picked from commit d60996ab430c8a6033a0944c068edc5ec5becb9b) Signed-off-by: Rodrigo Vivi commit 341a15bb91d478c33d97b3b452a55181e5db6ea6 Author: Chris Wilson Date: Wed Aug 8 11:51:00 2018 +0100 drm/i915: Unmask user interrupts writes into HWSP on snb/ivb/vlv/hsw An oddity occurs on Sandybridge, Ivybridge and Haswell (and presumably Valleyview) in that for the period following the GPU restart after a reset, there are no GT interrupts received. From Ville's notes, bit 0 in the HWSTAM corresponds to the render interrupt, and if we unmask it we do see immediate resumption of GT interrupt delivery (via the master irq handler) after the reset. v2: Limit the w/a to the render interrupt from rcs Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107500 Fixes: c5498089463b ("drm/i915: Mask everything in ring HWSTAM on gen6+ in ringbuffer mode") References: d420a50c21ef ("drm/i915: Clean up the HWSTAM mess") Testcase: igt/gem_eio/reset-stress Signed-off-by: Chris Wilson Cc: Ville Syrjälä Acked-by: Mika Kuoppala Link: https://patchwork.freedesktop.org/patch/msgid/20180808105101.913-2-chris@chris-wilson.co.uk (cherry picked from commit a4a717010f4e8cacaa3f0cae8a22f25c39ae1d41) Signed-off-by: Rodrigo Vivi commit fa1b5d09d0771247d407df89228b3902de8e2ce6 Merge: 01f0e5cdedea 59e0b520c75c Author: Linus Torvalds Date: Wed Aug 15 13:05:12 2018 -0700 Merge tag 'kconfig-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kconfig consolidation from Masahiro Yamada: "Consolidation of Kconfig files by Christoph Hellwig. Move the source statements of arch-independent Kconfig files instead of duplicating the includes in every arch/$(SRCARCH)/Kconfig" * tag 'kconfig-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kconfig: add a Memory Management options" menu kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt kconfig: use a menu in arch/Kconfig to reduce clutter kconfig: include kernel/Kconfig.preempt from init/Kconfig Kconfig: consolidate the "Kernel hacking" menu kconfig: include common Kconfig files from top-level Kconfig kconfig: remove duplicate SWAP symbol defintions um: create a proper drivers Kconfig um: cleanup Kconfig files um: stop abusing KBUILD_KCONFIG commit fa687fb9ced47b97bd22297366e788dac1927dd7 Merge: 323fc7509a2a a7f58b9ecfd3 Author: Bjorn Helgaas Date: Wed Aug 15 14:59:16 2018 -0500 Merge branch 'remotes/lorenzo/pci/vmd' - Whitelist VMD devices with fast interrupt handlers to avoid sharing vectors with slow handlers (Keith Busch) * remotes/lorenzo/pci/vmd: PCI: vmd: White list for fast interrupt handlers commit 323fc7509a2a752207924dee9866a1b4f2838db4 Merge: 732c47019de9 f23d0d449c16 Author: Bjorn Helgaas Date: Wed Aug 15 14:59:15 2018 -0500 Merge branch 'remotes/lorenzo/pci/mvebu' - Fix mvebu I/O space remapping issues (Thomas Petazzoni) - Use generic pci_host_bridge in mvebu instead of ARM-specific API (Thomas Petazzoni) * remotes/lorenzo/pci/mvebu: PCI: mvebu: Drop bogus comment above mvebu_pcie_map_registers() PCI: mvebu: Convert to use pci_host_bridge directly PCI: mvebu: Use resource_size() to remap I/O space PCI: mvebu: Only remap I/O space if configured PCI: mvebu: Fix I/O space end address calculation PCI: mvebu: Remove redundant platform_set_drvdata() call commit 732c47019de9033a68ba50175b469c9cd105df73 Merge: 0ea77d2b209a 6f2c73c124b1 Author: Bjorn Helgaas Date: Wed Aug 15 14:59:14 2018 -0500 Merge branch 'remotes/lorenzo/pci/mobiveil' - Fix mobiveil iomem/phys_addr_t type usage (Lorenzo Pieralisi) - Fix mobiveil missing include file (Lorenzo Pieralisi) - Add mobiveil Kconfig/Makefile support (Lorenzo Pieralisi) * remotes/lorenzo/pci/mobiveil: PCI: mobiveil: Add Kconfig/Makefile entries PCI: mobiveil: Add missing ../pci.h include PCI: mobiveil: Fix struct mobiveil_pcie.pcie_reg_base address type PCI: mobiveil: Integer overflow in IB_WIN_SIZE commit 0ea77d2b209ac50cb15388cf0824c95e6763ed31 Merge: 1974704eadb2 0043d4ae812e Author: Bjorn Helgaas Date: Wed Aug 15 14:59:13 2018 -0500 Merge branch 'remotes/lorenzo/pci/iproc' - Add more devices to Broadcom PAXC quirk (Ray Jui) - Work around corrupted Broadcom PAXC config space to enable SMMU and GICv3 ITS (Ray Jui) - Disable MSI parsing to work around broken Broadcom PAXC logic in some devices (Ray Jui) - Hide unconfigured functions to work around a Broadcom PAXC defect (Ray Jui) - Lower iproc log level to reduce console output during boot (Ray Jui) * remotes/lorenzo/pci/iproc: PCI: iproc: Reduce inbound/outbound mapping print level PCI: iproc: Reject unconfigured physical functions from PAXC PCI: iproc: Disable MSI parsing in certain PAXC blocks PCI: iproc: Fix up corrupted PAXC root complex config registers PCI: iproc: Activate PAXC bridge quirk for more devices commit 1974704eadb221f0e827e05989fe569ec7049a71 Merge: 0c38011aba35 7403bd14d7b5 Author: Bjorn Helgaas Date: Wed Aug 15 14:59:12 2018 -0500 Merge branch 'remotes/lorenzo/pci/hv' - Remove unnecessary GFP_ATOMIC from Hyper-V "new child" allocation (Jia-Ju Bai) * remotes/lorenzo/pci/hv: PCI: hv: Replace GFP_ATOMIC with GFP_KERNEL in new_pcichild_device() commit 0c38011aba35b2cdca263c0ba4d28e2e727b5acb Merge: 37f0e311bca6 15c972dfb395 Author: Bjorn Helgaas Date: Wed Aug 15 14:59:11 2018 -0500 Merge branch 'remotes/lorenzo/pci/dwc' - Add Kirin MSI support (Xiaowei Song) - Drop unnecessary root_bus_nr setting from exynos, imx6, keystone, armada8k, artpec6, designware-plat, histb, qcom, spear13xx (Shawn Guo) - Move link notification settings from DesignWare core to individual drivers (Gustavo Pimentel) - Add endpoint library MSI-X interfaces (Gustavo Pimentel) - Correct signature of endpoint library IRQ interfaces (Gustavo Pimentel) - Add DesignWare endpoint library MSI-X callbacks (Gustavo Pimentel) - Add endpoint library MSI-X test support (Gustavo Pimentel) * remotes/lorenzo/pci/dwc: PCI: endpoint: Add MSI set maximum restriction tools: PCI: Add MSI-X support pci_endpoint_test: Add 2 ioctl commands pci-epf-test/pci_endpoint_test: Add MSI-X support pci-epf-test/pci_endpoint_test: Use irq_type module parameter pci-epf-test/pci_endpoint_test: Cleanup PCI_ENDPOINT_TEST memspace PCI: dwc: Add legacy interrupt callback handler PCI: dwc: Rework MSI callbacks handler PCI: dwc: Add MSI-X callbacks handler PCI: Update xxx_pcie_ep_raise_irq() and pci_epc_raise_irq() signatures PCI: endpoint: Add MSI-X interfaces PCI: dwc: Fix EP link notification implementation PCI: spear13xx: Drop unnecessary root_bus_nr setting PCI: qcom: Drop unnecessary root_bus_nr setting PCI: histb: Drop unnecessary root_bus_nr setting PCI: designware-plat: Drop unnecessary root_bus_nr setting PCI: artpec6: Drop unnecessary root_bus_nr setting PCI: armada8k: Drop unnecessary root_bus_nr setting PCI: keystone: Drop unnecessary root_bus_nr setting PCI: imx6: Drop unnecessary root_bus_nr setting PCI: exynos: Drop unnecessary root_bus_nr setting PCI: kirin: Add MSI support commit 37f0e311bca66e9fe74703887c9bb4965914cabf Merge: ce342a1aa8c6 eb1e39f784e8 Author: Bjorn Helgaas Date: Wed Aug 15 14:59:10 2018 -0500 Merge branch 'remotes/lorenzo/pci/cadence' - Correct the Cadence cdns_pcie_writel() signature (Alan Douglas) - Add Cadence support for optional generic PHYs (Alan Douglas) - Add Cadence power management ops (Alan Douglas) - Remove redundant variable from Cadence driver (Colin Ian King) * remotes/lorenzo/pci/cadence: PCI: pcie-cadence-ep: Remove redundant variable mmc PCI: cadence: Add shutdown callback to host driver PCI: cadence: Add Power Management ops for host and EP dt-bindings: PCI: cadence: Add DT bindings for optional PHYs PCI: cadence: Add generic PHY support to host and EP drivers PCI: cadence: Update cdns_pcie_writel() function signature commit ce342a1aa8c61fe3315b782f6cf4f34d5babce13 Merge: 0d56768651fc c8e144f8ab00 Author: Bjorn Helgaas Date: Wed Aug 15 14:59:09 2018 -0500 Merge branch 'remotes/lorenzo/pci/aardvark' - Remove Aardvark outbound window configuration (Evan Wang) - Fix Aardvark bridge window sizing issue (Zachary Zhang) - Convert Aardvark to use pci_host_probe() to reduce code duplication (Thomas Petazzoni) * remotes/lorenzo/pci/aardvark: PCI: aardvark: Convert to use pci_host_probe() PCI: aardvark: Size bridges before resources allocation PCI: aardvark: Remove PCIe outbound window configuration PCI: aardvark: Introduce an advk_pcie_valid_device() helper # Conflicts: # drivers/pci/controller/pci-aardvark.c commit 0d56768651fc63691552ea59abc4b2ad07a74241 Merge: 3a48dc6fc260 34dbc9c6584d Author: Bjorn Helgaas Date: Wed Aug 15 14:59:07 2018 -0500 Merge branch 'remotes/lorenzo/pci/controller/misc' - Remove Xilinx AXI-PCIe host bridge arch dependency (Palmer Dabbelt) * remotes/lorenzo/pci/controller/misc: PCI/xilinx: Depend on OF instead of the ARCH commit 3a48dc6fc260c9cac302a9ffaeab95359431c485 Merge: e7aaf90f9d9d 7695e73f3db4 Author: Bjorn Helgaas Date: Wed Aug 15 14:59:06 2018 -0500 Merge branch 'pci/virtualization' - To avoid bus errors, enable PASID only if entire path supports End-End TLP prefixes (Sinan Kaya) - Unify slot and bus reset functions and remove hotplug knowledge from callers (Sinan Kaya) - Add Function-Level Reset quirks for Intel and Samsung NVMe devices to fix guest reboot issues (Alex Williamson) - Add function 1 DMA alias quirk for Marvell 88SS9183 PCIe SSD Controller (Bjorn Helgaas) * pci/virtualization: PCI: Add function 1 DMA alias quirk for Marvell 88SS9183 PCI: Delay after FLR of Intel DC P3700 NVMe PCI: Disable Samsung SM961/PM961 NVMe before FLR PCI: Export pcie_has_flr() PCI: Rename pci_try_reset_bus() to pci_reset_bus() PCI: Deprecate pci_reset_bus() and pci_reset_slot() functions PCI: Unify try slot and bus reset API PCI: Hide pci_reset_bridge_secondary_bus() from drivers IB/hfi1: Use pci_try_reset_bus() for initiating PCI Secondary Bus Reset PCI: Handle error return from pci_reset_bridge_secondary_bus() PCI/IOV: Tidy pci_sriov_set_totalvfs() PCI: Enable PASID only if entire path supports End-End TLP prefixes # Conflicts: # drivers/pci/hotplug/pciehp_hpc.c commit e7aaf90f9d9dbbba54f67c653a1c56c2bf117268 Merge: 5fc054a54476 f778a0d26fe3 Author: Bjorn Helgaas Date: Wed Aug 15 14:59:03 2018 -0500 Merge branch 'pci/switchtec' - Add DMA alias quirk for Microsemi Switchtec NTB (Doug Meyer) - Expand documentation for pci_add_dma_alias() (Logan Gunthorpe) * pci/switchtec: PCI: Expand documentation for pci_add_dma_alias() PCI: Add DMA alias quirk for Microsemi Switchtec NTB switchtec: Use generic PCI Vendor ID and Class Code # Conflicts: # drivers/pci/quirks.c commit 5fc054a54476f9e2b3d6cc3eeb1537aa549d0ba3 Merge: c689209be231 783e84961b1d Author: Bjorn Helgaas Date: Wed Aug 15 14:59:01 2018 -0500 Merge branch 'pci/resource' - Clean up devm_of_pci_get_host_bridge_resources() resource allocation (Jan Kiszka) - Fixup resizable BARs after suspend/resume (Christian König) - Make "pci=earlydump" generic (Sinan Kaya) - Fix ROM BAR access routines to stay in bounds and check for signature correctly (Rex Zhu) * pci/resource: PCI: Make pci_get_rom_size() static PCI: Add check code for last image indicator not set PCI: Avoid accessing memory outside the ROM BAR PCI: Make early dump functionality generic PCI: Cleanup PCI_REBAR_CTRL_BAR_SHIFT handling PCI: Restore resized BAR state on resume PCI: Clean up resource allocation in devm_of_pci_get_host_bridge_resources() # Conflicts: # Documentation/admin-guide/kernel-parameters.txt commit c689209be23166b340c224df8ecd5deea163da56 Merge: eadf3d320943 10dbc9fedcf1 Author: Bjorn Helgaas Date: Wed Aug 15 14:58:58 2018 -0500 Merge branch 'pci/peer-to-peer' - Add "pci=disable_acs_redir=" parameter to disable ACS redirection for peer-to-peer DMA support (we don't have the peer-to-peer support yet; this is just one piece) (Logan Gunthorpe) * pci/peer-to-peer: PCI: Add ACS Redirect disable quirk for Intel Sunrise Point PCI: Add device-specific ACS Redirect disable infrastructure PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE PCI: Add "pci=disable_acs_redir=" parameter for peer-to-peer support PCI: Allow specifying devices using a base bus and path of devfns PCI: Make specifying PCI devices in kernel parameters reusable PCI: Hide ACS quirk declarations inside PCI core commit eadf3d3209435faa500a8e39ff6181c41ecea29d Merge: 11c1a8e1f4fb 39a212ad15f3 Author: Bjorn Helgaas Date: Wed Aug 15 14:58:57 2018 -0500 Merge branch 'pci/notes' - Document ACPI description of PCI host bridges (Bjorn Helgaas) * pci/notes: PCI: Document ACPI description of PCI host bridges commit 11c1a8e1f4fb697c3d504b1951f476e2e0b3c076 Merge: a40f72db8a37 923aa4c378f9 Author: Bjorn Helgaas Date: Wed Aug 15 14:58:56 2018 -0500 Merge branch 'pci/msi' - Set IRQCHIP_ONESHOT_SAFE for PCI MSI irqchips (Heiner Kallweit) * pci/msi: PCI/MSI: Set IRQCHIP_ONESHOT_SAFE for PCI-MSI irqchips commit a40f72db8a3770ea135f4f48a007256fd1519549 Merge: c0638a455382 2538fb89b8f4 Author: Bjorn Helgaas Date: Wed Aug 15 14:58:54 2018 -0500 Merge branch 'pci/misc' - Mark fall-through switch cases before enabling -Wimplicit-fallthrough (Gustavo A. R. Silva) - Move DMA-debug PCI init from arch code to PCI core (Christoph Hellwig) - Fix pci_request_irq() usage of IRQF_ONESHOT when no handler is supplied (Heiner Kallweit) - Unify PCI and DMA direction #defines (Shunyong Yang) - Add PCI_DEVICE_DATA() macro (Andy Shevchenko) - Check for VPD completion before checking for timeout (Bert Kenward) - Limit Netronome NFP5000 config space size to work around erratum (Jakub Kicinski) * pci/misc: PCI: Limit config space size for Netronome NFP5000 PCI/VPD: Check for VPD access completion before checking for timeout PCI: Add PCI_DEVICE_DATA() macro to fully describe device ID entry PCI: Unify PCI and normal DMA direction definitions PCI: Use IRQF_ONESHOT if pci_request_irq() called with no handler PCI: Call dma_debug_add_bus() for pci_bus_type from PCI core PCI: Mark fall-through switch cases before enabling -Wimplicit-fallthrough # Conflicts: # drivers/pci/hotplug/pciehp_ctrl.c commit c0638a455382e01e42bf66d8d41e4b703f1550a5 Merge: a8bcb5e5966c 4e6a13356f1c Author: Bjorn Helgaas Date: Wed Aug 15 14:58:52 2018 -0500 Merge branch 'pci/hotplug' - Simplify SHPC existence/permission checks (Bjorn Helgaas) - Remove hotplug sample skeleton driver (Lukas Wunner) - Convert pciehp to threaded IRQ handling (Lukas Wunner) - Improve pciehp tolerance of missed events and initially unstable links (Lukas Wunner) - Clear spurious pciehp events on resume (Lukas Wunner) - Add pciehp runtime PM support, including for Thunderbolt controllers (Lukas Wunner) - Support interrupts from pciehp bridges in D3hot (Lukas Wunner) * pci/hotplug: PCI: pciehp: Deduplicate presence check on probe & resume PCI: pciehp: Avoid implicit fallthroughs in switch statements PCI: Whitelist Thunderbolt ports for runtime D3 PCI: Whitelist native hotplug ports for runtime D3 PCI: sysfs: Resume to D0 on function reset PCI: pciehp: Resume parent to D0 on config space access PCI: pciehp: Resume to D0 on enable/disable PCI: pciehp: Support interrupts sent from D3hot PCI: pciehp: Obey compulsory command delay after resume PCI: pciehp: Clear spurious events earlier on resume PCI: portdrv: Deduplicate PM callback iterator PCI: pciehp: Avoid slot access during reset PCI: pciehp: Always enable occupied slot on probe PCI: pciehp: Become resilient to missed events PCI: pciehp: Tolerate initially unstable link PCI: pciehp: Declare pciehp_enable/disable_slot() static PCI: pciehp: Drop enable/disable lock PCI: pciehp: Enable/disable exclusively from IRQ thread PCI: pciehp: Track enable/disable status PCI: pciehp: Publish to user space last on probe PCI: hotplug: Demidlayer registration with the core PCI: pciehp: Drop slot workqueue PCI: pciehp: Handle events synchronously PCI: pciehp: Stop blinking on slot enable failure PCI: pciehp: Convert to threaded polling PCI: pciehp: Convert to threaded IRQ PCI: pciehp: Document struct slot and struct controller PCI: pciehp: Declare pciehp_unconfigure_device() void PCI: pciehp: Drop unnecessary NULL pointer check PCI: pciehp: Fix unprotected list iteration in IRQ handler PCI: pciehp: Fix use-after-free on unplug PCI: hotplug: Don't leak pci_slot on registration failure PCI: hotplug: Delete skeleton driver PCI: shpchp: Separate existence of SHPC and permission to use it commit a8bcb5e5966ccbd99a6d06cf69ada7f95416aabc Merge: 1ca358a8e3ff 9f0e89359775 Author: Bjorn Helgaas Date: Wed Aug 15 14:58:52 2018 -0500 Merge branch 'pci/enumeration' - Work around IDT switch ACS Source Validation erratum (James Puthukattukaran) - Emit diagnostics for all cases of PCIe Link downtraining (Links operating slower than they're capable of) (Alexandru Gagniuc) - Skip VFs when configuring Max Payload Size (Myron Stowe) - Reduce Root Port Max Payload Size if necessary when hot-adding a device below it (Myron Stowe) * pci/enumeration: PCI: Match Root Port's MPS to endpoint's MPSS as necessary PCI: Skip MPS logic for Virtual Functions (VFs) PCI: Check for PCIe Link downtraining PCI: Workaround IDT switch ACS Source Validation erratum commit 1ca358a8e3ffa123a2e655b1b3569f7868597c59 Merge: 187dacce1942 e77b8216a2f9 Author: Bjorn Helgaas Date: Wed Aug 15 14:58:51 2018 -0500 Merge branch 'pci/dpc' - Defer DPC event handling to work queue (Keith Busch) - Use threaded IRQ for DPC bottom half (Keith Busch) - Print AER status while handling DPC events (Keith Busch) * pci/dpc: PCI/DPC: Remove indirection waiting for inactive link PCI/DPC: Use threaded IRQ for bottom half handling PCI/DPC: Print AER status in DPC event handling PCI/DPC: Remove rp_pio_status from dpc struct PCI/DPC: Defer event handling to work queue PCI/DPC: Leave interrupts enabled while handling event commit 187dacce194216c4d86c2afd0ca490a6d7fbb981 Merge: 3c3ab37f4c03 ce29af2a5056 Author: Bjorn Helgaas Date: Wed Aug 15 14:58:46 2018 -0500 Merge branch 'pci/aspm' - Use sysfs_match_string() to simplify ASPM sysfs parsing (Andy Shevchenko) - Remove unnecessary includes of (Bjorn Helgaas) * pci/aspm: PCI: Remove unnecessary include of iwlwifi: Remove unnecessary include of ath9k: Remove unnecessary include of igb: Remove unnecessary include of PCI/ASPM: Convert to use sysfs_match_string() helper commit 3c3ab37f4c03dc9c7c917ff3c1e71d6da81d3bd3 Merge: af863d18a1fb 45687f96c112 Author: Bjorn Helgaas Date: Wed Aug 15 14:58:45 2018 -0500 Merge branch 'pci/aer' - Decode AER errors with names similar to "lspci" (Tyler Baicar) - Expose AER statistics in sysfs (Rajat Jain) - Clear AER status bits selectively based on the type of recovery (Oza Pawandeep) - Honor "pcie_ports=native" even if HEST sets FIRMWARE_FIRST (Alexandru Gagniuc) - Don't clear AER status bits if we're using the "Firmware-First" strategy where firmware owns the registers (Alexandru Gagniuc) * pci/aer: PCI/AER: Don't clear AER bits if error handling is Firmware-First PCI/AER: Remove duplicate PCI_EXP_AER_FLAGS definition PCI/portdrv: Remove pcie_portdrv_err_handler.slot_reset PCI/AER: Clear device status bits during ERR_COR handling PCI/AER: Clear device status bits during ERR_FATAL and ERR_NONFATAL PCI/AER: Remove ERR_FATAL code from ERR_NONFATAL path PCI/AER: Factor out ERR_NONFATAL status bit clearing PCI/AER: Clear only ERR_NONFATAL bits during non-fatal recovery PCI/AER: Clear only ERR_FATAL status bits during fatal recovery PCI/AER: Honor "pcie_ports=native" even if HEST sets FIRMWARE_FIRST PCI/AER: Add sysfs attributes for rootport cumulative stats PCI/AER: Add sysfs attributes to provide AER stats and breakdown PCI/AER: Define aer_stats structure for AER capable devices PCI/AER: Move internal declarations to drivers/pci/pci.h PCI/AER: Adopt lspci names for AER error decoding PCI/AER: Expose internal API for obtaining AER information # Conflicts: # drivers/pci/pci.h commit af863d18a1fbedd164366d0f3d4946d9cc3edc46 Merge: ce397d215ccd 44bda4b7d26e Author: Bjorn Helgaas Date: Wed Aug 15 14:58:43 2018 -0500 Merge branch 'for-linus' * for-linus: PCI: Fix is_added/is_busmaster race condition PCI: mobiveil: Avoid integer overflow in IB_WIN_SIZE PCI/AER: Work around use-after-free in pcie_do_fatal_recovery() PCI: v3-semi: Fix I/O space page leak PCI: mediatek: Fix I/O space page leak PCI: faraday: Fix I/O space page leak PCI: aardvark: Fix I/O space page leak PCI: designware: Fix I/O space page leak PCI: versatile: Fix I/O space page leak PCI: xgene: Fix I/O space page leak PCI: OF: Fix I/O space page leak PCI: endpoint: Fix NULL pointer dereference error when CONFIGFS is disabled PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg() nfp: stop limiting VFs to 0 PCI/IOV: Reset total_VFs limit after detaching PF driver PCI: faraday: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() PCI: xilinx: Add missing of_node_put() PCI: endpoint: Use after free in pci_epf_unregister_driver() PCI: controller: dwc: Do not let PCIE_DW_PLAT_HOST default to yes PCI: rcar: Clean up PHY init on failure PCI: rcar: Shut the PHY down in failpath PCI: controller: Move PCI_DOMAINS selection to arch Kconfig PCI: Initialize endpoint library before controllers PCI: shpchp: Manage SHPC unconditionally on non-ACPI systems commit 01f0e5cdedea448ea48eaddc1366593126b0fe98 Merge: e026bcc56107 1880861226c1 Author: Linus Torvalds Date: Wed Aug 15 12:50:10 2018 -0700 Merge tag 'kconfig-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kconfig updates from Masahiro Yamada: - show clearer error messages where pkg-config is needed, but not installed - rename SYMBOL_AUTO to SYMBOL_NO_WRITE to reflect its semantics - create all necessary directories by Kconfig tool itself instead of Makefile - update the .config unconditionally when syncconfig is invoked - use 'include' directive instead of '-include' where include/config/{auto,tristate}.conf is mandatory - do not try to update the .config when running install targets - add .DELETE_ON_ERROR to delete partially updated files - misc cleanups and fixes * tag 'kconfig-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kconfig: remove P_ENV property type kconfig: remove unused sym_get_env_prop() function kconfig: fix the rule of mainmenu_stmt symbol init/Kconfig: Use short unix-style option instead of --longname Kbuild: Makefile.modbuiltin: include auto.conf and tristate.conf mandatory kbuild: remove auto.conf from prerequisite of phony targets kbuild: do not update config for 'make kernelrelease' kbuild: do not update config when running install targets kbuild: add .DELETE_ON_ERROR special target kbuild: use 'include' directive to load auto.conf from top Makefile kconfig: allow all config targets to write auto.conf if missing kconfig: make syncconfig update .config regardless of sym_change_count kconfig: create directories needed for syncconfig by itself kconfig: remove unneeded directory generation from local*config kconfig: split out useful helpers in confdata.c kconfig: rename file_write_dep and move it to confdata.c kconfig: fix typos in description of "choice" in kconfig-language.txt kconfig: handle format string before calling conf_message_callback() kconfig: rename SYMBOL_AUTO to SYMBOL_NO_WRITE kconfig: check for pkg-config on make {menu,n,g,x}config commit 45687f96c112adda2f1d1f05b977661eb00d5a1c Author: Alexandru Gagniuc Date: Tue Jul 17 10:31:23 2018 -0500 PCI/AER: Don't clear AER bits if error handling is Firmware-First If the platform requests Firmware-First error handling, firmware is responsible for reading and clearing AER status bits. If OSPM also clears them, we may miss errors. See ACPI v6.2, sec 18.3.2.5 and 18.4. This race is mostly of theoretical significance, as it is not easy to reasonably demonstrate it in testing. Signed-off-by: Alexandru Gagniuc [bhelgaas: add similar guards to pci_cleanup_aer_uncorrect_error_status() and pci_aer_clear_fatal_status()] Signed-off-by: Bjorn Helgaas commit dd81b2c8a3339c813568d07091fcd0d97dd0cf41 Author: Parav Pandit Date: Tue Aug 14 10:36:21 2018 +0300 IB/core: Change filter function return type from int to bool Filter functions returns either 0 or 1, therefore better change their return type from int to bool to reflect the same. Additionally some filter functions have suffix of _filter some doesn't. Make all filter function consistent to have __filter suffix to improve code readability. Signed-off-by: Parav Pandit Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit d12e2eed2743856b4493aeda4f6ed1bb0fa47e57 Author: Parav Pandit Date: Tue Aug 14 10:36:20 2018 +0300 IB/core: Update GID entries for netdevice whose mac address changes Update all GID table entries of the netdevice whose MAC address changed. Signed-off-by: Parav Pandit Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 464b79b45aede2859eb46ae91786f0266868602b Author: Parav Pandit Date: Tue Aug 14 10:36:19 2018 +0300 IB/core: Add default GIDs of the bond master netdev Currently following issues exist: 1. Default GIDs of the lower (slave) netdevice if the bond netdevice is added. Rather default GID should be of bond master netdevice. 2. Due to this, when failover event occurs FAILOVER event handler attempts to delete the GID of the upper device and tries to add the default GID of the lower device. This is incorrect behavior. To have simple and correct code: (a) Split default GIDs addition out of add_netdev_ips(). This allows easier removal in future if RoCE default GIDs are removed. (b) Add default GIDs of the bond master device by using right filter and callback function. (c) Remove unused function enum_netdev_default_gids(). Signed-off-by: Parav Pandit Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit a03d4d2775c7f654bcea8a9f8f49f724fd4fa810 Author: Parav Pandit Date: Tue Aug 14 10:36:18 2018 +0300 IB/core: Consider adding default GIDs of bond device Now that we correctly delete the default GIDs of lower devices during CHANGEUPPER event, add default GIDs of the bonding master device. Signed-off-by: Parav Pandit Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 408f1242d940773e9e97a544803b0dcf28b70d17 Author: Parav Pandit Date: Tue Aug 14 10:36:17 2018 +0300 IB/core: Delete lower netdevice default GID entries in bonding scenario When NETDEV_CHANGEUPPER event occurs, lower device is not yet established as slave of the master, and when upper device is bond device, default GID entries not deleted. Due to this, when bond device is fully configured, default GID entries of bond device cannot be added as default GID entries are occupied by the lower netdevice. This is incorrect. Default GID entries should really be of bond netdevice because in all RoCE GIDs (default or IP), MAC address of the bond device will be used. It is confusing to have default GID of netdevice which is not really used for any purpose. Therefore, as first step, implement (a) filter function which filters if a CHANGEUPPER event netdevice and associated upper device is master device or not. (b) callback function which deletes the default GIDs of lower (event netdevice). Signed-off-by: Parav Pandit Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit e026bcc561071c9895c73058b9cc6823defb7be6 Merge: 7c7b562c6f0a 512ddf7d7db0 Author: Linus Torvalds Date: Wed Aug 15 12:09:03 2018 -0700 Merge tag 'kbuild-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild updates from Masahiro Yamada: - verify depmod is installed before modules_install - support build salt in case build ids must be unique between builds - allow users to specify additional host compiler flags via HOST*FLAGS, and rename internal variables to KBUILD_HOST*FLAGS - update buildtar script to drop vax support, add arm64 support - update builddeb script for better debarch support - document the pit-fall of if_changed usage - fix parallel build of UML with O= option - make 'samples' target depend on headers_install to fix build errors - remove deprecated host-progs variable - add a new coccinelle script for refcount_t vs atomic_t check - improve double-test coccinelle script - misc cleanups and fixes * tag 'kbuild-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (41 commits) coccicheck: return proper error code on fail Coccinelle: doubletest: reduce side effect false positives kbuild: remove deprecated host-progs variable kbuild: make samples really depend on headers_install um: clean up archheaders recipe kbuild: add %asm-generic to no-dot-config-targets um: fix parallel building with O= option scripts: Add Python 3 support to tracing/draw_functrace.py builddeb: Add automatic support for sh{3,4}{,eb} architectures builddeb: Add automatic support for riscv* architectures builddeb: Add automatic support for m68k architecture builddeb: Add automatic support for or1k architecture builddeb: Add automatic support for sparc64 architecture builddeb: Add automatic support for mips{,64}r6{,el} architectures builddeb: Add automatic support for mips64el architecture builddeb: Add automatic support for ppc64 and powerpcspe architectures builddeb: Introduce functions to simplify kconfig tests in set_debarch builddeb: Drop check for 32-bit s390 builddeb: Change architecture detection fallback to use dpkg-architecture builddeb: Skip architecture detection when KBUILD_DEBARCH is set ... commit 7c7b562c6f0a4fb13eee01cb39b111addfb165e6 Merge: b125d9038819 45d9a1e3cc45 Author: Linus Torvalds Date: Wed Aug 15 12:06:16 2018 -0700 Merge tag 'gcc-plugin-cleanup-v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull gcc plugin cleanups from Kees Cook: - Kconfig and Makefile clean-ups (Masahiro Yamada, Kees Cook) - gcc-common.h definition clean-ups (Alexander Popov) * tag 'gcc-plugin-cleanup-v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: gcc-plugins: Clean up the cgraph_create_edge* macros gcc-plugins: Regularize Makefile.gcc-plugins gcc-plugins: split out Kconfig entries to scripts/gcc-plugins/Kconfig gcc-plugins: remove unused GCC_PLUGIN_SUBDIR commit b125d903881901a53117dfe404c789850b4e98ed Merge: 8c326850304d 9f68cb579115 Author: Linus Torvalds Date: Wed Aug 15 11:18:53 2018 -0700 Merge tag 'printk-for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk Pull printk updates from Petr Mladek: - Different vendors have a different expectation about a console quietness. Make it configurable to reduce bike-shedding about the upstream default - Decide about the message visibility when the message is stored. It avoids races caused by a delayed console handling - Always store printk() messages into the per-CPU buffers again in NMI. The only exception is when flushing trace log in panic(). There the risk of loosing messages is worth an eventual reordering - Handle invalid %pO printf modifiers correctly - Better handle %p printf modifier tests before crng is initialized - Some clean up * tag 'printk-for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk: lib/vsprintf: Do not handle %pO[^F] as %px printk: Fix warning about unused suppress_message_printing printk/nmi: Prevent deadlock when accessing the main log buffer in NMI printk: Create helper function to queue deferred console handling printk: Split the code for storing a message into the log buffer printk: Clean up syslog_print_all() printk: Remove unnecessary kmalloc() from syslog during clear printk: Make CONSOLE_LOGLEVEL_QUIET configurable printk: make sure to print log on console. lib/test_printf.c: accept "ptrval" as valid result for plain 'p' tests commit 8c326850304d495deee6ff9a609173a340c5245b Merge: 6f7dac117d89 baa2a4fdd525 Author: Linus Torvalds Date: Wed Aug 15 10:46:54 2018 -0700 Merge tag 'audit-pr-20180814' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit Pull audit patches from Paul Moore: "Twelve audit patches for v4.19 and they run the full gamut from fixes to features. Notable changes include the ability to use the "exe" audit filter field in a wider variety of filter types, a fix for our comparison of GID/EGID in audit filter rules, better association of related audit records (connecting related audit records together into one audit event), and a fix for a potential use-after-free in audit_add_watch(). All the patches pass the audit-testsuite and merge cleanly on your current master branch" * tag 'audit-pr-20180814' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: fix use-after-free in audit_add_watch audit: use ktime_get_coarse_real_ts64() for timestamps audit: use ktime_get_coarse_ts64() for time access audit: simplify audit_enabled check in audit_watch_log_rule_change() audit: check audit_enabled in audit_tree_log_remove_rule() cred: conditionally declare groups-related functions audit: eliminate audit_enabled magic number comparison audit: rename FILTER_TYPE to FILTER_EXCLUDE audit: Fix extended comparison of GID/EGID audit: tie ANOM_ABEND records to syscall audit: tie SECCOMP records to syscall audit: allow other filter list types for AUDIT_EXE commit 6f7dac117d895596ca52b935bdd534ac9032deb4 Merge: 92d4a03674b8 7e4237faa721 Author: Linus Torvalds Date: Wed Aug 15 10:39:06 2018 -0700 Merge tag 'selinux-pr-20180814' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux Pull SELinux updates from Paul Moore: "There are 16 patches in here but really only one that is of any significance. That one patch is by nixiaoming and fixes a few places where we were not properly cleaning up dentry and inode objects in the selinuxfs error handling code. The rest are either printk->pr_* conversions, constification tweaks, and a minor tweak to MAINTAINERS. Everything passes the selinux-testsuite and looks to merge cleanly against your master branch" * tag 'selinux-pr-20180814' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: cleanup dentry and inodes on error in selinuxfs selinux: constify write_op[] selinux: Cleanup printk logging in netnode selinux: Cleanup printk logging in avc selinux: Cleanup printk logging in netif selinux: Cleanup printk logging in netport selinux: Cleanup printk logging in sidtab selinux: Cleanup printk logging in netlink selinux: Cleanup printk logging in selinuxfs selinux: Cleanup printk logging in services selinux: Cleanup printk logging in avtab selinux: Cleanup printk logging in hooks selinux: Cleanup printk logging in policydb selinux: Cleanup printk logging in ebitmap selinux: Cleanup printk logging in conditional MAINTAINERS: update the LSM and SELinux subsystems commit 92d4a03674b8c399c2f547580fa509db78226170 Merge: 1eb46908b35d 87ea58433208 Author: Linus Torvalds Date: Wed Aug 15 10:25:26 2018 -0700 Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security subsystem updates from James Morris: - kstrdup() return value fix from Eric Biggers - Add new security_load_data hook to differentiate security checking of kernel-loaded binaries in the case of there being no associated file descriptor, from Mimi Zohar. - Add ability to IMA to specify a policy at build-time, rather than just via command line params or by loading a custom policy, from Mimi. - Allow IMA and LSMs to prevent sysfs firmware load fallback (e.g. if using signed firmware), from Mimi. - Allow IMA to deny loading of kexec kernel images, as they cannot be measured by IMA, from Mimi. * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: security: check for kstrdup() failure in lsm_append() security: export security_kernel_load_data function ima: based on policy warn about loading firmware (pre-allocated buffer) module: replace the existing LSM hook in init_module ima: add build time policy ima: based on policy require signed firmware (sysfs fallback) firmware: add call to LSM hook before firmware sysfs fallback ima: based on policy require signed kexec kernel images kexec: add call to LSM hook in original kexec_load syscall security: define new LSM hook named security_kernel_load_data MAINTAINERS: remove the outdated "LINUX SECURITY MODULE (LSM) FRAMEWORK" entry commit 1eb46908b35dfbac0ec1848d4b1e39667e0187e9 Author: Guenter Roeck Date: Wed Aug 15 08:38:33 2018 -0700 x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled allmodconfig+CONFIG_INTEL_KVM=n results in the following build error. ERROR: "l1tf_vmx_mitigation" [arch/x86/kvm/kvm.ko] undefined! Fixes: 5b76a3cff011 ("KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry") Reported-by: Meelis Roos Cc: Meelis Roos Cc: Paolo Bonzini Cc: Thomas Gleixner Signed-off-by: Guenter Roeck Signed-off-by: Linus Torvalds commit 3529b9703c112279d3c302ba0a941ac3a33daa37 Merge: 8c479c2c0f9d 1021bcf44d0e Author: Linus Torvalds Date: Wed Aug 15 09:22:52 2018 -0700 Merge tag 'pstore-v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull pstore update from Kees Cook: "This cycle has been very quiet for pstore: the only change is adding awareness of the zstd compression method" * tag 'pstore-v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: pstore: add zstd compression support commit 484004339d4514fde425f6e8a9f6a6cc979bb0c3 Author: Johannes Berg Date: Wed Aug 15 18:17:03 2018 +0200 mac80211_hwsim: require at least one channel Syzbot continues to try to create mac80211_hwsim radios, and manages to pass parameters that are later checked with WARN_ON in cfg80211 - catch another one in hwsim directly. Reported-by: syzbot+2a12f11c306afe871c1f@syzkaller.appspotmail.com Signed-off-by: Johannes Berg commit 8618289c46556fd4dd259a1af02ccc448032f48d Author: Trond Myklebust Date: Tue Aug 14 17:55:56 2018 -0400 NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence() We must drop the lock before we can sleep in referring_call_exists(). Reported-by: Jia-Ju Bai Fixes: 045d2a6d076a ("NFSv4.1: Delay callback processing...") Cc: stable@vger.kernel.org # v4.9+ Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 8c479c2c0f9dc105c0afaa662a22f39383d4ce92 Merge: 31130a16d459 b5cb15d9372a Author: Linus Torvalds Date: Wed Aug 15 08:45:54 2018 -0700 Merge tag 'hardened-usercopy-v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull hardened usercopy updates from Kees Cook: "This cleans up a minor Kconfig issue and adds a kernel boot option for disabling hardened usercopy for distro users that may have corner-case performance issues (e.g. high bandwidth small-packet UDP traffic). Summary: - drop unneeded Kconfig "select BUG" (Kamal Mostafa) - add "hardened_usercopy=off" rare performance needs (Chris von Recklinghausen)" * tag 'hardened-usercopy-v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: usercopy: Allow boot cmdline disabling of hardening usercopy: Do not select BUG with HARDENED_USERCOPY commit d0fbb1d8a194c0ec0180c1d073ad709e45503a43 Author: Trond Myklebust Date: Tue Aug 14 17:25:37 2018 -0400 NFSv4: Fix locking in pnfs_generic_recover_commit_reqs The use of the inode->i_lock was converted to a mutex, but we forgot to remove the old inode unlock/lock() pair that allowed the layout segment to be put inside the loop. Reported-by: Jia-Ju Bai Fixes: e824f99adaaf1 ("NFSv4: Use a mutex to protect the per-inode commit...") Cc: stable@vger.kernel.org # v4.14+ Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 249dc49576fc953a7378b916c6a6d47ea81e4da2 Author: Charles Keepax Date: Wed Aug 15 13:11:35 2018 +0100 ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs Commit a655de808cbde ("ASoC: core: Allow topology to override machine driver FE DAI link config.") caused soc_dai_hw_params to be come dependent on the substream private_data being set with a pointer to the snd_soc_pcm_runtime. Currently, CODEC to CODEC links don't set this, which causes a NULL pointer dereference: [<4069de54>] (soc_dai_hw_params) from [<40694b68>] (snd_soc_dai_link_event+0x1a0/0x380) Since the ASoC core in general assumes that the substream private_data will be set to a pointer to the snd_soc_pcm_runtime, update the CODEC to CODEC links to respect this. Signed-off-by: Charles Keepax Signed-off-by: Mark Brown commit 1a4327fbf4554d5b78d75b19a13d40d6de220159 Author: Kirill Kapranov Date: Mon Aug 13 19:48:10 2018 +0300 spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers On systems where some controllers get a dynamic ID assigned and some have a fixed number (e.g. from ACPI tables), the current implementation might run into an IDR collision: in case of a fixed bus number is gotten by a driver (but not marked busy in IDR tree) and a driver with dynamic bus number gets the same ID and predictably fails. Fix this by means of checking-in fixed IDsin IDR as far as dynamic ones at the moment of the controller registration. Fixes: 9b61e302210e (spi: Pick spi bus number from Linux idr or spi alias) Signed-off-by: Kirill Kapranov Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit 56c9bba135ab7884d65f92b19ee87f794508d7dc Author: Ike Panhc Date: Tue Aug 14 16:36:53 2018 +0800 platform/x86: ideapad: Add Y520-15IKBM and Y720-15IKBM to no_hw_rfkill Lenovo Y520-15IKBM and Y720-15IKBM are another Lenovo models without physical radio switch and ideapad-laptop reports it is hard blocked. Add them into no_hw_rfkill to unlock wireless. BugLink: https://bugs.launchpad.net/bugs/1723612 Signed-off-by: Ike Panhc Signed-off-by: Andy Shevchenko commit 880b29ac107d15644bf4da228376ba3cd6af6d71 Author: Aleh Filipovich Date: Fri Aug 10 22:07:25 2018 +0200 platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Add entry to WMI keymap for lid flip event on Asus UX360. On Asus Zenbook ux360 flipping lid from/to tablet mode triggers keyscan code 0xfa which cannot be handled and results in kernel log message "Unknown key fa pressed". Signed-off-by: Aleh Filipovich Signed-off-by: Andy Shevchenko commit aa7d16bfa3bd7a753c59b9bae1ac1ccda33bc27a Author: Gustavo A. R. Silva Date: Mon Aug 6 15:38:32 2018 -0500 platform/x86: acer-wmi: refactor function has_cap Refactor function has_cap in order to avoid returning integer values, when instead it should return booleans. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Reviewed-by: "Lee, Chun-Yi" Signed-off-by: Andy Shevchenko commit d22296d9c38fd29a96bb5079fb8d17cee278f40e Author: Thomas Weißschuh Date: Thu Aug 2 00:24:18 2018 +0200 platform/x86: thinkpad_acpi: Fix multi-battery bug The struct containing the supported operations for all batteries is being zeroed on each battery probe. This prevents all other batteries except the lastly probed one from being configured. Signed-off-by: Thomas Weißschuh Signed-off-by: Andy Shevchenko commit 6640ee6289b9974334e36d8283fc07f37f3b235d Author: Jouke Witteveen Date: Thu Aug 2 22:28:49 2018 +0200 platform/x86: thinkpad_acpi: extend battery quirk coverage Based on bug reports and a web search for "Thinkpad_acpi: Error probing battery 2" four more models were found that require the battery quirk: Lenovo B5400, Thinkpad 11e, Thinkpad 11e gen 3, Thinkpad 13 gen 3. Signed-off-by: Jouke Witteveen Tested-by: James Cheshire Acked-by: Henrique de Moraes Holschuh Signed-off-by: Andy Shevchenko commit cda5915d15d390068dcdac54d03ddf29b445c6a5 Author: youling257 Date: Tue Jul 31 17:32:56 2018 +0800 platform/x86: touchscreen_dmi: Add info for the Cube KNote i1101 tablet Add touchscreen info for the Cube KNote i1101 tablet. Reported-and-tested-by: lkongl Signed-off-by: Hans de Goede Signed-off-by: Andy Shevchenko commit 207da7128a6d61a1ce3d052b3dfb10d237af6078 Author: Wei Yongjun Date: Wed Aug 8 04:00:30 2018 +0000 platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() The return value from platform_device_register_resndata() is not checked correctly. The test is done against a wrong variable. This patch fix it. Fixes: 0378123c5800 ("platform/x86: mlx-platform: Add mlxreg-fan platform driver activation") Signed-off-by: Wei Yongjun Acked-by: Vadim Pasternak Signed-off-by: Andy Shevchenko commit ac7da1b787d9ea43680c487613269742c48d8747 Merge: 032405a754fb d47317ca4ade 96455f734b2f 81351776c9fb 7a8655e19bdb 67075b3cb8d5 Author: Stephen Boyd Date: Tue Aug 14 23:00:15 2018 -0700 Merge branches 'clk-actions-s700', 'clk-exynos-unused', 'clk-qcom-dispcc-845', 'clk-scmi-round' and 'clk-cs2000-spdx' into clk-next * clk-actions-s700: : - Actions Semi Owl series S700 SoC clk driver clk: actions: Add S700 SoC clock support dt-bindings: clock: Add S700 support for Actions Semi Soc's clk: actions: Add missing REGMAP_MMIO dependency * clk-exynos-unused: : - Remove an unused variable from Exynos4412 ISP driver clk: samsung: Remove unused mout_user_aclk400_mcuisp_p4x12 variable * clk-qcom-dispcc-845: : - Qualcomm SDM845 display clock controller clk: qcom: Add display clock controller driver for SDM845 dt-bindings: clock: Introduce QCOM Display clock bindings clk: qcom: Move frequency table macro to common file * clk-scmi-round: : - Fix a thinko bug in SCMI clk division logic clk: scmi: Fix the rounding of clock rate * clk-cs2000-spdx: clk: cs2000-cp: convert to SPDX identifiers commit 032405a754fb338812732eac449cd10173f13a1a Merge: 4a18ef5babd1 d7b7c00dad79 7f5eac5934d7 c76a69e477b8 cec5dfa4e49c ff388ee36516 Author: Stephen Boyd Date: Tue Aug 14 22:58:53 2018 -0700 Merge branches 'clk-imx6-ocram', 'clk-missing-put', 'clk-tegra-sdmmc-jitter', 'clk-allwinner' and 'clk-uniphier' into clk-next * clk-imx6-ocram: : - i.MX6SX ocram_s clk support clk: imx: add ocram_s clock for i.mx6sx * clk-missing-put: : - Add missing of_node_put()s in some i.MX clk drivers clk: imx6sll: fix missing of_node_put() clk: imx6ul: fix missing of_node_put() * clk-tegra-sdmmc-jitter: : - Tegra SDMMC clk jitter improvements with high speed signaling modes clk: tegra: make sdmmc2 and sdmmc4 as sdmmc clocks clk: tegra: Add sdmmc mux divider clock clk: tegra: Refactor fractional divider calculation clk: tegra: Fix includes required by fence_udelay() * clk-allwinner: clk: sunxi-ng: add A64 compatible string dt-bindings: add compatible string for the A64 DE2 CCU clk: sunxi-ng: r40: Export video PLLs clk: sunxi-ng: r40: Allow setting parent rate to display related clocks clk: sunxi-ng: r40: Add minimal rate for video PLLs * clk-uniphier: : - Uniphier NAND, USB3 PHY, and SPI clk support clk: uniphier: add clock frequency support for SPI clk: uniphier: add more USB3 PHY clocks clk: uniphier: add NAND 200MHz clock commit 4a18ef5babd1bac0c746e87d1b94a7696fcd36be Merge: d16adaf0b92f 9c7e47025a6b f9419783a6b4 365f7a89c881 f6dab4233d6b 8927c27b3270 Author: Stephen Boyd Date: Tue Aug 14 22:58:49 2018 -0700 Merge branches 'clk-qcom-rpmh', 'clk-qcom-spdx', 'clk-con-id-leak', 'clk-fixed-factor-populated' and 'clk-mvebu-periph-parent' into clk-next * clk-qcom-rpmh: : - Qualcomm RPMh clk driver clk: qcom: clk-rpmh: Add QCOM RPMh clock driver * clk-qcom-spdx: : - SPDX tagging for qcom clk: qcom: Update SPDX headers for common files * clk-con-id-leak: : - Stop leaking con ids in __clk_put() clk: core: Potentially free connection id * clk-fixed-factor-populated: : - Fix a corner case in fixed factor clk probing where node is in DT but : parent clk is registered much later clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure * clk-mvebu-periph-parent: : - Marvell Armada 3700 clk_pm_cpu_get_parent() had an invalid return value clk: mvebu: armada-37xx-periph: Remove unused var num_parents clk: mvebu: armada-37xx-periph: Fix wrong return value in get_parent commit d16adaf0b92fc356537ba38d94590b8ed50e3552 Merge: 139054634b40 66c7bb7c4133 166f3a8ad677 30343897d8fd 566f5b67fc0c ee3d212d7c86 Author: Stephen Boyd Date: Tue Aug 14 22:58:45 2018 -0700 Merge branches 'clk-mvebu-spdx', 'clk-meson', 'clk-imx7d-mu', 'clk-imx-init-array-cleanup' and 'clk-rockchip' into clk-next * clk-mvebu-spdx: clk: mvebu: armada-37xx-periph: switch to SPDX license identifier * clk-meson: clk: meson: add gen_clk clk: meson: gxbb: remove HHI_GEN_CLK_CTNL duplicate definition clk: meson-axg: add clocks required by pcie driver clk: meson: remove unused clk-audio-divider driver clk: meson: stop rate propagation for audio clocks clk: meson: axg: add the audio clock controller driver clk: meson: add axg audio sclk divider driver clk: meson: add triple phase clock driver clk: meson: add clk-phase clock driver clk: meson: clean-up meson clock configuration clk: meson: remove obsolete register access clk: meson: expose GEN_CLK clkid clk: meson-axg: add pcie and mipi clock bindings dt-bindings: clock: add meson axg audio clock controller bindings clk: meson: audio-divider is one based clk: meson-gxbb: set fclk_div2 as CLK_IS_CRITICAL * clk-imx7d-mu: : - i.MX7D mailbox clk support clk: imx7d: add IMX7D_MU_ROOT_CLK * clk-imx-init-array-cleanup: : - i.MX clk init arrays removed in place of CLK_IS_CRITICAL clk: imx6sx: remove clks_init_on array clk: imx6sl: remove clks_init_on array clk: imx6q: remove clks_init_on array * clk-rockchip: clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 clk: rockchip: fix clk_i2sout parent selection bits on rk3399 clk: rockchip: add clock controller for px30 clk: rockchip: add support for half divider dt-bindings: add bindings for px30 clock controller clk: rockchip: add dt-binding header for px30 commit 139054634b4069a2e3892a8f6c3693ccca5f1c7d Merge: ea4f7872c71a d0897bc85ca8 f7b3182232c8 8097d4c75f00 da0d2239a56e 405fcacbd866 Author: Stephen Boyd Date: Tue Aug 14 22:58:42 2018 -0700 Merge branches 'clk-imx-critical', 'clk-tegra-bpmp', 'clk-tegra-124', 'clk-tegra-critical' and 'clk-tegra-emc-oob' into clk-next * clk-imx-critical: : - Convert to CLK_IS_CRITICAL for i.MX51/53 driver clk: imx51-imx53: Include sizes.h to silence compile errors clk: imx51-imx53: Annotate critical clocks as CLK_IS_CRITICAL * clk-tegra-bpmp: : - Fix Tegra BPMP driver oops when some xlating a NULL clk clk: tegra: bpmp: Don't crash when a clock fails to register * clk-tegra-124: : - Proper default configuration for vic03 and vde clks on Tegra124 clk: tegra: Make vde a child of pll_c3 clk: tegra: Make vic03 a child of pll_c3 * clk-tegra-critical: : - Mark Tegra memory controller clks as critical clk: tegra: Mark Memory Controller clock as critical * clk-tegra-emc-oob: : - Fix array bounds clamp in Tegra's emc determine_rate() op clk: tegra: emc: Avoid out-of-bounds bug commit ea4f7872c71adef8897f71bb6bb056856ccc8ed9 Merge: b183c6887af3 2b555a4b9cae 33f5104624b9 fc2065438936 cd88259a7215 9d8108f9f3cb Author: Stephen Boyd Date: Tue Aug 14 22:58:39 2018 -0700 Merge branches 'clk-ingenic-fixes', 'clk-max9485', 'clk-pxa-32k-pll', 'clk-aspeed' and 'clk-imx6sll-gpio' into clk-next * clk-ingenic-fixes: : - Ingenic i2s bit update and allow UDC clk to gate clk: ingenic: Add missing flag for UDC clock clk: ingenic: Fix incorrect data for the i2s clock * clk-max9485: : - Maxim 9485 Programmable Clock Generator clk: Add driver for MAX9485 dts: clk: add devicetree bindings for MAX9485 * clk-pxa-32k-pll: : - Expose 32 kHz PLL on PXA SoCs clk: pxa: export 32kHz PLL * clk-aspeed: : - Fix name of aspeed SDC clk define to have only one 'CLK' clk: aspeed: Fix SDCLK name * clk-imx6sll-gpio: : - imx6sll GPIO clk gate support clk: imx6sll: add GPIO LPCGs commit b183c6887af3bba1835bd4c9ef2de119afab737b Merge: 5ef7748ba37e a7047564fef3 cfb8282e18e2 964e3717e498 51b9a379a843 96e4ea8c253d Author: Stephen Boyd Date: Tue Aug 14 22:58:35 2018 -0700 Merge branches 'clk-imx6-video-parent', 'clk-qcom-sdm845-criticals', 'clk-renesas', 'clk-stratix10-fixes' and 'clk-atmel-i2s' into clk-next * clk-imx6-video-parent: : - Fix i.MX6QDL video clk parent clk: imx6: fix video_27m parent for IMX6QDL_CLK_CKO1_SEL * clk-qcom-sdm845-criticals: : - critical clk markings for qcom SDM845 clk: qcom: Enable clocks which needs to be always on for SDM845 * clk-renesas: clk: renesas: Renesas R9A06G032 clock driver dt-bindings: clock: renesas,r9a06g032-sysctrl: documentation dt-bindings: clock: Add the r9a06g032-sysctrl.h file clk: renesas: r8a7795: Add CCREE clock clk: renesas: r8a7795: Add CR clock * clk-stratix10-fixes: : - Fix Stratix10 mpu_free_clk and sdmmc_free_clk parents clk: socfpga: stratix10: fix the sdmmc_free_clk mux clk: socfpga: stratix10: fix the parents of mpu_free_clk * clk-atmel-i2s: : - Atmel at91 I2S audio clk support clk: at91: add I2S clock mux driver dt-bindings: clk: at91: add an I2S mux clock commit 5ef7748ba37e0b1667ae973c1162fa60c0248f49 Merge: 04cdd5af51c6 9461f7b33d11 9fba738a53dd e8f127caf63a 4a2eaa8e2567 Author: Stephen Boyd Date: Tue Aug 14 22:58:30 2018 -0700 Merge branches 'clk-qcom-set-rate-gate', 'clk-core-set-rate-gate', 'clk-core-duty-cycle', 'clk-si-prepare' and 'clk-imx-gpio-gates' into clk-next * clk-qcom-set-rate-gate: clk: qcom: drop CLK_SET_RATE_GATE from sdc clocks * clk-core-set-rate-gate: clk: fix CLK_SET_RATE_GATE with clock rate protection * clk-core-duty-cycle: clk: add duty cycle support * clk-si-prepare: : - SI544/SI514 clk on/off support clk-si514, clk-si544: Implement prepare/unprepare/is_prepared operations * clk-imx-gpio-gates: : - i.MX6UL GPIO clock gates in CCM CCGR clk: imx6ul: remove clks_init_on array clk: imx6ul: add GPIO clock gates dt-bindings: clock: imx6ul: Do not change the clock definition order commit c066fafc595eef5ae3c83ae3a8305956b8c3ef15 Author: Paul Mackerras Date: Tue Aug 14 20:37:45 2018 +1000 KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix() Since commit e641a317830b ("KVM: PPC: Book3S HV: Unify dirty page map between HPT and radix", 2017-10-26), kvm_unmap_radix() computes the number of PAGE_SIZEd pages being unmapped and passes it to kvmppc_update_dirty_map(), which expects to be passed the page size instead. Consequently it will only mark one system page dirty even when a large page (for example a THP page) is being unmapped. The consequence of this is that part of the THP page might not get copied during live migration, resulting in memory corruption for the guest. This fixes it by computing and passing the page size in kvm_unmap_radix(). Cc: stable@vger.kernel.org # v4.15+ Fixes: e641a317830b (KVM: PPC: Book3S HV: Unify dirty page map between HPT and radix) Signed-off-by: Paul Mackerras commit 2bb7005696e2246baa88772341ca032ff09a63cb Author: Oleksij Rempel Date: Fri Aug 3 07:29:19 2018 +0200 mailbox: Add support for i.MX messaging unit The i.MX Messaging Unit is a two side block which allows applications implement communication over this sides. The MU includes the following features: - Messaging control by interrupts or by polling - Four general-purpose interrupt requests reflected to the other side - Three general-purpose flags reflected to the other side - Four receive registers with maskable interrupt - Four transmit registers with maskable interrupt Reviewed-by: Vladimir Zapolskiy Reviewed-by: Dong Aisheng Signed-off-by: Oleksij Rempel Signed-off-by: Jassi Brar commit d6ef139c83cc562b29a5cdac270f0a562c1c8eda Author: Oleksij Rempel Date: Fri Aug 3 07:29:17 2018 +0200 dt-bindings: mailbox: imx-mu: add generic MU channel support Each MU has four pairs of rx/tx data register with four rx/tx interrupts which can also be used as a separate channel. Reviewed-by: Rob Herring Signed-off-by: Oleksij Rempel Signed-off-by: Jassi Brar commit 480285bd11e63d9e225397516db39430f3e1b9c4 Author: Dong Aisheng Date: Fri Aug 3 07:29:16 2018 +0200 dt-bindings: arm: fsl: add mu binding doc The Messaging Unit module enables two processors within the SoC to communicate and coordinate by passing messages (e.g. data, status and control) through the MU interface. Cc: Shawn Guo Cc: Sascha Hauer Cc: Fabio Estevam Cc: Mark Rutland Cc: devicetree@vger.kernel.org Reviewed-by: Rob Herring Signed-off-by: Dong Aisheng Signed-off-by: Jassi Brar commit c5f45fbb464e49d94fc5e53e7f7885bcbb5be545 Author: Randy Dunlap Date: Tue Aug 7 09:42:15 2018 -0700 mailbox: add MODULE_LICENSE() for mtk-cmdq-mailbox.c Fix missing MODULE_LICENSE() in mtk-cmdq-mailbox.c: WARNING: modpost: missing MODULE_LICENSE() in drivers/mailbox/mtk-cmdq-mailbox.o Fixes: 623a6143a845 ("mailbox: mediatek: Add Mediatek CMDQ driver") Signed-off-by: Randy Dunlap Cc: Cc: CK Hu Cc: Houlong Wei Signed-off-by: Jassi Brar commit 2538fb89b8f4ee9e1c1759cfb3c7989d9ef1f6e7 Author: Jakub Kicinski Date: Tue Aug 14 16:48:50 2018 -0700 PCI: Limit config space size for Netronome NFP5000 Like the NFP4000 and NFP6000, the NFP5000 as an erratum where reading/ writing to PCI config space addresses above 0x600 can cause the NFP to generate PCIe completion timeouts. Limit the NFP5000's PF's config space size to 0x600 bytes as is already done for the NFP4000 and NFP6000. The NFP5000's VF is 0x6003 (PCI_DEVICE_ID_NETRONOME_NFP6000_VF), the same device ID as the NFP6000's VF. Thus, its config space is already limited by the existing use of quirk_nfp6000(). Signed-off-by: Jakub Kicinski Signed-off-by: Bjorn Helgaas Reviewed-by: Tony Egan commit 31130a16d459de809cd1c03eabc9567d094aae6a Merge: 1202f4fdbcb6 3596924a233e Author: Linus Torvalds Date: Tue Aug 14 16:54:22 2018 -0700 Merge tag 'for-linus-4.19-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen updates from Juergen Gross: - add dma-buf functionality to Xen grant table handling - fix for booting the kernel as Xen PVH dom0 - fix for booting the kernel as a Xen PV guest with CONFIG_DEBUG_VIRTUAL enabled - other minor performance and style fixes * tag 'for-linus-4.19-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen/balloon: fix balloon initialization for PVH Dom0 xen: don't use privcmd_call() from xen_mc_flush() xen/pv: Call get_cpu_address_sizes to set x86_virt/phys_bits xen/biomerge: Use true and false for boolean values xen/gntdev: don't dereference a null gntdev_dmabuf on allocation failure xen/spinlock: Don't use pvqspinlock if only 1 vCPU xen/gntdev: Implement dma-buf import functionality xen/gntdev: Implement dma-buf export functionality xen/gntdev: Add initial support for dma-buf UAPI xen/gntdev: Make private routines/structures accessible xen/gntdev: Allow mappings for DMA buffers xen/grant-table: Allow allocating buffers suitable for DMA xen/balloon: Share common memory reservation routines xen/grant-table: Make set/clear page private code shared commit 1202f4fdbcb6deeffd3eb39c94b8dc0cc8202b16 Merge: d0055f351e64 3c4d9137eefe Author: Linus Torvalds Date: Tue Aug 14 16:39:13 2018 -0700 Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 updates from Will Deacon: "A bunch of good stuff in here. Worth noting is that we've pulled in the x86/mm branch from -tip so that we can make use of the core ioremap changes which allow us to put down huge mappings in the vmalloc area without screwing up the TLB. Much of the positive diffstat is because of the rseq selftest for arm64. Summary: - Wire up support for qspinlock, replacing our trusty ticket lock code - Add an IPI to flush_icache_range() to ensure that stale instructions fetched into the pipeline are discarded along with the I-cache lines - Support for the GCC "stackleak" plugin - Support for restartable sequences, plus an arm64 port for the selftest - Kexec/kdump support on systems booting with ACPI - Rewrite of our syscall entry code in C, which allows us to zero the GPRs on entry from userspace - Support for chained PMU counters, allowing 64-bit event counters to be constructed on current CPUs - Ensure scheduler topology information is kept up-to-date with CPU hotplug events - Re-enable support for huge vmalloc/IO mappings now that the core code has the correct hooks to use break-before-make sequences - Miscellaneous, non-critical fixes and cleanups" * tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (90 commits) arm64: alternative: Use true and false for boolean values arm64: kexec: Add comment to explain use of __flush_icache_range() arm64: sdei: Mark sdei stack helper functions as static arm64, kaslr: export offset in VMCOREINFO ELF notes arm64: perf: Add cap_user_time aarch64 efi/libstub: Only disable stackleak plugin for arm64 arm64: drop unused kernel_neon_begin_partial() macro arm64: kexec: machine_kexec should call __flush_icache_range arm64: svc: Ensure hardirq tracing is updated before return arm64: mm: Export __sync_icache_dcache() for xen-privcmd drivers/perf: arm-ccn: Use devm_ioremap_resource() to map memory arm64: Add support for STACKLEAK gcc plugin arm64: Add stack information to on_accessible_stack drivers/perf: hisi: update the sccl_id/ccl_id when MT is supported arm64: fix ACPI dependencies rseq/selftests: Add support for arm64 arm64: acpi: fix alignment fault in accessing ACPI efi/arm: map UEFI memory map even w/o runtime services enabled efi/arm: preserve early mapping of UEFI memory map longer for BGRT drivers: acpi: add dependency of EFI for arm64 ... commit b9f09866e0e964ab04968d44602fa3d9de5076f3 Author: Parav Pandit Date: Tue Aug 14 10:36:16 2018 +0300 IB/core: Avoid confusing del_netdev_default_ips Currently bond_delete_netdev_default_gids() is called by two callers. (a) del_netdev_default_ips_join() (b) del_netdev_default_ips() Both above functions changes the argument order while calling bond_delete_netdev_default_gids(). This required silly del_netdev_default_ips() wrapper. Additionally, del_netdev_default_ips() deletes default GIDs not IP based GIDs. del_netdev_default_ips() having _ips suffix is confusing. Therefore, get rid of confusing del_netdev_default_ips() and simplify bond_delete_netdev_default_gids() to follow same argument order as its caller. Signed-off-by: Parav Pandit Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 666e7099a41afbbc1fb3ee785cad808d2925e12a Author: Parav Pandit Date: Tue Aug 14 10:36:15 2018 +0300 IB/core: Add comment for change upper netevent handling Add comment for handling CHANGEUPPER netevent handling. To improve code readability, (a) move cmd definitions to its respective if-else branches, (b) avoid single line structure definitions. Signed-off-by: Parav Pandit Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 40b173ddce0fc6653a859889d1a90b5f5817061b Author: Yuval Bason Date: Thu Aug 9 17:29:38 2018 +0300 qedr: Add user space support for SRQ This patch adds support for SRQ's created in user space and update qedr_affiliated_event to deal with general SRQ events. Signed-off-by: Michal Kalderon Signed-off-by: Yuval Bason Signed-off-by: Jason Gunthorpe commit 3491c9e799fb96d909f22f3b39d8cca81e75c3a9 Author: Yuval Bason Date: Thu Aug 9 17:29:37 2018 +0300 qedr: Add support for kernel mode SRQ's Implement the SRQ specific verbs and update the poll_cq verb to deal with SRQ completions. Signed-off-by: Michal Kalderon Signed-off-by: Yuval Bason Signed-off-by: Jason Gunthorpe commit 1212767e23bbaba164cc7ea3a64115b3ae335063 Author: Yuval Bason Date: Thu Aug 9 17:29:36 2018 +0300 qedr: Add wrapping generic structure for qpidr and adjust idr routines. Today, we are using idr mechanism for QP's only. This patch prepares the qedr_idr stuctures and the idr routines for both QP's and SRQ's. Signed-off-by: Yuval Bason Signed-off-by: Michal Kalderon Signed-off-by: Jason Gunthorpe commit 99a24e02ccf6604e3020cf9e2c7a042b6ebb655f Author: Richard Weinberger Date: Thu Jul 12 13:02:00 2018 +0200 ubifs: Set default assert action to read-only Traditionally UBIFS just reported a failed assertion and moved on. The drawback is that users will notice UBIFS bugs when it is too late, most of the time when it is no longer about to mount. This makes bug hunting problematic since valuable information from failing asserts is long gone when UBIFS is dead. The other extreme, panic'ing on a failing assert is also not worthwhile, we want users and developers give a chance to collect as much debugging information as possible if UBIFS hits an assert. Therefore go for the third option, switch to read-only mode when an assert fails. That way UBIFS will not write possible bad data to the MTD and gives users the chance to collect debugging information. Signed-off-by: Richard Weinberger commit c38c5a7f2e5056555c22e7603c2151b118f3a494 Author: Richard Weinberger Date: Thu Jul 12 13:01:59 2018 +0200 ubifs: Allow setting assert action as mount parameter Expose our three options to userspace. Signed-off-by: Richard Weinberger commit 2e52eb74463f15c745d64948cedfaee722d6268c Author: Richard Weinberger Date: Thu Jul 12 13:01:58 2018 +0200 ubifs: Rework ubifs_assert() With having access to struct ubifs_info in ubifs_assert() we can give more information when an assert is failing. By using ubifs_err() we can tell which UBIFS instance failed. Also multiple actions can be taken now. We support: - report: This is what UBIFS did so far, just report the failure and go on. - read-only: Switch to read-only mode. - panic: shoot the kernel in the head. Signed-off-by: Richard Weinberger commit 6eb61d587f4515e4be5669eff383c0185009954f Author: Richard Weinberger Date: Thu Jul 12 13:01:57 2018 +0200 ubifs: Pass struct ubifs_info to ubifs_assert() This allows us to have more context in ubifs_assert() and take different actions depending on the configuration. Signed-off-by: Richard Weinberger commit 54169ddd382d461f7c01cc5a5182a4b4bc539489 Author: Richard Weinberger Date: Thu Jul 12 13:01:56 2018 +0200 ubifs: Turn two ubifs_assert() into a WARN_ON() We are going to pass struct ubifs_info to ubifs_assert() but while unloading the UBIFS module we don't have the info struct anymore. Therefore replace the asserts by a regular WARN_ON(). Signed-off-by: Richard Weinberger commit c355aa465fce5b446789348a2c50c3eb58ee6756 Author: Quentin Schulz Date: Mon Jul 2 11:43:51 2018 +0200 ubi: expose the volume CRC check skip flag Now that we have the logic for skipping CRC check for static UBI volumes in the core, let's expose it to users. This makes use of a padding byte in the volume description data structure as a flag. This flag only tell for now whether we should skip the CRC check of a volume. This checks the UBI volume for which we are trying to skip the CRC check is static. Let's also make sure that the flags passed to verify_mkvol_req are valid. We voluntarily do not take into account the skip_check flag in vol_cdev_write() as we want to make sure what we wrote was correctly written. Suggested-by: Boris Brezillon Signed-off-by: Quentin Schulz Reviewed-by: Boris Brezillon Signed-off-by: Richard Weinberger commit 62652517753f3cdddce10935139cfa6e00f8da33 Author: Quentin Schulz Date: Mon Jul 2 11:43:50 2018 +0200 ubi: provide a way to skip CRC checks Some users of static UBI volumes implement their own integrity check, thus making the volume CRC check done at open time useless. For instance, this is the case when one use the ubiblock + dm-verity + squashfs combination, where dm-verity already checks integrity of the block device but this time at the block granularity instead of verifying the whole volume. Skipping this test drastically improves the boot-time. Suggested-by: Boris Brezillon Signed-off-by: Quentin Schulz Reviewed-by: Boris Brezillon Reviewed-by: Richard Weinberger Signed-off-by: Richard Weinberger commit a3d218280c273f298b0a17902bc2b4aa3f1dae06 Author: Richard Weinberger Date: Mon Jul 2 23:47:13 2018 +0200 ubifs: Use kmalloc_array() Since commit 6da2ec56059c ("treewide: kmalloc() -> kmalloc_array()") we use kmalloc_array() for kmalloc() that computes the length with a multiplication. Cc: Kees Cook Suggested-by: Kees Cook Signed-off-by: Richard Weinberger Reviewed-by: Kees Cook Signed-off-by: Richard Weinberger commit 95a22d2084d72ea067d8323cc85677dba5d97cae Author: Richard Weinberger Date: Sun Jul 1 23:20:51 2018 +0200 ubifs: Check data node size before truncate Check whether the size is within bounds before using it. If the size is not correct, abort and dump the bad data node. Cc: Kees Cook Cc: Silvio Cesare Cc: stable@vger.kernel.org Fixes: 1e51764a3c2ac ("UBIFS: add new flash file system") Reported-by: Silvio Cesare Signed-off-by: Richard Weinberger Reviewed-by: Kees Cook Signed-off-by: Richard Weinberger commit 08acbdd6fd736b90f8d725da5a0de4de2dd6de62 Author: Richard Weinberger Date: Sun Jul 1 23:20:50 2018 +0200 Revert "UBIFS: Fix potential integer overflow in allocation" This reverts commit 353748a359f1821ee934afc579cf04572406b420. It bypassed the linux-mtd review process and fixes the issue not as it should. Cc: Kees Cook Cc: Silvio Cesare Cc: stable@vger.kernel.org Signed-off-by: Richard Weinberger commit 49d2e05fb474718804cd3d1ec1e07213ecffc040 Author: Richard Weinberger Date: Mon Aug 13 15:14:45 2018 +0200 ubifs: Add comment on c->commit_sem Every single time I come across that code, I get confused because it looks like a possible dead lock. Help myself by adding a comment. Signed-off-by: Richard Weinberger commit 7e5471ce6dba5f28a3c7afdfe168655d236f677b Author: Stefan Agner Date: Tue Jul 31 15:13:20 2018 +0200 ubifs: introduce Kconfig symbol for xattr support Allow to disable extended attribute support. This aids in reliability testing, especially since some xattr related bugs have surfaced. Also an embedded system might not need it, so this allows for a slightly smaller kernel (about 4KiB). Signed-off-by: Stefan Agner Signed-off-by: Richard Weinberger commit 1bf0572fe27030a0e82fc60f8323a2114c2b69d3 Author: Gustavo A. R. Silva Date: Tue Jul 17 11:56:43 2018 -0500 ubifs: use swap macro in swap_dirty_idx Make use of the swap macro and remove unnecessary variable *t*. This makes the code easier to read and maintain. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Richard Weinberger commit 3d95b89e573bb8460886ff2ca769b067bfcc50aa Author: Prarit Bhargava Date: Mon Aug 13 08:43:09 2018 -0400 x86/ACPI/cstate: Make APCI C1 FFH MWAIT C-state description vendor-neutral Commit 5209654a46ee (x86/ACPI/cstate: Allow ACPI C1 FFH MWAIT use on AMD systems) forgot to update the ACPI C1 idle state description and tools like turbostat display "ACPI FFH INTEL MWAIT 0x0" which is quite confusing on an AMD system. Drop the "INTEL" part from the ACPI C1 FFH MWAIT C-state description to avoid confusion. Fixes: 5209654a46ee (x86/ACPI/cstate: Allow ACPI C1 FFH MWAIT use on AMD systems) Signed-off-by: Prarit Bhargava [ rjw: Subject & changelog ] Signed-off-by: Rafael J. Wysocki commit 6855dc41b24619c3d1de3dbd27dd0546b0e45272 Author: Adrian Hunter Date: Wed Jun 6 15:54:11 2018 +0300 x86: Add entry trampolines to kcore Without program headers for PTI entry trampoline pages, the trampoline virtual addresses do not map to anything. Example before: sudo gdb --quiet vmlinux /proc/kcore Reading symbols from vmlinux...done. [New process 1] Core was generated by `BOOT_IMAGE=/boot/vmlinuz-4.16.0 root=UUID=a6096b83-b763-4101-807e-f33daff63233'. #0 0x0000000000000000 in irq_stack_union () (gdb) x /21ib 0xfffffe0000006000 0xfffffe0000006000: Cannot access memory at address 0xfffffe0000006000 (gdb) quit After: sudo gdb --quiet vmlinux /proc/kcore [sudo] password for ahunter: Reading symbols from vmlinux...done. [New process 1] Core was generated by `BOOT_IMAGE=/boot/vmlinuz-4.16.0-fix-4-00005-gd6e65a8b4072 root=UUID=a6096b83-b7'. #0 0x0000000000000000 in irq_stack_union () (gdb) x /21ib 0xfffffe0000006000 0xfffffe0000006000: swapgs 0xfffffe0000006003: mov %rsp,-0x3e12(%rip) # 0xfffffe00000021f8 0xfffffe000000600a: xchg %ax,%ax 0xfffffe000000600c: mov %cr3,%rsp 0xfffffe000000600f: bts $0x3f,%rsp 0xfffffe0000006014: and $0xffffffffffffe7ff,%rsp 0xfffffe000000601b: mov %rsp,%cr3 0xfffffe000000601e: mov -0x3019(%rip),%rsp # 0xfffffe000000300c 0xfffffe0000006025: pushq $0x2b 0xfffffe0000006027: pushq -0x3e35(%rip) # 0xfffffe00000021f8 0xfffffe000000602d: push %r11 0xfffffe000000602f: pushq $0x33 0xfffffe0000006031: push %rcx 0xfffffe0000006032: push %rdi 0xfffffe0000006033: mov $0xffffffff91a00010,%rdi 0xfffffe000000603a: callq 0xfffffe0000006046 0xfffffe000000603f: pause 0xfffffe0000006041: lfence 0xfffffe0000006044: jmp 0xfffffe000000603f 0xfffffe0000006046: mov %rdi,(%rsp) 0xfffffe000000604a: retq (gdb) quit In addition, entry trampolines all map to the same page. Represent that by giving the corresponding program headers in kcore the same offset. This has the benefit that, when perf tools uses /proc/kcore as a source for kernel object code, samples from different CPU trampolines are aggregated together. Note, such aggregation is normal for profiling i.e. people want to profile the object code, not every different virtual address the object code might be mapped to (across different processes for example). Notes by PeterZ: This also adds the KCORE_REMAP functionality. Signed-off-by: Adrian Hunter Acked-by: Andi Kleen Acked-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Andy Lutomirski Cc: Dave Hansen Cc: H. Peter Anvin Cc: Jiri Olsa Cc: Joerg Roedel Cc: Thomas Gleixner Cc: x86@kernel.org Link: http://lkml.kernel.org/r/1528289651-4113-4-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit d83212d5dd6761625fe87cc23016bbaa47303271 Author: Alexander Shishkin Date: Wed Jun 6 15:54:10 2018 +0300 kallsyms, x86: Export addresses of PTI entry trampolines Currently, the addresses of PTI entry trampolines are not exported to user space. Kernel profiling tools need these addresses to identify the kernel code, so add a symbol and address for each CPU's PTI entry trampoline. Signed-off-by: Alexander Shishkin Acked-by: Andi Kleen Acked-by: Peter Zijlstra (Intel) Cc: Andy Lutomirski Cc: Dave Hansen Cc: H. Peter Anvin Cc: Jiri Olsa Cc: Joerg Roedel Cc: Thomas Gleixner Cc: x86@kernel.org Link: http://lkml.kernel.org/r/1528289651-4113-3-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit b96679422007c3fa04625be14977904c27c722eb Author: Adrian Hunter Date: Wed Jun 6 15:54:09 2018 +0300 kallsyms: Simplify update_iter_mod() The logic in update_iter_mod() is overcomplicated and gets worse every time another get_ksymbol_* function is added. In preparation for adding another get_ksymbol_* function, simplify logic in update_iter_mod(). Signed-off-by: Adrian Hunter Tested-by: (ftrace changes only) Steven Rostedt (VMware) Acked-by: Andi Kleen Acked-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Andy Lutomirski Cc: Dave Hansen Cc: H. Peter Anvin Cc: Jiri Olsa Cc: Joerg Roedel Cc: Thomas Gleixner Cc: x86@kernel.org Link: http://lkml.kernel.org/r/1528289651-4113-2-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit f390c5eb2858c9fceccba7c4118003b6baf9176a Author: Rafael J. Wysocki Date: Tue Aug 14 12:39:02 2018 +0200 cpuidle: menu: Fix white space Fix some damaged white space in menu_select(). Signed-off-by: Rafael J. Wysocki commit 3df6f61fff49632492490fb6e42646b803a9958a Author: zhangyi (F) Date: Tue Aug 14 10:34:42 2018 +0800 PM / sleep: wakeup: Fix build error caused by missing SRCU support Commit ea0212f40c6 (power: auto select CONFIG_SRCU) made the code in drivers/base/power/wakeup.c use SRCU instead of RCU, but it forgot to select CONFIG_SRCU in Kconfig, which leads to the following build error if CONFIG_SRCU is not selected somewhere else: drivers/built-in.o: In function `wakeup_source_remove': (.text+0x3c6fc): undefined reference to `synchronize_srcu' drivers/built-in.o: In function `pm_print_active_wakeup_sources': (.text+0x3c7a8): undefined reference to `__srcu_read_lock' drivers/built-in.o: In function `pm_print_active_wakeup_sources': (.text+0x3c84c): undefined reference to `__srcu_read_unlock' drivers/built-in.o: In function `device_wakeup_arm_wake_irqs': (.text+0x3d1d8): undefined reference to `__srcu_read_lock' drivers/built-in.o: In function `device_wakeup_arm_wake_irqs': (.text+0x3d228): undefined reference to `__srcu_read_unlock' drivers/built-in.o: In function `device_wakeup_disarm_wake_irqs': (.text+0x3d24c): undefined reference to `__srcu_read_lock' drivers/built-in.o: In function `device_wakeup_disarm_wake_irqs': (.text+0x3d29c): undefined reference to `__srcu_read_unlock' drivers/built-in.o:(.data+0x4158): undefined reference to `process_srcu' Fix this error by selecting CONFIG_SRCU when PM_SLEEP is enabled. Fixes: ea0212f40c6 (power: auto select CONFIG_SRCU) Cc: 4.2+ # 4.2+ Signed-off-by: zhangyi (F) [ rjw: Minor subject/changelog fixups ] Signed-off-by: Rafael J. Wysocki commit 6cff57320275b52d0a84b616602539c79e8d7117 Author: Arnd Bergmann Date: Fri Jul 13 16:31:56 2018 +0200 ubifs: tnc: use monotonic znode timestamp The tnc uses get_seconds() based timestamps to check the age of a znode, which has two problems: on 32-bit architectures this may overflow in 2038 or 2106, and it gives incorrect information when the system time is updated using settimeofday(). Using montonic timestamps with ktime_get_seconds() solves both thes problems. Signed-off-by: Arnd Bergmann Signed-off-by: Richard Weinberger commit 0eca0b8067c4dfa405e38abb4c3a87b1df14513c Author: Arnd Bergmann Date: Fri Jul 13 16:31:55 2018 +0200 ubifs: use timespec64 for inode timestamps Both vfs and the on-disk inode structures can deal with fine-grained timestamps now, so this is the last missing piece to make ubifs y2038-safe on 32-bit architectures. Signed-off-by: Arnd Bergmann Signed-off-by: Richard Weinberger commit 11a6fc3dc743e22fb50f2196ec55bee5140d3c52 Author: Richard Weinberger Date: Sun Jul 8 23:33:25 2018 +0200 ubifs: xattr: Don't operate on deleted inodes xattr operations can race with unlink and the following assert triggers: UBIFS assert failed in ubifs_jnl_change_xattr at 1606 (pid 6256) Fix this by checking i_nlink before working on the host inode. Cc: Fixes: 1e51764a3c2a ("UBIFS: add new flash file system") Signed-off-by: Richard Weinberger commit 312c39bd6d515122b4b0022780e46c63ea9b8bec Author: Richard Weinberger Date: Sun Jul 8 23:24:46 2018 +0200 ubifs: gc: Fix typo UBIFS operates on LEBs, not PEBs. Signed-off-by: Richard Weinberger commit eef19816ada3abd56d9f20c88794cc2fea83ebb2 Author: Richard Weinberger Date: Tue Jun 12 20:49:45 2018 +0200 ubifs: Fix memory leak in lprobs self-check Allocate the buffer after we return early. Otherwise memory is being leaked. Cc: Fixes: 1e51764a3c2a ("UBIFS: add new flash file system") Signed-off-by: Richard Weinberger commit 25677478474a91fa1b46f19a4a591a9848bca6fb Author: Richard Weinberger Date: Tue Jun 12 09:33:16 2018 +0200 ubi: Initialize Fastmap checkmapping correctly We cannot do it last, otherwithse it will be skipped for dynamic volumes. Reported-by: Lachmann, Juergen Fixes: 34653fd8c46e ("ubi: fastmap: Check each mapping only once") Signed-off-by: Richard Weinberger commit 59965593205fa4044850d35ee3557cf0b7edcd14 Author: Richard Weinberger Date: Tue Jun 12 00:52:28 2018 +0200 ubifs: Fix synced_i_size calculation for xattr inodes In ubifs_jnl_update() we sync parent and child inodes to the flash, in case of xattrs, the parent inode (AKA host inode) has a non-zero data_len. Therefore we need to adjust synced_i_size too. This issue was reported by ubifs self tests unter a xattr related work load. UBIFS error (ubi0:0 pid 1896): dbg_check_synced_i_size: ui_size is 4, synced_i_size is 0, but inode is clean UBIFS error (ubi0:0 pid 1896): dbg_check_synced_i_size: i_ino 65, i_mode 0x81a4, i_size 4 Cc: Fixes: 1e51764a3c2a ("UBIFS: add new flash file system") Signed-off-by: Richard Weinberger commit 00ee8b60102862f4daf0814d12a2ea2744fc0b9b Author: Richard Weinberger Date: Mon Jun 11 23:41:09 2018 +0200 ubifs: Fix directory size calculation for symlinks We have to account the name of the symlink and not the target length. Fixes: ca7f85be8d6c ("ubifs: Add support for encrypted symlinks") Cc: Signed-off-by: Richard Weinberger commit 99cbbe56eb8bede625f410ab62ba34673ffa7d21 Author: Adrian Hunter Date: Tue Aug 14 11:46:08 2018 +0300 perf auxtrace: Fix queue resize When the number of queues grows beyond 32, the array of queues is resized but not all members were being copied. Fix by also copying 'tid', 'cpu' and 'set'. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: stable@vger.kernel.org Fixes: e502789302a6e ("perf auxtrace: Add helpers for queuing AUX area tracing data") Link: http://lkml.kernel.org/r/20180814084608.6563-1-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit d0055f351e647f33f3b0329bff022213bf8aa085 Author: Vlastimil Babka Date: Tue Aug 14 23:38:57 2018 +0200 x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread The function has an inline "return false;" definition with CONFIG_SMP=n but the "real" definition is also visible leading to "redefinition of ‘apic_id_is_primary_thread’" compiler error. Guard it with #ifdef CONFIG_SMP Signed-off-by: Vlastimil Babka Fixes: 6a4d2657e048 ("x86/smp: Provide topology_is_primary_thread()") Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds commit 269777aa530f3438ec1781586cdac0b5fe47b061 Author: Abel Vesa Date: Wed Aug 15 00:26:00 2018 +0300 cpu/hotplug: Non-SMP machines do not make use of booted_once Commit 0cc3cd21657b ("cpu/hotplug: Boot HT siblings at least once") breaks non-SMP builds. [ I suspect the 'bool' fields should just be made to be bitfields and be exposed regardless of configuration, but that's a separate cleanup that I'll leave to the owners of this file for later. - Linus ] Fixes: 0cc3cd21657b ("cpu/hotplug: Boot HT siblings at least once") Cc: Dave Hansen Cc: Thomas Gleixner Cc: Tony Luck Signed-off-by: Abel Vesa Signed-off-by: Linus Torvalds commit b5c16c7925fb9b7b1bb15c00bc20d5e24b7ab77f Author: Hans de Goede Date: Sun Aug 12 18:33:44 2018 +0200 ACPI / PMIC: CrystalCove: Extend PMOP support to support all possible fields Prior to this commit the CRC PMOP handler only supported the X285 and V18X PMOP fields. Leading to errors like these on device using the VBUS field: [ 765.766489] ACPI Error: AE_BAD_PARAMETER, Returned by Handler for [UserDefinedRegion] (20180531/evregion-266) [ 765.766526] ACPI Error: Method parse/execution failed \_SB.I2C1.BATC._BST, AE_BAD_PARAMETER (20180531/psparse-516) [ 765.766586] ACPI Error: AE_BAD_PARAMETER, Evaluating _BST (20180531/battery-577) This commit adds support for all known fields to the CRC PMOP OpRegion handler, the name and register info in this commit comes from: https://github.com/01org/ProductionKernelQuilts/blob/master/uefi/cht-m1stable/patches/0002-ACPI-Adding-support-for-WC-and-CRC-opregion.patch Signed-off-by: Hans de Goede Reviewed-by: Andy Shevchenko Acked-by: Mika Westerberg Signed-off-by: Rafael J. Wysocki commit f317c7dc12b73eb9d67fdae404563deb907dcfb7 Author: Rafael J. Wysocki Date: Sun Aug 12 12:50:09 2018 +0200 ACPICA: Clear status of all events when entering sleep states Commit fa85015c0d95 (ACPICA: Clear status of all events when entering S5) made the sleep state entry code in ACPICA clear the status of all ACPI events when entering S5 to fix a functional regression reported against commit 18996f2db918 (ACPICA: Events: Stop unconditionally clearing ACPI IRQs during suspend/resume). However, it is reported now that the regression also affects system states other than S5 on some systems and causes them to wake up from sleep prematurely. For this reason, make the code in question clear the status of all ACPI events when entering all sleep states (in addition to S5) to avoid the premature wakeups (this may cause some wakeup events to be missed in theory, but the likelihood of that is small and the change here simply restores the previous behavior of the code). Fixes: 18996f2db918 (ACPICA: Events: Stop unconditionally clearing ACPI IRQs during suspend/resume) Reported-by: Paul Menzel Tested-by: Paul Menzel Cc: 4.17+ # 4.17+: fa85015c0d95 ACPICA: Clear status ... Signed-off-by: Rafael J. Wysocki commit 5508672d7f4949f15c316ffd947228f130498534 Author: Arnaldo Carvalho de Melo Date: Tue Aug 14 18:00:40 2018 -0300 perf python: Remove -mcet and -fcf-protection when building with clang These options are not present in older clang versions, so when we build for a distro that has a gcc new enough to have these options and that the distro python build config settings use them but clang doesn't support, b00m. This is the case with fedora 28 and rawhide, so check if clang has the options and remove the missing ones from CFLAGS. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-7asds7yn6gzg6ns1lw17ukul@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 4efa829d195172d630dcd1b2f9b239bcce69639e Author: Bob Moore Date: Fri Aug 10 14:43:04 2018 -0700 ACPICA: Update version to 20180810 Version 20180810. Signed-off-by: Bob Moore Signed-off-by: Erik Schmauss Signed-off-by: Rafael J. Wysocki commit 8b66fcfdee683072d416b6f12a9be6acd81f20ba Author: Bob Moore Date: Fri Aug 10 14:43:03 2018 -0700 ACPICA: acpiexec: fix a small memory leak regression Eliminates warnings only seen when acpiexec exits. Signed-off-by: Bob Moore Signed-off-by: Erik Schmauss Signed-off-by: Rafael J. Wysocki commit 8b23570ab001c1982c8a068cde468ff067255314 Author: Erik Schmauss Date: Fri Aug 10 14:43:02 2018 -0700 ACPICA: Reference Counts: increase max to 0x4000 for large servers Increase the reference count limit to 0x4000 as the current one is not sufficient for some large server systems. Reviewed-by: Dimitri Sivanich Tested-by: Russ Anderson Reported-by: Mike Travis Signed-off-by: Mike Travis Signed-off-by: Erik Schmauss [ rjw: Changelog ] Signed-off-by: Rafael J. Wysocki commit ff5340f8ac94d65609424675d587c030da951a53 Author: Erik Schmauss Date: Fri Aug 10 14:43:01 2018 -0700 ACPICA: Reference count: add additional debugging details Make reference counting diagnostics provide more information on what has happened. Signed-off-by: Erik Schmauss [ rjw: Changelog ] Signed-off-by: Rafael J. Wysocki commit 77d4e0966a8a6f8a3aa9d27b067a1fc0ec10628d Author: Erik Schmauss Date: Fri Aug 10 14:43:00 2018 -0700 ACPICA: acpi_exec: fixing -fi option Field elements listed in the init file used to be initialized after the table load and before executing module-level code blocks. The recent changes in module-level code mean that the table load becomes a method execution. If fields are used within module-level code and we are executing with -fi option, then these values are populated after the table has finished loading. This commit changes the initialization of objects listed in the init file so that field unit values are populated during the table load. Signed-off-by: Erik Schmauss Signed-off-by: Rafael J. Wysocki commit fb2ef998af44fb94214f3cf1c0e85d7a4e642fcb Author: Bob Moore Date: Fri Aug 10 14:42:59 2018 -0700 ACPICA: Debugger: Cleanup interface to the AML disassembler If the disassembler is configured out (such as when the debugger is part of a kernel), these debugger commands are disabled: List Disassemble Further, the Debug (single-step) command is simplified because each line of code cannot be disassembled. Reported-by: Colin Ian King Signed-off-by: Bob Moore Signed-off-by: Erik Schmauss Signed-off-by: Rafael J. Wysocki commit 4a7c94c721074eafb27298d93dbcc339aa28e745 Author: Erik Schmauss Date: Fri Aug 10 14:42:58 2018 -0700 ACPICA: AML Parser: skip opcodes that open a scope upon parse failure This change skips the entire length of opcodes that open a scope (Device, Scope, Processor, etc) if the creation of the op fails. The failure could be caused by various errors including AE_ALREADY_EXISTS and AE_NOT_FOUND. Reported-by: Jeremy Linton Tested-by: Jeremy Linton Signed-off-by: Erik Schmauss Cc: 4.17+ # 4.17+ Signed-off-by: Rafael J. Wysocki commit 089b2bec97bbddb519e849a58b1ba8cc9880a4e5 Author: Erik Schmauss Date: Fri Aug 10 14:42:57 2018 -0700 ACPICA: Utilities: split hex detection into smaller functions acpi_ut_implicit_strtoul64() called acpi_ut_detect_hex_prefix() and ignored the return value. Instead, use acpi_ut_remove_hex_prefix(). Signed-off-by: Erik Schmauss Signed-off-by: Rafael J. Wysocki commit 8a55c696d327008b003957d828ff04b81ead5dd1 Author: Bob Moore Date: Fri Aug 10 14:42:56 2018 -0700 ACPICA: Update an error message for a duplicate table In this case, the exception AE_ALREADY_EXISTS is more appropriate. Signed-off-by: Bob Moore Signed-off-by: Erik Schmauss Signed-off-by: Rafael J. Wysocki commit f016b19a9275089a2ab06c2144567c2ad8d5d6ad Author: Erik Schmauss Date: Fri Aug 10 14:42:55 2018 -0700 ACPICA: ACPICA: add status check for acpi_hw_read before assigning return value The value coming from acpi_hw_read() should not be used if it returns an error code, so check the status returned by it before using that value in two places in acpi_hw_register_read(). Reported-by: Mark Gross Signed-off-by: Erik Schmauss [ rjw: Changelog ] Signed-off-by: Rafael J. Wysocki commit d46b6537f0ceed303047da918ed951f074a99288 Author: Erik Schmauss Date: Fri Aug 10 14:42:54 2018 -0700 ACPICA: AML Parser: ignore all exceptions resulting from incorrect AML during table load Macros to classify different AML exception codes have been added in order to ignore the exceptions, Signed-off-by: Erik Schmauss [ rjw: Fix damaged white space ] Signed-off-by: Rafael J. Wysocki commit 26dcc12c009e3222f8b975f23c605516a5d3b29f Author: Krzysztof Kozlowski Date: Tue Aug 7 18:19:19 2018 +0200 rtc: s5m: Add SPDX license identifier Replace GPL v2.0+ license statement with SPDX license identifier. Signed-off-by: Krzysztof Kozlowski Signed-off-by: Alexandre Belloni commit 734c5cd5bc2f391ece9ab71b35abb33dfa5713ec Author: Krzysztof Kozlowski Date: Tue Aug 7 18:19:18 2018 +0200 rtc: maxim: Add SPDX license identifiers Replace GPL v2.0+ license statements with SPDX license identifiers. Signed-off-by: Krzysztof Kozlowski Signed-off-by: Alexandre Belloni commit 0625b4ba1a5d4703c7fb01c497bd6c156908af00 Author: Jason Gunthorpe Date: Tue Aug 14 15:33:52 2018 -0600 IB/mlx5: Fix leaking stack memory to userspace mlx5_ib_create_qp_resp was never initialized and only the first 4 bytes were written. Fixes: 41d902cb7c32 ("RDMA/mlx5: Fix definition of mlx5_ib_create_qp_resp") Cc: Acked-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit e6ecec342fefc2df01438cb0b8bacdd8641a6418 Merge: 747f62305dfb 3d83d3188460 Author: Linus Torvalds Date: Tue Aug 14 14:29:31 2018 -0700 Merge tag 'docs-4.19' of git://git.lwn.net/linux Pull documentation update from Jonathan Corbet: "This was a moderately busy cycle for docs, with the usual collection of small fixes and updates. We also have new ktime_get_*() docs from Arnd, some kernel-doc fixes, a new set of Italian translations (non so se vale la pena, ma non fa male - speriamo bene), and some extensive early memory-management documentation improvements from Mike Rapoport" * tag 'docs-4.19' of git://git.lwn.net/linux: (52 commits) Documentation: corrections to console/console.txt Documentation: add ioctl number entry for v4l2-subdev.h Remove gendered language from management style documentation scripts/kernel-doc: Escape all literal braces in regexes docs/mm: add description of boot time memory management docs/mm: memblock: add overview documentation docs/mm: memblock: add kernel-doc description for memblock types docs/mm: memblock: add kernel-doc comments for memblock_add[_node] docs/mm: memblock: update kernel-doc comments mm/memblock: add a name for memblock flags enumeration docs/mm: bootmem: add overview documentation docs/mm: bootmem: add kernel-doc description of 'struct bootmem_data' docs/mm: bootmem: fix kernel-doc warnings docs/mm: nobootmem: fixup kernel-doc comments mm/bootmem: drop duplicated kernel-doc comments Documentation: vm.txt: Adding 'nr_hugepages_mempolicy' parameter description. doc:it_IT: translation for kernel-hacking docs: Fix the reference labels in Locking.rst doc: tracing: Fix a typo of trace_stat mm: Introduce new type vm_fault_t ... commit 6f7ea94acbb751f617bfd674086b388460ee5b3b Author: Denis Osterland Date: Tue Jul 24 11:31:22 2018 +0000 rtc: isl1219: add device tree documentation The devicetree documentation for the ISL1219 device tree binding is added with a short example. It is not a trivial device, because it supports two interrupt sources. Signed-off-by: Denis Osterland Reviewed-by: Rob Herring Signed-off-by: Alexandre Belloni commit cfa30622c854747aba9c920c7dd30e5a123a414f Author: Denis Osterland Date: Tue Jul 24 11:31:21 2018 +0000 rtc: isl1208: set ev-evienb bit from device tree Add support to disable event in pull-up. Signed-off-by: Denis Osterland Signed-off-by: Alexandre Belloni commit 923aa4c378f9c7bbe2dff6f5632f95815b7700e9 Author: Heiner Kallweit Date: Sun Aug 5 22:31:03 2018 +0200 PCI/MSI: Set IRQCHIP_ONESHOT_SAFE for PCI-MSI irqchips If flag IRQCHIP_ONESHOT_SAFE isn't set for an irqchip and we have a threaded interrupt with no primary handler, flag IRQF_ONESHOT needs to be set for the interrupt, causing some overhead in the threaded interrupt handler. For more detailed explanation also check following comment in __setup_irq(): The interrupt was requested with handler = NULL, so we use the default primary handler for it. But it does not have the oneshot flag set. In combination with level interrupts this is deadly, because the default primary handler just wakes the thread, then the irq lines is reenabled, but the device still has the level irq asserted. Rinse and repeat.... While this works for edge type interrupts, we play it safe and reject unconditionally because we can't say for sure which type this interrupt really has. The type flags are unreliable as the underlying chip implementation can override them. Another comment in __setup_irq() gives a hint already that this overhead can be avoided for PCI-MSI: Some irq chips like MSI based interrupts are per se one shot safe. Check the chip flags, so we can avoid the unmask dance at the end of the threaded handler for those. Following this let's mark all PCI-MSI irqchips as oneshot-safe. See also discussion here: https://lkml.kernel.org/r/alpine.DEB.2.21.1808032136490.1658@nanos.tec.linutronix.de Signed-off-by: Heiner Kallweit Signed-off-by: Bjorn Helgaas commit 747f62305dfb8a592835c7401069bfdbc06acbae Merge: 2c20443ec221 f5b6c1fcb42f Author: Linus Torvalds Date: Tue Aug 14 14:10:30 2018 -0700 Merge tag 'sound-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound updates from Takashi Iwai: "It's been busy summer weeks and hence lots of changes, partly for a few new drivers and partly for a wide range of fixes. Here are highlights: ALSA Core: - Fix rawmidi buffer management, code cleanup / refactoring - Fix the SG-buffer page handling with incorrect fallback size - Fix the stall at virmidi trigger callback with a large buffer; also offloading and code-refactoring along with it - Various ALSA sequencer code cleanups ASoC: - Deploy the standard snd_pcm_stop_xrun() helper in several drivers - Support for providing name prefixes to generic component nodes - Quite a few fixes for DPCM as it gains a bit wider use and more robust testing - Generalization of the DIO2125 support to a simple amplifier driver - Accessory detection support for the audio graph card - DT support for PXA AC'97 devices - Quirks for a number of new x86 systems - Support for AM Logic Meson, Everest ES7154, Intel systems with RT5682, Qualcomm QDSP6 and WCD9335, Realtek RT5682 and TI TAS5707 HD-audio: - Code refactoring in HD-audio ext codec codes to drop own classes; preliminary works for the upcoming legacy codec support - Generalized DRM audio component for the upcoming radeon / amdgpu support - Unification of mic mute-LED and GPIO support for various codecs - Further improvement of CA0132 codec support including Recon3D - Proper vga_switcheroo handling for AMD i-GPU - Update of model list in documentation - Fixups for another HP Spectre x360, Conexant codecs, power-save blacklist update USB-audio: - Fix the invalid sample rate setup with external clock - Support of UAC3 selector units and processing units - Basic UAC3 power-domain support - Support for Encore mDSD and Thesycon-based DSD devices - Preparation for future complete callback changes Firewire: - Add support for MOTU Traveler Misc: - The endianess notation fixes in various drivers - Add fall-through comment in lots of drivers - Various sparse warning fixes, e.g. about PCM format types" * tag 'sound-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (529 commits) ASoC: adav80x: mark expected switch fall-through ASoC: da7219: Add delays to capture path to remove DC offset noise ALSA: usb-audio: Mark expected switch fall-through ALSA: mixart: Mark expected switch fall-through ALSA: opl3: Mark expected switch fall-through ALSA: hda/ca0132 - Add exit commands for Recon3D ALSA: hda/ca0132 - Change mixer controls for Recon3D ALSA: hda/ca0132 - Add Recon3D input and output select commands ALSA: hda/ca0132 - Add DSP setup defaults for Recon3D ALSA: hda/ca0132 - Add Recon3D startup functions and setup ALSA: hda/ca0132 - Add bool variable to enable/disable pci region2 mmio ALSA: hda/ca0132 - Add Recon3D pincfg ALSA: hda/ca0132 - Add quirk ID and enum for Recon3D ALSA: hda/ca0132 - Add alt_functions unsolicited response ALSA: hda/ca0132 - Clean up ca0132_init function. ALSA: hda/ca0132 - Create mmio gpio function to make code clearer ASoC: wm_adsp: Make DSP name configurable by codec driver ASoC: wm_adsp: Declare firmware controls from codec driver ASoC: max98373: Added software reset register to readable registers ASoC: wm_adsp: Correct DSP pointer for preloader control ... commit 6eaf2781137842429c447bb491402b231df8a0f1 Author: Bert Kenward Date: Thu Jul 26 16:21:29 2018 +0100 PCI/VPD: Check for VPD access completion before checking for timeout Previously we checked the timeout before checking the VPD access completion bit. On a very heavily loaded system this can cause VPD access to timeout. Check the completion bit before checking the timeout. Signed-off-by: Bert Kenward Signed-off-by: Bjorn Helgaas commit 9ece7cd833a3e5e0740e2b681abe6ce5e6af6885 Author: Denis Osterland Date: Tue Jul 24 11:31:21 2018 +0000 rtc: isl1208: Add "evdet" interrupt source for isl1219 Add support for "evdet" named interrupt source. The check if i2c client irq matches evdet irq is needed for the case that there is only one interrupt named "evdet". In this case i2c client code handles this like an unnamed interrupt souce and assigns the value. Signed-off-by: Denis Osterland Reviewed-by: Michael Grzeschik Signed-off-by: Alexandre Belloni commit b72ae8cac0caff86fe414fceb940655c2d1371c9 Author: Andy Shevchenko Date: Sun Jul 29 16:16:56 2018 +0300 PCI: Add PCI_DEVICE_DATA() macro to fully describe device ID entry There are a lot of examples in the kernel where PCI_VDEVICE() is used and still looks not so convenient due to additional driver_data field attached. Introduce PCI_DEVICE_DATA() macro to fully describe device ID entry in shortest possible form. For example, before: { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_MRFLD), (kernel_ulong_t) &dwc3_pci_mrfld_properties, }, after: { PCI_DEVICE_DATA(INTEL, MRFLD, &dwc3_pci_mrfld_properties) }, Drivers can be converted later on in independent way. While here, remove the unused macro with the same name from Ralink wireless driver. Signed-off-by: Andy Shevchenko Signed-off-by: Bjorn Helgaas Acked-by: Kalle Valo # for rt2x00 commit dd35bdb0768f1d03b043c4ba704fe9760eaa5891 Author: Michael Grzeschik Date: Tue Jul 24 11:31:21 2018 +0000 rtc: isl1208: add support for isl1219 with tamper detection We add support for the ISL1219 chip that got an integrated tamper detection function. This patch implements the feature by adding an additional timestamp0 file to sysfs device path. This file contains seconds since epoch, if an event occurred, or is empty, if none occurred. Signed-off-by: Michael Grzeschik Signed-off-by: Denis Osterland Signed-off-by: Alexandre Belloni commit a0a1a1ba303261d25814d11a05008d2931a69a8b Author: Denis Osterland Date: Tue Jul 24 11:31:22 2018 +0000 rtc: sysfs: facilitate attribute add to rtc device This patches addresses following problem: rtc_allocate_device devm_device_add_group <-- kernel oops / null pointer, because sysfs entry does not yet exist rtc_register_device rc = devm_device_add_group if (rc) return rc; <-- forbidden to return error code after device register This patch adds rtc_add_group(s) functions. The functions store the sum of attribute groups as device resource. Signed-off-by: Denis Osterland Signed-off-by: Alexandre Belloni commit 82fd4b05d704623a0e4aa7fda48e272a9889337d Author: Takashi Iwai Date: Tue Aug 14 21:27:51 2018 +0200 ALSA: seq: virmidi: Fix discarding the unsubscribed output The recent change to move the virmidi output processing to a work slightly modified the code to discard the unsubscribed outputs so that it works without a temporary buffer. However, this is actually buggy, and may spew a kernel warning due to the unexpected call of snd_rawmidi_transmit_ack(), as triggered by syzbot. This patch takes back to the original code in that part, use a temporary buffer and simply repeat snd_rawmidi_transmit(), in order to address the regression. Fixes: f7debfe54090 ("ALSA: seq: virmidi: Offload the output event processing") Reported-by: syzbot+ec5f605c91812d200367@syzkaller.appspotmail.com Signed-off-by: Takashi Iwai commit 2c20443ec221dcb76484b30933593e8ecd836bbd Merge: b018fc980055 76f7d6c07acd Author: Linus Torvalds Date: Tue Aug 14 13:39:52 2018 -0700 Merge tag 'acpi-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI updates from Rafael Wysocki: "These revert two ACPICA commits that are not needed any more, rework the property graphs support in ACPI to be more aligned with the analogous DT code, add some new quirks and remove one that isn't needed any more, add a special platform driver to enumerate multiple I2C devices hooked up to the same device object in the ACPI tables and update the battery and button drivers. Specifics: - Revert two ACPICA commits that are not needed any more (Erik Schmauss). - Rework property graph support in the ACPI device properties framework to make it behave more like the analogous DT code and update the documentation of it (Sakari Ailus). - Change the default ACPI device status after initialization to ACPI_STA_DEFAULT instead of 0 (Hans de Goede). - Add a special platform driver for enumerating multiple I2C devices hooked up to the same object in the ACPI tables (Hans de Goede). - Fix the ACPI battery driver to avoid reporting full capacity on systems without support for that and clean it up (Hans de Goede, Dmitry Rozhkov, Lucas Rangit Magasweran). - Add two system wakeup quirks to the ACPI EC driver (Aaron Ma, Mika Westerberg). - Add the touchscreen on Dell Venue Pro 7139 to the list of "always present" devices to make it work (Tristian Celestin). - Revert a special tables handling quirk for Dell XPS 9570 and Precision M5530 which is not needed any more (Kai Heng Feng). - Add support for a new OEM _OSI string to allow system vendors to work around issues with NVidia HDMI audio (Alex Hung). - Prevent the ACPI button driver from reporting excessive system wakeup events and clean it up (Ravi Chandra Sadineni, Randy Dunlap). - Clean up two minor code style issues in the ACPI core and GHES handling on ARM64 (Dongjiu Geng, John Garry, Tom Todd)" * tag 'acpi-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (34 commits) platform/x86: Add ACPI i2c-multi-instantiate pseudo driver ACPI / x86: utils: Remove status workaround from acpi_device_always_present() ACPI / scan: Create platform device for fwnodes with multiple i2c devices ACPI / scan: Initialize status to ACPI_STA_DEFAULT ACPI / EC: Add another entry for Thinkpad X1 Carbon 6th ACPI: bus: Fix a pointer coding style issue arm64 / ACPI: clean the additional checks before calling ghes_notify_sea() ACPI / scan: Add static attribute to indirect_io_hosts[] ACPI / battery: Do not export energy_full[_design] on devices without full_charge_capacity ACPI / EC: Use ec_no_wakeup on ThinkPad X1 Yoga 3rd ACPI / battery: get rid of negations in conditions ACPI / battery: use specialized print macros ACPI / battery: reorder headers alphabetically ACPI / battery: drop inclusion of init.h ACPI: battery: remove redundant old_present check on insertion ACPI: property: graph: Update graph documentation to use generic references ACPI: property: graph: Improve graph documentation for port/ep numbering ACPI: property: graph: Fix graph documentation ACPI: property: Update documentation for hierarchical data extension 1.1 ACPI: property: Document key numbering for hierarchical data extension refs ... commit 0da9be22cdcbcbe0e5f04271dcfac71601526a3e Author: Bart Van Assche Date: Tue Aug 14 08:07:04 2018 -0700 Update the e-mail address of Bart Van Assche Since my @wdc.com e-mail address will become invalid after Friday August 24th, change it into an e-mail address that will remain valid after that date. Signed-off-by: Bart Van Assche Signed-off-by: Jason Gunthorpe commit b018fc9800557bd14a40d69501e19c340eb2c521 Merge: c07b3682cd12 7425ecd5e3e8 Author: Linus Torvalds Date: Tue Aug 14 13:12:24 2018 -0700 Merge tag 'pm-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management updates from Rafael Wysocki: "These add a new framework for CPU idle time injection, to be used by all of the idle injection code in the kernel in the future, fix some issues and add a number of relatively small extensions in multiple places. Specifics: - Add a new framework for CPU idle time injection (Daniel Lezcano). - Add AVS support to the armada-37xx cpufreq driver (Gregory CLEMENT). - Add support for current CPU frequency reporting to the ACPI CPPC cpufreq driver (George Cherian). - Rework the cooling device registration in the imx6q/thermal driver (Bastian Stender). - Make the pcc-cpufreq driver refuse to work with dynamic scaling governors on systems with many CPUs to avoid scalability issues with it (Rafael Wysocki). - Fix the intel_pstate driver to report different maximum CPU frequencies on systems where they really are different and to ignore the turbo active ratio if hardware-managend P-states (HWP) are in use; make it use the match_string() helper (Xie Yisheng, Srinivas Pandruvada). - Fix a minor deferred probe issue in the qcom-kryo cpufreq driver (Niklas Cassel). - Add a tracepoint for the tracking of frequency limits changes (from Andriod) to the cpufreq core (Ruchi Kandoi). - Fix a circular lock dependency between CPU hotplug and sysfs locking in the cpufreq core reported by lockdep (Waiman Long). - Avoid excessive error reports on driver registration failures in the ARM cpuidle driver (Sudeep Holla). - Add a new device links flag to the driver core to make links go away automatically on supplier driver removal (Vivek Gautam). - Eliminate potential race condition between system-wide power management transitions and system shutdown (Pingfan Liu). - Add a quirk to save NVS memory on system suspend for the ASUS 1025C laptop (Willy Tarreau). - Make more systems use suspend-to-idle (instead of ACPI S3) by default (Tristian Celestin). - Get rid of stack VLA usage in the low-level hibernation code on 64-bit x86 (Kees Cook). - Fix error handling in the hibernation core and mark an expected fall-through switch in it (Chengguang Xu, Gustavo Silva). - Extend the generic power domains (genpd) framework to support attaching a device to a power domain by name (Ulf Hansson). - Fix device reference counting and user limits initialization in the devfreq core (Arvind Yadav, Matthias Kaehlcke). - Fix a few issues in the rk3399_dmc devfreq driver and improve its documentation (Enric Balletbo i Serra, Lin Huang, Nick Milner). - Drop a redundant error message from the exynos-ppmu devfreq driver (Markus Elfring)" * tag 'pm-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (35 commits) PM / reboot: Eliminate race between reboot and suspend PM / hibernate: Mark expected switch fall-through cpufreq: intel_pstate: Ignore turbo active ratio in HWP cpufreq: Fix a circular lock dependency problem cpu/hotplug: Add a cpus_read_trylock() function x86/power/hibernate_64: Remove VLA usage cpufreq: trace frequency limits change cpufreq: intel_pstate: Show different max frequency with turbo 3 and HWP cpufreq: pcc-cpufreq: Disable dynamic scaling on many-CPU systems cpufreq: qcom-kryo: Silently error out on EPROBE_DEFER cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC cpufreq: armada-37xx: Add AVS support dt-bindings: marvell: Add documentation for the Armada 3700 AVS binding PM / devfreq: rk3399_dmc: Fix duplicated opp table on reload. PM / devfreq: Init user limits from OPP limits, not viceversa PM / devfreq: rk3399_dmc: fix spelling mistakes. PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer. dt-bindings: devfreq: rk3399_dmc: move interrupts to be optional. PM / devfreq: rk3399_dmc: remove wait for dcf irq event. dt-bindings: clock: add rk3399 DDR3 standard speed bins. ... commit c07b3682cd12a017f976ec63bbd4758dc4c5100e Merge: 4d88e3d24905 2224f2ff9670 Author: Linus Torvalds Date: Tue Aug 14 13:07:22 2018 -0700 Merge tag 'leds-for-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds Pull LED updates from Jacek Anaszewski: "LED triggers improvements make the biggest part of this pull request. The most striking ones, that allowed for nice cleanups in the triggers are: - centralized handling of creation and removal of trigger sysfs attributes via attribute group - addition of module_led_trigger() helper The other things that need to be mentioned: New features and improvements to existing LED class drivers: - lt3593: add DT support, switch to gpiod interface - lm3692x: support LED sync configuration, change OF calls to fwnode calls - apu: modify PC Engines apu/apu2 driver to support apu3 Change in the drivers/net/can/led.c: - mark led trigger as broken since it's in the way for the further cleanups. It implements a subset of the netdev trigger and an Ack is needed from someone who can actually test and confirm that the netdev trigger works for can devices" * tag 'leds-for-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds: (32 commits) leds: ns2: Change unsigned to unsigned int usb: simplify usbport trigger leds: gpio trigger: simplifications from core changes leds: backlight trigger: simplifications from core changes leds: activity trigger: simplifications from core changes leds: default-on trigger: make use of module_led_trigger() leds: heartbeat trigger: simplifications from core changes leds: oneshot trigger: simplifications from core changes leds: transient trigger: simplifications from core changes leds: timer trigger: simplifications from core changes leds: netdev trigger: simplifications from core changes leds: triggers: new function led_set_trigger_data() leds: triggers: define module_led_trigger helper leds: triggers: handle .trigger_data and .activated() in the core leds: triggers: add device attribute support leds: triggers: let struct led_trigger::activate() return an error code leds: triggers: make the MODULE_LICENSE string match the actual license leds: lm3692x: Support LED sync configuration dt: bindings: lm3692x: Update binding for LED sync control leds: lm3692x: Change DT calls to fwnode calls ... commit 4d88e3d24905eafa98cef0fc29365649ad8977b5 Merge: c6ed444fd6ff f11b9abc9318 Author: Linus Torvalds Date: Tue Aug 14 12:41:49 2018 -0700 Merge tag 'devicetree-for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux Pull Devicetree updates from Rob Herring: - Remove an obsolete hack for PPC32 longtrail systems - Make of_io_request_and_map() "name" arg optional - Add vendor prefixes for bitmain, Asus, and Y Soft - Remove 'interrupt-parent' from bindings as it is implicit - New properties for wm8994 audio codec - Add 'clocks' property support to SRAM binding - Add binding for ASPEED coprocessor interrupt controller - Various binding spelling and link fixes * tag 'devicetree-for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: Documentation: remove dynamic-resolution-notes reference to non-existent file dt-bindings: Add Y Soft Corporation vendor prefix of/fdt: Remove PPC32 longtrail hack in memory scan dt-bindings: remove 'interrupt-parent' from bindings pinctrl: tegra: fix spelling in devicetree binding document usb: dwc3: rockchip: Fix PHY documentation links. dt-bindings: sound: wm8994: document wlf,csnaddr-pd property dt-bindings: sound: wm8994: document wlf,spkmode-pu property dt-bindings: sram: Add 'clocks' as an optional property dt-bindings: Add vendor prefix for AsusTek Computer Inc. dt-bindings: misc: ASPEED coprocessor interrupt controller dt-bindings: gpio: pca953x: Document interrupts, update example drivers/of: Make of_io_request_and_map() "name" argument optional dt-bindings: Add bitmain vendor prefix Documentation: devicetree: tilcdc: fix spelling mistake "suppors" -> "supports" commit c6ed444fd6fffaaf2e3857d926ed18bf3df81e8e Merge: 3860cae64c0a c2944a9a09a2 Author: Linus Torvalds Date: Tue Aug 14 12:31:27 2018 -0700 Merge tag 'pinctrl-v4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control updates from Linus Walleij: "This is the bulk of pin control changes for v4.19: Core changes: - Augment pinctrl_generic_add_group() and pinmux_generic_add_function() to return the selector for the added group/function to the caller and augment (hopefully) all drivers to handle this New subdrivers: - Qualcomm PM8998 and PM8005 are supported in the SPMI pin control and GPIO driver - Intel Ice Lake PCH (platform controller hub) support - NXP (ex Freescale) i.MX8MQ support - Berlin AS370 support Improvements to drivers: - Support interrupts on the Ocelot pin controller - Add SPI pins to the Uniphier driver - Define a GPIO compatible per SoC in the Tegra driver - Push Tegra initialization down in the initlevels - Support external wakeup interrupts on the Exynos - Add generic clocks pins to the meson driver - Add USB and HSCIF pins for some Renesas PFC chips - Suspend/resume support in the armada-37xx - Interrupt support for the Actions Semiconductor S900 also known as "owl" - Correct the pin ordering in Cedarfork - Debugfs output for INTF in the mcp23s08 driver - Avoid divisions in context save/restore in pinctrl-single The rest is minor bug fixes or cleanups" * tag 'pinctrl-v4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: (69 commits) pinctrl: nomadik: silence uninitialized variable warning pinctrl: axp209: Fix NULL pointer dereference after allocation pinctrl: samsung: Remove duplicated "wakeup" in printk pinctrl: ocelot: add support for interrupt controller pinctrl: intel: Don't shadow error code of gpiochip_lock_as_irq() pinctrl: berlin: fix 'pctrl->functions' allocation in berlin_pinctrl_build_state gpio: tegra: Move driver registration to subsys_init level pinctrl: tegra: Move drivers registration to arch_init level pinctrl: baytrail: actually print the apparently misconfigured pin MAINTAINERS: Replace Heikki as maintainer of Intel pinctrl pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() pinctrl: uniphier: add spi pin-mux settings pinctrl: cannonlake: Fix community ordering for H variant pinctrl: tegra: define GPIO compatible node per SoC pinctrl: intel: Do pin translation when lock IRQ pinctrl: imx: off by one in imx_pinconf_group_dbg_show() pinctrl: mediatek: include chained_irq.h header pinctrl/amd: only handle irq if it is pending and unmasked pinctrl/amd: fix gpio irq level in debugfs pinctrl: stm32: add syscfg mask parameter ... commit 3860cae64c0a2c3faeca5de92d5f8e37fddd340c Merge: 010b0e708e08 d22d59362b7b Author: Linus Torvalds Date: Tue Aug 14 12:04:49 2018 -0700 Merge tag 'regulator-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator updates from Mark Brown: "The biggest set of changes in here is the addition of the Qualcomm RPMH driver. As well as the regualtor driver itself being quite large due to the usual involved Qualcomm regulator stuff there's also some code shared with the arm-soc tree, a bus driver required to communicate with the hardware that actually winds up being much larger than the regulator driver itself and a LLCC driver that was part of the same signed tag used with the arm-soc tree. Other than that it's a fairly standard and quiet release, highlights include: - Addition of device links from regulator consumers to their regulators, helping the core avoid dependency issues during suspend. - Support for the entertainingly innovative suspend implementation in the BD9571MWV. - Support for switch regulators on the PFUZE100, this required two goes due to backwards compatibility issues with old DTs that were discovered. - Support for Freescale PFUZE3001 and SocioNext UniPhier. - The aforementioned Qualcomm RPMH driver together with the driver changes required to support it" * tag 'regulator-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: (52 commits) regulator: add QCOM RPMh regulator driver regulator: dt-bindings: add QCOM RPMh regulator bindings regulator: samsung: Add SPDX license identifiers regulator: maxim: Add SPDX license identifiers regulator: bd71837: adobt MFD changes to regulator driver regulator: tps65217: Fix NULL pointer dereference on probe regulator: Add support for CPCAP regulators on Motorola Xoom devices. regulator: Add sw2_sw4 voltage table to cpcap regulator. regulator: bd9571mwv: Make symbol 'dev_attr_backup_mode' static regulator: pfuze100: add support to en-/disable switch regulators regulator: pfuze100: add optional disable switch-regulators binding soc: qcom: rmtfs-mem: fix memleak in probe error paths soc: qcom: llc-slice: Add missing MODULE_LICENSE() drivers: qcom: rpmh: fix unwanted error check for get_tcs_of_type() drivers: qcom: rpmh-rsc: fix the loop index check in get_req_from_tcs firmware: qcom: scm: add a dummy qcom_scm_assign_mem() drivers: qcom: rpmh-rsc: Check cmd_db_ready() to help children drivers: qcom: rpmh-rsc: allow active requests from wake TCS drivers: qcom: rpmh: add support for batch RPMH request drivers: qcom: rpmh: allow requests to be sent asynchronously ... commit 010b0e708e08727d38b82accb21832b63fe2c250 Merge: 792adb90fa72 c1acb21b32a3 Author: Linus Torvalds Date: Tue Aug 14 12:01:08 2018 -0700 Merge tag 'spi-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi updates from Mark Brown: "Quite an active release for the SPI subsystem, lots of small updates and fixes scattered about with highlights including: - 3-wire support in the GPIO driver. - support for setting a custom memory name in the memory mapped flash drivers. - support for extended mode in the Freescale DSPI controller. - support for the non-standard integration with the Microsemi Ocelot platform in the DesignWare driver. - new driver for the SocioNext UniPhier" * tag 'spi-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: (47 commits) spi: davinci: fix a NULL pointer dereference spi: spi-mem: Constify spi_mem->name mtd: m25p80: Call spi_mem_get_name() to let controller set a custom name spi: spi-mem: Extend the SPI mem interface to set a custom memory name spi: spi-mem: Fix a typo in the documentation of struct spi_mem spi: uniphier: remove unnecessary include headers spi: spi-gpio: add SPI_3WIRE support spi: add flags parameter to txrx_word function pointers spi: add SPI controller driver for UniPhier SoC spi: add DT bindings for UniPhier SPI controller spi: dw: document Microsemi integration spi: img-spfi: Set device select bits for SPFI port state spi: omap2-mcspi: remove several redundant variables spi: dw-mmio: add MSCC Ocelot support spi: dw: export dw_spi_set_cs spi: spi-fsl-espi: Log fifo counters on error spi: imx: Use the longuest possible burst size when in dynamic_burst spi: imx: remove unnecessary check in spi_imx_can_dma spi: imx: Use correct number of bytes per words spi: imx: Use dynamic bursts only when bits_per_word is 8, 16 or 32 ... commit 792adb90fa724ce07c0171cbc96b9215af4b1045 Author: Vlastimil Babka Date: Tue Aug 14 20:50:47 2018 +0200 x86/init: fix build with CONFIG_SWAP=n The introduction of generic_max_swapfile_size and arch-specific versions has broken linking on x86 with CONFIG_SWAP=n due to undefined reference to 'generic_max_swapfile_size'. Fix it by compiling the x86-specific max_swapfile_size() only with CONFIG_SWAP=y. Reported-by: Tomas Pruzina Fixes: 377eeaa8e11f ("x86/speculation/l1tf: Limit swap file size to MAX_PA/2") Signed-off-by: Vlastimil Babka Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds commit 15bc88cd5f8e095fa7fe8494d1980ad29885d984 Merge: be718b524d8d 1dce5d849f94 Author: Linus Torvalds Date: Tue Aug 14 11:51:03 2018 -0700 Merge tag 'regmap-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap Pull regmap updates from Mark Brown: "Several small new features for regmap this time around: - Support for SCCB, an I2C variant used on some media cards. This has also pulled in an I2C commit from Peter Rosin as a dependency. - Addition of an API for reading repeatedly from registers where the address doesn't automatically increment like some ADC outputs or GPIO status registers. - Support for bulk I/O on Slimbus" * tag 'regmap-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap: regmap: Add regmap_noinc_read API regmap: sccb: fix typo and sort headers alphabetically i2c: smbus: add unlocked __i2c_smbus_xfer variant regmap: add SCCB support regmap: slimbus: add support to multi read/write commit be718b524d8d8a25c18b7403c4dbfddacc8e89e3 Merge: f66dc7232002 cc57c07343bd Author: Linus Torvalds Date: Tue Aug 14 11:44:18 2018 -0700 Merge tag 'configfs-for-4.19' of git://git.infradead.org/users/hch/configfs Pull configfs updates from Christoph Hellwig: - simplify the cide by using kvasprintf (Bart Van Assche) - fix a gcc 8 string truncation warning by making the code simpler (Guenter Roeck) - fix a bug in rmdir() handling (Mike Christie) * tag 'configfs-for-4.19' of git://git.infradead.org/users/hch/configfs: configfs: fix registered group removal configfs: replace strncpy with memcpy configfs: use kvasprintf() instead of open-coding it commit f66dc7232002f032ffd860940f98732898ebfd79 Merge: b219a1d2de0c 6fa1d28e38cf Author: Linus Torvalds Date: Tue Aug 14 11:11:52 2018 -0700 Merge tag 'dma-mapping-4.19' of git://git.infradead.org/users/hch/dma-mapping Pull dma-mapping updates from Christoph Hellwig: - a series from Robin to fix bus imposed dma limits by adding a separate mask for them to struct device instead of trying to squeeze a second meaning out of the existing dma mask as we did before. This has ACKs from the various other subsystems touched - a small swiotlb cleanup from Kees (acked by Konrad) - conversion of nios2 and sh to the new generic dma-noncoherent code. Various other architecture conversions will come through the architectures maintainers trees. * tag 'dma-mapping-4.19' of git://git.infradead.org/users/hch/dma-mapping: sh: use generic dma_noncoherent_ops sh: split arch/sh/mm/consistent.c sh: use dma_direct_ops for the CONFIG_DMA_COHERENT case sh: introduce a sh_cacheop_vaddr helper sh: simplify get_arch_dma_ops OF: Don't set default coherent DMA mask ACPI/IORT: Don't set default coherent DMA mask iommu/dma: Respect bus DMA limit for IOVAs of/device: Set bus DMA mask as appropriate ACPI/IORT: Set bus DMA mask as appropriate dma-mapping: Generalise dma_32bit_limit flag ACPI/IORT: Support address size limit for root complexes of/platform: Initialise default DMA masks nios2: use generic dma_noncoherent_ops swiotlb: clean up reporting dma-mapping: relax warning for per-device areas commit 344353366591acf659a0d0dea498611da78d67e2 Author: Kim Phillips Date: Fri Aug 10 17:45:12 2018 -0500 perf arm spe: Fix uninitialized record error variable The auxtrace init variable 'err' was not being initialized, leading perf to abort early in an SPE record command when there was no explicit error, rather only based whatever memory contents were on the stack. Initialize it explicitly on getting an SPE successfully, the same way cs-etm does. Signed-off-by: Kim Phillips Cc: Adrian Hunter Cc: Alexander Shishkin Cc: Dongjiu Geng Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Fixes: ffd3d18c20b8 ("perf tools: Add ARM Statistical Profiling Extensions (SPE) support") Link: http://lkml.kernel.org/r/20180810174512.52900813e57cbccf18ce99a2@arm.com Signed-off-by: Arnaldo Carvalho de Melo commit c9b51a017065bf514ab5a380f2fb3b0dada5bc68 Author: Jiri Olsa Date: Mon Aug 13 13:15:04 2018 +0200 perf tools: Move syscall_64.tbl check into check-headers.sh Probably leftover from the time we introducd the check-headers.sh script. Committer testing: Remove the 'rseq' syscall from tools/perf/arch/x86/entry/syscalls/syscall_64.tbl to fake a diff: make: Entering directory '/home/acme/git/perf/tools/perf' BUILD: Doing 'make -j4' parallel build Warning: Kernel ABI header at 'tools/perf/arch/x86/entry/syscalls/syscall_64.tbl' differs from latest version at 'arch/x86/entry/syscalls/syscall_64.tbl' diff -u tools/perf/arch/x86/entry/syscalls/syscall_64.tbl arch/x86/entry/syscalls/syscall_64.tbl CC /tmp/build/perf/util/syscalltbl.o INSTALL trace_plugins $ diff -u tools/perf/arch/x86/entry/syscalls/syscall_64.tbl arch/x86/entry/syscalls/syscall_64.tbl --- tools/perf/arch/x86/entry/syscalls/syscall_64.tbl 2018-08-13 15:49:50.896585176 -0300 +++ arch/x86/entry/syscalls/syscall_64.tbl 2018-07-20 12:04:04.536858304 -0300 @@ -342,6 +342,7 @@ 331 common pkey_free __x64_sys_pkey_free 332 common statx __x64_sys_statx 333 common io_pgetevents __x64_sys_io_pgetevents +334 common rseq __x64_sys_rseq # # x32-specific system call numbers start at 512 to avoid cache impact $ Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Kapshuk Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180813111504.3568-2-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 7ea6e983b2cce9a4277ea602c2976d18bd75a908 Author: Jiri Olsa Date: Mon Aug 13 13:15:03 2018 +0200 perf tools: Make check-headers.sh check based on kernel dir Changing the logic to compare files with paths relative to kernel source base dir. This way we can keep the output message for 2 unrelated files, which is coming in following patch. Committer testing: Remove a line from tools/arch/x86/lib/memcpy_64.S to have it detected: make: Entering directory '/home/acme/git/perf/tools/perf' BUILD: Doing 'make -j4' parallel build Warning: Kernel ABI header at 'tools/arch/x86/lib/memcpy_64.S' differs from latest version at 'arch/x86/lib/memcpy_64.S' diff -u tools/arch/x86/lib/memcpy_64.S arch/x86/lib/memcpy_64.S INSTALL GTK UI INSTALL binaries Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Kapshuk Cc: Alexander Shishkin Cc: David Ahern Cc: Michael Ellerman Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180813111504.3568-1-jolsa@kernel.org Link: http://lkml.kernel.org/r/20180814072726.GA13931@krava [ Do not use pushd/popd, its a bashism, reported by Michael Ellerman, fixed by Jiri Olsa ] Signed-off-by: Arnaldo Carvalho de Melo commit b219a1d2de0c025318475e3bbf8e3215cf49d083 Merge: c2fc71c9b74c d63e2fc804c4 Author: Linus Torvalds Date: Tue Aug 14 11:03:16 2018 -0700 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md Pull MD updates from Shaohua Li: "A few MD fixes for 4.19-rc1: - several md-cluster fixes from Guoqing - a data corruption fix from BingJing - other cleanups" * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md: md/raid5: fix data corruption of replacements after originals dropped drivers/md/raid5: Do not disable irq on release_inactive_stripe_list() call drivers/md/raid5: Use irqsave variant of atomic_dec_and_lock() md/r5cache: remove redundant pointer bio md-cluster: don't send msg if array is closing md-cluster: show array's status more accurate md-cluster: clear another node's suspend_area after the copy is finished commit c2fc71c9b74c1e87336a27dba1a5edc69d2690f1 Merge: 57ee3196ce7c 9805d4bcf8f9 Author: Linus Torvalds Date: Tue Aug 14 10:57:44 2018 -0700 Merge tag 'mtd/for-4.19' of git://git.infradead.org/linux-mtd Pull mtd updates from Boris Brezillon: "JFFS2 changes: - Support 64-bit timestamps MTD core changes: - Support sub-partitions - Clarify mtd_oob_ops documentation - Make Kconfig formatting consistent - Fix potential overflows in mtdchar_{write,read}() - Fallback to ->_{read,write}() when ->_{read,write}_oob() is missing and no OOB data were requested - Remove VLA usage in the bch lib MTD driver changes: - Use mtd_device_register() instead of mtd_device_parse_register() where applicable - Use proper printk format to print physical addresses in the solutionengine driver - Add missing mtd_set_of_node() call in the powernv driver - Remove unneeded variables in a few drivers - Plug the TRX part parser to the DT partition parsers logic - Check ioremap_cache() return code in the gpio-addr-flash driver - Stop using VMLINUX_SYMBOL_STR() in gen_probe.c SPI NOR core changes: - Apply reset hacks only when reset is explicitly marked as broken in the DT SPI NOR driver changes: - Minor cleanup/fixes in the m25p80 driver - Release flash_np in the nxp-spifi driver - Add suspend/resume hooks to the atmel-quadspi driver - Include gpio/consumer.h instead of gpio.h in the atmel-quadspi driver - Use %pK instead of %p in the stm32-quadspi driver - Improve timeout handling in the cadence-quadspi driver - Use mtd_device_register() instead of mtd_device_parse_register() in the intel-spi driver NAND core changes: - Add the SPI-NAND framework. - Create a helper to find the best ECC configuration. - Create NAND controller operations. - Allocate dynamically ONFI parameters structure. - Add defines for ONFI version bits. - Add manufacturer fixup for ONFI parameter page. - Add an option to specify NAND chip as a boot device. - Add Reed-Solomon error correction algorithm. - Better name for the controller structure. - Remove unused caller_is_module() definition. - Make subop helpers return unsigned values. - Expose _notsupp() helpers for raw page accessors. - Add default values for dynamic timings. - Kill the chip->scan_bbt() hook. - Rename nand_default_bbt() into nand_create_bbt(). - Start to clean the nand_chip structure. - Remove stale prototype from rawnand.h. Raw NAND controllers drivers changes: - Qcom: structuring cleanup. - Denali: use core helper to find the best ECC configuration. - Possible build of almost all drivers by adding a dependency on COMPILE_TEST for almost all of them in Kconfig, implies various fixes, Kconfig cleanup, GPIO headers inclusion cleanup, and even changes in sparc64 and ia64 architectures. - Clean the ->probe() functions error path of a lot of drivers. - Migrate all drivers to use nand_scan() instead of nand_scan_ident()/nand_scan_tail() pair. - Use mtd_device_register() where applicable to simplify the code. - Marvell: * Handle on-die ECC. * Better clocks handling. * Remove bogus comment. * Add suspend and resume support. - Tegra: add NAND controller driver. - Atmel: * Add module param to avoid using dma. * Drop Wenyou Yang from MAINTAINERS. - Denali: optimize timings handling. - FSMC: Stop using chip->read_buf(). - FSL: * Switch to SPDX license tag identifiers. * Fix qualifiers in MXC init functions. Raw NAND chip drivers changes: - Micron: * Add fixup for ONFI revision. * Update ecc_stats.corrected. * Make ECC activation stateful. * Avoid enabling/disabling ECC when it can't be disabled. * Get the actual number of bitflips. * Allow forced on-die ECC. * Support 8/512 on-die ECC. * Fix on-die ECC detection logic. - Hynix: * Fix decoding the OOB size on H27UCG8T2BTR. * Use ->exec_op() in hynix_nand_reg_write_op()" * tag 'mtd/for-4.19' of git://git.infradead.org/linux-mtd: (188 commits) mtd: rawnand: atmel: Select GENERIC_ALLOCATOR MAINTAINERS: drop Wenyou Yang from Atmel NAND driver support mtd: rawnand: allocate dynamically ONFI parameters during detection mtd: spi-nor: only apply reset hacks to broken hardware mtd: spi-nor: cadence-quadspi: fix timeout handling mtd: spi-nor: atmel-quadspi: Include gpio/consumer.h instead of gpio.h mtd: spi-nor: intel-spi: use mtd_device_register() mtd: spi-nor: stm32-quadspi: replace "%p" with "%pK" mtd: spi-nor: atmel-quadspi: add suspend/resume hooks mtd: rawnand: allocate model parameter dynamically mtd: rawnand: do not export nand_scan_[ident|tail]() anymore mtd: rawnand: txx9ndfmc: convert driver to nand_scan() mtd: rawnand: txx9ndfmc: clarify ECC parameters assignation mtd: rawnand: tegra: convert driver to nand_scan() mtd: rawnand: jz4740: convert driver to nand_scan() mtd: rawnand: jz4740: group nand_scan_{ident, tail} calls mtd: rawnand: jz4740: fix probe function error path mtd: rawnand: docg4: convert driver to nand_scan() mtd: rawnand: do not execute nand_scan_ident() if maxchips is zero mtd: rawnand: atmel: convert driver to nand_scan() ... commit 57ee3196ce7c7cbc52f2792414919d9756b42828 Merge: 73ba2fb33c49 f075dce66c60 Author: Linus Torvalds Date: Tue Aug 14 10:54:25 2018 -0700 Merge SCSI_IOCTL_SEND_COMMAND cleanup branch. Nobody commented on this patch back in July. So now it gets merged. * SCSI_IOCTL_SEND_COMMAND cleanup: scsi sg: remove incorrect scsi command checking logic commit 26a1ccc6c117be8e33e0410fce8c5298b0015b99 Author: Colin Ian King Date: Mon Aug 13 15:00:32 2018 +0100 bpf: test: fix spelling mistake "REUSEEPORT" -> "REUSEPORT" Trivial fix to spelling mistake in error message Signed-off-by: Colin Ian King Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller commit 22fd99e948a68fda1f893f325dd338dec793de59 Author: Sean Paul Date: Mon Aug 13 17:30:40 2018 -0400 drm/panel: simple: tv123wam: Add unprepare delay The panel datasheet specifies a 500ms delay after power-down before re-enabling. Changes in v2: - None Changes in v3: - Added to the set Cc: Sandeep Panda Reviewed-by: Sandeep Panda Signed-off-by: Sean Paul Link: https://patchwork.freedesktop.org/patch/msgid/20180813213058.184821-2-sean@poorly.run commit dda9f4b9cac6bdd2a96253b4444d7a6ce5132edb Author: Chao Yu Date: Sat Aug 11 23:42:09 2018 +0800 f2fs: fix to skip verifying block address for non-regular inode generic/184 1s ... [failed, exit status 1]- output mismatch --- tests/generic/184.out 2015-01-11 16:52:27.643681072 +0800 QA output created by 184 - silence is golden +rm: cannot remove '/mnt/f2fs/null': Bad address +mknod: '/mnt/f2fs/null': Bad address +chmod: cannot access '/mnt/f2fs/null': Bad address +./tests/generic/184: line 36: /mnt/f2fs/null: Bad address ... F2FS-fs (zram0): access invalid blkaddr:259 EIP: f2fs_is_valid_blkaddr+0x14b/0x1b0 [f2fs] f2fs_iget+0x927/0x1010 [f2fs] f2fs_lookup+0x26e/0x630 [f2fs] __lookup_slow+0xb3/0x140 lookup_slow+0x31/0x50 walk_component+0x185/0x1f0 path_lookupat+0x51/0x190 filename_lookup+0x7f/0x140 user_path_at_empty+0x36/0x40 vfs_statx+0x61/0xc0 __do_sys_stat64+0x29/0x40 sys_stat64+0x13/0x20 do_fast_syscall_32+0xaa/0x22c entry_SYSENTER_32+0x53/0x86 In f2fs_iget(), we will check inode's first block address, if it is valid, we will set FI_FIRST_BLOCK_WRITTEN flag in inode. But we should only do this for regular inode, otherwise, like special inode, i_addr[0] is used for storing device info instead of block address, it will fail checking flow obviously. So for non-regular inode, let's skip verifying address and setting flag. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 28a1f3ac1d0c8558ee4453d9634dad891a6e922e Author: Junaid Shahid Date: Tue Aug 14 10:15:34 2018 -0700 kvm: x86: Set highest physical address bits in non-present/reserved SPTEs Always set the 5 upper-most supported physical address bits to 1 for SPTEs that are marked as non-present or reserved, to make them unusable for L1TF attacks from the guest. Currently, this just applies to MMIO SPTEs. (We do not need to mark PTEs that are completely 0 as physical page 0 is already reserved.) This allows mitigation of L1TF without disabling hyper-threading by using shadow paging mode instead of EPT. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit b19b46346f483ae055fa027cb2d5c2ca91484b91 Author: Takashi Iwai Date: Tue Aug 14 19:10:50 2018 +0200 hv/netvsc: Fix NULL dereference at single queue mode fallback The recent commit 916c5e1413be ("hv/netvsc: fix handling of fallback to single queue mode") tried to fix the fallback behavior to a single queue mode, but it changed the function to return zero incorrectly, while the function should return an object pointer. Eventually this leads to a NULL dereference at the callers that expect non-NULL value. Fix it by returning the proper net_device object. Fixes: 916c5e1413be ("hv/netvsc: fix handling of fallback to single queue mode") Signed-off-by: Takashi Iwai Reviewed-by: Stephen Hemminger Signed-off-by: David S. Miller commit 73ba2fb33c492916853dfe63e3b3163da0be661d Merge: 958f338e96f8 b86d865cb1ca Author: Linus Torvalds Date: Tue Aug 14 10:23:25 2018 -0700 Merge tag 'for-4.19/block-20180812' of git://git.kernel.dk/linux-block Pull block updates from Jens Axboe: "First pull request for this merge window, there will also be a followup request with some stragglers. This pull request contains: - Fix for a thundering heard issue in the wbt block code (Anchal Agarwal) - A few NVMe pull requests: * Improved tracepoints (Keith) * Larger inline data support for RDMA (Steve Wise) * RDMA setup/teardown fixes (Sagi) * Effects log suppor for NVMe target (Chaitanya Kulkarni) * Buffered IO suppor for NVMe target (Chaitanya Kulkarni) * TP4004 (ANA) support (Christoph) * Various NVMe fixes - Block io-latency controller support. Much needed support for properly containing block devices. (Josef) - Series improving how we handle sense information on the stack (Kees) - Lightnvm fixes and updates/improvements (Mathias/Javier et al) - Zoned device support for null_blk (Matias) - AIX partition fixes (Mauricio Faria de Oliveira) - DIF checksum code made generic (Max Gurtovoy) - Add support for discard in iostats (Michael Callahan / Tejun) - Set of updates for BFQ (Paolo) - Removal of async write support for bsg (Christoph) - Bio page dirtying and clone fixups (Christoph) - Set of bcache fix/changes (via Coly) - Series improving blk-mq queue setup/teardown speed (Ming) - Series improving merging performance on blk-mq (Ming) - Lots of other fixes and cleanups from a slew of folks" * tag 'for-4.19/block-20180812' of git://git.kernel.dk/linux-block: (190 commits) blkcg: Make blkg_root_lookup() work for queues in bypass mode bcache: fix error setting writeback_rate through sysfs interface null_blk: add lock drop/acquire annotation Blk-throttle: reduce tail io latency when iops limit is enforced block: paride: pd: mark expected switch fall-throughs block: Ensure that a request queue is dissociated from the cgroup controller block: Introduce blk_exit_queue() blkcg: Introduce blkg_root_lookup() block: Remove two superfluous #include directives blk-mq: count the hctx as active before allocating tag block: bvec_nr_vecs() returns value for wrong slab bcache: trivial - remove tailing backslash in macro BTREE_FLAG bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section bcache: set max writeback rate when I/O request is idle bcache: add code comments for bset.c bcache: fix mistaken comments in request.c bcache: fix mistaken code comments in bcache.h bcache: add a comment in super.c bcache: avoid unncessary cache prefetch bch_btree_node_get() bcache: display rate debug parameters to 0 when writeback is not running ... commit 4597b62f7a60d912a2bd00ca574e6bc7b87be905 Author: Gustavo A. R. Silva Date: Tue Aug 14 11:20:21 2018 -0500 net: filter: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1472592 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 21f2706b20100bb3db378461ab9b8e2035309b5b Author: Xiao Liang Date: Tue Aug 14 23:21:28 2018 +0800 xen-netfront: fix warn message as irq device name has '/' There is a call trace generated after commit 2d408c0d4574b01b9ed45e02516888bf925e11a9( xen-netfront: fix queue name setting). There is no 'device/vif/xx-q0-tx' file found under /proc/irq/xx/. This patch only picks up device type and id as its name. With the patch, now /proc/interrupts looks like below and the warning message gone: 70: 21 0 0 0 xen-dyn -event vif0-q0-tx 71: 15 0 0 0 xen-dyn -event vif0-q0-rx 72: 14 0 0 0 xen-dyn -event vif0-q1-tx 73: 33 0 0 0 xen-dyn -event vif0-q1-rx 74: 12 0 0 0 xen-dyn -event vif0-q2-tx 75: 24 0 0 0 xen-dyn -event vif0-q2-rx 76: 19 0 0 0 xen-dyn -event vif0-q3-tx 77: 21 0 0 0 xen-dyn -event vif0-q3-rx Below is call trace information without this patch: name 'device/vif/0-q0-tx' WARNING: CPU: 2 PID: 37 at fs/proc/generic.c:174 __xlate_proc_name+0x85/0xa0 RIP: 0010:__xlate_proc_name+0x85/0xa0 RSP: 0018:ffffb85c40473c18 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000000006 RDX: 0000000000000007 RSI: 0000000000000096 RDI: ffff984c7f516930 RBP: ffffb85c40473cb8 R08: 000000000000002c R09: 0000000000000229 R10: 0000000000000000 R11: 0000000000000001 R12: ffffb85c40473c98 R13: ffffb85c40473cb8 R14: ffffb85c40473c50 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff984c7f500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f69b6899038 CR3: 000000001c20a006 CR4: 00000000001606e0 Call Trace: __proc_create+0x45/0x230 ? snprintf+0x49/0x60 proc_mkdir_data+0x35/0x90 register_handler_proc+0xef/0x110 ? proc_register+0xfc/0x110 ? proc_create_data+0x70/0xb0 __setup_irq+0x39b/0x660 ? request_threaded_irq+0xad/0x160 request_threaded_irq+0xf5/0x160 ? xennet_tx_buf_gc+0x1d0/0x1d0 [xen_netfront] bind_evtchn_to_irqhandler+0x3d/0x70 ? xenbus_alloc_evtchn+0x41/0xa0 netback_changed+0xa46/0xcda [xen_netfront] ? find_watch+0x40/0x40 xenwatch_thread+0xc5/0x160 ? finish_wait+0x80/0x80 kthread+0x112/0x130 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x35/0x40 Code: 81 5c 00 48 85 c0 75 cc 5b 49 89 2e 31 c0 5d 4d 89 3c 24 41 5c 41 5d 41 5e 41 5f c3 4c 89 ee 48 c7 c7 40 4f 0e b4 e8 65 ea d8 ff <0f> 0b b8 fe ff ff ff 5b 5d 41 5c 41 5d 41 5e 41 5f c3 66 0f 1f ---[ end trace 650e5561b0caab3a ]--- Signed-off-by: Xiao Liang Reviewed-by: Juergen Gross Signed-off-by: David S. Miller commit 6e24dcad021f82636709108a7f4c53f06ddf9ba0 Author: Ganesh Goudar Date: Tue Aug 14 16:21:37 2018 +0530 cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 Signed-off-by: Ganesh Goudar Signed-off-by: David S. Miller commit e29129fcac4b7fe9e5d087e2590b9e2e7125e84c Author: Dan Carpenter Date: Tue Aug 14 12:09:05 2018 +0300 net: dsa: mv88e6xxx: missing unlock on error path We added a new error path, but we need to drop the lock before we return. Fixes: 2d2e1dd29962 ("net: dsa: mv88e6xxx: Cache the port cmode") Signed-off-by: Dan Carpenter Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit f6f7a26abd14cfa0f3f3009a2d274d36798668bb Author: Arnd Bergmann Date: Tue Aug 14 11:07:42 2018 +0200 rds: fix building with IPV6=m When CONFIG_RDS_TCP is built-in and CONFIG_IPV6 is a loadable module, we get a link error agains the modular ipv6_chk_addr() function: net/rds/tcp.o: In function `rds_tcp_laddr_check': tcp.c:(.text+0x3b2): undefined reference to `ipv6_chk_addr' This adds back a dependency that forces RDS_TCP to also be a loadable module when IPV6 is one. Fixes: e65d4d96334e ("rds: Remove IPv6 dependency") Signed-off-by: Arnd Bergmann Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller commit df60f6e835f763258a06cdbb5690a2e35c1aac4e Author: Ming Lei Date: Tue Aug 14 23:57:49 2018 +0800 blk-wbt: fix IO hang in wbt_wait() On wbt invariant is that if one IO is tracked via WBT_TRACKED, rqw->inflight should be updated for tracking this IO. But commit c1c80384c8f ("block: remove external dependency on wbt_flags") forgets to remove the early handling of !rwb_enabled(rwb) inside wbt_wait(), then the inflight counter may not be increased in wbt_wait(), but decreased in wbt_done() for this kind of IO, so this counter may become negative, then wbt_wait() may wait forever. This patch fixes the report in the following link: https://marc.info/?l=linux-block&m=153221542021033&w=2 Fixes: c1c80384c8f ("block: remove external dependency on wbt_flags") Cc: Josef Bacik Reported-by: Ming Lei Signed-off-by: Ming Lei Signed-off-by: Jens Axboe commit 96d18d8254dc5a3f0067a629866af4165b3afe32 Author: Nick Desaulniers Date: Wed Aug 1 14:57:59 2018 -0700 inet/connection_sock: prefer _THIS_IP_ to current_text_addr As part of the effort to reduce the code duplication between _THIS_IP_ and current_text_addr(), let's consolidate callers of current_text_addr() to use _THIS_IP_. Signed-off-by: Nick Desaulniers Acked-by: David S. Miller Signed-off-by: David S. Miller commit 6feddb4913011437aaafe34d672aceebdb7c201f Author: Dan Carpenter Date: Tue Aug 14 12:06:43 2018 +0300 net: dsa: mv88e6xxx: bitwise vs logical bug We are trying to test if these flags are set but there are some && vs & typos. Fixes: efd1ba6af93f ("net: dsa: mv88e6xxx: Add SERDES phydev_mac_change up for 6390") Signed-off-by: Dan Carpenter Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 66b51b0a0341fd42ce657739bdae0561b0410a85 Author: Jeremy Cline Date: Mon Aug 13 22:23:13 2018 +0000 net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() req->sdiag_family is a user-controlled value that's used as an array index. Sanitize it after the bounds check to avoid speculative out-of-bounds array access. This also protects the sock_is_registered() call, so this removes the sanitize call there. Fixes: e978de7a6d38 ("net: socket: Fix potential spectre v1 gadget in sock_is_registered") Cc: Josh Poimboeuf Cc: konrad.wilk@oracle.com Cc: jamie.iles@oracle.com Cc: liran.alon@oracle.com Cc: stable@vger.kernel.org Signed-off-by: Jeremy Cline Signed-off-by: David S. Miller commit 1c89a8e3d9a235454169e189ea6c463bfa8749ab Author: Alexander Aring Date: Sun Aug 12 16:24:56 2018 -0400 ieee802154: hwsim: using right kind of iteration This patch fixes the error path to unsubscribe all other phy's from current phy. The actually code using a wrong kind of list iteration may copied from the case to unsubscribe the current phy from all other phy's. Cc: Stefan Schmidt Reported-by: Dan Carpenter Fixes: f25da51fdc38 ("ieee802154: hwsim: add replacement for fakelb") Signed-off-by: Alexander Aring Signed-off-by: David S. Miller commit ac272a3e9c0838a2cbc76327e29788dc2af49abe Merge: 1bbf3aed25e0 3e85af6a6812 Author: David S. Miller Date: Tue Aug 14 09:54:24 2018 -0700 Merge branch 'hns3-next' Salil Mehta says: ==================== Misc bug fixes & small enhancements for HNS3 Driver This patch-set presents some bug fixes and minor enhancements to HNS3 Ethernet driver. Rework Summary: (*) Patch V1->V2 1. Fixed David S Miller's comments 2. Dropped patch 0005 "net: hns3: Fix for vf vlan delete failed problem" for now. ==================== Signed-off-by: David S. Miller commit 3e85af6a6812d2d4778c3b19f17384c2a9f73200 Author: Peng Li Date: Tue Aug 14 17:13:19 2018 +0100 net: hns3: Add vlan filter setting by ethtool command -K Revision(0x20) HW does not support enabling or disabling individual netdev's HW_VLAN_CTAG_FILTER feature, and Revision(0x21) supports enabling or disabling individual netdev's HW_VLAN_CTAG_FILTER feature. Signed-off-by: Peng Li Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit 1c77215480bcfa0852575180f997bd156f2aef17 Author: Yunsheng Lin Date: Tue Aug 14 17:13:18 2018 +0100 net: hns3: Set tx ring' tc info when netdev is up The HNS3_RING_TX_RING_TC_REG register is used to map tx ring to specific tc, the tx queue to tc mapping is needed by the hardware to do the correct tx schedule. Signed-off-by: Yunsheng Lin Signed-off-by: Peng Li Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit 26a07ccc1d0781fee3027e40a8bfa7a1a3358df3 Author: Yunsheng Lin Date: Tue Aug 14 17:13:17 2018 +0100 net: hns3: Remove tx ring BD len register in hns3_enet There is no HNS3_RING_TX_RING_BD_LEN_REG register according to UM, so this patch removes it. Signed-off-by: Yunsheng Lin Signed-off-by: Peng Li Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit 128b900de7df567ca7ca063bf5da4ed0f357db8c Author: Yunsheng Lin Date: Tue Aug 14 17:13:16 2018 +0100 net: hns3: Fix desc num set to default when setting channel When user set the channel num using "ethtool -L ethX", the desc num of BD will set to default value, which will cause desc num set by user lost problem. This patch fixes it by restoring the desc num set by user when setting channel num. Fixes: 09f2af6405b8 ("net: hns3: add support to modify tqps number") Signed-off-by: Yunsheng Lin Signed-off-by: Peng Li Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit 60081dcc4fce385ade26d3145b2479789df0b7e5 Author: Jian Shen Date: Tue Aug 14 17:13:15 2018 +0100 net: hns3: Fix for phy link issue when using marvell phy driver For marvell phy m88e1510, bit SUPPORTED_FIBRE of phydev->supported is default on. Both phy_resume() and phy_suspend() will check the SUPPORTED_FIBRE bit and write register of fibre page. Currently in hns3 driver, the SUPPORTED_FIBRE bit will be cleared after phy_connect_direct() finished. Because phy_resume() is called in phy_connect_direct(), and phy_suspend() is called when disconnect phy device, so the operation for fibre page register is not symmetrical. It will cause phy link issue when reload hns3 driver. This patch fixes it by disable the SUPPORTED_FIBRE before connecting phy. Fixes: 256727da7395 ("net: hns3: Add MDIO support to HNS3 Ethernet driver for hip08 SoC") Signed-off-by: Jian Shen Signed-off-by: Peng Li Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit b01b7cf19bf4a677d5dd4e63b12d86a021db751d Author: Fuyun Liang Date: Tue Aug 14 17:13:14 2018 +0100 net: hns3: Fix for information of phydev lost problem when down/up Function call of phy_connect_direct will reinitialize phydev. Some information like advertising will be lost. Phy_connect_direct only needs to be called once. And driver can run well. This patch adds some functions to ensure that phy_connect_direct is called only once to solve the information of phydev lost problem occurring when we stop the net and open it again. Fixes: 46a3df9f9718 ("net: hns3: Add HNS3 Acceleration Engine & Compatibility Layer Support Signed-off-by: Fuyun Liang Signed-off-by: Peng Li Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit 6c39d5278e62956238a681e4cfc69fae5507fc57 Author: Xi Wang Date: Tue Aug 14 17:13:13 2018 +0100 net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero According to the functional specification of hardware, the first descriptor of response from command 'lookup vlan talbe' is not valid. Currently, the first descriptor is parsed as normal value, which will cause an expected error. This patch fixes this problem by skipping the first descriptor. Fixes: 46a3df9f9718 ("net: hns3: Add HNS3 Acceleration Engine & Compatibility Layer Support") Signed-off-by: Xi Wang Signed-off-by: Peng Li Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit 5fd50ac38fb66451672b75f8d143dbef6081dd3a Author: Peng Li Date: Tue Aug 14 17:13:12 2018 +0100 net: hns3: Add support for serdes loopback selftest This patch adds support for serdes loopback selftest in hns3 driver. Signed-off-by: Yunsheng Lin Signed-off-by: Peng Li Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit b089cfd95d32638335c551651a8e00fd2c4edb0b Author: Jens Axboe Date: Tue Aug 14 10:52:40 2018 -0600 block: don't warn for flush on read-only device Don't warn for a flush issued to a read-only device. It's not strictly a writable command, as it doesn't change any on-media data by itself. Reported-by: Stefan Agner Fixes: 721c7fc701c7 ("block: fail op_is_write() requests to read-only partitions") Signed-off-by: Jens Axboe commit 7fa750a163089cf96866de402314d853a96cb342 Author: Arnd Bergmann Date: Mon Aug 13 23:38:06 2018 +0200 f2fs: rework fault injection handling to avoid a warning When CONFIG_F2FS_FAULT_INJECTION is disabled, we get a warning about an unused label: fs/f2fs/segment.c: In function '__submit_discard_cmd': fs/f2fs/segment.c:1059:1: error: label 'submit' defined but not used [-Werror=unused-label] This could be fixed by adding another #ifdef around it, but the more reliable way of doing this seems to be to remove the other #ifdefs where that is easily possible. By defining time_to_inject() as a trivial stub, most of the checks for CONFIG_F2FS_FAULT_INJECTION can go away. This also leads to nicer formatting of the code. Signed-off-by: Arnd Bergmann Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 958f338e96f874a0d29442396d6adf9c1e17aa2d Merge: 781fca5b1046 07d981ad4cf1 Author: Linus Torvalds Date: Tue Aug 14 09:46:06 2018 -0700 Merge branch 'l1tf-final' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Merge L1 Terminal Fault fixes from Thomas Gleixner: "L1TF, aka L1 Terminal Fault, is yet another speculative hardware engineering trainwreck. It's a hardware vulnerability which allows unprivileged speculative access to data which is available in the Level 1 Data Cache when the page table entry controlling the virtual address, which is used for the access, has the Present bit cleared or other reserved bits set. If an instruction accesses a virtual address for which the relevant page table entry (PTE) has the Present bit cleared or other reserved bits set, then speculative execution ignores the invalid PTE and loads the referenced data if it is present in the Level 1 Data Cache, as if the page referenced by the address bits in the PTE was still present and accessible. While this is a purely speculative mechanism and the instruction will raise a page fault when it is retired eventually, the pure act of loading the data and making it available to other speculative instructions opens up the opportunity for side channel attacks to unprivileged malicious code, similar to the Meltdown attack. While Meltdown breaks the user space to kernel space protection, L1TF allows to attack any physical memory address in the system and the attack works across all protection domains. It allows an attack of SGX and also works from inside virtual machines because the speculation bypasses the extended page table (EPT) protection mechanism. The assoicated CVEs are: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 The mitigations provided by this pull request include: - Host side protection by inverting the upper address bits of a non present page table entry so the entry points to uncacheable memory. - Hypervisor protection by flushing L1 Data Cache on VMENTER. - SMT (HyperThreading) control knobs, which allow to 'turn off' SMT by offlining the sibling CPU threads. The knobs are available on the kernel command line and at runtime via sysfs - Control knobs for the hypervisor mitigation, related to L1D flush and SMT control. The knobs are available on the kernel command line and at runtime via sysfs - Extensive documentation about L1TF including various degrees of mitigations. Thanks to all people who have contributed to this in various ways - patches, review, testing, backporting - and the fruitful, sometimes heated, but at the end constructive discussions. There is work in progress to provide other forms of mitigations, which might be less horrible performance wise for a particular kind of workloads, but this is not yet ready for consumption due to their complexity and limitations" * 'l1tf-final' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (75 commits) x86/microcode: Allow late microcode loading with SMT disabled tools headers: Synchronise x86 cpufeatures.h for L1TF additions x86/mm/kmmio: Make the tracer robust against L1TF x86/mm/pat: Make set_memory_np() L1TF safe x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/speculation/l1tf: Invert all not present mappings cpu/hotplug: Fix SMT supported evaluation KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry x86/speculation: Simplify sysfs report of VMX L1TF vulnerability Documentation/l1tf: Remove Yonah processors from not vulnerable list x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d x86: Don't include linux/irq.h from asm/hardirq.h x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() cpu/hotplug: detect SMT disabled by BIOS ... commit e1b437691a624a7e767bbb140c730d2779797f53 Author: Colin Ian King Date: Tue Jul 17 15:42:53 2018 +0100 orangefs: remove redundant pointer orangefs_inode Pointer orangefs_inode is being assigned but is never used hence it is redundant and can be removed. Cleans up clang warning: warning: variable 'orangefs_inode' set but not used [-Wunused-but-set-variable] Signed-off-by: Colin Ian King Signed-off-by: Mike Marshall commit 8bf782f64737be055e6c1fad7a4c7cae7aae2d99 Author: Souptick Joarder Date: Fri Jun 29 00:12:40 2018 +0530 orangefs: Adding new return type vm_fault_t Use new return type vm_fault_t for fault handler. For now, this is just documenting that the function returns a VM_FAULT value rather than an errno. Once all instances are converted, vm_fault_t will become a distinct type. See the following commit 1c8f422059ae ("mm: change return type to vm_fault_t") Fixed checkpatch.pl warning. Signed-off-by: Souptick Joarder Signed-off-by: Mike Marshall commit 781fca5b104693bc9242199cc47c690dcaf6a4cb Merge: 10f3e23f07cb 01239d77b9dd Author: Linus Torvalds Date: Tue Aug 14 08:56:02 2018 -0700 Merge tag 'xfs-4.19-merge-6' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs updates from Darrick Wong: "This is the second part of the XFS changes for 4.19. The biggest changes are the removal of buffer heads frm XFS, a massive reworking of the deferred transaction operations handling code, the removal of the long defunct barrier/nobarrier mount options, and the addition of a few more online repair functions. Summary: - Use extent maps to track pagecache page status instead of bufferhead state. - Refactor pagecache read and write paths to use the new iomap library functions, which enable us to drop the old bufferhead code for pagesize == blocksize filesystems. - Set up parallel per-block-per-page metadata to track subpage information that was tracked by buffer heads, which enables us to drop the old bufferhead code for pagesize > blocksize filesystems. - Tie a deferred ops control structure to a transaction so that we can take advantage of an upper-level dfops without having to plumb pointer passing through the code. - Refactor the deferred ops code to track deferred ops as part of the transaction structure (instead of as a separate data structure) so that we can simplify the scoping rules around defer_ops. - Refactor twisty delwri buffer submission code to avoid deadlocks. - Shorten and fix indenting problems in the scrub code. - Detect obviously bad summary counts at mount and fix them. - Directly associate deferred ops control structure with a transaction so that callers no longer have to manage it themselves. - Remove a couple of IRIX-era inode macros. - Remove the long-deprecated 'barrier' and 'nobarrier' mount options. - Clean up the inode fork structure a bit. - Check for bad fs summary counter values in the superblock. - Reduce COW fork lookups during writeback. - Refactor the deferred ops control structures into the transaction structure, thereby eliminating the need for transaction users to handle the deferred ops as a separate data structure. - Add the ability to repair AG headers online. - Fix a crash due to insufficient return value checking. - Various fixes and cleanups" * tag 'xfs-4.19-merge-6' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: (155 commits) xfs: fix a null pointer dereference in xfs_bmap_extents_to_btree xfs: remove b_last_holder & associated macros iomap: Switch to offset_in_page for clarity xfs: Close race between direct IO and xfs_break_layouts() xfs: repair the AGI xfs: repair the AGFL xfs: repair the AGF xfs: remove dead error handling code in xfs_dquot_disk_alloc() xfs: use WRITE_ONCE to update if_seq xfs: fix a comment in xfs_log_reserve xfs: only validate summary counts on primary superblock xfs: substitute spaces with tabs xfs: fold dfops into the transaction xfs: always defer agfl block frees xfs: pass transaction to xfs_defer_add() xfs: replace xfs_defer_ops ->dop_pending with on-stack list xfs: cancel dfops on xfs_defer_finish() error xfs: clean out superfluous dfops dop params/vars xfs: drop dop param from xfs_defer_op_type ->finish_item() callback xfs: automatic dfops inode relogging ... commit 12eeeb4f4733bbc4481d01df35933fc15beb8b19 Author: Yong Zhi Date: Mon Aug 13 18:15:14 2018 -0500 ASoC: Intel: Skylake: Acquire irq after RIRB allocation Cold reboot stress test found that the hda irq could access rirb ring buffer before its memory gets allocated which resulting in null pointer dereference inside snd_hdac_bus_update_rirb(). Fix it by moving the skl_acquire_irq after ring buffer allocation. While here, also change err return from -EBUSY to actual error code. Signed-off-by: Yong Zhi Acked-by: Pierre-Louis Bossart Signed-off-by: Mark Brown commit 7d5e049e72c4cb933b557c78cbd63285dd8102ce Author: Darrick J. Wong Date: Fri Aug 10 17:55:57 2018 -0700 iomap: fix WARN_ON_ONCE on uninitialized variable In commit 9dc55f1389f9569 ("iomap: add support for sub-pagesize buffered I/O without buffer heads") we moved the initialization of poff (it's computed from pos) into a separate helper function. Inline data only ever deals with pos == 0, hence the WARN_ON_ONCE, but now we're testing an uninitialized variable. Therefore, change the test to check the parameter directly. Signed-off-by: Darrick J. Wong Reviewed-by: Allison Henderson Reviewed-by: Carlos Maiolino commit 1fc25f51d7c18e07e8cf935cbdd4603adfc7b3ad Author: Darrick J. Wong Date: Fri Aug 10 17:55:57 2018 -0700 xfs: sanity check ag header values in xrep_calc_ag_resblks Check the values we read in from the AG headers when calculating the block reservations for a repair transaction. If they're obviously wrong, substitute worst case assumptions (rather than ENOSPC on a bogus reservation request). Signed-off-by: Darrick J. Wong Reviewed-by: Allison Henderson Reviewed-by: Carlos Maiolino commit 9f0e89359775ee21fe1ea732e34edb52aef5addf Author: Myron Stowe Date: Mon Aug 13 12:19:46 2018 -0600 PCI: Match Root Port's MPS to endpoint's MPSS as necessary In commit 27d868b5e6cf ("PCI: Set MPS to match upstream bridge"), we made sure every device's MPS setting matches its upstream bridge, making it more likely that a hot-added device will work in a system with an optimized MPS configuration. Recently I've started encountering systems where the endpoint device's MPSS capability is less than its Root Port's current MPS value, thus the endpoint is not capable of matching its upstream bridge's MPS setting (see: bugzilla via "Link:" below). This leaves the system vulnerable - the upstream Root Port could respond with larger TLPs than the device can handle, and the device will consider them to be 'Malformed'. One could use the "pci=pcie_bus_safe" kernel parameter to work around the issue, but that forces a user to supply a kernel parameter to get the system to function reliably and may end up limiting MPS settings of other unrelated, sub-topologies which could benefit from maintaining their larger values. Augment Keith's approach to include tuning down a Root Port's MPS setting when its hot-added endpoint device is not capable of matching it. Link: https://bugzilla.kernel.org/show_bug.cgi?id=200527 Signed-off-by: Myron Stowe Signed-off-by: Bjorn Helgaas Acked-by: Jon Mason Cc: Keith Busch Cc: Sinan Kaya Cc: Dongdong Liu commit fb504caae7ef85be159743bd4b08ecde269ba55f Author: Dmitry V. Levin Date: Mon Aug 13 18:50:02 2018 +0300 ASoC: uapi: fix sound/skl-tplg-interface.h userspace compilation errors Include and consistently use types it provides to fix the following sound/skl-tplg-interface.h userspace compilation errors: /usr/include/sound/skl-tplg-interface.h:146:2: error: unknown type name 'u32' u32 set_params:2; /usr/include/sound/skl-tplg-interface.h:147:2: error: unknown type name 'u32' u32 rsvd:30; /usr/include/sound/skl-tplg-interface.h:148:2: error: unknown type name 'u32' u32 param_id; /usr/include/sound/skl-tplg-interface.h:149:2: error: unknown type name 'u32' u32 max; /usr/include/sound/skl-tplg-interface.h:166:2: error: unknown type name 'u16' u16 module_id; /usr/include/sound/skl-tplg-interface.h:167:2: error: unknown type name 'u16' u16 instance_id; /usr/include/sound/skl-tplg-interface.h:171:2: error: unknown type name 'u32' u32 channels; /usr/include/sound/skl-tplg-interface.h:172:2: error: unknown type name 'u32' u32 freq; /usr/include/sound/skl-tplg-interface.h:173:2: error: unknown type name 'u32' u32 bit_depth; /usr/include/sound/skl-tplg-interface.h:174:2: error: unknown type name 'u32' u32 valid_bit_depth; /usr/include/sound/skl-tplg-interface.h:175:2: error: unknown type name 'u32' u32 ch_cfg; /usr/include/sound/skl-tplg-interface.h:176:2: error: unknown type name 'u32' u32 interleaving_style; /usr/include/sound/skl-tplg-interface.h:177:2: error: unknown type name 'u32' u32 sample_type; /usr/include/sound/skl-tplg-interface.h:178:2: error: unknown type name 'u32' u32 ch_map; /usr/include/sound/skl-tplg-interface.h:182:2: error: unknown type name 'u32' u32 set_params:2; /usr/include/sound/skl-tplg-interface.h:183:2: error: unknown type name 'u32' u32 rsvd:30; /usr/include/sound/skl-tplg-interface.h:184:2: error: unknown type name 'u32' u32 param_id; /usr/include/sound/skl-tplg-interface.h:185:2: error: unknown type name 'u32' u32 caps_size; /usr/include/sound/skl-tplg-interface.h:186:2: error: unknown type name 'u32' u32 caps[HDA_SST_CFG_MAX]; /usr/include/sound/skl-tplg-interface.h:190:2: error: unknown type name 'u8' u8 pipe_id; /usr/include/sound/skl-tplg-interface.h:191:2: error: unknown type name 'u8' u8 pipe_priority; /usr/include/sound/skl-tplg-interface.h:192:2: error: unknown type name 'u16' u16 conn_type:4; /usr/include/sound/skl-tplg-interface.h:193:2: error: unknown type name 'u16' u16 rsvd:4; /usr/include/sound/skl-tplg-interface.h:194:2: error: unknown type name 'u16' u16 memory_pages:8; /usr/include/sound/skl-tplg-interface.h:200:2: error: unknown type name 'u16' u16 module_id; /usr/include/sound/skl-tplg-interface.h:201:2: error: unknown type name 'u16' u16 instance_id; /usr/include/sound/skl-tplg-interface.h:202:2: error: unknown type name 'u32' u32 max_mcps; /usr/include/sound/skl-tplg-interface.h:203:2: error: unknown type name 'u32' u32 mem_pages; /usr/include/sound/skl-tplg-interface.h:204:2: error: unknown type name 'u32' u32 obs; /usr/include/sound/skl-tplg-interface.h:205:2: error: unknown type name 'u32' u32 ibs; /usr/include/sound/skl-tplg-interface.h:206:2: error: unknown type name 'u32' u32 vbus_id; /usr/include/sound/skl-tplg-interface.h:208:2: error: unknown type name 'u32' u32 max_in_queue:8; /usr/include/sound/skl-tplg-interface.h:209:2: error: unknown type name 'u32' u32 max_out_queue:8; /usr/include/sound/skl-tplg-interface.h:210:2: error: unknown type name 'u32' u32 time_slot:8; /usr/include/sound/skl-tplg-interface.h:211:2: error: unknown type name 'u32' u32 core_id:4; /usr/include/sound/skl-tplg-interface.h:212:2: error: unknown type name 'u32' u32 rsvd1:4; /usr/include/sound/skl-tplg-interface.h:214:2: error: unknown type name 'u32' u32 module_type:8; /usr/include/sound/skl-tplg-interface.h:215:2: error: unknown type name 'u32' u32 conn_type:4; /usr/include/sound/skl-tplg-interface.h:216:2: error: unknown type name 'u32' u32 dev_type:4; /usr/include/sound/skl-tplg-interface.h:217:2: error: unknown type name 'u32' u32 hw_conn_type:4; /usr/include/sound/skl-tplg-interface.h:218:2: error: unknown type name 'u32' u32 rsvd2:12; /usr/include/sound/skl-tplg-interface.h:220:2: error: unknown type name 'u32' u32 params_fixup:8; /usr/include/sound/skl-tplg-interface.h:221:2: error: unknown type name 'u32' u32 converter:8; /usr/include/sound/skl-tplg-interface.h:222:2: error: unknown type name 'u32' u32 input_pin_type:1; /usr/include/sound/skl-tplg-interface.h:223:2: error: unknown type name 'u32' u32 output_pin_type:1; /usr/include/sound/skl-tplg-interface.h:224:2: error: unknown type name 'u32' u32 is_dynamic_in_pin:1; /usr/include/sound/skl-tplg-interface.h:225:2: error: unknown type name 'u32' u32 is_dynamic_out_pin:1; /usr/include/sound/skl-tplg-interface.h:226:2: error: unknown type name 'u32' u32 is_loadable:1; /usr/include/sound/skl-tplg-interface.h:227:2: error: unknown type name 'u32' u32 rsvd3:11; Fixes: 0c24fdc00244 ("ASoC: topology: Move skl-tplg-interface.h to uapi") Signed-off-by: Dmitry V. Levin Reviewed-by: Guenter Roeck Signed-off-by: Mark Brown Cc: # v4.18 commit 3dbe97efe8bf450b183d6dee2305cbc032e6b8a4 Author: Myron Stowe Date: Mon Aug 13 12:19:39 2018 -0600 PCI: Skip MPS logic for Virtual Functions (VFs) PCIe r4.0, sec 9.3.5.4, "Device Control Register", shows both Max_Payload_Size (MPS) and Max_Read_request_Size (MRRS) to be 'RsvdP' for VFs. Just prior to the table it states: "PF and VF functionality is defined in Section 7.5.3.4 except where noted in Table 9-16. For VF fields marked 'RsvdP', the PF setting applies to the VF." All of which implies that with respect to Max_Payload_Size Supported (MPSS), MPS, and MRRS values, we should not be paying any attention to the VF's fields, but rather only to the PF's. Only looking at the PF's fields also logically makes sense as it's the sole physical interface to the PCIe bus. Link: https://bugzilla.kernel.org/show_bug.cgi?id=200527 Fixes: 27d868b5e6cf ("PCI: Set MPS to match upstream bridge") Signed-off-by: Myron Stowe Signed-off-by: Bjorn Helgaas Cc: stable@vger.kernel.org # 4.3+ Cc: Keith Busch Cc: Sinan Kaya Cc: Dongdong Liu Cc: Jon Mason commit 5e4cfadaf5b73a0801b2fa7fb007f98400ebfe6e Author: Marcel Ziswiler Date: Tue Aug 14 00:35:56 2018 +0200 ASoC: wm9712: fix replace codec to component Since commit 143b44845d87 ("ASoC: wm9712: replace codec to component") "wm9712-codec" got renamed to "wm9712-component", however, this change never got propagated down to the actual board/platform drivers. E.g. on Colibri T20 this lead to the following spew upon boot with sound/touch being broken: [ 2.214121] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered [ 2.222137] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517) ... [ 2.344384] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered [ 2.351885] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517) ... [ 2.668339] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered [ 2.675811] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517) ... [ 3.208408] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered [ 3.216312] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517) ... [ 3.235397] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered [ 3.248938] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517) ... [ 14.970443] ALSA device list: [ 14.996628] No soundcards found. This commit finally fixes this again. Signed-off-by: Marcel Ziswiler Acked-by: Charles Keepax Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit 260c48b7ec26dfaf70d9230c3639f420e304e781 Author: Hans de Goede Date: Sun Aug 12 13:42:06 2018 +0200 ASoC: Intel: bytcr_rt5640: Add quirks for 2 more devices Add quirks to select the right input-map, jack-detect pin, etc. for: Linx Linx7 tablet Onda V975w tablet Signed-off-by: Hans de Goede Acked-by: Pierre-Louis Bossart Signed-off-by: Mark Brown commit bc00b3ec7722b33cb67fd2cb6bf334e03a6322c2 Author: Heiko Carstens Date: Tue Aug 14 13:29:11 2018 +0200 s390: reenable gcc plugins for real Martin's patch 6eedfaac712d ("s390: reenable gcc plugins") was lost in the merge commit 85a0b791bc17 ("Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux") therefore let's enable gcc plugins again. Cc: Martin Schwidefsky Signed-off-by: Heiko Carstens commit 77cfaf52eca5cac30ed029507e0cab065f888995 Author: Toke Høiland-Jørgensen Date: Mon Aug 13 14:16:25 2018 +0200 mac80211: Run TXQ teardown code before de-registering interfaces The TXQ teardown code can reference the vif data structures that are stored in the netdev private memory area if there are still packets on the queue when it is being freed. Since the TXQ teardown code is run after the netdevs are freed, this can lead to a use-after-free. Fix this by moving the TXQ teardown code to earlier in ieee80211_unregister_hw(). Reported-by: Ben Greear Tested-by: Ben Greear Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: Johannes Berg commit f623f75ae443d0c771635d51cc986b9d389bf631 Author: Arnd Bergmann Date: Tue Aug 14 00:35:24 2018 +0200 rfkill-gpio: include linux/mod_devicetable.h One more driver is apparently broken by the recent change to linux/platform_device.h: net/rfkill/rfkill-gpio.c: In function 'rfkill_gpio_acpi_probe': net/rfkill/rfkill-gpio.c:82:29: error: dereferencing pointer to incomplete type 'const struct acpi_device_id' Include linux/mod_devicetable.h to get the definition of the acpi_device_id structure. Fixes: ac3167257b9f ("headers: separate linux/mod_devicetable.h from linux/platform_device.h") Signed-off-by: Arnd Bergmann Signed-off-by: Johannes Berg commit 9f68cb579115faa211ae067b4628cf11162783fb Merge: 554ec5086536 03fc7f9c99c1 Author: Petr Mladek Date: Tue Aug 14 13:36:15 2018 +0200 Merge branch 'for-4.19-nmi' into for-linus commit 76f7d6c07acd7a694ccc97355d37637f6677de51 Merge: 3c94280456d9 2c4c2a71bd6f b41901a2cf06 887532ca7ca5 Author: Rafael J. Wysocki Date: Tue Aug 14 10:17:28 2018 +0200 Merge branches 'acpi-button', 'acpi-battery' and 'acpi-osi' Merge updates of the ACPI battery and button drivers and support for a new OEM _OSI string for 4.19. * acpi-button: ACPI / button: fix defined but not used warning ACPI / button: increment wakeup count only when notified * acpi-battery: ACPI / battery: Do not export energy_full[_design] on devices without full_charge_capacity ACPI / battery: get rid of negations in conditions ACPI / battery: use specialized print macros ACPI / battery: reorder headers alphabetically ACPI / battery: drop inclusion of init.h ACPI: battery: remove redundant old_present check on insertion * acpi-osi: ACPI / OSI: Add OEM _OSI string to enable NVidia HDMI audio commit 3c94280456d9925a795e5d423330acac4b223823 Merge: 4a3f421b878d e64e84987de5 67fbd0a3a802 4c3be61e41b4 1035a0783523 Author: Rafael J. Wysocki Date: Tue Aug 14 10:06:45 2018 +0200 Merge branches 'acpi-x86', 'acpi-bus', 'acpi-ec' and 'acpi-apei' Merge ACPI x86-specific changes, core updates, EC driver updates and APEI support updates for 4.19. These add a special platform driver for handling multiple I2C devices hooked up to the same device object in the ACPI tables, add some new quirks and remove one that is not needed any more. * acpi-x86: platform/x86: Add ACPI i2c-multi-instantiate pseudo driver ACPI / x86: utils: Remove status workaround from acpi_device_always_present() ACPI / x86: enable touchscreen on Dell Venue Pro 7139 * acpi-bus: ACPI: bus: Fix a pointer coding style issue Revert "ACPI / bus: Parse tables as term_list for Dell XPS 9570 and Precision M5530" * acpi-ec: ACPI / EC: Add another entry for Thinkpad X1 Carbon 6th ACPI / EC: Use ec_no_wakeup on ThinkPad X1 Yoga 3rd * acpi-apei: arm64 / ACPI: clean the additional checks before calling ghes_notify_sea() commit 4a3f421b878d6240a01a556e036a38baf3268c26 Merge: aba941392aee 398404d8372c a4138e7c1228 Author: Rafael J. Wysocki Date: Tue Aug 14 10:04:59 2018 +0200 Merge branches 'acpica' and 'acpi-property' Merge ACPICA changes and updates of the ACPI device properties framework for 4.19. These revert two ACPICA commits that are not needed any more and modify the properties graph support in ACPI to be more in-line with the analogous DT code. * acpica: ACPICA: Update version to 20180629 ACPICA: Revert "iASL compiler: allow compilation of externals with paths that refer to existing names" ACPICA: Revert "iASL: change processing of external op namespace nodes for correctness" * acpi-property: ACPI: property: graph: Update graph documentation to use generic references ACPI: property: graph: Improve graph documentation for port/ep numbering ACPI: property: graph: Fix graph documentation ACPI: property: Update documentation for hierarchical data extension 1.1 ACPI: property: Document key numbering for hierarchical data extension refs ACPI: property: Use data node name and reg property for graphs ACPI: property: Allow direct graph endpoint references ACPI: property: Make the ACPI graph API private ACPI: property: Document hierarchical data extension references ACPI: property: Allow making references to non-device nodes ACPI: Convert ACPI reference args to generic fwnode reference args commit 7425ecd5e3e8c9d84f399a102282a23a90a19278 Merge: 8f0f2b621198 d3264f752a1a Author: Rafael J. Wysocki Date: Tue Aug 14 09:57:34 2018 +0200 Merge branch 'pm-cpufreq' Merge cpufreq changes for 4.19. These are driver extensions, some driver and core fixes and a new tracepoint for the tracking of frequency limits changes (coming from Android). * pm-cpufreq: cpufreq: intel_pstate: Ignore turbo active ratio in HWP cpufreq: Fix a circular lock dependency problem cpu/hotplug: Add a cpus_read_trylock() function cpufreq: trace frequency limits change cpufreq: intel_pstate: Show different max frequency with turbo 3 and HWP cpufreq: pcc-cpufreq: Disable dynamic scaling on many-CPU systems cpufreq: qcom-kryo: Silently error out on EPROBE_DEFER cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC cpufreq: armada-37xx: Add AVS support dt-bindings: marvell: Add documentation for the Armada 3700 AVS binding cpufreq: imx6q/thermal: imx: register cooling device depending on OF cpufreq: intel_pstate: use match_string() helper commit 8f0f2b621198bce551f83e87b71c6114b1a91a31 Merge: 17bc3432e39d 88763a5cf80c a33733fc4891 Author: Rafael J. Wysocki Date: Tue Aug 14 09:51:19 2018 +0200 Merge branches 'powercap' and 'pm-devfreq' Merge devfreq changes and a new CPU idle time injection framework for 4.19. * powercap: powercap / idle_inject: Add an idle injection framework * pm-devfreq: PM / devfreq: rk3399_dmc: Fix duplicated opp table on reload. PM / devfreq: Init user limits from OPP limits, not viceversa PM / devfreq: rk3399_dmc: fix spelling mistakes. PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer. dt-bindings: devfreq: rk3399_dmc: move interrupts to be optional. PM / devfreq: rk3399_dmc: remove wait for dcf irq event. dt-bindings: clock: add rk3399 DDR3 standard speed bins. dt-bindings: devfreq: rk3399_dmc: improve binding documentation. PM / devfreq: use put_device() instead of kfree() PM / devfreq: exynos-ppmu: Delete an error message for a failed memory allocation in exynos_ppmu_probe() commit 17bc3432e39d10ff50a090a37bbdabfca69467c5 Merge: 9b7c19e96ced 1689cac5b32a 27dceb81f445 55f2503c3b69 231f94150011 818489e511a3 Author: Rafael J. Wysocki Date: Tue Aug 14 09:48:10 2018 +0200 Merge branches 'pm-core', 'pm-domains', 'pm-sleep', 'acpi-pm' and 'pm-cpuidle' Merge changes in the PM core, system-wide PM infrastructure, generic power domains (genpd) framework, ACPI PM infrastructure and cpuidle for 4.19. * pm-core: driver core: Add flag to autoremove device link on supplier unbind driver core: Rename flag AUTOREMOVE to AUTOREMOVE_CONSUMER * pm-domains: PM / Domains: Introduce dev_pm_domain_attach_by_name() PM / Domains: Introduce option to attach a device by name to genpd PM / Domains: dt: Add a power-domain-names property * pm-sleep: PM / reboot: Eliminate race between reboot and suspend PM / hibernate: Mark expected switch fall-through x86/power/hibernate_64: Remove VLA usage PM / hibernate: cast PAGE_SIZE to int when comparing with error code * acpi-pm: ACPI / PM: save NVS memory for ASUS 1025C laptop ACPI / PM: Default to s2idle in all machines supporting LP S0 * pm-cpuidle: ARM: cpuidle: silence error on driver registration failure commit 7590ebb8b456464e48840a6d106a0c07de6d723a Author: Yi Wang Date: Wed Aug 8 23:10:57 2018 +0800 drm/i915/gvt: fix memory leak in intel_vgpu_ioctl() The 'sparse' variable may leak when return in function intel_vgpu_ioctl(), and this patch fix this. Signed-off-by: Yi Wang Reviewed-by: Jiang Biao Signed-off-by: Zhenyu Wang commit 4b25e737cfc7f2ade956df3c747a7dd2ff1e2774 Author: Dan Carpenter Date: Tue Aug 7 09:46:02 2018 +0300 drm/i915/gvt: Off by one in intel_vgpu_write_fence() The > should be >= here so that we don't read one element beyond the end of the array. Fixes: 28a60dee2ce6 ("drm/i915/gvt: vGPU HW resource management") Signed-off-by: Dan Carpenter Reviewed-by: Rodrigo Vivi Signed-off-by: Zhenyu Wang commit de5372da605d3bca46e3102bab51b7e1c0e0a6f6 Author: Gustavo A. R. Silva Date: Thu Aug 2 22:40:19 2018 -0500 drm/i915/kvmgt: Fix potential Spectre v1 info.index can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: drivers/gpu/drm/i915/gvt/kvmgt.c:1232 intel_vgpu_ioctl() warn: potential spectre issue 'vgpu->vdev.region' [r] Fix this by sanitizing info.index before indirectly using it to index vgpu->vdev.region Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva Signed-off-by: Zhenyu Wang commit 8d458ea0ec331adb4c829289e9a56c97d3c1e542 Author: Zhao Yan Date: Wed Aug 1 00:15:48 2018 -0400 drm/i915/gvt: return error on cmd access If a register is not cmd accessible, should not just print error message. Return error here so as not to deliver this cmd. v2: return -EBADRQC to align with return value elsewhere. (kevin tian) Signed-off-by: Zhao Yan Signed-off-by: Zhenyu Wang commit d6c6113bfe19af514128163a6d176437d45b7325 Author: Hang Yuan Date: Mon Jul 30 10:52:53 2018 +0800 drm/i915/gvt: initialize dmabuf mutex in vgpu_create Currently, the mutex used in GVT dmabuf support is not initialized until vgpu device is opened. If one vgpu device is opened and then removed, the mutex will be used in vgpu remove operation without initialization. This patch initializes the mutex in vgpu create operation to avoid the problem. Fixes: e546e281d33d("drm/i915/gvt: Dmabuf support for GVT-g") Signed-off-by: Hang Yuan Signed-off-by: Zhenyu Wang commit 3fd34ac02ae8cc20d78e3aed2cf6e67f0ae109ea Author: Hang Yuan Date: Mon Jul 23 20:15:46 2018 +0800 drm/i915/gvt: fix cleanup sequence in intel_gvt_clean_device Create one vGPU and then unbind IGD device from i915 driver. The following oops will happen. This patch will free vgpu resource first and then gvt resource to remove these oops. BUG: unable to handle kernel NULL pointer dereference at 00000000000000a8 PGD 80000003c9d2c067 P4D 80000003c9d2c067 PUD 3c817c067 P MD 0 Oops: 0002 [#1] SMP PTI RIP: 0010:down_write+0x1b/0x40 Call Trace: debugfs_remove_recursive+0x46/0x1a0 intel_gvt_debugfs_remove_vgpu+0x15/0x30 [i915] intel_gvt_destroy_vgpu+0x2d/0xf0 [i915] intel_vgpu_remove+0x2c/0x30 [kvmgt] mdev_device_remove_ops+0x23/0x50 [mdev] mdev_device_remove+0xdb/0x190 [mdev] mdev_device_remove+0x190/0x190 [mdev] device_for_each_child+0x47/0x90 mdev_unregister_device+0xd5/0x120 [mdev] intel_gvt_clean_device+0x91/0x120 [i915] i915_driver_unload+0x9d/0x120 [i915] i915_pci_remove+0x15/0x20 [i915] pci_device_remove+0x3b/0xc0 device_release_driver_internal+0x157/0x230 unbind_store+0xfc/0x150 kernfs_fop_write+0x10f/0x180 __vfs_write+0x36/0x180 ? common_file_perm+0x41/0x130 ? _cond_resched+0x16/0x40 vfs_write+0xb3/0x1a0 ksys_write+0x52/0xc0 do_syscall_64+0x55/0x100 entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: unable to handle kernel NULL pointer dereference at 0 000000000000038 PGD 8000000405bce067 P4D 8000000405bce067 PUD 405bcd067 PM D 0 Oops: 0000 [#1] SMP PTI RIP: 0010:hrtimer_active+0x5/0x40 Call Trace: hrtimer_try_to_cancel+0x25/0x120 ? tbs_sched_clean_vgpu+0x1f/0x50 [i915] hrtimer_cancel+0x15/0x20 intel_gvt_destroy_vgpu+0x4c/0xf0 [i915] intel_vgpu_remove+0x2c/0x30 [kvmgt] mdev_device_remove_ops+0x23/0x50 [mdev] mdev_device_remove+0xdb/0x190 [mdev] ? mdev_device_remove+0x190/0x190 [mdev] device_for_each_child+0x47/0x90 mdev_unregister_device+0xd5/0x120 [mdev] intel_gvt_clean_device+0x89/0x120 [i915] i915_driver_unload+0x9d/0x120 [i915] i915_pci_remove+0x15/0x20 [i915] pci_device_remove+0x3b/0xc0 device_release_driver_internal+0x157/0x230 unbind_store+0xfc/0x150 kernfs_fop_write+0x10f/0x180 __vfs_write+0x36/0x180 ? common_file_perm+0x41/0x130 ? _cond_resched+0x16/0x40 vfs_write+0xb3/0x1a0 ksys_write+0x52/0xc0 do_syscall_64+0x55/0x100 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: bc7b0be316ae("drm/i915/gvt: Add basic debugfs infrastructure") Fixes: afe04fbe6c52("drm/i915/gvt: create an idle vGPU") Signed-off-by: Hang Yuan Signed-off-by: Zhenyu Wang commit 993ff6d9df74305bc7b5bbc7a0810cf599b6394c Author: Nicholas Piggin Date: Tue Aug 7 23:21:56 2018 +1000 powerpc/64s: Fix PACA_IRQ_HARD_DIS accounting in idle_power4() When idle_power4() hard disables interrupts then finds a soft pending interrupt, it returns with interrupts hard disabled but without PACA_IRQ_HARD_DIS set. Commit 9b81c0211c ("powerpc/64s: make PACA_IRQ_HARD_DIS track MSR[EE] closely") added a warning for that condition (since disabled). Fix this by adding the PACA_IRQ_HARD_DIS for that case. Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman commit 10f3e23f07cb0c20f9bcb77a5b5a7eb2a1b2a2fe Merge: 3bb37da509e5 863c37fcb14f Author: Linus Torvalds Date: Mon Aug 13 22:34:47 2018 -0700 Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Pull ext4 updates from Ted Ts'o: - Convert content from the ext4 wiki to Documentation rst files so it is more likely to be updated as we add new features to ext4. - Add 64-bit timestamp support to ext4's superblock fields. - ... and the usual bug fixes and cleanups, including a Spectre gadget fixup and some hardening against maliciously corrupted file systems. * tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: (34 commits) ext4: remove unneeded variable "err" in ext4_mb_release_inode_pa() ext4: improve code readability in ext4_iget() ext4: fix spectre gadget in ext4_mb_regular_allocator() ext4: check for NUL characters in extended attribute's name ext4: use ext4_warning() for sb_getblk failure ext4: fix race when setting the bitmap corrupted flag ext4: reset error code in ext4_find_entry in fallback ext4: handle layout changes to pinned DAX mappings dax: dax_layout_busy_page() warn on !exceptional docs: fix up the obviously obsolete bits in the new ext4 documentation docs: add new ext4 superblock time extension fields docs: create filesystem internal section ext4: use swap macro in mext_page_double_lock ext4: check allocation failure when duplicating "data" in ext4_remount() ext4: fix warning message in ext4_enable_quotas() ext4: super: extend timestamps to 40 bits jbd2: replace current_kernel_time64 with ktime equivalent ext4: use timespec64 for all inode times ext4: use ktime_get_real_seconds for i_dtime ext4: use 64-bit timestamps for mmp_time ... commit 3bb37da509e576c80180fa0e4d1cfcaddf0cb82e Merge: 161fa27ff2e2 c4f7173ac3b7 Author: Linus Torvalds Date: Mon Aug 13 22:32:11 2018 -0700 Merge tag '4.19-smb3' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs updates from Steve French: "smb3/cifs fixes (including 8 for stable). Other improvements include: - improved tracing, improved stats - snapshots (previous version mounts work now over SMB3) - performance (compounding enabled for statfs, ~40% faster). - security (make it possible to build cifs.ko with insecure vers=1.0 disabled in Kconfig)" * tag '4.19-smb3' of git://git.samba.org/sfrench/cifs-2.6: (43 commits) smb3: create smb3 equivalent alias for cifs pseudo-xattrs smb3: allow previous versions to be mounted with snapshot= mount parm cifs: don't show domain= in mount output when domain is empty cifs: add missing support for ACLs in SMB 3.11 smb3: enumerating snapshots was leaving part of the data off end cifs: update smb2_queryfs() to use compounding cifs: update receive_encrypted_standard to handle compounded responses cifs: create SMB2_open_init()/SMB2_open_free() helpers. cifs: add SMB2_query_info_[init|free]() cifs: add SMB2_close_init()/SMB2_close_free() smb3: display stats counters for number of slow commands CIFS: fix uninitialized ptr deref in smb2 signing smb3: Do not send SMB3 SET_INFO if nothing changed smb3: fix minor debug output for CONFIG_CIFS_STATS smb3: add tracepoint for slow responses cifs: add compound_send_recv() cifs: make smb_send_rqst take an array of requests cifs: update init_sg, crypt_message to take an array of rqst smb3: update readme to correct information about /proc/fs/cifs/Stats smb3: fix reset of bytes read and written stats ... commit 161fa27ff2e2fd4ea7ccb660184670eab2b6ea98 Merge: a1a4f841ec45 806a1477b10a Author: Linus Torvalds Date: Mon Aug 13 22:29:03 2018 -0700 Merge branch 'iomap-4.19-merge' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull fs iomap refactoring from Darrick Wong: "This is the first part of the XFS changes for 4.19. Christoph and Andreas coordinated some refactoring work on the iomap code in preparation for removing buffer heads from XFS and porting gfs2 to iomap. I'm sending this small pull request ahead of the main XFS merge to avoid holding up gfs2 unnecessarily" * 'iomap-4.19-merge' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: iomap: add inline data support to iomap_readpage_actor iomap: support direct I/O to inline data iomap: refactor iomap_dio_actor iomap: add initial support for writes without buffer heads iomap: add an iomap-based readpage and readpages implementation iomap: add private pointer to struct iomap iomap: add a page_done callback iomap: generic inline data handling iomap: complete partial direct I/O writes synchronously iomap: mark newly allocated buffer heads as new fs: factor out a __generic_write_end helper commit a1a4f841ec4585185c0e75bfae43a18b282dd316 Merge: 575b94386bd5 39379faaad79 Author: Linus Torvalds Date: Mon Aug 13 21:58:53 2018 -0700 Merge tag 'for-4.19-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux Pull btrfs updates from David Sterba: "Mostly fixes and cleanups, nothing big, though the notable thing is the inserted/deleted lines delta -1124. User visible changes: - allow defrag on opened read-only files that have rw permissions; similar to what dedupe will allow on such files Core changes: - tree checker improvements, reported by fuzzing: * more checks for: block group items, essential trees * chunk type validation * mount time cross-checks that physical and logical chunks match * switch more error codes to EUCLEAN aka EFSCORRUPTED Fixes: - fsync corner case fixes - fix send failure when root has deleted files still open - send, fix incorrect file layout after hole punching beyond eof - fix races between mount and deice scan ioctl, found by fuzzing - fix deadlock when delayed iput is called from writeback on the same inode; rare but has been observed in practice, also removes code - fix pinned byte accounting, using the right percpu helpers; this should avoid some write IO inefficiency during low space conditions - don't remove block group that still has pinned bytes - reset on-disk device stats value after replace, otherwise this would report stale values for the new device Cleanups: - time64_t/timespec64 cleanups - remove remaining dead code in scrub handling NOCOW extents after disabling it in previous cycle - simplify fsync regarding ordered extents logic and remove all the related code - remove redundant arguments in order to reduce stack space consumption - remove support for V0 type of extents, not in use since 2.6.30 - remove several unused structure members - fewer indirect function calls by inlining some callbacks - qgroup rescan timing fixes - vfs: iget cleanups" * tag 'for-4.19-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: (182 commits) btrfs: revert fs_devices state on error of btrfs_init_new_device btrfs: Exit gracefully when chunk map cannot be inserted to the tree btrfs: Introduce mount time chunk <-> dev extent mapping check btrfs: Verify that every chunk has corresponding block group at mount time btrfs: Check that each block group has corresponding chunk at mount time Btrfs: send, fix incorrect file layout after hole punching beyond eof btrfs: Use wrapper macro for rcu string to remove duplicate code btrfs: simplify btrfs_iget btrfs: lift make_bad_inode into btrfs_iget btrfs: simplify IS_ERR/PTR_ERR checks btrfs: btrfs_iget never returns an is_bad_inode inode btrfs: replace: Reset on-disk dev stats value after replace btrfs: extent-tree: Remove unused __btrfs_free_block_rsv btrfs: backref: Use ERR_CAST to return error code btrfs: Remove redundant btrfs_release_path from btrfs_unlink_subvol btrfs: Remove root parameter from btrfs_unlink_subvol btrfs: Remove fs_info from btrfs_add_root_ref btrfs: Remove fs_info from btrfs_del_root_ref btrfs: Remove fs_info from btrfs_del_root btrfs: Remove fs_info from btrfs_delete_delayed_dir_index ... commit 575b94386bd539a7d803aee9fd4a8d275844c40f Merge: 4591343e3560 da33a871ba17 Author: Linus Torvalds Date: Mon Aug 13 21:56:50 2018 -0700 Merge tag 'locks-v4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux Pull file locking updates from Jeff Layton: "Just a couple of patches from Konstantin to fix /proc/locks when the process that set the lock has exited, and a new tracepoint for the flock() codepath. Also threw in mailmap entries for my addresses and a comment cleanup" * tag 'locks-v4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux: locks: remove misleading obsolete comment mailmap: remap some of my email addresses to kernel.org address locks: add tracepoint in flock codepath fs/lock: show locks taken by processes from another pidns fs/lock: skip lock owner pid translation in case we are in init_pid_ns commit 4591343e3560d51fa37a24cd262192a7b889a6a3 Merge: f2be26989770 7964410fcf13 63a67a926e21 Author: Linus Torvalds Date: Mon Aug 13 21:28:25 2018 -0700 Merge branches 'work.misc' and 'work.dcache' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull misc vfs updates from Al Viro: "Misc cleanups from various folks all over the place I expected more fs/dcache.c cleanups this cycle, so that went into a separate branch. Said cleanups have missed the window, so in the hindsight it could've gone into work.misc instead. Decided not to cherry-pick, thus the 'work.dcache' branch" * 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fs: dcache: Use true and false for boolean values fold generic_readlink() into its only caller fs: shave 8 bytes off of struct inode fs: Add more kernel-doc to the produced documentation fs: Fix attr.c kernel-doc removed extra extern file_fdatawait_range * 'work.dcache' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: kill dentry_update_name_case() commit f2be269897708700ed9b2a96f695348a10a003e8 Merge: 4d2a073cde82 e8693bcfa0b4 Author: Linus Torvalds Date: Mon Aug 13 20:56:23 2018 -0700 Merge branch 'work.aio' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs aio updates from Al Viro: "Christoph's aio poll, saner this time around. This time it's pretty much local to fs/aio.c. Hopefully race-free..." * 'work.aio' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: aio: allow direct aio poll comletions for keyed wakeups aio: implement IOCB_CMD_POLL aio: add a iocb refcount timerfd: add support for keyed wakeups commit 4d2a073cde825dd1a0ce8ff8b6aef138997fbbd9 Merge: 0ea97a2d61df 808aa6c5e34a Author: Linus Torvalds Date: Mon Aug 13 20:54:14 2018 -0700 Merge branch 'work.lookup' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs lookup() updates from Al Viro: "More conversions of ->lookup() to d_splice_alias(). Should be reasonably complete now - the only leftovers are in ceph" * 'work.lookup' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: afs_try_auto_mntpt(): return NULL instead of ERR_PTR(-ENOENT) afs_lookup(): switch to d_splice_alias() afs: switch dynroot lookups to d_splice_alias() hpfs: fix an inode leak in lookup, switch to d_splice_alias() hostfs_lookup: switch to d_splice_alias() commit 1bbf3aed25e0fc256e825da1f5c45d7b4daa828e Author: Arnd Bergmann Date: Tue Aug 14 00:12:45 2018 +0200 bnxt_en: take coredump_record structure off stack The bnxt_coredump_record structure is very long, causing a warning about possible stack overflow on 32-bit architectures: drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c: In function 'bnxt_get_coredump': drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:2989:1: error: the frame size of 1188 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] I could not see any reason to operate on an on-stack copy of the structure before copying it back into the caller-provided buffer, which also simplifies the code here. Fixes: 6c5657d085ae ("bnxt_en: Add support for ethtool get dump.") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller commit cf87615d15f37182b2a3a4cd722288d3d5956900 Author: Arnd Bergmann Date: Tue Aug 14 00:10:34 2018 +0200 net: systemport: fix unused function warning The only remaining caller of this function is inside of an #ifdef after another caller got removed. This causes a harmless warning in some configurations: drivers/net/ethernet/broadcom/bcmsysport.c:1068:13: error: 'bcm_sysport_resume_from_wol' defined but not used [-Werror=unused-function] Removing the #ifdef around the PM functions simplifies the code and avoids the problem but letting the compiler drop the unused functions silently. Fixes: 9e85e22713d6 ("net: systemport: Do not re-configure upon WoL interrupt") Signed-off-by: Arnd Bergmann Acked-by: Florian Fainelli Signed-off-by: David S. Miller commit 81a8b0799632627b587af31ecd06112397e4ec36 Author: Arnd Bergmann Date: Mon Aug 13 23:50:41 2018 +0200 net: stmmac: mark PM functions as __maybe_unused The newly added suspend/resume functions cause a build warning when CONFIG_PM is disabled: drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c:324:12: error: 'stmmac_pci_resume' defined but not used [-Werror=unused-function] drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c:306:12: error: 'stmmac_pci_suspend' defined but not used [-Werror=unused-function] Mark them as __maybe_unused so gcc can drop them silently. Fixes: b7d0f08e9129 ("net: stmmac: Fix WoL for PCI-based setups") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller commit c2ebc25674e5123d134e81758828084f1cc58cc3 Author: Arnd Bergmann Date: Mon Aug 13 23:43:05 2018 +0200 l2tp: fix unused function warning Removing one of the callers of pppol2tp_session_get_sock caused a harmless warning in some configurations: net/l2tp/l2tp_ppp.c:142:21: 'pppol2tp_session_get_sock' defined but not used [-Wunused-function] Rather than adding another #ifdef here, using a proper IS_ENABLED() check makes the code more readable and avoids those warnings while letting the compiler figure out for itself which code is needed. This adds one pointer for the unused show() callback in struct l2tp_session, but that seems harmless. Fixes: b0e29063dcb3 ("l2tp: remove pppol2tp_session_ioctl()") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller commit 3d46eee5a5f2f22ca04e2139e8c9a16b81d16073 Author: Arnd Bergmann Date: Mon Aug 13 23:26:54 2018 +0200 bnxt_en: avoid string overflow for record->system_name The utsname()->nodename string may be 64 bytes long, and it gets copied without the trailing nul byte into the shorter record->system_name, as gcc now warns: In file included from include/linux/bitmap.h:9, from include/linux/ethtool.h:16, from drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:13: In function 'strncpy', inlined from 'bnxt_fill_coredump_record' at drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:2863:2: include/linux/string.h:254:9: error: '__builtin_strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] Using strlcpy() at least avoids overflowing the destination buffer and adds proper nul-termination. It may still truncate long names though, which probably can't be solved here. Fixes: 6c5657d085ae ("bnxt_en: Add support for ethtool get dump.") Signed-off-by: Arnd Bergmann Acked-by: Michael Chan Signed-off-by: David S. Miller commit 9dc502d79778324df7db4e093ffddf5413a1cd5f Author: Arnd Bergmann Date: Mon Aug 13 23:19:22 2018 +0200 net: lan743x: fix building without CONFIG_PTP_1588_CLOCK Building without CONFIG_PTP_1588_CLOCK results in multiple failures, this was obviously not well tested: drivers/net/ethernet/microchip/lan743x_ptp.c: In function 'lan743x_ptp_isr': drivers/net/ethernet/microchip/lan743x_ptp.c:781:28: error: 'struct lan743x_ptp' has no member named 'ptp_clock'; did you mean 'tx_ts_lock'? ptp_schedule_worker(ptp->ptp_clock, 0); ^~~~~~~~~ tx_ts_lock drivers/net/ethernet/microchip/lan743x_ptp.c: In function 'lan743x_ptp_open': drivers/net/ethernet/microchip/lan743x_ptp.c:879:6: error: unused variable 'ret' [-Werror=unused-variable] int ret = -ENODEV; ^~~ At top level: drivers/net/ethernet/microchip/lan743x_ptp.c:63:13: error: 'lan743x_ptp_tx_ts_enqueue_ts' defined but not used [-Werror=unused-function] static void lan743x_ptp_tx_ts_enqueue_ts(struct lan743x_adapter *adapter, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors drivers/net/ethernet/microchip/lan743x_ethtool.c: In function 'lan743x_ethtool_get_ts_info': drivers/net/ethernet/microchip/lan743x_ethtool.c:558:19: error: 'struct lan743x_ptp' has no member named 'ptp_clock'; did you mean 'tx_ts_lock'? Those #ifdef checks are hard to get right, replace them all with IS_ENABLED() checks that leave the same code visible to the compiler but let it optimize out the unused bits based on the configuration. Fixes: 07624df1c9ef ("lan743x: lan743x: Add PTP support") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller commit 3aad924025e2865e80212b9154749303618a1826 Author: Arnd Bergmann Date: Mon Aug 13 23:19:21 2018 +0200 net: lan743x: select CRC16 lan743x now fails to build when CONFIG_CRC16 is disabled: drivers/net/ethernet/microchip/lan743x_main.o: In function crc16' Force it on like all other users do. Fixes: 4d94282afd95 ("lan743x: Add power management support") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller commit 0ea97a2d61df729ccce75b00a2fa37d39a508ab6 Merge: a66b4cd1e716 c7b15a8657da Author: Linus Torvalds Date: Mon Aug 13 20:25:58 2018 -0700 Merge branch 'work.mkdir' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs icache updates from Al Viro: - NFS mkdir/open_by_handle race fix - analogous solution for FUSE, replacing the one currently in mainline - new primitive to be used when discarding halfway set up inodes on failed object creation; gives sane warranties re icache lookups not returning such doomed by still not freed inodes. A bunch of filesystems switched to that animal. - Miklos' fix for last cycle regression in iget5_locked(); -stable will need a slightly different variant, unfortunately. - misc bits and pieces around things icache-related (in adfs and jfs). * 'work.mkdir' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: jfs: don't bother with make_bad_inode() in ialloc() adfs: don't put inodes into icache new helper: inode_fake_hash() vfs: don't evict uninitialized inode jfs: switch to discard_new_inode() ext2: make sure that partially set up inodes won't be returned by ext2_iget() udf: switch to discard_new_inode() ufs: switch to discard_new_inode() btrfs: switch to discard_new_inode() new primitive: discard_new_inode() kill d_instantiate_no_diralias() nfs_instantiate(): prevent multiple aliases for directory inode commit 7bb516ca5424e12b42124fab2906b6da9c81ba9c Author: Max Filippov Date: Sun Aug 12 06:01:40 2018 -0700 xtensa: rework noMMU cache attributes initialization Marking default memory region as cached is not always sufficient and is not flexible. Allow specifying cache attributes for the whole memory address space with new config entry MEMMAP_CACHEATTR. Apply it after cache initialization. Signed-off-by: Max Filippov commit fec3259c9f747c039f90e99570540114c8d81a14 Author: Max Filippov Date: Fri Aug 10 22:21:22 2018 -0700 xtensa: increase ranges in ___invalidate_{i,d}cache_all Cache invalidation macros use cache line size to iterate over invalidated cache lines, assuming that all cache ways are invalidated by single instruction, but xtensa ISA recommends to not assume that for future compatibility: In some implementations all ways at index Addry-1..z are invalidated regardless of the specified way, but for future compatibility this behavior should not be assumed. Iterate over all cache ways in ___invalidate_icache_all and ___invalidate_dcache_all. Cc: stable@vger.kernel.org Signed-off-by: Max Filippov commit be75de25251f7cf3e399ca1f584716a95510d24a Author: Max Filippov Date: Fri Aug 10 20:43:48 2018 -0700 xtensa: limit offsets in __loop_cache_{all,page} When building kernel for xtensa cores with big cache lines (e.g. 128 bytes or more) __loop_cache_all and __loop_cache_page may generate assembly instructions with immediate fields that are too big. This results in the following build errors: arch/xtensa/mm/misc.S: Assembler messages: arch/xtensa/mm/misc.S:464: Error: operand 2 of 'diwbi' has invalid value '256' arch/xtensa/mm/misc.S:464: Error: operand 2 of 'diwbi' has invalid value '384' arch/xtensa/kernel/head.S: Assembler messages: arch/xtensa/kernel/head.S:172: Error: operand 2 of 'diu' has invalid value '256' arch/xtensa/kernel/head.S:172: Error: operand 2 of 'diu' has invalid value '384' arch/xtensa/kernel/head.S:176: Error: operand 2 of 'iiu' has invalid value '256' arch/xtensa/kernel/head.S:176: Error: operand 2 of 'iiu' has invalid value '384' arch/xtensa/kernel/head.S:255: Error: operand 2 of 'diwb' has invalid value '256' arch/xtensa/kernel/head.S:255: Error: operand 2 of 'diwb' has invalid value '384' Add parameter max_immed to these macros and use it to limit values of immediate operands. Extract common code of these macros into the new macro __loop_cache_unroll. Cc: stable@vger.kernel.org Signed-off-by: Max Filippov commit a66b4cd1e7163adb327838a3c81faaf6a9330d5a Merge: b16528466786 5f336e722cc9 Author: Linus Torvalds Date: Mon Aug 13 19:58:36 2018 -0700 Merge branch 'work.open3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs open-related updates from Al Viro: - "do we need fput() or put_filp()" rules are gone - it's always fput() now. We keep track of that state where it belongs - in ->f_mode. - int *opened mess killed - in finish_open(), in ->atomic_open() instances and in fs/namei.c code around do_last()/lookup_open()/atomic_open(). - alloc_file() wrappers with saner calling conventions are introduced (alloc_file_clone() and alloc_file_pseudo()); callers converted, with much simplification. - while we are at it, saner calling conventions for path_init() and link_path_walk(), simplifying things inside fs/namei.c (both on open-related paths and elsewhere). * 'work.open3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (40 commits) few more cleanups of link_path_walk() callers allow link_path_walk() to take ERR_PTR() make path_init() unconditionally paired with terminate_walk() document alloc_file() changes make alloc_file() static do_shmat(): grab shp->shm_file earlier, switch to alloc_file_clone() new helper: alloc_file_clone() create_pipe_files(): switch the first allocation to alloc_file_pseudo() anon_inode_getfile(): switch to alloc_file_pseudo() hugetlb_file_setup(): switch to alloc_file_pseudo() ocxlflash_getfile(): switch to alloc_file_pseudo() cxl_getfile(): switch to alloc_file_pseudo() ... and switch shmem_file_setup() to alloc_file_pseudo() __shmem_file_setup(): reorder allocations new wrapper: alloc_file_pseudo() kill FILE_{CREATED,OPENED} switch atomic_open() and lookup_open() to returning 0 in all success cases document ->atomic_open() changes ->atomic_open(): return 0 in all success cases get rid of 'opened' in path_openat() and the helpers downstream ... commit b16528466786a540cb00148acb124e0149d62710 Merge: e5a32b5b21a1 4afec79f652b Author: Linus Torvalds Date: Mon Aug 13 19:53:26 2018 -0700 Merge tag 'hwmon-for-linus-v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon updates from Guenter Roeck: - new driver for NPCM7xx PWM and Fan controller - new driver for Mellanox FAN controller - add support for MAX34451 to max34440 driver - add support for new Threadripper variants to k10temp driver - add error handling to adt7475 driver - cleanup nct6775 and nct7904 drivers - document sensor enable ABI attributes * tag 'hwmon-for-linus-v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (adt7475) Change show functions to return error data correctly hwmon: (adt7475) Change update functions to add error handling hwmon: (adt7475) Change valid parameter to bool type hwmon: (adt7475) Split device update function to measure and limits hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table hwmon: (k10temp) 27C Offset needed for Threadripper2 hwmon: (iio_hwmon) Use devm functions hwmon: Add NPCM7xx PWM and Fan driver dt-binding: hwmon: Add NPCM7xx PWM and Fan controller documentation hwmon: (pmbus/max34440) Add support for MAX34451. hwmon: Document the sensor enable attribute hwmon: (mlxreg-fan) Add support for Mellanox FAN driver hwmon: Mark expected switch fall-throughs hwmon: (nct6775) Fix comment in the description of pwm_mode hwmon: (nct7904) Fix UNSPECIFIED_INT warning hwmon: (nct7904) Fix CODE_INDENT error hwmon: (nct7904) Fix SPACING errors commit e8ae5e92beeec01e8badfecbc9adfd6f94ec87c8 Merge: 19997ba7cb74 008369dcc5f7 Author: David S. Miller Date: Mon Aug 13 19:37:42 2018 -0700 Merge branch 'net_sched-Fix-two-tc_index-filter-init-issues' Hangbin Liu says: ==================== net_sched: Fix two tc_index filter init issues These two patches fix two tc_index filter init issues. The first one fixes missing exts info in new filter, which will cause NULL pointer dereference when delete tcindex filter. The second one fixes missing res info when create new filter, which will make filter unbind failed. ==================== Signed-off-by: David S. Miller commit 008369dcc5f7bfba526c98054f8525322acf0ea3 Author: Hangbin Liu Date: Mon Aug 13 18:44:04 2018 +0800 net_sched: Fix missing res info when create new tc_index filter Li Shuang reported the following warn: [ 733.484610] WARNING: CPU: 6 PID: 21123 at net/sched/sch_cbq.c:1418 cbq_destroy_class+0x5d/0x70 [sch_cbq] [ 733.495190] Modules linked in: sch_cbq cls_tcindex sch_dsmark rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache xt_CHECKSUM iptable_mangle ipt_MASQUERADE iptable_nat l [ 733.574155] syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm igb ixgbe ahci libahci i2c_algo_bit libata i40e i2c_core dca mdio megaraid_sas dm_mirror dm_region_hash dm_log dm_mod [ 733.592500] CPU: 6 PID: 21123 Comm: tc Not tainted 4.18.0-rc8.latest+ #131 [ 733.600169] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.1.5 04/11/2016 [ 733.608518] RIP: 0010:cbq_destroy_class+0x5d/0x70 [sch_cbq] [ 733.614734] Code: e7 d9 d2 48 8b 7b 48 e8 61 05 da d2 48 8d bb f8 00 00 00 e8 75 ae d5 d2 48 39 eb 74 0a 48 89 df 5b 5d e9 16 6c 94 d2 5b 5d c3 <0f> 0b eb b6 0f 1f 44 00 00 66 2e 0f 1f 84 [ 733.635798] RSP: 0018:ffffbfbb066bb9d8 EFLAGS: 00010202 [ 733.641627] RAX: 0000000000000001 RBX: ffff9cdd17392800 RCX: 000000008010000f [ 733.649588] RDX: ffff9cdd1df547e0 RSI: ffff9cdd17392800 RDI: ffff9cdd0f84c800 [ 733.657547] RBP: ffff9cdd0f84c800 R08: 0000000000000001 R09: 0000000000000000 [ 733.665508] R10: ffff9cdd0f84d000 R11: 0000000000000001 R12: 0000000000000001 [ 733.673469] R13: 0000000000000000 R14: 0000000000000001 R15: ffff9cdd17392200 [ 733.681430] FS: 00007f911890a740(0000) GS:ffff9cdd1f8c0000(0000) knlGS:0000000000000000 [ 733.690456] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 733.696864] CR2: 0000000000b5544c CR3: 0000000859374002 CR4: 00000000001606e0 [ 733.704826] Call Trace: [ 733.707554] cbq_destroy+0xa1/0xd0 [sch_cbq] [ 733.712318] qdisc_destroy+0x62/0x130 [ 733.716401] dsmark_destroy+0x2a/0x70 [sch_dsmark] [ 733.721745] qdisc_destroy+0x62/0x130 [ 733.725829] qdisc_graft+0x3ba/0x470 [ 733.729817] tc_get_qdisc+0x2a6/0x2c0 [ 733.733901] ? cred_has_capability+0x7d/0x130 [ 733.738761] rtnetlink_rcv_msg+0x263/0x2d0 [ 733.743330] ? rtnl_calcit.isra.30+0x110/0x110 [ 733.748287] netlink_rcv_skb+0x4d/0x130 [ 733.752576] netlink_unicast+0x1a3/0x250 [ 733.756949] netlink_sendmsg+0x2ae/0x3a0 [ 733.761324] sock_sendmsg+0x36/0x40 [ 733.765213] ___sys_sendmsg+0x26f/0x2d0 [ 733.769493] ? handle_pte_fault+0x586/0xdf0 [ 733.774158] ? __handle_mm_fault+0x389/0x500 [ 733.778919] ? __sys_sendmsg+0x5e/0xa0 [ 733.783099] __sys_sendmsg+0x5e/0xa0 [ 733.787087] do_syscall_64+0x5b/0x180 [ 733.791171] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 733.796805] RIP: 0033:0x7f9117f23f10 [ 733.800791] Code: c3 48 8b 05 82 6f 2c 00 f7 db 64 89 18 48 83 cb ff eb dd 0f 1f 80 00 00 00 00 83 3d 8d d0 2c 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 [ 733.821873] RSP: 002b:00007ffe96818398 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 733.830319] RAX: ffffffffffffffda RBX: 000000005b71244c RCX: 00007f9117f23f10 [ 733.838280] RDX: 0000000000000000 RSI: 00007ffe968183e0 RDI: 0000000000000003 [ 733.846241] RBP: 00007ffe968183e0 R08: 000000000000ffff R09: 0000000000000003 [ 733.854202] R10: 00007ffe96817e20 R11: 0000000000000246 R12: 0000000000000000 [ 733.862161] R13: 0000000000662ee0 R14: 0000000000000000 R15: 0000000000000000 [ 733.870121] ---[ end trace 28edd4aad712ddca ]--- This is because we didn't update f->result.res when create new filter. Then in tcindex_delete() -> tcf_unbind_filter(), we will failed to find out the res and unbind filter, which will trigger the WARN_ON() in cbq_destroy_class(). Fix it by updating f->result.res when create new filter. Fixes: 6e0565697a106 ("net_sched: fix another crash in cls_tcindex") Reported-by: Li Shuang Signed-off-by: Hangbin Liu Acked-by: Cong Wang Signed-off-by: David S. Miller commit 2df8bee5654bb2b7312662ca6810d4dc16b0b67f Author: Hangbin Liu Date: Mon Aug 13 18:44:03 2018 +0800 net_sched: fix NULL pointer dereference when delete tcindex filter Li Shuang reported the following crash: [ 71.267724] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 [ 71.276456] PGD 800000085d9bd067 P4D 800000085d9bd067 PUD 859a0b067 PMD 0 [ 71.284127] Oops: 0000 [#1] SMP PTI [ 71.288015] CPU: 12 PID: 2386 Comm: tc Not tainted 4.18.0-rc8.latest+ #131 [ 71.295686] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.1.5 04/11/2016 [ 71.304037] RIP: 0010:tcindex_delete+0x72/0x280 [cls_tcindex] [ 71.310446] Code: 00 31 f6 48 87 75 20 48 85 f6 74 11 48 8b 47 18 48 8b 40 08 48 8b 40 50 e8 fb a6 f8 fc 48 85 db 0f 84 dc 00 00 00 48 8b 73 18 <8b> 56 04 48 8d 7e 04 85 d2 0f 84 7b 01 00 [ 71.331517] RSP: 0018:ffffb45207b3f898 EFLAGS: 00010282 [ 71.337345] RAX: ffff8ad3d72d6360 RBX: ffff8acc84393680 RCX: 000000000000002e [ 71.345306] RDX: ffff8ad3d72c8570 RSI: 0000000000000000 RDI: ffff8ad847a45800 [ 71.353277] RBP: ffff8acc84393688 R08: ffff8ad3d72c8400 R09: 0000000000000000 [ 71.361238] R10: ffff8ad3de786e00 R11: 0000000000000000 R12: ffffb45207b3f8c7 [ 71.369199] R13: ffff8ad3d93bd2a0 R14: 000000000000002e R15: ffff8ad3d72c9600 [ 71.377161] FS: 00007f9d3ec3e740(0000) GS:ffff8ad3df980000(0000) knlGS:0000000000000000 [ 71.386188] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.392597] CR2: 0000000000000004 CR3: 0000000852f06003 CR4: 00000000001606e0 [ 71.400558] Call Trace: [ 71.403299] tcindex_destroy_element+0x25/0x40 [cls_tcindex] [ 71.409611] tcindex_walk+0xbb/0x110 [cls_tcindex] [ 71.414953] tcindex_destroy+0x44/0x90 [cls_tcindex] [ 71.420492] ? tcindex_delete+0x280/0x280 [cls_tcindex] [ 71.426323] tcf_proto_destroy+0x16/0x40 [ 71.430696] tcf_chain_flush+0x51/0x70 [ 71.434876] tcf_block_put_ext.part.30+0x8f/0x1b0 [ 71.440122] tcf_block_put+0x4d/0x70 [ 71.444108] cbq_destroy+0x4d/0xd0 [sch_cbq] [ 71.448869] qdisc_destroy+0x62/0x130 [ 71.452951] dsmark_destroy+0x2a/0x70 [sch_dsmark] [ 71.458300] qdisc_destroy+0x62/0x130 [ 71.462373] qdisc_graft+0x3ba/0x470 [ 71.466359] tc_get_qdisc+0x2a6/0x2c0 [ 71.470443] ? cred_has_capability+0x7d/0x130 [ 71.475307] rtnetlink_rcv_msg+0x263/0x2d0 [ 71.479875] ? rtnl_calcit.isra.30+0x110/0x110 [ 71.484832] netlink_rcv_skb+0x4d/0x130 [ 71.489109] netlink_unicast+0x1a3/0x250 [ 71.493482] netlink_sendmsg+0x2ae/0x3a0 [ 71.497859] sock_sendmsg+0x36/0x40 [ 71.501748] ___sys_sendmsg+0x26f/0x2d0 [ 71.506029] ? handle_pte_fault+0x586/0xdf0 [ 71.510694] ? __handle_mm_fault+0x389/0x500 [ 71.515457] ? __sys_sendmsg+0x5e/0xa0 [ 71.519636] __sys_sendmsg+0x5e/0xa0 [ 71.523626] do_syscall_64+0x5b/0x180 [ 71.527711] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.533345] RIP: 0033:0x7f9d3e257f10 [ 71.537331] Code: c3 48 8b 05 82 6f 2c 00 f7 db 64 89 18 48 83 cb ff eb dd 0f 1f 80 00 00 00 00 83 3d 8d d0 2c 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 [ 71.558401] RSP: 002b:00007fff6f893398 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 71.566848] RAX: ffffffffffffffda RBX: 000000005b71274d RCX: 00007f9d3e257f10 [ 71.574810] RDX: 0000000000000000 RSI: 00007fff6f8933e0 RDI: 0000000000000003 [ 71.582770] RBP: 00007fff6f8933e0 R08: 000000000000ffff R09: 0000000000000003 [ 71.590729] R10: 00007fff6f892e20 R11: 0000000000000246 R12: 0000000000000000 [ 71.598689] R13: 0000000000662ee0 R14: 0000000000000000 R15: 0000000000000000 [ 71.606651] Modules linked in: sch_cbq cls_tcindex sch_dsmark xt_CHECKSUM iptable_mangle ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_coni [ 71.685425] libahci i2c_algo_bit i2c_core i40e libata dca mdio megaraid_sas dm_mirror dm_region_hash dm_log dm_mod [ 71.697075] CR2: 0000000000000004 [ 71.700792] ---[ end trace f604eb1acacd978b ]--- Reproducer: tc qdisc add dev lo handle 1:0 root dsmark indices 64 set_tc_index tc filter add dev lo parent 1:0 protocol ip prio 1 tcindex mask 0xfc shift 2 tc qdisc add dev lo parent 1:0 handle 2:0 cbq bandwidth 10Mbit cell 8 avpkt 1000 mpu 64 tc class add dev lo parent 2:0 classid 2:1 cbq bandwidth 10Mbit rate 1500Kbit avpkt 1000 prio 1 bounded isolated allot 1514 weight 1 maxburst 10 tc filter add dev lo parent 2:0 protocol ip prio 1 handle 0x2e tcindex classid 2:1 pass_on tc qdisc add dev lo parent 2:1 pfifo limit 5 tc qdisc del dev lo root This is because in tcindex_set_parms, when there is no old_r, we set new exts to cr.exts. And we didn't set it to filter when r == &new_filter_result. Then in tcindex_delete() -> tcf_exts_get_net(), we will get NULL pointer dereference as we didn't init exts. Fix it by moving tcf_exts_change() after "if (old_r && old_r != r)" check. Then we don't need "cr" as there is no errout after that. Fixes: bf63ac73b3e13 ("net_sched: fix an oops in tcindex filter") Reported-by: Li Shuang Signed-off-by: Hangbin Liu Acked-by: Cong Wang Signed-off-by: David S. Miller commit 19997ba7cb7473a4061f42bdfe7e7928a020e714 Author: Jakub Kicinski Date: Mon Aug 13 18:31:05 2018 -0700 nfp: clean up return types in kdoc comments Remove 'Return:' information from functions which no longer return a value. Also update name and return types of nfp_nffw_info access functions. Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe Signed-off-by: David S. Miller commit e5a32b5b21a18d24e9d735891550c194b4c60bd2 Merge: 2280a5360e4f 22f20a110321 Author: Linus Torvalds Date: Mon Aug 13 19:24:32 2018 -0700 Merge tag 'mips_4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux Pull MIPS updates from Paul Burton: "Here are the main MIPS changes for 4.19. An overview of the general architecture changes: - Massive DMA ops refactoring from Christoph Hellwig (huzzah for deleting crufty code!). - We introduce NT_MIPS_DSP & NT_MIPS_FP_MODE ELF notes & corresponding regsets to expose DSP ASE & floating point mode state respectively, both for live debugging & core dumps. - We better optimize our code by hard-coding cpu_has_* macros at compile time where their values are known due to the ISA revision that the kernel build is targeting. - The EJTAG exception handler now better handles SMP systems, where it was previously possible for CPUs to clobber a register value saved by another CPU. - Our implementation of memset() gained a couple of fixes for MIPSr6 systems to return correct values in some cases where stores fault. - We now implement ioremap_wc() using the uncached-accelerated cache coherency attribute where supported, which is detected during boot, and fall back to plain uncached access where necessary. The MIPS-specific (and unused in tree) ioremap_uncached_accelerated() & ioremap_cacheable_cow() are removed. - The prctl(PR_SET_FP_MODE, ...) syscall is better supported for SMP systems by reworking the way we ensure remote CPUs that may be running threads within the affected process switch mode. - Systems using the MIPS Coherence Manager will now set the MIPS_IC_SNOOPS_REMOTE flag to avoid some unnecessary cache maintenance overhead when flushing the icache. - A few fixes were made for building with clang/LLVM, which now sucessfully builds kernels for many of our platforms. - Miscellaneous cleanups all over. And some platform-specific changes: - ar7 gained stubs for a few clock API functions to fix build failures for some drivers. - ath79 gained support for a few new SoCs, a few fixes & better gpio-keys support. - Ci20 now exposes its SPI bus using the spi-gpio driver. - The generic platform can now auto-detect a suitable value for PHYS_OFFSET based upon the memory map described by the device tree, allowing us to avoid wasting memory on page book-keeping for systems where RAM starts at a non-zero physical address. - Ingenic systems using the jz4740 platform code now link their vmlinuz higher to allow for kernels of a realistic size. - Loongson32 now builds the kernel targeting MIPSr1 rather than MIPSr2 to avoid CPU errata. - Loongson64 gains a couple of fixes, a workaround for a write buffering issue & support for the Loongson 3A R3.1 CPU. - Malta now uses the piix4-poweroff driver to handle powering down. - Microsemi Ocelot gained support for its SPI bus & NOR flash, its second MDIO bus and can now be supported by a FIT/.itb image. - Octeon saw a bunch of header cleanups which remove a lot of duplicate or unused code" * tag 'mips_4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: (123 commits) MIPS: Remove remnants of UASM_ISA MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send() MIPS: VDSO: Force link endianness MIPS: Always specify -EB or -EL when using clang MIPS: Use dins to simplify __write_64bit_c0_split() MIPS: Use read-write output operand in __write_64bit_c0_split() MIPS: Avoid using array as parameter to write_c0_kpgd() MIPS: vdso: Allow clang's --target flag in VDSO cflags MIPS: genvdso: Remove GOT checks MIPS: Remove obsolete MIPS checks for DST node "chosen@0" MIPS: generic: Remove input symbols from defconfig MIPS: Delete unused code in linux32.c MIPS: Remove unused sys_32_mmap2 MIPS: Remove nabi_no_regargs mips: dts: mscc: enable spi and NOR flash support on ocelot PCB123 mips: dts: mscc: Add spi on Ocelot MIPS: Loongson: Merge load addresses MIPS: Loongson: Set Loongson32 to MIPS32R1 MIPS: mscc: ocelot: add interrupt controller properties to GPIO controller MIPS: generic: Select MIPS_AUTO_PFN_OFFSET ... commit 2280a5360e4ff9320bfb12f760a8e9916ff5e7bc Merge: c2d9f5bc2db4 c8921d72e390 Author: Linus Torvalds Date: Mon Aug 13 19:18:02 2018 -0700 Merge branch 'parisc-4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc updates from Helge Deller: - parisc now uses the generic dma_noncoherent_ops implementation (Christoph Hellwig) - further memory barrier and spinlock improvements (John David Anglin) - prepare removal of current_text_addr() functions (Nick Desaulniers) - improve kernel stack unwinding on parisc (me) - drop ENOTSUP which was defined on parisc only (me) * 'parisc-4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Fix and improve kernel stack unwinding parisc: Remove unnecessary barriers from spinlock.h parisc: Remove ordered stores from syscall.S parisc: prefer _THIS_IP_ and _RET_IP_ statement expressions parisc: Add HAVE_REGS_AND_STACK_ACCESS_API feature parisc: Drop architecture-specific ENOTSUP define parisc: use generic dma_noncoherent_ops parisc: always use flush_kernel_dcache_range for DMA cache maintainance parisc: merge pcx_dma_ops and pcxl_dma_ops commit c2d9f5bc2db49bcc2e055340941b1873b74dfb5d Merge: 9b27efe08180 53ccb22b8d4a Author: Linus Torvalds Date: Mon Aug 13 19:15:48 2018 -0700 Merge branch 'clkdev' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM clkdev updates from Russell King: "A couple of cleanups for clkdev" * 'clkdev' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: 8778/1: clkdev: don't call __of_clk_get_by_name() unnecessarily from clk_get() ARM: 8776/1: clkdev: Remove duplicated negative index check from __of_clk_get() commit 9b27efe08180444e66c0922f89f3f883f4f9e35e Merge: 85a0b791bc17 c61b466d4f88 Author: Linus Torvalds Date: Mon Aug 13 19:13:38 2018 -0700 Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM updates from Russell King: - further Spectre variant 1 fixes for user accessors. - kbuild cleanups (Masahiro Yamada) - hook up sync core functionality (Will Deacon) - nommu updates for hypervisor mode booting (Vladimir Murzin) - use compiler built-ins for fls and ffs (Nicolas Pitre) * 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: spectre-v1: mitigate user accesses ARM: spectre-v1: use get_user() for __get_user() ARM: use __inttype() in get_user() ARM: oabi-compat: copy semops using __copy_from_user() ARM: vfp: use __copy_from_user() when restoring VFP state ARM: 8785/1: use compiler built-ins for ffs and fls ARM: 8784/1: NOMMU: Allow enter in Hyp mode ARM: 8783/1: NOMMU: Extend check for VBAR support ARM: 8782/1: vfp: clean up arch/arm/vfp/Makefile ARM: signal: copy registers using __copy_from_user() ARM: tcm: ensure inline stub functions are marked static ARM: 8779/1: add endianness option to LDFLAGS instead of LD ARM: 8777/1: Hook up SYNC_CORE functionality for sys_membarrier() commit 85a0b791bc17f7a49280b33e2905d109c062a47b Merge: 13e091b6dd0e 669f3765b755 Author: Linus Torvalds Date: Mon Aug 13 19:07:17 2018 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 updates from Heiko Carstens: "Since Martin is on vacation you get the s390 pull request from me: - Host large page support for KVM guests. As the patches have large impact on arch/s390/mm/ this series goes out via both the KVM and the s390 tree. - Add an option for no compression to the "Kernel compression mode" menu, this will come in handy with the rework of the early boot code. - A large rework of the early boot code that will make life easier for KASAN and KASLR. With the rework the bootable uncompressed image is not generated anymore, only the bzImage is available. For debuggung purposes the new "no compression" option is used. - Re-enable the gcc plugins as the issue with the latent entropy plugin is solved with the early boot code rework. - More spectre relates changes: + Detect the etoken facility and remove expolines automatically. + Add expolines to a few more indirect branches. - A rewrite of the common I/O layer trace points to make them consumable by 'perf stat'. - Add support for format-3 PCI function measurement blocks. - Changes for the zcrypt driver: + Add attributes to indicate the load of cards and queues. + Restructure some code for the upcoming AP device support in KVM. - Build flags improvements in various Makefiles. - A few fixes for the kdump support. - A couple of patches for gcc 8 compile warning cleanup. - Cleanup s390 specific proc handlers. - Add s390 support to the restartable sequence self tests. - Some PTR_RET vs PTR_ERR_OR_ZERO cleanup. - Lots of bug fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (107 commits) s390/dasd: fix hanging offline processing due to canceled worker s390/dasd: fix panic for failed online processing s390/mm: fix addressing exception after suspend/resume rseq/selftests: add s390 support s390: fix br_r1_trampoline for machines without exrl s390/lib: use expoline for all bcr instructions s390/numa: move initial setup of node_to_cpumask_map s390/kdump: Fix elfcorehdr size calculation s390/cpum_sf: save TOD clock base in SDBs for time conversion KVM: s390: Add huge page enablement control s390/mm: Add huge page gmap linking support s390/mm: hugetlb pages within a gmap can not be freed KVM: s390: Add skey emulation fault handling s390/mm: Add huge pmd storage key handling s390/mm: Clear skeys for newly mapped huge guest pmds s390/mm: Clear huge page storage keys on enable_skey s390/mm: Add huge page dirty sync support s390/mm: Add gmap pmd invalidation and clearing s390/mm: Add gmap pmd notification bit setting s390/mm: Add gmap pmd linking ... commit 486edfb1039dc413c4806d11accdedc8a4aa573b Author: Jason Gunthorpe Date: Mon Aug 13 20:04:37 2018 -0600 IB/ucm: Fix compiling ucm.c Even though this interface is marked CONFIG_BROKEN we still expect it to compile, at least until we delete it completely. Also mark INFINIBAND_USER_ACCESS_UCM with COMPILE_TEST so these situations can be detected. Fixes: e7ff98aefc9e ("RDMA/cma: Constify path record, ib_cm_event, listen_id pointers") Signed-off-by: Jason Gunthorpe commit 13e091b6dd0e78a518a7d8756607d3acb8215768 Merge: eac341194426 1088c6eef261 Author: Linus Torvalds Date: Mon Aug 13 18:28:19 2018 -0700 Merge branch 'x86-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 timer updates from Thomas Gleixner: "Early TSC based time stamping to allow better boot time analysis. This comes with a general cleanup of the TSC calibration code which grew warts and duct taping over the years and removes 250 lines of code. Initiated and mostly implemented by Pavel with help from various folks" * 'x86-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (37 commits) x86/kvmclock: Mark kvm_get_preset_lpj() as __init x86/tsc: Consolidate init code sched/clock: Disable interrupts when calling generic_sched_clock_init() timekeeping: Prevent false warning when persistent clock is not available sched/clock: Close a hole in sched_clock_init() x86/tsc: Make use of tsc_calibrate_cpu_early() x86/tsc: Split native_calibrate_cpu() into early and late parts sched/clock: Use static key for sched_clock_running sched/clock: Enable sched clock early sched/clock: Move sched clock initialization and merge with generic clock x86/tsc: Use TSC as sched clock early x86/tsc: Initialize cyc2ns when tsc frequency is determined x86/tsc: Calibrate tsc only once ARM/time: Remove read_boot_clock64() s390/time: Remove read_boot_clock64() timekeeping: Default boot time offset to local_clock() timekeeping: Replace read_boot_clock64() with read_persistent_wall_and_boot_offset() s390/time: Add read_persistent_wall_and_boot_offset() x86/xen/time: Output xen sched_clock time from 0 x86/xen/time: Initialize pv xen time in init_hypervisor_platform() ... commit eac341194426ba7ead3444923b9eba491ae4feeb Merge: d191c82d4d9b d878efce73fe Author: Linus Torvalds Date: Mon Aug 13 17:54:17 2018 -0700 Merge branch 'x86/pti' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 PTI updates from Thomas Gleixner: "The Speck brigade sadly provides yet another large set of patches destroying the perfomance which we carefully built and preserved - PTI support for 32bit PAE. The missing counter part to the 64bit PTI code implemented by Joerg. - A set of fixes for the Global Bit mechanics for non PCID CPUs which were setting the Global Bit too widely and therefore possibly exposing interesting memory needlessly. - Protection against userspace-userspace SpectreRSB - Support for the upcoming Enhanced IBRS mode, which is preferred over IBRS. Unfortunately we dont know the performance impact of this, but it's expected to be less horrible than the IBRS hammering. - Cleanups and simplifications" * 'x86/pti' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (60 commits) x86/mm/pti: Move user W+X check into pti_finalize() x86/relocs: Add __end_rodata_aligned to S_REL x86/mm/pti: Clone kernel-image on PTE level for 32 bit x86/mm/pti: Don't clear permissions in pti_clone_pmd() x86/mm/pti: Fix 32 bit PCID check x86/mm/init: Remove freed kernel image areas from alias mapping x86/mm/init: Add helper for freeing kernel image pages x86/mm/init: Pass unconverted symbol addresses to free_init_pages() mm: Allow non-direct-map arguments to free_reserved_area() x86/mm/pti: Clear Global bit more aggressively x86/speculation: Support Enhanced IBRS on future CPUs x86/speculation: Protect against userspace-userspace spectreRSB x86/kexec: Allocate 8k PGDs for PTI Revert "perf/core: Make sure the ring-buffer is mapped in all page-tables" x86/mm: Remove in_nmi() warning from vmalloc_fault() x86/entry/32: Check for VM86 mode in slow-path check perf/core: Make sure the ring-buffer is mapped in all page-tables x86/pti: Check the return value of pti_user_pagetable_walk_pmd() x86/pti: Check the return value of pti_user_pagetable_walk_p4d() x86/entry/32: Add debug code to check entry/exit CR3 ... commit d191c82d4d9bd0bb3b945fc458cc65053ef868a0 Merge: 4d5ac4b8ca1e 379d98ddf413 Author: Linus Torvalds Date: Mon Aug 13 17:50:17 2018 -0700 Merge branch 'x86-vdso-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 vdso update from Thomas Gleixner: "Use LD to link the VDSO libs instead of indirecting trough CC which causes build failures with Clang" * 'x86-vdso-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86: vdso: Use $LD instead of $CC to link commit 6d43743e9079ac0531b60cde7eadd0f042873344 Author: Ravi Bangoria Date: Thu Aug 9 09:48:52 2018 +0530 Uprobe: Additional argument arch_uprobe to uprobe_write_opcode() Add addition argument 'arch_uprobe' to uprobe_write_opcode(). We need this in later set of patches. Link: http://lkml.kernel.org/r/20180809041856.1547-3-ravi.bangoria@linux.ibm.com Reviewed-by: Song Liu Acked-by: Srikar Dronamraju Signed-off-by: Ravi Bangoria Signed-off-by: Steven Rostedt (VMware) commit 38e967ae1e6022557e579f673fba544cf19cf1c6 Author: Ravi Bangoria Date: Thu Aug 9 09:48:51 2018 +0530 Uprobes: Simplify uprobe_register() body Simplify uprobe_register() function body and let __uprobe_register() handle everything. Also move dependency functions around to avoid build failures. Link: http://lkml.kernel.org/r/20180809041856.1547-2-ravi.bangoria@linux.ibm.com Reviewed-by: Song Liu Acked-by: Srikar Dronamraju Signed-off-by: Ravi Bangoria Signed-off-by: Steven Rostedt (VMware) commit 1880861226c13ddd42c34ddd30c3b502b650fe29 Author: Masahiro Yamada Date: Tue Aug 14 01:48:39 2018 +0900 kconfig: remove P_ENV property type This property is not set by anyone since commit 104daea149c4 ("kconfig: reference environment variables directly and remove 'option env='"). Signed-off-by: Masahiro Yamada Acked-by: Sam Ravnborg commit 4d5ac4b8ca1ecbdb600097a26071abc5b47500bf Merge: 203b4fc903b6 5800dc5c19f3 Author: Linus Torvalds Date: Mon Aug 13 17:01:03 2018 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull misc x86 fixes from Thomas Gleixner: "Two fixes for x86: - Provide a declaration for native_save_fl() which unbreaks the wreckage caused by making it 'extern inline'. - Fix the failing paravirt patching which is supposed to replace indirect with direct calls. The wreckage is caused by an incorrect clobber test" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/paravirt: Fix spectre-v2 mitigations for paravirt guests x86/irqflags: Provide a declaration for native_save_fl commit c151272d1687ce2a379a93bf848080f9a42f1cef Author: Masahiro Yamada Date: Tue Aug 14 01:48:38 2018 +0900 kconfig: remove unused sym_get_env_prop() function This function is unused since commit 104daea149c4 ("kconfig: reference environment variables directly and remove 'option env='"). Signed-off-by: Masahiro Yamada Acked-by: Sam Ravnborg commit 512ddf7d7db056edfed3159ea7cb4e4a5eefddd4 Author: Denis Efremov Date: Fri Aug 10 23:25:55 2018 +0300 coccicheck: return proper error code on fail If coccicheck fails, it should return an error code distinct from zero to signal about an internal problem. Current code instead of exiting with the tool's error code returns the error code of 'echo "coccicheck failed"' which is almost always equals to zero, thus failing the original intention of alerting about a problem. This patch fixes the code. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Denis Efremov Acked-by: Julia Lawall Signed-off-by: Masahiro Yamada commit 09d4d9648bd01a4c124fcc30dd0c31503975e8c2 Author: Julia Lawall Date: Fri Aug 3 18:32:11 2018 +0200 Coccinelle: doubletest: reduce side effect false positives Ensure that the cited expression is not a function call or an assignment to reduce the chance of false positives. Slightly modify the warning message to indicate another source of false positves. Signed-off-by: Julia Lawall Signed-off-by: Masahiro Yamada commit 203b4fc903b644223a27ad3f25f3a0f3a3911d1d Merge: 7edcf0d314f6 765d28f13629 Author: Linus Torvalds Date: Mon Aug 13 16:29:35 2018 -0700 Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 mm updates from Thomas Gleixner: - Make lazy TLB mode even lazier to avoid pointless switch_mm() operations, which reduces CPU load by 1-2% for memcache workloads - Small cleanups and improvements all over the place * 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mm: Remove redundant check for kmem_cache_create() arm/asm/tlb.h: Fix build error implicit func declaration x86/mm/tlb: Make clear_asid_other() static x86/mm/tlb: Skip atomic operations for 'init_mm' in switch_mm_irqs_off() x86/mm/tlb: Always use lazy TLB mode x86/mm/tlb: Only send page table free TLB flush to lazy TLB CPUs x86/mm/tlb: Make lazy TLB mode lazier x86/mm/tlb: Restructure switch_mm_irqs_off() x86/mm/tlb: Leave lazy TLB mode at page table free time mm: Allocate the mm_cpumask (mm->cpu_bitmap[]) dynamically based on nr_cpu_ids x86/mm: Add TLB purge to free pmd/pte page interfaces ioremap: Update pgtable free interfaces with addr x86/mm: Disable ioremap free page handling on x86-PAE commit 7edcf0d314f69e506ddd9562062b2a79fa965bb9 Merge: 30de24c7dd21 d79d024820f2 Author: Linus Torvalds Date: Mon Aug 13 16:08:26 2018 -0700 Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 platform updates from Thomas Gleixner: "Trivial cleanups and improvements" * 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/platform/UV: Remove redundant check of p == q x86/platform/olpc: Use PTR_ERR_OR_ZERO() x86/platform/UV: Mark memblock related init code and data correctly commit c371e7b438ca2e3e463b43d09cada1cc1254864f Merge: 42c625a486f3 cf916ffbe0c6 Author: David S. Miller Date: Mon Aug 13 16:04:18 2018 -0700 Merge tag 'mlx5e-updates-2018-08-10' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux Saeed Mahameed says: ==================== mlx5e-updates-2018-08-10 This series provides the following updates to mlx5e netdevice driver. 1) First 4 patches extends the support for ethtool rxnfc flow steering - Added ipv6 support - l4 proto ip field for both ip6 and ip4 2) Next 4 patches, reorganizing flow steering structures and declaration into one header file, and add two Kconfig flags to allow disabling/enabling mlx5 netdevice rx flow steering at compile time: CONFIG_MLX5_EN_ARFS for en_arfs.c CONFIG_MLX5_EN_RXNFC for en_fs_ehtool.c 3) More kconfig flags dependencies - vxlan.c depends on CONFIG_VXLAN - clock.c depends on CONFIG_PTP_1588_CLOCK 4) Reorganize the Makefile ==================== Signed-off-by: David S. Miller commit 30de24c7dd21348b142ee977b687afc70b392af6 Merge: f4990264565c 4a7a54a55e72 Author: Linus Torvalds Date: Mon Aug 13 16:01:46 2018 -0700 Merge branch 'x86-cache-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 cache QoS (RDT/CAR) updates from Thomas Gleixner: "Add support for pseudo-locked cache regions. Cache Allocation Technology (CAT) allows on certain CPUs to isolate a region of cache and 'lock' it. Cache pseudo-locking builds on the fact that a CPU can still read and write data pre-allocated outside its current allocated area on cache hit. With cache pseudo-locking data can be preloaded into a reserved portion of cache that no application can fill, and from that point on will only serve cache hits. The cache pseudo-locked memory is made accessible to user space where an application can map it into its virtual address space and thus have a region of memory with reduced average read latency. The locking is not perfect and gets totally screwed by WBINDV and similar mechanisms, but it provides a reasonable enhancement for certain types of latency sensitive applications. The implementation extends the current CAT mechanism and provides a generally useful exclusive CAT mode on which it builds the extra pseude-locked regions" * 'x86-cache-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (45 commits) x86/intel_rdt: Disable PMU access x86/intel_rdt: Fix possible circular lock dependency x86/intel_rdt: Make CPU information accessible for pseudo-locked regions x86/intel_rdt: Support restoration of subset of permissions x86/intel_rdt: Fix cleanup of plr structure on error x86/intel_rdt: Move pseudo_lock_region_clear() x86/intel_rdt: Limit C-states dynamically when pseudo-locking active x86/intel_rdt: Support L3 cache performance event of Broadwell x86/intel_rdt: More precise L2 hit/miss measurements x86/intel_rdt: Create character device exposing pseudo-locked region x86/intel_rdt: Create debugfs files for pseudo-locking testing x86/intel_rdt: Create resctrl debug area x86/intel_rdt: Ensure RDT cleanup on exit x86/intel_rdt: Resctrl files reflect pseudo-locked information x86/intel_rdt: Support creation/removal of pseudo-locked region x86/intel_rdt: Pseudo-lock region creation/removal core x86/intel_rdt: Discover supported platforms via prefetch disable bits x86/intel_rdt: Add utilities to test pseudo-locked region possibility x86/intel_rdt: Split resource group removal in two x86/intel_rdt: Enable entering of pseudo-locksetup mode ... commit f4990264565c2ccb8f193d22aad3b429eceee1ef Merge: 27a52501970a be0e16ce7c3b Author: Linus Torvalds Date: Mon Aug 13 15:49:04 2018 -0700 Merge branch 'x86-hyperv-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86/hyper-v update from Thomas Gleixner: "Add fast hypercall support for guest running on the Microsoft HyperV(isor)" * 'x86-hyperv-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/hyper-v: Fix wrong merge conflict resolution x86/hyper-v: Check for VP_INVAL in hyperv_flush_tlb_others() x86/hyper-v: Check cpumask_to_vpset() return value in hyperv_flush_tlb_others_ex() x86/hyper-v: Trace PV IPI send x86/hyper-v: Use cheaper HVCALL_SEND_IPI hypercall when possible x86/hyper-v: Use 'fast' hypercall for HVCALL_SEND_IPI x86/hyper-v: Implement hv_do_fast_hypercall16 x86/hyper-v: Use cheaper HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} hypercalls when possible commit dddc0557e3a02499ce336b1e2e67f5afaecccc80 Author: Nicholas Kazlauskas Date: Fri Aug 3 10:40:20 2018 -0400 drm/amd/display: Guard against null crtc in CRC IRQ [Why] A null pointer deference can occur if crtc is null in amdgpu_dm_crtc_handle_crc_irq. This can happen if get_crtc_by_otg_inst returns NULL during dm_crtc_high_irq, leading to a hang in some IGT test cases. [How] Check that CRTC is non-null before accessing its fields. Signed-off-by: Nicholas Kazlauskas Reviewed-by: Sun peng Li Acked-by: Leo Li Signed-off-by: Alex Deucher commit 433149130c31de3f63b17b4ce08b45dab208f7e8 Author: Mikita Lipski Date: Tue Jul 17 10:52:19 2018 -0400 drm/amd/display: Pass connector id when executing VBIOS CT [why] Older ASICs require both phys_id and connector_id to execute bios command table. If we are not passing the right connector_id - it can lead to a black screen. [how] Set connector_obj_id when executing vbios command table Signed-off-by: Mikita Lipski Reviewed-by: Hersen Wu Acked-by: Leo Li Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit ad8960a6cb06c446d0a391ce095f6f28edf36aff Author: Mikita Lipski Date: Thu Aug 2 09:45:09 2018 -0400 drm/amd/display: Check if clock source in use before disabling [why] We are disabling clock source while other pipes are still using it, because we don't verify the number of pipes that share it. [how] - Adding a function in resources to return the number of pipes sharing the clock source. - Checking that no one is sharing the clock source before disabling Signed-off-by: Mikita Lipski Reviewed-by: Harry Wentland Acked-by: Leo Li Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit fc69009e35b74e45ad71140e94355e999b8d24af Author: Mikita Lipski Date: Mon Jul 16 09:17:55 2018 -0400 drm/amd/display: Allow clock sharing b/w HDMI and DVI [why] HDMI and DVI share the same PHY clock and single link DVI and HDMI both use 4 lanes, so they should be allowed to be sharing the same clock source if all other parameters are satisfied. [how] Change a check for general DVI to Dual DVI. Signed-off-by: Mikita Lipski Reviewed-by: Tony Cheng Reviewed-by: Harry Wentland Acked-by: Leo Li Signed-off-by: Alex Deucher commit 7cb5285507172fabe87f87ef3d2cfe148e8a918d Author: Jerry (Fangzhi) Zuo Date: Tue Jul 31 15:15:38 2018 -0400 drm/amd/display: Fix warning observed in mode change on Vega [Why] DOUBLE_BUFFER_EN bit is getting cleared before enable blanking. That leads to CRTC_BLANK_DATA_EN is getting updated immediately. [How] Get DOUBLE_BUFFER_EN bit set, the same as DCE110. Signed-off-by: Jerry (Fangzhi) Zuo Reviewed-by: Charlene Liu Acked-by: Leo Li Signed-off-by: Alex Deucher commit 321f65a62359e1490c7d9910b8557174ce779df4 Author: Charlene Liu Date: Mon Jul 30 17:59:20 2018 -0400 drm/amd/display: fix single link DVI has no display Signed-off-by: Charlene Liu Reviewed-by: Dmytro Laktyushkin Acked-by: Leo Li Signed-off-by: Alex Deucher commit 20acbed47d30efbf14e5aecc5ec5e5f152db7810 Author: Emily Deng Date: Mon Aug 13 14:46:06 2018 +0800 drm/amdgpu/vce: VCE entity initialization relies on ring initializtion Entity init should after ring init, as the entity's sched_rq's initialization is in ring init. SWDEV-161495 Signed-off-by: Emily Deng Reviewed-by: Christian König Signed-off-by: Alex Deucher commit 27a52501970a493a068657281dff8bcaacb6f6fb Merge: 7796916146b8 8e974b3b8edd Author: Linus Torvalds Date: Mon Aug 13 15:21:12 2018 -0700 Merge branch 'x86-debug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 dump printing cleanup from Thomas Gleixner: "Clean up the show_opcodes() printout so nested dumps can be properly differentiated" * 'x86-debug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86: Avoid pr_cont() in show_opcodes() commit 33d5bd0705440c158c909da7538f05fc7a0ebcdf Author: Emily Deng Date: Mon Aug 13 14:45:34 2018 +0800 drm/amdgpu/uvd: UVD entity initialization relys on ring initialization Entity init should after ring init, as the entity's sched_rq's initialization is in ring init. SWDEV-161495 Signed-off-by: Emily Deng Reviewed-by: Christian König Signed-off-by: Alex Deucher commit 4d77c0f676e910fb1f1870738aa4bd168f253621 Author: Likun Gao Date: Fri Aug 10 00:31:42 2018 +0800 drm/amdgpu:add VCN booting with firmware loaded by PSP Setup psp firmware loading for VCN, and make VCN block booting from tmr mac address. Signed-off-by: James Zhu Reviewed-by: Alex Deucher Acked-by: Huang Rui Reviewed-by: Likun Gao Signed-off-by: Likun Gao Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 235ac9de625a0a586093ad81b3de6f7d7ab913ed Author: Likun Gao Date: Fri Aug 10 00:31:41 2018 +0800 drm/amdgpu:add VCN support in PSP driver Add VCN support in PSP driver Signed-off-by: James Zhu Reviewed-by: Alex Deucher Acked-by: Huang Rui Reviewed-by: Likun Gao Signed-off-by: Likun Gao Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit c9ca989696ff28ffb015cc2b7c5577938ef2626c Author: Likun Gao Date: Fri Aug 10 00:31:40 2018 +0800 drm/amdgpu:add new firmware id for VCN Add the new firmware id for VCN into the enum Signed-off-by: James Zhu Reviewed-by: Alex Deucher Acked-by: Huang Rui Reviewed-by: Likun Gao Signed-off-by: Likun Gao Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 435198f33b56d7b875a8173a0227ddf0de285aa1 Author: James Zhu Date: Fri Aug 10 00:31:39 2018 +0800 drm/amdgpu: update tmr mc address Update tmr mc address with firmware loading address which is returned from PSP firmware Signed-off-by: James Zhu Reviewed-by: Alex Deucher Acked-by: Huang Rui Reviewed-by: Likun Gao Signed-off-by: Likun Gao Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit abf412b3efb2f943d9b98a489e9aca836be21333 Author: James Zhu Date: Fri Aug 10 00:31:38 2018 +0800 drm/amdgpu:add tmr mc address into amdgpu_firmware_info amdgpu IP blocks booting need Trust Memory Region(tmr) mc address of its firmware which is loaded by PSP Signed-off-by: James Zhu Reviewed-by: Alex Deucher Acked-by: Huang Rui Reviewed-by: Likun Gao Signed-off-by: Likun Gao Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 7796916146b8c34cbbef66470ab8b5b28cf47e83 Merge: 36f49ca8ca6d 301d328a6f8b Author: Linus Torvalds Date: Mon Aug 13 14:41:53 2018 -0700 Merge branch 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 cpu updates from Thomas Gleixner: "Two small updates for the CPU code: - Improve NUMA emulation - Add the EPT_AD CPU feature bit" * 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/cpufeatures: Add EPT_AD feature bit x86/numa_emulation: Introduce uniform split capability x86/numa_emulation: Fix emulated-to-physical node mapping commit 62421cd943014a84b095cefb31d2261c51eb3d4b Author: Trond Myklebust Date: Sat Aug 11 11:52:39 2018 -0400 NFSv4: Fix a typo in nfs4_init_channel_attrs() The back channel size is allowed to be 1 or greater. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 8aafd2fde3784f962c87aa6ff9c88e4def307036 Author: Trond Myklebust Date: Sat Aug 11 11:52:38 2018 -0400 NFSv4: Don't busy wait if NFSv4 session draining is interrupted Catch the ERESTARTSYS error so that it can be processed by the callers. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 36f49ca8ca6d786936f48b874d30fded5b2b7bd9 Merge: 00b24d545549 0b2c1aec49dd Author: Linus Torvalds Date: Mon Aug 13 14:13:53 2018 -0700 Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 cleanups from Thomas Gleixner: "Trival cleanups" * 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/iommu: Use NULL instead of 0 x86/platform/pcspeaker: Use PTR_ERR_OR_ZERO() to fix ptr_ret.cocci warning commit 00b24d545549b5e4a49ff00f017391c3b62a2f05 Merge: f24d6f2654d3 bdc9c3e5ed95 Author: Linus Torvalds Date: Mon Aug 13 14:12:24 2018 -0700 Merge branch 'x86-build-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 build cleanup from Thomas Gleixner: "Remove a stale quirk for a no longer supported GCC version" * 'x86-build-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/build: Remove old -funit-at-a-time GCC quirk commit e4648aa4f98a87cf0a83f73a5864cede073053a0 Author: Olga Kornievskaia Date: Mon Aug 13 15:33:01 2018 -0400 NFS recover from destination server reboot for copies Mark the destination state to indicate a server-side copy is happening. On detecting a reboot and recovering open state check if any state is engaged in a server-side copy, if so, find the copy and mark it and then signal the waiting thread. Upon wakeup, if copy was marked then propage EAGAIN to the nfsd_copy_file_range and restart the copy from scratch. Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker commit d8dfa59f5a512a536b80a4a8f12fa993683f48df Author: Kees Cook Date: Thu Jun 28 17:04:21 2018 -0700 bus: imx-weim: Remove VLA usage In the quest to remove all stack VLA usage from the kernel[1], this switches to using a maximum size and adds a sanity check. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Cc: Shawn Guo Cc: Sascha Hauer Cc: Pengutronix Kernel Team Cc: Fabio Estevam Cc: NXP Linux Team Signed-off-by: Kees Cook Reviewed-by: Arnd Bergmann Acked-by: Shawn Guo commit 699112f5e831c088ff6aeea594d23ebecf6bd806 Author: Kees Cook Date: Tue Jun 19 21:38:31 2018 -0700 drm/i2c: tda9950: Remove VLA usage In the quest to remove all stack VLA usage from the kernel[1], this sets the buffer to maximum size and adds a sanity check. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Cc: David Airlie Cc: Hans Verkuil Cc: Russell King Cc: dri-devel@lists.freedesktop.org Signed-off-by: Kees Cook commit f24d6f2654d39355cdf8285e21409ed8d56d4284 Merge: b9b8e5b76386 6709812f094d Author: Linus Torvalds Date: Mon Aug 13 13:35:26 2018 -0700 Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 asm updates from Thomas Gleixner: "The lowlevel and ASM code updates for x86: - Make stack trace unwinding more reliable - ASM instruction updates for better code generation - Various cleanups" * 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/entry/64: Add two more instruction suffixes x86/asm/64: Use 32-bit XOR to zero registers x86/build/vdso: Simplify 'cmd_vdso2c' x86/build/vdso: Remove unused vdso-syms.lds x86/stacktrace: Enable HAVE_RELIABLE_STACKTRACE for the ORC unwinder x86/unwind/orc: Detect the end of the stack x86/stacktrace: Do not fail for ORC with regs on stack x86/stacktrace: Clarify the reliable success paths x86/stacktrace: Remove STACKTRACE_DUMP_ONCE x86/stacktrace: Do not unwind after user regs x86/asm: Use CC_SET/CC_OUT in percpu_cmpxchg8b_double() to micro-optimize code generation commit b9b8e5b76386da8d0795fa143bb012f1bf993733 Merge: 66e22087bdf6 216a37202f10 Author: Linus Torvalds Date: Mon Aug 13 13:32:42 2018 -0700 Merge branch 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 boot updates from Thomas Gleixner: "Boot code updates for x86: - Allow to skip a given amount of huge pages for address layout randomization on the kernel command line to prevent regressions in the huge page allocation with small memory sizes - Various cleanups" * 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/boot: Use CC_SET()/CC_OUT() instead of open coding it x86/boot/KASLR: Make local variable mem_limit static x86/boot/KASLR: Skip specified number of 1GB huge pages when doing physical randomization (KASLR) x86/boot/KASLR: Add two new functions for 1GB huge pages handling commit 66e22087bdf65c6bdea0a2994fbf7e16995f19f0 Merge: 1e45e9a95ec2 843c40890501 Author: Linus Torvalds Date: Mon Aug 13 13:31:08 2018 -0700 Merge branch 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 apic update from Thomas Gleixner: "Trivial cleanups of the APIC related code" * 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/apic: Trivial coding style fixes x86/vector: Merge allocate_vector() into assign_vector_locked() commit 1e45e9a95ec277272f73439629b6e3fe1f047e92 Merge: 8603596a327c fbfa9260085b Author: Linus Torvalds Date: Mon Aug 13 13:02:31 2018 -0700 Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer updates from Thomas Gleixner: "The timers departement more or less proudly presents: - More Y2038 timekeeping work mostly in the core code. The work is slowly, but steadily targeting the actuall syscalls. - Enhanced timekeeping suspend/resume support by utilizing clocksources which do not stop during suspend, but are otherwise not the main timekeeping clocksources. - Make NTP adjustmets more accurate and immediate when the frequency is set directly and not incrementally. - Sanitize the overrung handing of posix timers - A new timer driver for Mediatek SoCs - The usual pile of fixes and updates all over the place" * 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (32 commits) clockevents: Warn if cpu_all_mask is used as cpumask tick/broadcast-hrtimer: Use cpu_possible_mask for ce_broadcast_hrtimer clocksource/drivers/arm_arch_timer: Fix bogus cpu_all_mask usage clocksource: ti-32k: Remove CLOCK_SOURCE_SUSPEND_NONSTOP flag timers: Clear timer_base::must_forward_clk with timer_base::lock held clocksource/drivers/sprd: Register one always-on timer to compensate suspend time clocksource/drivers/timer-mediatek: Add support for system timer clocksource/drivers/timer-mediatek: Convert the driver to timer-of clocksource/drivers/timer-mediatek: Use specific prefix for GPT clocksource/drivers/timer-mediatek: Rename mtk_timer to timer-mediatek clocksource/drivers/timer-mediatek: Add system timer bindings clocksource/drivers: Set clockevent device cpumask to cpu_possible_mask time: Introduce one suspend clocksource to compensate the suspend time time: Fix extra sleeptime injection when suspend fails timekeeping/ntp: Constify some function arguments ntp: Use kstrtos64 for s64 variable ntp: Remove redundant arguments timer: Fix coding style ktime: Provide typesafe ktime_to_ns() hrtimer: Improve kernel message printing ... commit 8603596a327c978534f5c45db135e6c36b4b1425 Merge: de5d1b39ea0b ec2cb7a526d4 Author: Linus Torvalds Date: Mon Aug 13 12:55:49 2018 -0700 Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf update from Thomas Gleixner: "The perf crowd presents: Kernel updates: - Removal of jprobes - Cleanup and consolidatation the handling of kprobes - Cleanup and consolidation of hardware breakpoints - The usual pile of fixes and updates to PMUs and event descriptors Tooling updates: - Updates and improvements all over the place. Nothing outstanding, just the (good) boring incremental grump work" * 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (103 commits) perf trace: Do not require --no-syscalls to suppress strace like output perf bpf: Include uapi/linux/bpf.h from the 'perf trace' script's bpf.h perf tools: Allow overriding MAX_NR_CPUS at compile time perf bpf: Show better message when failing to load an object perf list: Unify metric group description format with PMU event description perf vendor events arm64: Update ThunderX2 implementation defined pmu core events perf cs-etm: Generate branch sample for CS_ETM_TRACE_ON packet perf cs-etm: Generate branch sample when receiving a CS_ETM_TRACE_ON packet perf cs-etm: Support dummy address value for CS_ETM_TRACE_ON packet perf cs-etm: Fix start tracing packet handling perf build: Fix installation directory for eBPF perf c2c report: Fix crash for empty browser perf tests: Fix indexing when invoking subtests perf trace: Beautify the AF_INET & AF_INET6 'socket' syscall 'protocol' args perf trace beauty: Add beautifiers for 'socket''s 'protocol' arg perf trace beauty: Do not print NULL strarray entries perf beauty: Add a generator for IPPROTO_ socket's protocol constants tools include uapi: Grab a copy of linux/in.h perf tests: Fix complex event name parsing perf evlist: Fix error out while applying initial delay and LBR ... commit cf916ffbe0c628bb072ea829f300cff1874162ce Author: Eli Cohen Date: Sun Apr 29 09:17:34 2018 -0500 net/mlx5: Improve argument name for add flow API The last argument to mlx5_add_flow_rules passes the number of destinations in the struct pointed to by the dest arg. Change the name to better reflect this fact. Signed-off-by: Eli Cohen Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed commit a8274b854b5e7c78187d7b9eaf701e1f6e1ccfcb Author: Saeed Mahameed Date: Tue Jul 31 14:44:00 2018 -0700 net/mlx5: Reorganize the makefile Reorganize the Makefile and group files together according to their functionality and importance. Signed-off-by: Saeed Mahameed commit 6dbc80ca41f5a76e0d2ae4e96b2476d68a2ea17f Author: Moshe Shemesh Date: Sun Jul 29 13:29:45 2018 +0300 net/mlx5e: clock.c depends on CONFIG_PTP_1588_CLOCK lib/clock.c includes clock related functions which require ptp support. Thus compile out lib/clock.c and add the needed function stubs in case kconfig CONFIG_PTP_1588_CLOCK is off. Signed-off-by: Moshe Shemesh Signed-off-by: Saeed Mahameed commit c5791ab0abecb5e4a41673b83e3660f731b0717b Author: Saeed Mahameed Date: Fri Jul 13 10:58:49 2018 -0700 net/mlx5e: vxlan.c depends on CONFIG_VXLAN When vxlan is not enabled by kernel, no need to enable it in mlx5. Compile out lib/vxlan.c if CONFIG_VXLAN is not selected. Signed-off-by: Saeed Mahameed Reviewed-by: Moshe Shemesh Reviewed-by: Eran Ben Elisha commit 44f68ae0cad6afbd72d3de1c7b0e149c1655b626 Author: Saeed Mahameed Date: Thu Jul 12 03:09:19 2018 -0700 net/mlx5e: Move flow steering declarations into en/fs.h Move flow steering declarations and definitions into the dedicated en/fs.h header file Signed-off-by: Saeed Mahameed Reviewed-by: Moshe Shemesh commit ec080045977073c5e69a7fddee3a8aef9bf62881 Author: Saeed Mahameed Date: Thu Jul 12 03:01:26 2018 -0700 net/mlx5e: Add CONFIG_MLX5_EN_ARFS for accelerated flow steering support Add new mlx5 Kconfig flag to allow selecting accelerated flow steering support, and compile out en_arfs.c if not selected. Move arfs declarations and definitions to en/fs.h header file. Signed-off-by: Saeed Mahameed Reviewed-by: Moshe Shemesh commit fe6d86b3c3165e6c55d6b0049a13d3b65371163a Author: Saeed Mahameed Date: Wed Jul 11 12:02:42 2018 -0700 net/mlx5e: Add CONFIG_MLX5_EN_RXNFC for ethtool rx nfc Add new mlx5 Kconfig flag to allow selecting ethtool rx nfc support, and compile out en_fs_ehtool.c if not selected. Add en/fs.h header file to host all steering declarations and definitions. Signed-off-by: Saeed Mahameed Reviewed-by: Moshe Shemesh commit cff2b1e3e83286e569466663b35bf0ae23afcbcf Author: Saeed Mahameed Date: Tue Jul 10 17:04:49 2018 -0700 net/mlx5e: Ethtool steering, move ethtool callbacks Move ethool rxnfc callback into en_fs_etthool file where they belong. This will allow us to make many ethtool fs related helper functions static. Signed-off-by: Saeed Mahameed commit 974ce34a0c1278957448d83f53ddfc7a565171ec Author: Saeed Mahameed Date: Sun Jul 8 00:24:21 2018 -0700 net/mlx5e: Ethtool steering, l4 proto support Add support for l4 proto ip field in ethtool flow steering. Example: Redirect icmpv6 to rx queue #2 ethtool -U eth0 flow-type ip6 l4proto 58 action 2 Signed-off-by: Saeed Mahameed commit ca7deb028a2c7c38e6f743443376dd52ea526f0d Author: Saeed Mahameed Date: Thu Jul 5 17:11:09 2018 -0700 net/mlx5e: Ethtool steering, ip6 support Add ip6 support for ethtool flow steering. New supported flow types: ip6|tcp6|udp6| Supported fields: src-ip|dst-ip|src-port|dst-port Signed-off-by: Saeed Mahameed commit 7695e73f3db4576ef3ce05063c28e9a673425763 Author: Bjorn Helgaas Date: Mon Aug 13 14:30:41 2018 -0500 PCI: Add function 1 DMA alias quirk for Marvell 88SS9183 Add function 1 DMA alias quirk for Marvell 88SS9183 PCIe SSD Controller. Link: https://bugzilla.kernel.org/show_bug.cgi?id=42679#c134 Reported-and-tested-by: Felix Blüthner Signed-off-by: Bjorn Helgaas commit bc9e9cf0401f18e33b78d4c8a518661b8346baf7 Author: Mikulas Patocka Date: Fri Aug 10 11:23:56 2018 -0400 dm crypt: don't decrease device limits dm-crypt should only increase device limits, it should not decrease them. This fixes a bug where the user could creates a crypt device with 1024 sector size on the top of scsi device that had 4096 logical block size. The limit 4096 would be lost and the user could incorrectly send 1024-I/Os to the crypt device. Cc: stable@vger.kernel.org Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer commit de5d1b39ea0b38a9f4dfb08966042b7b91e2df30 Merge: 1c594774283a fd2efaa4eb53 Author: Linus Torvalds Date: Mon Aug 13 12:23:39 2018 -0700 Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull locking/atomics update from Thomas Gleixner: "The locking, atomics and memory model brains delivered: - A larger update to the atomics code which reworks the ordering barriers, consolidates the atomic primitives, provides the new atomic64_fetch_add_unless() primitive and cleans up the include hell. - Simplify cmpxchg() instrumentation and add instrumentation for xchg() and cmpxchg_double(). - Updates to the memory model and documentation" * 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (48 commits) locking/atomics: Rework ordering barriers locking/atomics: Instrument cmpxchg_double*() locking/atomics: Instrument xchg() locking/atomics: Simplify cmpxchg() instrumentation locking/atomics/x86: Reduce arch_cmpxchg64*() instrumentation tools/memory-model: Rename litmus tests to comply to norm7 tools/memory-model/Documentation: Fix typo, smb->smp sched/Documentation: Update wake_up() & co. memory-barrier guarantees locking/spinlock, sched/core: Clarify requirements for smp_mb__after_spinlock() sched/core: Use smp_mb() in wake_woken_function() tools/memory-model: Add informal LKMM documentation to MAINTAINERS locking/atomics/Documentation: Describe atomic_set() as a write operation tools/memory-model: Make scripts executable tools/memory-model: Remove ACCESS_ONCE() from model tools/memory-model: Remove ACCESS_ONCE() from recipes locking/memory-barriers.txt/kokr: Update Korean translation to fix broken DMA vs. MMIO ordering example MAINTAINERS: Add Daniel Lustig as an LKMM reviewer tools/memory-model: Fix ISA2+pooncelock+pooncelock+pombonce name tools/memory-model: Add litmus test for full multicopy atomicity locking/refcount: Always allow checked forms ... commit 1c594774283a7cfe6dc0f8ffdfb2dbfc497502c4 Merge: f7951c33f0fe d018031f562b Author: Linus Torvalds Date: Mon Aug 13 12:21:46 2018 -0700 Merge branch 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull CPU hotplug update from Thomas Gleixner: "A trivial name fix for the hotplug state machine" * 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: cpu/hotplug: Clarify CPU hotplug step name for timers commit 142644f8a1f8b419005d8b3c641e80b32ce2a5f7 Author: Saeed Mahameed Date: Thu Jul 5 17:31:14 2018 -0700 net/mlx5e: Ethtool steering flow parsing refactoring Have a parsing function per flow type, that converts from ethtool rx flow spec to mlx5 flow spec. Will be useful to add support for ip6 ethtool flow steering in the next patch. Signed-off-by: Saeed Mahameed commit b29c61dac3a258575c438c7ae1fc4c20260d823c Author: Saeed Mahameed Date: Thu Jul 5 17:30:34 2018 -0700 net/mlx5e: Ethtool steering flow validation refactoring Have a ethtool rx flow spec validation helper function per flow type. Signed-off-by: Saeed Mahameed commit 491278b698774d3b0d8974acfc994cc482e95485 Author: Suman Anna Date: Mon Jul 23 18:27:57 2018 -0500 remoteproc/davinci: Mark error recovery as disabled The Davinci remoteproc driver does not support error recovery at present, so mark the corresponding remoteproc flag appropriately so that the debugfs flag shows the value as 'disabled' by default. Signed-off-by: Suman Anna Signed-off-by: Bjorn Andersson commit a2eed33dcdb7663170b01f05dd8d0a3323ffe4b3 Author: Gustavo A. R. Silva Date: Tue Jul 3 14:23:05 2018 -0500 ide: mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 777a82f87a9af591c3b02e9983d6cd3109022ea9 Author: Colin Ian King Date: Mon Jul 2 11:00:26 2018 +0100 ide-tape: remove redundant variable buffer_size Variable buffer_size is being assigned but is never used hence it is redundant and can be removed. Cleans up clang warning: warning: variable 'buffer_size' set but not used [-Wunused-but-set-variable] Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit bb1215a2d011db15e9a8d5d2469c0ad9651d7660 Author: Colin Ian King Date: Mon Jul 2 10:47:05 2018 +0100 ide: remove redundant variables queue_run_ms and left Variable queue_run_ms is not being used and is redundant and hence can be removed. Removing this also means that variable left can also be removed. Cleans up clang warning: warning: variable ‘queue_run_ms’ set but not used [-Wunused-but-set-variable] Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit 51d8aac236493833acf60d9c3b6c42437a18da36 Author: Alexander Kapshuk Date: Sat Aug 11 11:39:15 2018 +0300 perf tools: Fix check-headers.sh AND list path of execution The '||' path of execution in the 'test' block of the check_2() function may also be taken if file2 does not exist, in which case the warning message about the ABI headers being different would still be printed where it should not be. See below. % file1=file1; file2=file2 % cmd="echo diff $file1 $file2" % test -f $file2 && \ eval $cmd || echo "Warning: Kernel ABI header at 'tools/$file1' differs from latest version at '$file2'" >&2 Warning: Kernel ABI header at 'tools/file1' differs from latest version at 'file2' The proposed patch converts the code following the '&&' operator into a compound list to be executed in the current process environment only if file2 does exist. Should the files being compared differ, a diff command to compare the files concerned is printed on standard output. E.g. $ diff -u tools/arch/x86/lib/memcpy_64.S arch/x86/lib/memcpy_64.S Committer testing: Remove a line from that tools/arch/x86/lib/memcpy_64.S file to test this: BUILD: Doing 'make -j4' parallel build Warning: Kernel ABI header at 'tools/arch/x86/lib/memcpy_64.S' differs from latest version at 'arch/x86/lib/memcpy_64.S' diff -u tools/arch/x86/lib/memcpy_64.S arch/x86/lib/memcpy_64.S CC /tmp/build/perf/bench/mem-memcpy-x86-64-asm.o Signed-off-by: Alexander Kapshuk Tested-by: Arnaldo Carvalho de Melo Acked-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180811083915.17471-1-alexander.kapshuk@gmail.com Signed-off-by: Arnaldo Carvalho de Melo commit 42c625a486f367ad57d4257de6d9459daf9484a0 Author: Vlad Buslov Date: Mon Aug 13 20:20:11 2018 +0300 net: sched: act_ife: disable bh when taking ife_mod_lock Lockdep reports deadlock for following locking scenario in ife action: Task one: 1) Executes ife action update. 2) Takes tcfa_lock. 3) Waits on ife_mod_lock which is already taken by task two. Task two: 1) Executes any path that obtains ife_mod_lock without disabling bh (any path that takes ife_mod_lock while holding tcfa_lock has bh disabled) like loading a meta module, or creating new action. 2) Takes ife_mod_lock. 3) Task is preempted by rate estimator timer. 4) Timer callback waits on tcfa_lock which is taken by task one. In described case tasks deadlock because they take same two locks in different order. To prevent potential deadlock reported by lockdep, always disable bh when obtaining ife_mod_lock. Lockdep warning: [ 508.101192] ===================================================== [ 508.107708] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 508.114728] 4.18.0-rc8+ #646 Not tainted [ 508.119050] ----------------------------------------------------- [ 508.125559] tc/5460 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 508.132025] 000000005a938c68 (ife_mod_lock){++++}, at: find_ife_oplist+0x1e/0xc0 [act_ife] [ 508.140996] and this task is already holding: [ 508.147548] 00000000d46f6c56 (&(&p->tcfa_lock)->rlock){+.-.}, at: tcf_ife_init+0x6ae/0xf40 [act_ife] [ 508.157371] which would create a new lock dependency: [ 508.162828] (&(&p->tcfa_lock)->rlock){+.-.} -> (ife_mod_lock){++++} [ 508.169572] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 508.178197] (&(&p->tcfa_lock)->rlock){+.-.} [ 508.178201] ... which became SOFTIRQ-irq-safe at: [ 508.189771] _raw_spin_lock+0x2c/0x40 [ 508.193906] est_fetch_counters+0x41/0xb0 [ 508.198391] est_timer+0x83/0x3c0 [ 508.202180] call_timer_fn+0x16a/0x5d0 [ 508.206400] run_timer_softirq+0x399/0x920 [ 508.210967] __do_softirq+0x157/0x97d [ 508.215102] irq_exit+0x152/0x1c0 [ 508.218888] smp_apic_timer_interrupt+0xc0/0x4e0 [ 508.223976] apic_timer_interrupt+0xf/0x20 [ 508.228540] cpuidle_enter_state+0xf8/0x5d0 [ 508.233198] do_idle+0x28a/0x350 [ 508.236881] cpu_startup_entry+0xc7/0xe0 [ 508.241296] start_secondary+0x2e8/0x3f0 [ 508.245678] secondary_startup_64+0xa5/0xb0 [ 508.250347] to a SOFTIRQ-irq-unsafe lock: (ife_mod_lock){++++} [ 508.256531] ... which became SOFTIRQ-irq-unsafe at: [ 508.267279] ... [ 508.267283] _raw_write_lock+0x2c/0x40 [ 508.273653] register_ife_op+0x118/0x2c0 [act_ife] [ 508.278926] do_one_initcall+0xf7/0x4d9 [ 508.283214] do_init_module+0x18b/0x44e [ 508.287521] load_module+0x4167/0x5730 [ 508.291739] __do_sys_finit_module+0x16d/0x1a0 [ 508.296654] do_syscall_64+0x7a/0x3f0 [ 508.300788] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 508.306302] other info that might help us debug this: [ 508.315286] Possible interrupt unsafe locking scenario: [ 508.322771] CPU0 CPU1 [ 508.327681] ---- ---- [ 508.332604] lock(ife_mod_lock); [ 508.336300] local_irq_disable(); [ 508.342608] lock(&(&p->tcfa_lock)->rlock); [ 508.349793] lock(ife_mod_lock); [ 508.355990] [ 508.358974] lock(&(&p->tcfa_lock)->rlock); [ 508.363803] *** DEADLOCK *** [ 508.370715] 2 locks held by tc/5460: [ 508.374680] #0: 00000000e27e4fa4 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x583/0x7b0 [ 508.383366] #1: 00000000d46f6c56 (&(&p->tcfa_lock)->rlock){+.-.}, at: tcf_ife_init+0x6ae/0xf40 [act_ife] [ 508.393648] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 508.403505] -> (&(&p->tcfa_lock)->rlock){+.-.} ops: 1001553 { [ 508.409646] HARDIRQ-ON-W at: [ 508.413136] _raw_spin_lock_bh+0x34/0x40 [ 508.419059] gnet_stats_start_copy_compat+0xa2/0x230 [ 508.426021] gnet_stats_start_copy+0x16/0x20 [ 508.432333] tcf_action_copy_stats+0x95/0x1d0 [ 508.438735] tcf_action_dump_1+0xb0/0x4e0 [ 508.444795] tcf_action_dump+0xca/0x200 [ 508.450673] tcf_exts_dump+0xd9/0x320 [ 508.456392] fl_dump+0x1b7/0x4a0 [cls_flower] [ 508.462798] tcf_fill_node+0x380/0x530 [ 508.468601] tfilter_notify+0xdf/0x1c0 [ 508.474404] tc_new_tfilter+0x84a/0xc90 [ 508.480270] rtnetlink_rcv_msg+0x5bd/0x7b0 [ 508.486419] netlink_rcv_skb+0x184/0x220 [ 508.492394] netlink_unicast+0x31b/0x460 [ 508.507411] netlink_sendmsg+0x3fb/0x840 [ 508.513390] sock_sendmsg+0x7b/0xd0 [ 508.518907] ___sys_sendmsg+0x4c6/0x610 [ 508.524797] __sys_sendmsg+0xd7/0x150 [ 508.530510] do_syscall_64+0x7a/0x3f0 [ 508.536201] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 508.543301] IN-SOFTIRQ-W at: [ 508.546834] _raw_spin_lock+0x2c/0x40 [ 508.552522] est_fetch_counters+0x41/0xb0 [ 508.558571] est_timer+0x83/0x3c0 [ 508.563912] call_timer_fn+0x16a/0x5d0 [ 508.569699] run_timer_softirq+0x399/0x920 [ 508.575840] __do_softirq+0x157/0x97d [ 508.581538] irq_exit+0x152/0x1c0 [ 508.586882] smp_apic_timer_interrupt+0xc0/0x4e0 [ 508.593533] apic_timer_interrupt+0xf/0x20 [ 508.599686] cpuidle_enter_state+0xf8/0x5d0 [ 508.605895] do_idle+0x28a/0x350 [ 508.611147] cpu_startup_entry+0xc7/0xe0 [ 508.617097] start_secondary+0x2e8/0x3f0 [ 508.623029] secondary_startup_64+0xa5/0xb0 [ 508.629245] INITIAL USE at: [ 508.632686] _raw_spin_lock_bh+0x34/0x40 [ 508.638557] gnet_stats_start_copy_compat+0xa2/0x230 [ 508.645491] gnet_stats_start_copy+0x16/0x20 [ 508.651719] tcf_action_copy_stats+0x95/0x1d0 [ 508.657992] tcf_action_dump_1+0xb0/0x4e0 [ 508.663937] tcf_action_dump+0xca/0x200 [ 508.669716] tcf_exts_dump+0xd9/0x320 [ 508.675337] fl_dump+0x1b7/0x4a0 [cls_flower] [ 508.681650] tcf_fill_node+0x380/0x530 [ 508.687366] tfilter_notify+0xdf/0x1c0 [ 508.693031] tc_new_tfilter+0x84a/0xc90 [ 508.698820] rtnetlink_rcv_msg+0x5bd/0x7b0 [ 508.704869] netlink_rcv_skb+0x184/0x220 [ 508.710758] netlink_unicast+0x31b/0x460 [ 508.716627] netlink_sendmsg+0x3fb/0x840 [ 508.722510] sock_sendmsg+0x7b/0xd0 [ 508.727931] ___sys_sendmsg+0x4c6/0x610 [ 508.733729] __sys_sendmsg+0xd7/0x150 [ 508.739346] do_syscall_64 +0x7a/0x3f0 [ 508.744943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 508.751930] } [ 508.753964] ... key at: [] __key.61145+0x0/0x40 [ 508.760946] ... acquired at: [ 508.764294] _raw_read_lock+0x2f/0x40 [ 508.768513] find_ife_oplist+0x1e/0xc0 [act_ife] [ 508.773692] tcf_ife_init+0x82f/0xf40 [act_ife] [ 508.778785] tcf_action_init_1+0x510/0x750 [ 508.783468] tcf_action_init+0x1e8/0x340 [ 508.787938] tcf_action_add+0xc5/0x240 [ 508.792241] tc_ctl_action+0x203/0x2a0 [ 508.796550] rtnetlink_rcv_msg+0x5bd/0x7b0 [ 508.801200] netlink_rcv_skb+0x184/0x220 [ 508.805674] netlink_unicast+0x31b/0x460 [ 508.810129] netlink_sendmsg+0x3fb/0x840 [ 508.814611] sock_sendmsg+0x7b/0xd0 [ 508.818665] ___sys_sendmsg+0x4c6/0x610 [ 508.823029] __sys_sendmsg+0xd7/0x150 [ 508.827246] do_syscall_64+0x7a/0x3f0 [ 508.831483] entry_SYSCALL_64_after_hwframe+0x49/0xbe the dependencies between the lock to be acquired [ 508.838945] and SOFTIRQ-irq-unsafe lock: [ 508.851177] -> (ife_mod_lock){++++} ops: 95 { [ 508.855920] HARDIRQ-ON-W at: [ 508.859478] _raw_write_lock+0x2c/0x40 [ 508.865264] register_ife_op+0x118/0x2c0 [act_ife] [ 508.872071] do_one_initcall+0xf7/0x4d9 [ 508.877947] do_init_module+0x18b/0x44e [ 508.883819] load_module+0x4167/0x5730 [ 508.889595] __do_sys_finit_module+0x16d/0x1a0 [ 508.896043] do_syscall_64+0x7a/0x3f0 [ 508.901734] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 508.908827] HARDIRQ-ON-R at: [ 508.912359] _raw_read_lock+0x2f/0x40 [ 508.918043] find_ife_oplist+0x1e/0xc0 [act_ife] [ 508.924692] tcf_ife_init+0x82f/0xf40 [act_ife] [ 508.931252] tcf_action_init_1+0x510/0x750 [ 508.937393] tcf_action_init+0x1e8/0x340 [ 508.943366] tcf_action_add+0xc5/0x240 [ 508.949130] tc_ctl_action+0x203/0x2a0 [ 508.954922] rtnetlink_rcv_msg+0x5bd/0x7b0 [ 508.961024] netlink_rcv_skb+0x184/0x220 [ 508.966970] netlink_unicast+0x31b/0x460 [ 508.972915] netlink_sendmsg+0x3fb/0x840 [ 508.978859] sock_sendmsg+0x7b/0xd0 [ 508.984400] ___sys_sendmsg+0x4c6/0x610 [ 508.990264] __sys_sendmsg+0xd7/0x150 [ 508.995952] do_syscall_64+0x7a/0x3f0 [ 509.001643] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 509.008722] SOFTIRQ-ON-W at:\ [ 509.012242] _raw_write_lock+0x2c/0x40 [ 509.018013] register_ife_op+0x118/0x2c0 [act_ife] [ 509.024841] do_one_initcall+0xf7/0x4d9 [ 509.030720] do_init_module+0x18b/0x44e [ 509.036604] load_module+0x4167/0x5730 [ 509.042397] __do_sys_finit_module+0x16d/0x1a0 [ 509.048865] do_syscall_64+0x7a/0x3f0 [ 509.054551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 509.061636] SOFTIRQ-ON-R at: [ 509.065145] _raw_read_lock+0x2f/0x40 [ 509.070854] find_ife_oplist+0x1e/0xc0 [act_ife] [ 509.077515] tcf_ife_init+0x82f/0xf40 [act_ife] [ 509.084051] tcf_action_init_1+0x510/0x750 [ 509.090172] tcf_action_init+0x1e8/0x340 [ 509.096124] tcf_action_add+0xc5/0x240 [ 509.101891] tc_ctl_action+0x203/0x2a0 [ 509.107671] rtnetlink_rcv_msg+0x5bd/0x7b0 [ 509.113811] netlink_rcv_skb+0x184/0x220 [ 509.119768] netlink_unicast+0x31b/0x460 [ 509.125716] netlink_sendmsg+0x3fb/0x840 [ 509.131668] sock_sendmsg+0x7b/0xd0 [ 509.137167] ___sys_sendmsg+0x4c6/0x610 [ 509.143010] __sys_sendmsg+0xd7/0x150 [ 509.148718] do_syscall_64+0x7a/0x3f0 [ 509.154443] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 509.161533] INITIAL USE at: [ 509.164956] _raw_read_lock+0x2f/0x40 [ 509.170574] find_ife_oplist+0x1e/0xc0 [act_ife] [ 509.177134] tcf_ife_init+0x82f/0xf40 [act_ife] [ 509.183619] tcf_action_init_1+0x510/0x750 [ 509.189674] tcf_action_init+0x1e8/0x340 [ 509.195534] tcf_action_add+0xc5/0x240 [ 509.201229] tc_ctl_action+0x203/0x2a0 [ 509.206920] rtnetlink_rcv_msg+0x5bd/0x7b0 [ 509.212936] netlink_rcv_skb+0x184/0x220 [ 509.218818] netlink_unicast+0x31b/0x460 [ 509.224699] netlink_sendmsg+0x3fb/0x840 [ 509.230581] sock_sendmsg+0x7b/0xd0 [ 509.235984] ___sys_sendmsg+0x4c6/0x610 [ 509.241791] __sys_sendmsg+0xd7/0x150 [ 509.247425] do_syscall_64+0x7a/0x3f0 [ 509.253007] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 509.259975] } [ 509.261998] ... key at: [] ife_mod_lock+0x18/0xffffffffffff8dc0 [act_ife] [ 509.271569] ... acquired at: [ 509.274912] _raw_read_lock+0x2f/0x40 [ 509.279134] find_ife_oplist+0x1e/0xc0 [act_ife] [ 509.284324] tcf_ife_init+0x82f/0xf40 [act_ife] [ 509.289425] tcf_action_init_1+0x510/0x750 [ 509.294068] tcf_action_init+0x1e8/0x340 [ 509.298553] tcf_action_add+0xc5/0x240 [ 509.302854] tc_ctl_action+0x203/0x2a0 [ 509.307153] rtnetlink_rcv_msg+0x5bd/0x7b0 [ 509.311805] netlink_rcv_skb+0x184/0x220 [ 509.316282] netlink_unicast+0x31b/0x460 [ 509.320769] netlink_sendmsg+0x3fb/0x840 [ 509.325248] sock_sendmsg+0x7b/0xd0 [ 509.329290] ___sys_sendmsg+0x4c6/0x610 [ 509.333687] __sys_sendmsg+0xd7/0x150 [ 509.337902] do_syscall_64+0x7a/0x3f0 [ 509.342116] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 509.349601] stack backtrace: [ 509.354663] CPU: 6 PID: 5460 Comm: tc Not tainted 4.18.0-rc8+ #646 [ 509.361216] Hardware name: Supermicro SYS-2028TP-DECR/X10DRT-P, BIOS 2.0b 03/30/2017 Fixes: ef6980b6becb ("introduce IFE action") Signed-off-by: Vlad Buslov Acked-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 3f4417d693b43fa240ac8bde4487f67745ca23d8 Author: Benno Evers Date: Fri Aug 10 15:36:13 2018 +0200 perf tools: Check for null when copying nsinfo. The argument to nsinfo__copy() was assumed to be valid, but some code paths exist that will lead to NULL being passed. In particular, running 'perf script -D' on a perf.data file containing an PERF_RECORD_MMAP event associating the '[vdso]' dso with pid 0 earlier in the event stream will lead to a segfault. Since all calling code is already checking for a non-null return value, just return NULL for this case as well. Signed-off-by: Benno Evers Acked-by: Namhyung Kim Cc: Alexander Shishkin Cc: Jiri Olsa Cc: Krister Johansen Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20180810133614.9925-1-bevers@mesosphere.com Signed-off-by: Arnaldo Carvalho de Melo commit bb2a0812eb784c3361ae4bbf7bd4d30a062bb2d8 Merge: c1617fb4c5ee 330ad75f6a79 Author: David S. Miller Date: Mon Aug 13 11:38:54 2018 -0700 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next Johan Hedberg says: ==================== pull request: bluetooth-next 2018-08-13 There was one pretty bad bug that slipped into the MediaTek HCI driver in the last bluetooth-next pull request. Would it be possible to get this one-liner fix pulled to net-next before you make your first 4.19 pull request for Linus? Thanks. ==================== Signed-off-by: David S. Miller commit 0ae98637b611c51737eadd9cc6e041746dbb11ef Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:03:09 2018 -0400 tools lib traceevent: Rename static variables and functions in event-parse.c In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes static variables and functions in event-parse.c: pevent_func_params, __pevent_parse_format, __pevent_parse_event, pevent_error_str, pevent_search_event Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180703.575392642@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit c99eeaf5497288d4e0fbca7ee0c401fd35860481 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:03:08 2018 -0400 tools lib traceevent: Rename various pevent APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_reset_function_resolver, pevent_strerror, pevent_list_events, pevent_event_common_fields, pevent_event_fields, pevent_ref, pevent_unref Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180703.426198047@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit 1634e4604cccbe6394dd858fb973604d2313336b Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:03:07 2018 -0400 tools lib traceevent: Rename internal parser related APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_buffer_init, pevent_read_token, pevent_free_token, pevent_peek_char, pevent_get_input_buf, pevent_get_input_buf_ptr Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180703.275281085@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit 413af01c8d9d5d688df3244401cbddfe98bafe2a Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:03:06 2018 -0400 tools lib traceevent: Rename various pevent get/set/is APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_pid_is_registered, pevent_get_cpus, pevent_set_cpus, pevent_is_file_bigendian, pevent_is_host_bigendian, pevent_is_latency_format, pevent_set_latency_format Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180703.114110715@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit 610e1e4ff0431b3a86a0ebfcdb47828b8e082329 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:03:05 2018 -0400 tools lib traceevent: Rename pevent_find_* APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_find_function, pevent_find_function_address, pevent_find_event_by_name, pevent_find_event_by_record Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180702.966965051@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit 8b3e08722ec8b288066eab66193736a65645c0a2 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:03:04 2018 -0400 tools lib traceevent: Rename pevent field APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_free_format, pevent_free_format_field, pevent_get_field_raw, pevent_get_field_val, pevent_get_common_field_val, pevent_get_any_field_val Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180702.821244942@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit dc05ebf373e9e66c27aae0d9059e5d4ac56f3be0 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:03:03 2018 -0400 tools lib traceevent: Rename pevent_data_ APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_data_lat_fmt, pevent_data_type, pevent_data_event_from_type, pevent_data_pid, pevent_data_preempt_count, pevent_data_flags, pevent_data_comm_from_pid, pevent_data_pid_from_comm, pevent_cmdline_pid Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180702.678020020@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit b843e9c3a271a068b67df74ef24abb7c81f2463c Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:03:02 2018 -0400 tools lib traceevent: Rename pevent_register / unregister APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_register_print_function, pevent_unregister_print_function, pevent_register_event_handler, pevent_unregister_event_handler, pevent_register_function, pevent_register_trace_clock Signed-off-by: Steven Rostedt Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180702.524813185@goodmis.org Signed-off-by: Tzvetomir Stoyanov (VMware) Signed-off-by: Arnaldo Carvalho de Melo commit 64e237906963d0c26d3b25e7751b4d6aaa01f720 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:03:01 2018 -0400 tools lib traceevent: Rename pevent_filter* APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: PEVENT_FILTER_ERROR_BUFSZ, pevent_filter_alloc, pevent_filter_add_filter_str, pevent_filter_match, pevent_filter_strerror, pevent_event_filtered, pevent_filter_reset, pevent_filter_clear_trivial, pevent_filter_free, pevent_filter_make_string, pevent_filter_remove_event, pevent_filter_event_has_trivial, pevent_filter_copy, pevent_update_trivial, pevent_filter_compare Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180702.370659353@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit ca2921dd90268dc37cd5096eb985da4288aa7041 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:03:00 2018 -0400 tools lib traceevent, perf tools: Rename traceevent_plugin_* APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "traceevent_". This changes APIs: traceevent_plugin_list_options, traceevent_plugin_free_options_list, traceevent_plugin_add_options, traceevent_plugin_remove_options, traceevent_print_plugins Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180702.089951638@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit f7951c33f0fed14ee26651a70a46899a59a31e18 Merge: 2406fb8d94fb 1b6266ebe3da Author: Linus Torvalds Date: Mon Aug 13 11:25:07 2018 -0700 Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler updates from Thomas Gleixner: - Cleanup and improvement of NUMA balancing - Refactoring and improvements to the PELT (Per Entity Load Tracking) code - Watchdog simplification and related cleanups - The usual pile of small incremental fixes and improvements * 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (41 commits) watchdog: Reduce message verbosity stop_machine: Reflow cpu_stop_queue_two_works() sched/numa: Move task_numa_placement() closer to numa_migrate_preferred() sched/numa: Use group_weights to identify if migration degrades locality sched/numa: Update the scan period without holding the numa_group lock sched/numa: Remove numa_has_capacity() sched/numa: Modify migrate_swap() to accept additional parameters sched/numa: Remove unused task_capacity from 'struct numa_stats' sched/numa: Skip nodes that are at 'hoplimit' sched/debug: Reverse the order of printing faults sched/numa: Use task faults only if numa_group is not yet set up sched/numa: Set preferred_node based on best_cpu sched/numa: Simplify load_too_imbalanced() sched/numa: Evaluate move once per node sched/numa: Remove redundant field sched/debug: Show the sum wait time of a task group sched/fair: Remove #ifdefs from scale_rt_capacity() sched/core: Remove get_cpu() from sched_fork() sched/cpufreq: Clarify sugov_get_util() sched/sysctl: Remove unused sched_time_avg_ms sysctl ... commit 3cf477836e24187f2f3acbbf48c80a478d979093 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:02:59 2018 -0400 tools lib traceevent: Rename pevent_function* APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_function_handler, pevent_func_handler, pevent_func_arg_type, PEVENT_FUNC_ARG_VOID, PEVENT_FUNC_ARG_INT, PEVENT_FUNC_ARG_LONG, PEVENT_FUNC_ARG_STRING, PEVENT_FUNC_ARG_PTRS, PEVENT_FUNC_ARG_MAX_TYPES Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180701.935881193@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit d97f4ef177ddf8b877de2545dbd67d1faf6878f2 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:02:58 2018 -0400 tools lib traceevent, tools lib lockdep: Rename 'enum pevent_errno' to 'enum tep_errno' In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes 'enum pevent_errno' to 'enum tep_errno'. Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180701.770475059@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit 6fed932e9242b55a32dd75da7c2448b9b0c48a73 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:02:57 2018 -0400 tools lib traceevent, perf tools: Rename 'enum pevent_flag' to 'enum tep_flag' In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes pevent_get_page_size API and enum pevent_flag to enum tep_flag Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180701.623942406@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit fc9b69710e0e5833c5d3e56c37cb56cfe89217c3 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:02:56 2018 -0400 tools lib traceevent, perf tools: Rename traceevent_* APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "traceevent_". This changes APIs: traceevent_host_bigendian, traceevent_load_plugins and traceevent_unload_plugins Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180701.484691639@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit ece2a4f48386acf7e35a751008976c9dda8d6232 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:02:55 2018 -0400 tools lib traceevent, perf tools: Rename pevent_set_* APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_set_file_bigendian, pevent_set_flag, pevent_set_function_resolver, pevent_set_host_bigendian, pevent_set_long_size, pevent_set_page_size and pevent_get_long_size Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180701.256265951@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit 13a418904ee19e7a9892619cc93b025b31d08134 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:02:54 2018 -0400 tools lib traceevent, perf tools: Rename pevent_register_* APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_register_comm, pevent_register_print_string Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180700.948980691@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit 59c1baee25e2b34f8e26a923ea229b3e00cab55a Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:02:53 2018 -0400 tools lib traceevent, perf tools: Rename pevent_read_number_* APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_read_number, pevent_read_number_field Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180700.804271434@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit 6a48dc298ee1a4d87403086002b25c6821a1abc5 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:02:52 2018 -0400 tools lib traceevent, perf tools: Rename pevent print APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_print_field, pevent_print_fields, pevent_print_funcs, pevent_print_printk Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180700.654453763@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit c60167c187f9255e698998887bfbbba6418861b5 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:02:51 2018 -0400 tools lib traceevent, perf tools: Rename pevent parse APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_parse_event, pevent_parse_format, pevent_parse_header_page Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180700.469749700@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit af85cd19521fe956eeb2cc8b9e41b9b5bbb8e3ae Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:02:50 2018 -0400 tools lib traceevent, perf tools: Rename pevent find APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_find_any_field, pevent_find_common_field, pevent_find_event, pevent_find_field Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180700.316995920@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit 4d5c58b15c4363219e19380848eb74ca60143187 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:02:49 2018 -0400 tools lib traceevent, perf tools: Rename pevent alloc / free APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes APIs: pevent_alloc, pevent_free, pevent_event_info and pevent_func_resolver_t Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180700.152609945@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit c32d52b4641d3c7b2569b3fe148bf687e5c61888 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:02:48 2018 -0400 tools lib traceevent, perf tools: Rename pevent plugin related APIs In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes the pevent plugin related API. Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180700.005287044@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit 2406fb8d94fb17fee3ace0c09427c08825eacb16 Merge: 37a16046800c cfd355145c32 Author: Linus Torvalds Date: Mon Aug 13 11:21:34 2018 -0700 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fix from Thomas Gleixner: "A single bugfix to prevent a pinned thread which queues stomp machine work to be preempted by the stopper thread on its CPU which causes a live lock as it is unable to wake the second CPUs stopper thread" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: stop_machine: Atomically queue and wake stopper threads commit cbc49b25b9cf26bf8c91169085be27382d945dd7 Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:02:47 2018 -0400 tools lib traceevent, perf tools: Rename 'struct pevent_record' to 'struct tep_record' In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes the 'struct pevent_record' to 'struct tep_record'. Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180659.866021298@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit 37a16046800c29a8ca1ebe26086e363494062a17 Merge: b99cdfdf0b1c d5c84ef202d7 Author: Linus Torvalds Date: Mon Aug 13 11:19:25 2018 -0700 Merge branch 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 RAS updates from Thomas Gleixner: "A small set of changes to the RAS core: - Rework of the MCE bank scanning code - Y2038 converion" * 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mce: Cleanup __mc_scan_banks() x86/mce: Carve out bank scanning code x86/mce: Remove !banks check x86/mce: Carve out the crashing_cpu check x86/mce: Always use 64-bit timestamps commit b99cdfdf0b1c077dcb24c0053d36d4ff5832224e Merge: d0daaeaf6014 ea73a5c6929b Author: Linus Torvalds Date: Mon Aug 13 10:49:41 2018 -0700 Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull RCU updates from Thomas Gleixner: "A large update to RCU: Preparatory work for consolidating the RCU flavors: - Introduce grace-period sequence numbers to the RCU-bh, RCU-preempt, and RCU-sched flavors, replacing the old ->gpnum and ->completed pair of fields. This change allows lockless code to obtain the complete grace-period state with a single READ_ONCE(), which is needed to maintain tolerable lock contention during the upcoming consolidation of the three RCU flavors. Note that grace-period sequence numbers are already used by rcu_barrier(), expedited RCU grace periods, and SRCU, and are thus already heavily used and well-tested. Joel Fernandes contributed a number of excellent fixes and improvements. - Clean up some grace-period-reporting loose ends, including improving the handling of quiescent states from offline CPUs and fixing some false-positive WARN_ON_ONCE() invocations. (Strictly speaking, the WARN_ON_ONCE() invocations were quite correct, but their invariants were (harmlessly) violated by the earlier sloppy handling of quiescent states from offline CPUs.) In addition, improve grace-period forward-progress guarantees so as to allow removal of fail-safe checks that required otherwise needless lock acquisitions. Finally, add more diagnostics to help debug the upcoming consolidation of the RCU-bh, RCU-preempt, and RCU-sched flavors. The rest: - SRCU updates - Updates to rcutorture and associated scripting. - The usual pile of miscellaneous fixes" * 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (118 commits) rcutorture: Fix rcu_barrier successes counter rcutorture: Add support to detect if boost kthread prio is too low rcutorture: Use monotonic timestamp for stall detection rcutorture: Make boost test more robust rcutorture: Disable RT throttling for boost tests rcutorture: Emphasize testing of single reader protection type rcutorture: Handle extended read-side critical sections rcutorture: Make rcu_torture_timer() use rcu_torture_one_read() rcutorture: Use per-CPU random state for rcu_torture_timer() rcutorture: Use atomic increment for n_rcu_torture_timers rcutorture: Extract common code from rcu_torture_reader() rcuperf: Remove unused torturing_tasks() function rcu: Remove rcutorture test version and sequence number rcutorture: Change units of onoff_interval to jiffies rcu: Assign higher prio to RCU threads if rcutorture is built-in rculist: Improve documentation for list_for_each_entry_from_rcu() srcu: Add grace-period number to rcutorture statistics printout rcu: Print stall-warning NMI dyntick state in hexadecimal MAINTAINERS: Update RCU, SRCU, and TORTURE-TEST entries rcu: Make rcu_seq_diff() more exact ... commit d494500a70434223bc35f862fab0679b13bea23d Author: Chao Yu Date: Wed Aug 8 17:36:41 2018 +0800 f2fs: support fault_type mount option Previously, once fault injection is on, by default, all kind of faults will be injected to f2fs, if we want to trigger single or specified combined type during the test, we need to configure sysfs entry, it will be a little inconvenient to integrate sysfs configuring into testsuit, such as xfstest. So this patch introduces a new mount option 'fault_type' to assist old option 'fault_injection', with these two mount options, we can specify any fault rate/type at mount-time. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 3f16ecd950e56d60a574f73af9538f6e24030f9a Author: Chao Yu Date: Wed Aug 8 17:36:29 2018 +0800 f2fs: fix to return success when trimming meta area generic/251 --- tests/generic/251.out 2016-05-03 20:20:11.381899000 +0800 QA output created by 251 Running the test: done. +fstrim: /mnt/scratch_f2fs: FITRIM ioctl failed: Invalid argument +fstrim: /mnt/scratch_f2fs: FITRIM ioctl failed: Invalid argument +fstrim: /mnt/scratch_f2fs: FITRIM ioctl failed: Invalid argument +fstrim: /mnt/scratch_f2fs: FITRIM ioctl failed: Invalid argument +fstrim: /mnt/scratch_f2fs: FITRIM ioctl failed: Invalid argument ... Ran: generic/251 Failures: generic/251 The reason is coverage of fstrim locates in meta area, previously we just return -EINVAL for such case, making generic/251 failed, to fix this problem, let's relieve restriction to return success with no block discarded. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 6b9cb1242cb082044c8c3f8b9f35d9ada101dc41 Author: Chao Yu Date: Wed Aug 8 10:14:55 2018 +0800 f2fs: fix use-after-free of dicard command entry As Dan Carpenter reported: The patch 20ee4382322c: "f2fs: issue small discard by LBA order" from Jul 8, 2018, leads to the following Smatch warning: fs/f2fs/segment.c:1277 __issue_discard_cmd_orderly() warn: 'dc' was already freed. See also: fs/f2fs/segment.c:2550 __issue_discard_cmd_range() warn: 'dc' was already freed. In order to fix this issue, let's get error from __submit_discard_cmd(), and release current discard command after we referenced next one. Reported-by: Dan Carpenter Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit b83dcfe67142ea9f4bfaa1e9e21504be9e3c1bf7 Author: Chao Yu Date: Mon Aug 6 20:30:18 2018 +0800 f2fs: support discard submission error injection This patch adds to support discard submission error injection for testing error handling of __submit_discard_cmd(). Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 35ec7d5748849762008e8ae9f8ad2766229d5794 Author: Chao Yu Date: Mon Aug 6 22:43:50 2018 +0800 f2fs: split discard command in prior to block layer Some devices has small max_{hw,}discard_sectors, so that in __blkdev_issue_discard(), one big size discard bio can be split into multiple small size discard bios, result in heavy load in IO scheduler and device, which can hang other sync IO for long time. Now, f2fs is trying to control discard commands more elaboratively, in order to make less conflict in between discard IO and user IO to enhance application's performance, so in this patch, we will split discard bio in f2fs in prior to in block layer to reduce issuing multiple discard bios in a short time. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit a690efffd16302d23b0bbd00f84dcedc11935a8b Author: Sheng Yong Date: Sun Aug 5 12:45:35 2018 +0800 f2fs: wake up gc thread immediately when gc_urgent is set Fixes: 5b0e95398e2b ("f2fs: introduce sbi->gc_mode to determine the policy") Signed-off-by: Sheng Yong Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 6eae269461b84406a1240189e6f81e5234b6393c Author: Chao Yu Date: Sun Aug 5 23:09:00 2018 +0800 f2fs: fix incorrect range->len in f2fs_trim_fs() generic/260 reported below error: [+] Default length with start set (should succeed) [+] Length beyond the end of fs (should succeed) [+] Length beyond the end of fs with start set (should succeed) +./tests/generic/260: line 94: [: 18446744073709551615: integer expression expected +./tests/generic/260: line 104: [: 18446744073709551615: integer expression expected Test done ... In f2fs_trim_fs(), if there is no discard being trimmed, we need to correct range->len before return. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 22969158083c9e5c92f66718dde1a372baa1a49d Author: Chao Yu Date: Sun Aug 5 23:08:59 2018 +0800 f2fs: refresh recent accessed nat entry in lru list Introduce nat_list_lock to protect nm_i->nat_entries list, and manage it as a LRU list, refresh location for therein recent accessed entries in the list. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit a33c150237a20d97a174243bc658c86502f9d370 Author: Chao Yu Date: Sun Aug 5 23:04:25 2018 +0800 f2fs: fix avoid race between truncate and background GC Thread A Background GC - f2fs_setattr isize to 0 - truncate_setsize - gc_data_segment - f2fs_get_read_data_page page #0 - set_page_dirty - set_cold_data - f2fs_truncate - f2fs_setattr isize to 4k - read 4k <--- hit data in cached page #0 Above race condition can cause read out invalid data in a truncated page, fix it by i_gc_rwsem[WRITE] lock. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit c7079853c859c910b9d047a37891b4aafb8f8dd7 Author: Chao Yu Date: Sun Aug 5 23:02:22 2018 +0800 f2fs: avoid race between zero_range and background GC Thread A Background GC - f2fs_zero_range - truncate_pagecache_range - gc_data_segment - get_read_data_page - move_data_page - set_page_dirty - set_cold_data - f2fs_do_zero_range - dn->data_blkaddr = NEW_ADDR; - f2fs_set_data_blkaddr Actually, we don't need to set dirty & checked flag on the page, since all valid data in the page should be zeroed by zero_range(). Use i_gc_rwsem[WRITE] to avoid such race condition. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 91291e9998d208370eb8156c760691b873bd7522 Author: Chao Yu Date: Tue Jul 10 23:01:45 2018 +0800 f2fs: fix to do sanity check with block address in main area v2 This patch adds f2fs_is_valid_blkaddr() in below functions to do sanity check with block address to avoid pentential panic: - f2fs_grab_read_bio() - __written_first_block() https://bugzilla.kernel.org/show_bug.cgi?id=200465 - Reproduce - POC (poc.c) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void activity(char *mpoint) { char *xattr; int err; err = asprintf(&xattr, "%s/foo/bar/xattr", mpoint); char buf2[113]; memset(buf2, 0, sizeof(buf2)); listxattr(xattr, buf2, sizeof(buf2)); } int main(int argc, char *argv[]) { activity(argv[1]); return 0; } - kernel message [ 844.718738] F2FS-fs (loop0): Mounted with checkpoint version = 2 [ 846.430929] F2FS-fs (loop0): access invalid blkaddr:1024 [ 846.431058] WARNING: CPU: 1 PID: 1249 at fs/f2fs/checkpoint.c:154 f2fs_is_valid_blkaddr+0x10f/0x160 [ 846.431059] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd input_leds joydev soundcore serio_raw i2c_piix4 mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear qxl ttm crct10dif_pclmul crc32_pclmul drm_kms_helper ghash_clmulni_intel syscopyarea sysfillrect sysimgblt fb_sys_fops pcbc drm 8139too aesni_intel 8139cp floppy psmouse mii aes_x86_64 crypto_simd pata_acpi cryptd glue_helper [ 846.431310] CPU: 1 PID: 1249 Comm: a.out Not tainted 4.18.0-rc3+ #1 [ 846.431312] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 846.431315] RIP: 0010:f2fs_is_valid_blkaddr+0x10f/0x160 [ 846.431316] Code: 00 eb ed 31 c0 83 fa 05 75 ae 48 83 ec 08 48 8b 3f 89 f1 48 c7 c2 fc 0b 0f 8b 48 c7 c6 8b d7 09 8b 88 44 24 07 e8 61 8b ff ff <0f> 0b 0f b6 44 24 07 48 83 c4 08 eb 81 4c 8b 47 10 8b 8f 38 04 00 [ 846.431347] RSP: 0018:ffff961c414a7bc0 EFLAGS: 00010282 [ 846.431349] RAX: 0000000000000000 RBX: ffffc5f787b8ea80 RCX: 0000000000000000 [ 846.431350] RDX: 0000000000000000 RSI: ffff89dfffd165d8 RDI: ffff89dfffd165d8 [ 846.431351] RBP: ffff961c414a7c20 R08: 0000000000000001 R09: 0000000000000248 [ 846.431353] R10: 0000000000000000 R11: 0000000000000248 R12: 0000000000000007 [ 846.431369] R13: ffff89dff5492800 R14: ffff89dfae3aa000 R15: ffff89dff4ff88d0 [ 846.431372] FS: 00007f882e2fb700(0000) GS:ffff89dfffd00000(0000) knlGS:0000000000000000 [ 846.431373] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 846.431374] CR2: 0000000001a88008 CR3: 00000001eb572000 CR4: 00000000000006e0 [ 846.431384] Call Trace: [ 846.431426] f2fs_iget+0x6f4/0xe70 [ 846.431430] ? f2fs_find_entry+0x71/0x90 [ 846.431432] f2fs_lookup+0x1aa/0x390 [ 846.431452] __lookup_slow+0x97/0x150 [ 846.431459] lookup_slow+0x35/0x50 [ 846.431462] walk_component+0x1c6/0x470 [ 846.431479] ? memcg_kmem_charge_memcg+0x70/0x90 [ 846.431488] ? page_add_file_rmap+0x13/0x200 [ 846.431491] path_lookupat+0x76/0x230 [ 846.431501] ? __alloc_pages_nodemask+0xfc/0x280 [ 846.431504] filename_lookup+0xb8/0x1a0 [ 846.431534] ? _cond_resched+0x16/0x40 [ 846.431541] ? kmem_cache_alloc+0x160/0x1d0 [ 846.431549] ? path_listxattr+0x41/0xa0 [ 846.431551] path_listxattr+0x41/0xa0 [ 846.431570] do_syscall_64+0x55/0x100 [ 846.431583] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 846.431607] RIP: 0033:0x7f882de1c0d7 [ 846.431607] Code: f0 ff ff 73 01 c3 48 8b 0d be dd 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 c2 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 dd 2b 00 f7 d8 64 89 01 48 [ 846.431639] RSP: 002b:00007ffe8e66c238 EFLAGS: 00000202 ORIG_RAX: 00000000000000c2 [ 846.431641] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f882de1c0d7 [ 846.431642] RDX: 0000000000000071 RSI: 00007ffe8e66c280 RDI: 0000000001a880c0 [ 846.431643] RBP: 00007ffe8e66c300 R08: 0000000001a88010 R09: 0000000000000000 [ 846.431645] R10: 00000000000001ab R11: 0000000000000202 R12: 0000000000400550 [ 846.431646] R13: 00007ffe8e66c400 R14: 0000000000000000 R15: 0000000000000000 [ 846.431648] ---[ end trace abca54df39d14f5c ]--- [ 846.431651] F2FS-fs (loop0): invalid blkaddr: 1024, type: 5, run fsck to fix. [ 846.431762] WARNING: CPU: 1 PID: 1249 at fs/f2fs/f2fs.h:2697 f2fs_iget+0xd17/0xe70 [ 846.431763] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd input_leds joydev soundcore serio_raw i2c_piix4 mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear qxl ttm crct10dif_pclmul crc32_pclmul drm_kms_helper ghash_clmulni_intel syscopyarea sysfillrect sysimgblt fb_sys_fops pcbc drm 8139too aesni_intel 8139cp floppy psmouse mii aes_x86_64 crypto_simd pata_acpi cryptd glue_helper [ 846.431797] CPU: 1 PID: 1249 Comm: a.out Tainted: G W 4.18.0-rc3+ #1 [ 846.431798] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 846.431800] RIP: 0010:f2fs_iget+0xd17/0xe70 [ 846.431801] Code: ff ff 48 63 d8 e9 e1 f6 ff ff 48 8b 45 c8 41 b8 05 00 00 00 48 c7 c2 d8 e8 0e 8b 48 c7 c6 1d b0 0a 8b 48 8b 38 e8 f9 b4 00 00 <0f> 0b 48 8b 45 c8 f0 80 48 48 04 e9 d8 f9 ff ff 0f 0b 48 8b 43 18 [ 846.431832] RSP: 0018:ffff961c414a7bd0 EFLAGS: 00010282 [ 846.431834] RAX: 0000000000000000 RBX: ffffc5f787b8ea80 RCX: 0000000000000006 [ 846.431835] RDX: 0000000000000000 RSI: 0000000000000096 RDI: ffff89dfffd165d0 [ 846.431836] RBP: ffff961c414a7c20 R08: 0000000000000000 R09: 0000000000000273 [ 846.431837] R10: 0000000000000000 R11: ffff89dfad50ca60 R12: 0000000000000007 [ 846.431838] R13: ffff89dff5492800 R14: ffff89dfae3aa000 R15: ffff89dff4ff88d0 [ 846.431840] FS: 00007f882e2fb700(0000) GS:ffff89dfffd00000(0000) knlGS:0000000000000000 [ 846.431841] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 846.431842] CR2: 0000000001a88008 CR3: 00000001eb572000 CR4: 00000000000006e0 [ 846.431846] Call Trace: [ 846.431850] ? f2fs_find_entry+0x71/0x90 [ 846.431853] f2fs_lookup+0x1aa/0x390 [ 846.431856] __lookup_slow+0x97/0x150 [ 846.431858] lookup_slow+0x35/0x50 [ 846.431874] walk_component+0x1c6/0x470 [ 846.431878] ? memcg_kmem_charge_memcg+0x70/0x90 [ 846.431880] ? page_add_file_rmap+0x13/0x200 [ 846.431882] path_lookupat+0x76/0x230 [ 846.431884] ? __alloc_pages_nodemask+0xfc/0x280 [ 846.431886] filename_lookup+0xb8/0x1a0 [ 846.431890] ? _cond_resched+0x16/0x40 [ 846.431891] ? kmem_cache_alloc+0x160/0x1d0 [ 846.431894] ? path_listxattr+0x41/0xa0 [ 846.431896] path_listxattr+0x41/0xa0 [ 846.431898] do_syscall_64+0x55/0x100 [ 846.431901] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 846.431902] RIP: 0033:0x7f882de1c0d7 [ 846.431903] Code: f0 ff ff 73 01 c3 48 8b 0d be dd 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 c2 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 dd 2b 00 f7 d8 64 89 01 48 [ 846.431934] RSP: 002b:00007ffe8e66c238 EFLAGS: 00000202 ORIG_RAX: 00000000000000c2 [ 846.431936] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f882de1c0d7 [ 846.431937] RDX: 0000000000000071 RSI: 00007ffe8e66c280 RDI: 0000000001a880c0 [ 846.431939] RBP: 00007ffe8e66c300 R08: 0000000001a88010 R09: 0000000000000000 [ 846.431940] R10: 00000000000001ab R11: 0000000000000202 R12: 0000000000400550 [ 846.431941] R13: 00007ffe8e66c400 R14: 0000000000000000 R15: 0000000000000000 [ 846.431943] ---[ end trace abca54df39d14f5d ]--- [ 846.432033] F2FS-fs (loop0): access invalid blkaddr:1024 [ 846.432051] WARNING: CPU: 1 PID: 1249 at fs/f2fs/checkpoint.c:154 f2fs_is_valid_blkaddr+0x10f/0x160 [ 846.432051] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd input_leds joydev soundcore serio_raw i2c_piix4 mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear qxl ttm crct10dif_pclmul crc32_pclmul drm_kms_helper ghash_clmulni_intel syscopyarea sysfillrect sysimgblt fb_sys_fops pcbc drm 8139too aesni_intel 8139cp floppy psmouse mii aes_x86_64 crypto_simd pata_acpi cryptd glue_helper [ 846.432085] CPU: 1 PID: 1249 Comm: a.out Tainted: G W 4.18.0-rc3+ #1 [ 846.432086] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 846.432089] RIP: 0010:f2fs_is_valid_blkaddr+0x10f/0x160 [ 846.432089] Code: 00 eb ed 31 c0 83 fa 05 75 ae 48 83 ec 08 48 8b 3f 89 f1 48 c7 c2 fc 0b 0f 8b 48 c7 c6 8b d7 09 8b 88 44 24 07 e8 61 8b ff ff <0f> 0b 0f b6 44 24 07 48 83 c4 08 eb 81 4c 8b 47 10 8b 8f 38 04 00 [ 846.432120] RSP: 0018:ffff961c414a7900 EFLAGS: 00010286 [ 846.432122] RAX: 0000000000000000 RBX: 0000000000000400 RCX: 0000000000000006 [ 846.432123] RDX: 0000000000000000 RSI: 0000000000000096 RDI: ffff89dfffd165d0 [ 846.432124] RBP: ffff89dff5492800 R08: 0000000000000001 R09: 000000000000029d [ 846.432125] R10: ffff961c414a7820 R11: 000000000000029d R12: 0000000000000400 [ 846.432126] R13: 0000000000000000 R14: ffff89dff4ff88d0 R15: 0000000000000000 [ 846.432128] FS: 00007f882e2fb700(0000) GS:ffff89dfffd00000(0000) knlGS:0000000000000000 [ 846.432130] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 846.432131] CR2: 0000000001a88008 CR3: 00000001eb572000 CR4: 00000000000006e0 [ 846.432135] Call Trace: [ 846.432151] f2fs_wait_on_block_writeback+0x20/0x110 [ 846.432158] f2fs_grab_read_bio+0xbc/0xe0 [ 846.432161] f2fs_submit_page_read+0x21/0x280 [ 846.432163] f2fs_get_read_data_page+0xb7/0x3c0 [ 846.432165] f2fs_get_lock_data_page+0x29/0x1e0 [ 846.432167] f2fs_get_new_data_page+0x148/0x550 [ 846.432170] f2fs_add_regular_entry+0x1d2/0x550 [ 846.432178] ? __switch_to+0x12f/0x460 [ 846.432181] f2fs_add_dentry+0x6a/0xd0 [ 846.432184] f2fs_do_add_link+0xe9/0x140 [ 846.432186] __recover_dot_dentries+0x260/0x280 [ 846.432189] f2fs_lookup+0x343/0x390 [ 846.432193] __lookup_slow+0x97/0x150 [ 846.432195] lookup_slow+0x35/0x50 [ 846.432208] walk_component+0x1c6/0x470 [ 846.432212] ? memcg_kmem_charge_memcg+0x70/0x90 [ 846.432215] ? page_add_file_rmap+0x13/0x200 [ 846.432217] path_lookupat+0x76/0x230 [ 846.432219] ? __alloc_pages_nodemask+0xfc/0x280 [ 846.432221] filename_lookup+0xb8/0x1a0 [ 846.432224] ? _cond_resched+0x16/0x40 [ 846.432226] ? kmem_cache_alloc+0x160/0x1d0 [ 846.432228] ? path_listxattr+0x41/0xa0 [ 846.432230] path_listxattr+0x41/0xa0 [ 846.432233] do_syscall_64+0x55/0x100 [ 846.432235] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 846.432237] RIP: 0033:0x7f882de1c0d7 [ 846.432237] Code: f0 ff ff 73 01 c3 48 8b 0d be dd 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 c2 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 dd 2b 00 f7 d8 64 89 01 48 [ 846.432269] RSP: 002b:00007ffe8e66c238 EFLAGS: 00000202 ORIG_RAX: 00000000000000c2 [ 846.432271] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f882de1c0d7 [ 846.432272] RDX: 0000000000000071 RSI: 00007ffe8e66c280 RDI: 0000000001a880c0 [ 846.432273] RBP: 00007ffe8e66c300 R08: 0000000001a88010 R09: 0000000000000000 [ 846.432274] R10: 00000000000001ab R11: 0000000000000202 R12: 0000000000400550 [ 846.432275] R13: 00007ffe8e66c400 R14: 0000000000000000 R15: 0000000000000000 [ 846.432277] ---[ end trace abca54df39d14f5e ]--- [ 846.432279] F2FS-fs (loop0): invalid blkaddr: 1024, type: 5, run fsck to fix. [ 846.432376] WARNING: CPU: 1 PID: 1249 at fs/f2fs/f2fs.h:2697 f2fs_wait_on_block_writeback+0xb1/0x110 [ 846.432376] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd input_leds joydev soundcore serio_raw i2c_piix4 mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear qxl ttm crct10dif_pclmul crc32_pclmul drm_kms_helper ghash_clmulni_intel syscopyarea sysfillrect sysimgblt fb_sys_fops pcbc drm 8139too aesni_intel 8139cp floppy psmouse mii aes_x86_64 crypto_simd pata_acpi cryptd glue_helper [ 846.432410] CPU: 1 PID: 1249 Comm: a.out Tainted: G W 4.18.0-rc3+ #1 [ 846.432411] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 846.432413] RIP: 0010:f2fs_wait_on_block_writeback+0xb1/0x110 [ 846.432414] Code: 66 90 f0 ff 4b 34 74 59 5b 5d c3 48 8b 7d 00 41 b8 05 00 00 00 89 d9 48 c7 c2 d8 e8 0e 8b 48 c7 c6 1d b0 0a 8b e8 df bc fd ff <0f> 0b f0 80 4d 48 04 e9 67 ff ff ff 48 8b 03 48 c1 e8 37 83 e0 07 [ 846.432445] RSP: 0018:ffff961c414a7910 EFLAGS: 00010286 [ 846.432447] RAX: 0000000000000000 RBX: 0000000000000400 RCX: 0000000000000006 [ 846.432448] RDX: 0000000000000000 RSI: 0000000000000092 RDI: ffff89dfffd165d0 [ 846.432449] RBP: ffff89dff5492800 R08: 0000000000000000 R09: 00000000000002d1 [ 846.432450] R10: ffff961c414a7820 R11: ffff89dfad50cf80 R12: 0000000000000400 [ 846.432451] R13: 0000000000000000 R14: ffff89dff4ff88d0 R15: 0000000000000000 [ 846.432453] FS: 00007f882e2fb700(0000) GS:ffff89dfffd00000(0000) knlGS:0000000000000000 [ 846.432454] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 846.432455] CR2: 0000000001a88008 CR3: 00000001eb572000 CR4: 00000000000006e0 [ 846.432459] Call Trace: [ 846.432463] f2fs_grab_read_bio+0xbc/0xe0 [ 846.432464] f2fs_submit_page_read+0x21/0x280 [ 846.432466] f2fs_get_read_data_page+0xb7/0x3c0 [ 846.432468] f2fs_get_lock_data_page+0x29/0x1e0 [ 846.432470] f2fs_get_new_data_page+0x148/0x550 [ 846.432473] f2fs_add_regular_entry+0x1d2/0x550 [ 846.432475] ? __switch_to+0x12f/0x460 [ 846.432477] f2fs_add_dentry+0x6a/0xd0 [ 846.432480] f2fs_do_add_link+0xe9/0x140 [ 846.432483] __recover_dot_dentries+0x260/0x280 [ 846.432485] f2fs_lookup+0x343/0x390 [ 846.432488] __lookup_slow+0x97/0x150 [ 846.432490] lookup_slow+0x35/0x50 [ 846.432505] walk_component+0x1c6/0x470 [ 846.432509] ? memcg_kmem_charge_memcg+0x70/0x90 [ 846.432511] ? page_add_file_rmap+0x13/0x200 [ 846.432513] path_lookupat+0x76/0x230 [ 846.432515] ? __alloc_pages_nodemask+0xfc/0x280 [ 846.432517] filename_lookup+0xb8/0x1a0 [ 846.432520] ? _cond_resched+0x16/0x40 [ 846.432522] ? kmem_cache_alloc+0x160/0x1d0 [ 846.432525] ? path_listxattr+0x41/0xa0 [ 846.432526] path_listxattr+0x41/0xa0 [ 846.432529] do_syscall_64+0x55/0x100 [ 846.432531] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 846.432533] RIP: 0033:0x7f882de1c0d7 [ 846.432533] Code: f0 ff ff 73 01 c3 48 8b 0d be dd 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 c2 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 dd 2b 00 f7 d8 64 89 01 48 [ 846.432565] RSP: 002b:00007ffe8e66c238 EFLAGS: 00000202 ORIG_RAX: 00000000000000c2 [ 846.432567] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f882de1c0d7 [ 846.432568] RDX: 0000000000000071 RSI: 00007ffe8e66c280 RDI: 0000000001a880c0 [ 846.432569] RBP: 00007ffe8e66c300 R08: 0000000001a88010 R09: 0000000000000000 [ 846.432570] R10: 00000000000001ab R11: 0000000000000202 R12: 0000000000400550 [ 846.432571] R13: 00007ffe8e66c400 R14: 0000000000000000 R15: 0000000000000000 [ 846.432573] ---[ end trace abca54df39d14f5f ]--- [ 846.434280] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [ 846.434424] PGD 80000001ebd3a067 P4D 80000001ebd3a067 PUD 1eb1ae067 PMD 0 [ 846.434551] Oops: 0000 [#1] SMP PTI [ 846.434697] CPU: 0 PID: 44 Comm: kworker/u5:0 Tainted: G W 4.18.0-rc3+ #1 [ 846.434805] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 846.435000] Workqueue: fscrypt_read_queue decrypt_work [ 846.435174] RIP: 0010:fscrypt_do_page_crypto+0x6e/0x2d0 [ 846.435351] Code: 00 65 48 8b 04 25 28 00 00 00 48 89 84 24 88 00 00 00 31 c0 e8 43 c2 e0 ff 49 8b 86 48 02 00 00 85 ed c7 44 24 70 00 00 00 00 <48> 8b 58 08 0f 84 14 02 00 00 48 8b 78 10 48 8b 0c 24 48 c7 84 24 [ 846.435696] RSP: 0018:ffff961c40f9bd60 EFLAGS: 00010206 [ 846.435870] RAX: 0000000000000000 RBX: ffffc5f787719b80 RCX: ffffc5f787719b80 [ 846.436051] RDX: ffffffff8b9f4b88 RSI: ffffffff8b0ae622 RDI: ffff961c40f9bdb8 [ 846.436261] RBP: 0000000000001000 R08: ffffc5f787719b80 R09: 0000000000001000 [ 846.436433] R10: 0000000000000018 R11: fefefefefefefeff R12: ffffc5f787719b80 [ 846.436562] R13: ffffc5f787719b80 R14: ffff89dff4ff88d0 R15: 0ffff89dfaddee60 [ 846.436658] FS: 0000000000000000(0000) GS:ffff89dfffc00000(0000) knlGS:0000000000000000 [ 846.436758] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 846.436898] CR2: 0000000000000008 CR3: 00000001eddd0000 CR4: 00000000000006f0 [ 846.437001] Call Trace: [ 846.437181] ? check_preempt_wakeup+0xf2/0x230 [ 846.437276] ? check_preempt_curr+0x7c/0x90 [ 846.437370] fscrypt_decrypt_page+0x48/0x4d [ 846.437466] __fscrypt_decrypt_bio+0x5b/0x90 [ 846.437542] decrypt_work+0x12/0x20 [ 846.437651] process_one_work+0x15e/0x3d0 [ 846.437740] worker_thread+0x4c/0x440 [ 846.437848] kthread+0xf8/0x130 [ 846.437938] ? rescuer_thread+0x350/0x350 [ 846.438022] ? kthread_associate_blkcg+0x90/0x90 [ 846.438117] ret_from_fork+0x35/0x40 [ 846.438201] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd input_leds joydev soundcore serio_raw i2c_piix4 mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear qxl ttm crct10dif_pclmul crc32_pclmul drm_kms_helper ghash_clmulni_intel syscopyarea sysfillrect sysimgblt fb_sys_fops pcbc drm 8139too aesni_intel 8139cp floppy psmouse mii aes_x86_64 crypto_simd pata_acpi cryptd glue_helper [ 846.438653] CR2: 0000000000000008 [ 846.438713] ---[ end trace abca54df39d14f60 ]--- [ 846.438796] RIP: 0010:fscrypt_do_page_crypto+0x6e/0x2d0 [ 846.438844] Code: 00 65 48 8b 04 25 28 00 00 00 48 89 84 24 88 00 00 00 31 c0 e8 43 c2 e0 ff 49 8b 86 48 02 00 00 85 ed c7 44 24 70 00 00 00 00 <48> 8b 58 08 0f 84 14 02 00 00 48 8b 78 10 48 8b 0c 24 48 c7 84 24 [ 846.439084] RSP: 0018:ffff961c40f9bd60 EFLAGS: 00010206 [ 846.439176] RAX: 0000000000000000 RBX: ffffc5f787719b80 RCX: ffffc5f787719b80 [ 846.440927] RDX: ffffffff8b9f4b88 RSI: ffffffff8b0ae622 RDI: ffff961c40f9bdb8 [ 846.442083] RBP: 0000000000001000 R08: ffffc5f787719b80 R09: 0000000000001000 [ 846.443284] R10: 0000000000000018 R11: fefefefefefefeff R12: ffffc5f787719b80 [ 846.444448] R13: ffffc5f787719b80 R14: ffff89dff4ff88d0 R15: 0ffff89dfaddee60 [ 846.445558] FS: 0000000000000000(0000) GS:ffff89dfffc00000(0000) knlGS:0000000000000000 [ 846.446687] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 846.447796] CR2: 0000000000000008 CR3: 00000001eddd0000 CR4: 00000000000006f0 - Location https://elixir.bootlin.com/linux/v4.18-rc4/source/fs/crypto/crypto.c#L149 struct crypto_skcipher *tfm = ci->ci_ctfm; Here ci can be NULL Note that this issue maybe require CONFIG_F2FS_FS_ENCRYPTION=y to reproduce. Reported-by Wen Xu Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit bcbfbd604dcba45246dd307c8317f216ada5567d Author: Chao Yu Date: Fri Jun 29 00:19:25 2018 +0800 f2fs: fix to do sanity check with inline flags https://bugzilla.kernel.org/show_bug.cgi?id=200221 - Overview BUG() in clear_inode() when mounting and un-mounting a corrupted f2fs image - Reproduce - Kernel message [ 538.601448] F2FS-fs (loop0): Invalid segment/section count (31, 24 x 1376257) [ 538.601458] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 538.724091] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 538.724102] F2FS-fs (loop0): Mounted with checkpoint version = 2 [ 540.970834] ------------[ cut here ]------------ [ 540.970838] kernel BUG at fs/inode.c:512! [ 540.971750] invalid opcode: 0000 [#1] SMP KASAN PTI [ 540.972755] CPU: 1 PID: 1305 Comm: umount Not tainted 4.18.0-rc1+ #4 [ 540.974034] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 540.982913] RIP: 0010:clear_inode+0xc0/0xd0 [ 540.983774] Code: 8d a3 30 01 00 00 4c 89 e7 e8 1c ec f8 ff 48 8b 83 30 01 00 00 49 39 c4 75 1a 48 c7 83 a0 00 00 00 60 00 00 00 5b 41 5c 5d c3 <0f> 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 1f 40 00 66 66 66 66 90 55 [ 540.987570] RSP: 0018:ffff8801e34a7b70 EFLAGS: 00010002 [ 540.988636] RAX: 0000000000000000 RBX: ffff8801e9b744e8 RCX: ffffffffb840eb3a [ 540.990063] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff8801e9b746b8 [ 540.991499] RBP: ffff8801e34a7b80 R08: ffffed003d36e8ce R09: ffffed003d36e8ce [ 540.992923] R10: 0000000000000001 R11: ffffed003d36e8cd R12: ffff8801e9b74668 [ 540.994360] R13: ffff8801e9b74760 R14: ffff8801e9b74528 R15: ffff8801e9b74530 [ 540.995786] FS: 00007f4662bdf840(0000) GS:ffff8801f6f00000(0000) knlGS:0000000000000000 [ 540.997403] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 540.998571] CR2: 000000000175c568 CR3: 00000001dcfe6000 CR4: 00000000000006e0 [ 541.000015] Call Trace: [ 541.000554] f2fs_evict_inode+0x253/0x630 [ 541.001381] evict+0x16f/0x290 [ 541.002015] iput+0x280/0x300 [ 541.002654] dentry_unlink_inode+0x165/0x1e0 [ 541.003528] __dentry_kill+0x16a/0x260 [ 541.004300] dentry_kill+0x70/0x250 [ 541.005018] dput+0x154/0x1d0 [ 541.005635] do_one_tree+0x34/0x40 [ 541.006354] shrink_dcache_for_umount+0x3f/0xa0 [ 541.007285] generic_shutdown_super+0x43/0x1c0 [ 541.008192] kill_block_super+0x52/0x80 [ 541.008978] kill_f2fs_super+0x62/0x70 [ 541.009750] deactivate_locked_super+0x6f/0xa0 [ 541.010664] deactivate_super+0x5e/0x80 [ 541.011450] cleanup_mnt+0x61/0xa0 [ 541.012151] __cleanup_mnt+0x12/0x20 [ 541.012893] task_work_run+0xc8/0xf0 [ 541.013635] exit_to_usermode_loop+0x125/0x130 [ 541.014555] do_syscall_64+0x138/0x170 [ 541.015340] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 541.016375] RIP: 0033:0x7f46624bf487 [ 541.017104] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 c9 2b 00 f7 d8 64 89 01 48 [ 541.020923] RSP: 002b:00007fff5e12e9a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 541.022452] RAX: 0000000000000000 RBX: 0000000001753030 RCX: 00007f46624bf487 [ 541.023885] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000175a1e0 [ 541.025318] RBP: 000000000175a1e0 R08: 0000000000000000 R09: 0000000000000014 [ 541.026755] R10: 00000000000006b2 R11: 0000000000000246 R12: 00007f46629c883c [ 541.028186] R13: 0000000000000000 R14: 0000000001753210 R15: 00007fff5e12ec30 [ 541.029626] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm snd_timer snd mac_hid i2c_piix4 soundcore ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid1 raid0 multipath linear 8139too crct10dif_pclmul crc32_pclmul qxl drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt fb_sys_fops ttm drm aes_x86_64 crypto_simd cryptd 8139cp glue_helper mii pata_acpi floppy [ 541.039445] ---[ end trace 4ce02f25ff7d3df5 ]--- [ 541.040392] RIP: 0010:clear_inode+0xc0/0xd0 [ 541.041240] Code: 8d a3 30 01 00 00 4c 89 e7 e8 1c ec f8 ff 48 8b 83 30 01 00 00 49 39 c4 75 1a 48 c7 83 a0 00 00 00 60 00 00 00 5b 41 5c 5d c3 <0f> 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 1f 40 00 66 66 66 66 90 55 [ 541.045042] RSP: 0018:ffff8801e34a7b70 EFLAGS: 00010002 [ 541.046099] RAX: 0000000000000000 RBX: ffff8801e9b744e8 RCX: ffffffffb840eb3a [ 541.047537] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff8801e9b746b8 [ 541.048965] RBP: ffff8801e34a7b80 R08: ffffed003d36e8ce R09: ffffed003d36e8ce [ 541.050402] R10: 0000000000000001 R11: ffffed003d36e8cd R12: ffff8801e9b74668 [ 541.051832] R13: ffff8801e9b74760 R14: ffff8801e9b74528 R15: ffff8801e9b74530 [ 541.053263] FS: 00007f4662bdf840(0000) GS:ffff8801f6f00000(0000) knlGS:0000000000000000 [ 541.054891] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 541.056039] CR2: 000000000175c568 CR3: 00000001dcfe6000 CR4: 00000000000006e0 [ 541.058506] ================================================================== [ 541.059991] BUG: KASAN: stack-out-of-bounds in update_stack_state+0x38c/0x3e0 [ 541.061513] Read of size 8 at addr ffff8801e34a7970 by task umount/1305 [ 541.063302] CPU: 1 PID: 1305 Comm: umount Tainted: G D 4.18.0-rc1+ #4 [ 541.064838] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 541.066778] Call Trace: [ 541.067294] dump_stack+0x7b/0xb5 [ 541.067986] print_address_description+0x70/0x290 [ 541.068941] kasan_report+0x291/0x390 [ 541.069692] ? update_stack_state+0x38c/0x3e0 [ 541.070598] __asan_load8+0x54/0x90 [ 541.071315] update_stack_state+0x38c/0x3e0 [ 541.072172] ? __read_once_size_nocheck.constprop.7+0x20/0x20 [ 541.073340] ? vprintk_func+0x27/0x60 [ 541.074096] ? printk+0xa3/0xd3 [ 541.074762] ? __save_stack_trace+0x5e/0x100 [ 541.075634] unwind_next_frame.part.5+0x18e/0x490 [ 541.076594] ? unwind_dump+0x290/0x290 [ 541.077368] ? __show_regs+0x2c4/0x330 [ 541.078142] __unwind_start+0x106/0x190 [ 541.085422] __save_stack_trace+0x5e/0x100 [ 541.086268] ? __save_stack_trace+0x5e/0x100 [ 541.087161] ? unlink_anon_vmas+0xba/0x2c0 [ 541.087997] save_stack_trace+0x1f/0x30 [ 541.088782] save_stack+0x46/0xd0 [ 541.089475] ? __alloc_pages_slowpath+0x1420/0x1420 [ 541.090477] ? flush_tlb_mm_range+0x15e/0x220 [ 541.091364] ? __dec_node_state+0x24/0xb0 [ 541.092180] ? lock_page_memcg+0x85/0xf0 [ 541.092979] ? unlock_page_memcg+0x16/0x80 [ 541.093812] ? page_remove_rmap+0x198/0x520 [ 541.094674] ? mark_page_accessed+0x133/0x200 [ 541.095559] ? _cond_resched+0x1a/0x50 [ 541.096326] ? unmap_page_range+0xcd4/0xe50 [ 541.097179] ? rb_next+0x58/0x80 [ 541.097845] ? rb_next+0x58/0x80 [ 541.098518] __kasan_slab_free+0x13c/0x1a0 [ 541.099352] ? unlink_anon_vmas+0xba/0x2c0 [ 541.100184] kasan_slab_free+0xe/0x10 [ 541.100934] kmem_cache_free+0x89/0x1e0 [ 541.101724] unlink_anon_vmas+0xba/0x2c0 [ 541.102534] free_pgtables+0x101/0x1b0 [ 541.103299] exit_mmap+0x146/0x2a0 [ 541.103996] ? __ia32_sys_munmap+0x50/0x50 [ 541.104829] ? kasan_check_read+0x11/0x20 [ 541.105649] ? mm_update_next_owner+0x322/0x380 [ 541.106578] mmput+0x8b/0x1d0 [ 541.107191] do_exit+0x43a/0x1390 [ 541.107876] ? mm_update_next_owner+0x380/0x380 [ 541.108791] ? deactivate_super+0x5e/0x80 [ 541.109610] ? cleanup_mnt+0x61/0xa0 [ 541.110351] ? __cleanup_mnt+0x12/0x20 [ 541.111115] ? task_work_run+0xc8/0xf0 [ 541.111879] ? exit_to_usermode_loop+0x125/0x130 [ 541.112817] rewind_stack_do_exit+0x17/0x20 [ 541.113666] RIP: 0033:0x7f46624bf487 [ 541.114404] Code: Bad RIP value. [ 541.115094] RSP: 002b:00007fff5e12e9a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 541.116605] RAX: 0000000000000000 RBX: 0000000001753030 RCX: 00007f46624bf487 [ 541.118034] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000175a1e0 [ 541.119472] RBP: 000000000175a1e0 R08: 0000000000000000 R09: 0000000000000014 [ 541.120890] R10: 00000000000006b2 R11: 0000000000000246 R12: 00007f46629c883c [ 541.122321] R13: 0000000000000000 R14: 0000000001753210 R15: 00007fff5e12ec30 [ 541.124061] The buggy address belongs to the page: [ 541.125042] page:ffffea00078d29c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 541.126651] flags: 0x2ffff0000000000() [ 541.127418] raw: 02ffff0000000000 dead000000000100 dead000000000200 0000000000000000 [ 541.128963] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 541.130516] page dumped because: kasan: bad access detected [ 541.131954] Memory state around the buggy address: [ 541.132924] ffff8801e34a7800: 00 f1 f1 f1 f1 00 f4 f4 f4 f3 f3 f3 f3 00 00 00 [ 541.134378] ffff8801e34a7880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 541.135814] >ffff8801e34a7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 541.137253] ^ [ 541.138637] ffff8801e34a7980: f1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 541.140075] ffff8801e34a7a00: 00 00 00 00 00 00 00 00 f3 00 00 00 00 00 00 00 [ 541.141509] ================================================================== - Location https://elixir.bootlin.com/linux/v4.18-rc1/source/fs/inode.c#L512 BUG_ON(inode->i_data.nrpages); The root cause is root directory inode is corrupted, it has both inline_data and inline_dentry flag, and its nlink is zero, so in ->evict(), after dropping all page cache, it grabs page #0 for inline data truncation, result in panic in later clear_inode() where we will check inode->i_data.nrpages value. This patch adds inline flags check in sanity_check_inode, in addition, do sanity check with root inode's nlink. Reported-by Wen Xu Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit d0daaeaf60143c02a2ef87f9f0703b63a0a7f8b3 Merge: 400439275d95 9e90c7985229 Author: Linus Torvalds Date: Mon Aug 13 10:47:26 2018 -0700 Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull genirq updates from Thomas Gleixner: "The irq departement provides: - A synchronization fix for free_irq() to synchronize just the removed interrupt thread on shared interrupt lines. - Consolidate the multi low level interrupt entry handling and mvoe it to the generic code instead of adding yet another copy for RISC-V - Refactoring of the ARM LPI allocator and LPI exposure to the hypervisor - Yet another interrupt chip driver for the JZ4725B SoC - Speed up for /proc/interrupts as people seem to love reading this file with high frequency - Miscellaneous fixes and updates" * 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (23 commits) irqchip/gic-v3-its: Make its_lock a raw_spin_lock_t genirq/irqchip: Remove MULTI_IRQ_HANDLER as it's now obselete openrisc: Use the new GENERIC_IRQ_MULTI_HANDLER arm64: Use the new GENERIC_IRQ_MULTI_HANDLER ARM: Convert to GENERIC_IRQ_MULTI_HANDLER irqchip: Port the ARM IRQ drivers to GENERIC_IRQ_MULTI_HANDLER irqchip/gic-v3-its: Reduce minimum LPI allocation to 1 for PCI devices dt-bindings: irqchip: renesas-irqc: Document r8a77980 support dt-bindings: irqchip: renesas-irqc: Document r8a77470 support irqchip/ingenic: Add support for the JZ4725B SoC irqchip/stm32: Add exti0 translation for stm32mp1 genirq: Remove redundant NULL pointer check in __free_irq() irqchip/gic-v3-its: Honor hypervisor enforced LPI range irqchip/gic-v3: Expose GICD_TYPER in the rdist structure irqchip/gic-v3-its: Drop chunk allocation compatibility irqchip/gic-v3-its: Move minimum LPI requirements to individual busses irqchip/gic-v3-its: Use full range of LPIs irqchip/gic-v3-its: Refactor LPI allocator genirq: Synchronize only with single thread on free_irq() genirq: Update code comments wrt recycled thread_mask ... commit 400439275d9543286f9d3f2925c3156f888e6b18 Merge: 0ad6b38ab2cc c4326563d9ab Author: Linus Torvalds Date: Mon Aug 13 10:25:08 2018 -0700 Merge branch 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull EFI updates from Thomas Gleixner: "The EFI pile: - Make mixed mode UEFI runtime service invocations mutually exclusive, as mandated by the UEFI spec - Perform UEFI runtime services calls from a work queue so the calls into the firmware occur from a kernel thread - Honor the UEFI memory map attributes for live memory regions configured by UEFI as a framebuffer. This works around a coherency problem with KVM guests running on ARM. - Cleanups, improvements and fixes all over the place" * 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: efivars: Call guid_parse() against guid_t type of variable efi/cper: Use consistent types for UUIDs efi/x86: Replace references to efi_early->is64 with efi_is_64bit() efi: Deduplicate efi_open_volume() efi/x86: Add missing NULL initialization in UGA draw protocol discovery efi/x86: Merge 32-bit and 64-bit UGA draw protocol setup routines efi/x86: Align efi_uga_draw_protocol typedef names to convention efi/x86: Merge the setup_efi_pci32() and setup_efi_pci64() routines efi/x86: Prevent reentrant firmware calls in mixed mode efi/esrt: Only call efi_mem_reserve() for boot services memory fbdev/efifb: Honour UEFI memory map attributes when mapping the FB efi: Drop type and attribute checks in efi_mem_desc_lookup() efi/libstub/arm: Add opt-in Kconfig option for the DTB loader efi: Remove the declaration of efi_late_init() as the function is unused efi/cper: Avoid using get_seconds() efi: Use a work queue to invoke EFI Runtime Services efi/x86: Use non-blocking SetVariable() for efi_delete_dummy_variable() efi/x86: Clean up the eboot code commit 0ad6b38ab2cc00b886c34d945b6a30fdf5108c61 Merge: 03e61914a6d2 3ff4f80a74fd Author: Linus Torvalds Date: Mon Aug 13 10:21:28 2018 -0700 Merge branch 'core-debugobjects-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull debugobjects update from Thomas Gleixner: "Two simple updates for the debug objects code: - Make the stack check warning more informative by adding the object and the stack page address to the printout - Remove a redundant NULL pointer check" * 'core-debugobjects-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: debugobjects: Remove redundant NULL pointer check debugobjects: Make stack check warning more informative commit c1617fb4c5eea2ad38b5ffb937a732dbb137117f Merge: 961d9735357e 2ce3206b9eb3 Author: David S. Miller Date: Mon Aug 13 10:07:23 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next Daniel Borkmann says: ==================== pull-request: bpf-next 2018-08-13 The following pull-request contains BPF updates for your *net-next* tree. The main changes are: 1) Add driver XDP support for veth. This can be used in conjunction with redirect of another XDP program e.g. sitting on NIC so the xdp_frame can be forwarded to the peer veth directly without modification, from Toshiaki. 2) Add a new BPF map type REUSEPORT_SOCKARRAY and prog type SK_REUSEPORT in order to provide more control and visibility on where a SO_REUSEPORT sk should be located, and the latter enables to directly select a sk from the bpf map. This also enables map-in-map for application migration use cases, from Martin. 3) Add a new BPF helper bpf_skb_ancestor_cgroup_id() that returns the id of cgroup v2 that is the ancestor of the cgroup associated with the skb at the ancestor_level, from Andrey. 4) Implement BPF fs map pretty-print support based on BTF data for regular hash table and LRU map, from Yonghong. 5) Decouple the ability to attach BTF for a map from the key and value pretty-printer in BPF fs, and enable further support of BTF for maps for percpu and LPM trie, from Daniel. 6) Implement a better BPF sample of using XDP's CPU redirect feature for load balancing SKB processing to remote CPU. The sample implements the same XDP load balancing as Suricata does which is symmetric hash based on IP and L4 protocol, from Jesper. 7) Revert adding NULL pointer check with WARN_ON_ONCE() in __xdp_return()'s critical path as it is ensured that the allocator is present, from Björn. ==================== Signed-off-by: David S. Miller commit 961d9735357ec59be3e3e2c37c0ca6494f04461b Merge: 45c91fb20093 209b43759d65 Author: David S. Miller Date: Mon Aug 13 10:06:11 2018 -0700 Merge tag 'wireless-drivers-next-for-davem-2018-08-12' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next Kalle Valo says: ==================== pull-request: wireless-drivers-next 2018-08-12 wireless-drivers-next patches for 4.19 Last set of new features for 4.19. Most notable is simplifying SSB debugging code with two Kconfig option removals and fixing mt76 USB build problems. Major changes: ath10k * add debugfs file warm_hw_reset wil6210 * add debugfs files tx_latency, link_stats and link_stats_global * add 3-MSI support * allow scan on AP interface * support max aggregation window size 64 ssb * remove CONFIG_SSB_SILENT and CONFIG_SSB_DEBUG Kconfig options mt76 * fix build problems with recently added USB support ==================== Signed-off-by: David S. Miller commit 03e61914a6d2c5bb95faaa470193cfdb71b7ea01 Merge: 94710cac0ef4 71a896687b85 Author: Linus Torvalds Date: Mon Aug 13 09:50:24 2018 -0700 Merge tag 'm68k-for-v4.19-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k Pull m68k updates from Geert Uytterhoeven: - Enable mac_scsi PDMA on PowerBook 500 - Generic dma_noncoherent_ops conversion - Time handling improvements - I/O accessor improvements - Conversion to MEMBLOCK and NO_BOOTMEM, to bring m68k in line with other mainstream architectures - Miscellaneous fixes and cleanups - Defconfig updates * tag 'm68k-for-v4.19-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k: m68k/defconfig: Update defconfigs for v4.18-rc6 m68k: switch to MEMBLOCK + NO_BOOTMEM m68k/page_no.h: force __va argument to be unsigned long m68k/bitops: convert __ffs to match generic declaration m68k/io: Switch mmu variant to m68k/io: Move mem*io define guards to Input: hilkbd - Add casts to HP9000/300 I/O accessors net: mac8390: Use standard memcpy_{from,to}io() m68k/io: Add missing ioremap define guards, fix typo m68k: Remove unused set_clock_mmss() helpers m68k: mac: Use time64_t in RTC handling m68k: Use generic dma_noncoherent_ops nubus: Set default dma mask for nubus_board devices m68k/mac: Enable PDMA for PowerBook 500 series commit 627672cf431b0379c07cc8d146f907cda6797222 Author: Palmer Dabbelt Date: Mon Jun 26 22:09:07 2017 -0700 dt-bindings: interrupt-controller: SiFive Plaform Level Interrupt Controller Add documentation for the SiFive implementation of the RISC-V Platform Level Interrupt Controller (PLIC). The PLIC connects global interrupt sources to the local interrupt controller on each hart. Signed-off-by: Palmer Dabbelt [hch: various fixes and updates] Signed-off-by: Christoph Hellwig Signed-off-by: Palmer Dabbelt commit b67bc7cb408816b94224a74dff9868d2a38bf30c Author: Palmer Dabbelt Date: Mon Jun 26 22:07:50 2017 -0700 dt-bindings: interrupt-controller: RISC-V local interrupt controller Add documentation on the RISC-V local interrupt controller, which is a per-hart interrupt controller that manages all interrupts entering a RISC-V hart. This interrupt controller is present on all RISC-V systems. Signed-off-by: Palmer Dabbelt [hch: minor cleanups] Signed-off-by: Christoph Hellwig Signed-off-by: Palmer Dabbelt commit 45c91fb200936b2c48e8605539d800a61abb1cbf Author: YueHaibing Date: Mon Aug 13 17:29:36 2018 +0800 liquidio: remove set but not used variable 'is25G' Fixes gcc '-Wunused-but-set-variable' warning: drivers/net/ethernet/cavium/liquidio/lio_ethtool.c: In function 'lio_set_link_ksettings': drivers/net/ethernet/cavium/liquidio/lio_ethtool.c:392:6: warning: variable 'is25G' set but not used [-Wunused-but-set-variable] Signed-off-by: YueHaibing Signed-off-by: David S. Miller commit 0ec456802d133e0eeb4d9ac4283a9982ad9b89af Author: YueHaibing Date: Mon Aug 13 14:59:02 2018 +0800 cxgb4: remove set but not used variable 'spd' Fixes gcc '-Wunused-but-set-variable' warning: drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c: In function 'print_port_info': drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:5147:14: warning: variable 'spd' set but not used [-Wunused-but-set-variable] variable 'spd' is set but not used since commit 547fd27241a8 ("cxgb4: Warn if device doesn't have enough PCI bandwidth") Signed-off-by: YueHaibing Acked-by: Ganesh Goudar Signed-off-by: David S. Miller commit 3b20818b0acdd493e5b891140310b1435cccf81b Author: Yue Haibing Date: Mon Aug 13 06:39:21 2018 +0000 lan743x: lan743x: Remove duplicated include from lan743x_ptp.c Remove duplicated include. Signed-off-by: Yue Haibing Signed-off-by: David S. Miller commit 1150827b121e149632bc8f0d5d2b4453694648b6 Author: YueHaibing Date: Mon Aug 13 14:13:15 2018 +0800 virtio_net: remove duplicated include from virtio_net.c Remove duplicated include linux/netdevice.h Signed-off-by: YueHaibing Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller commit 71e41286203c017d24f041a7cd71abea7ca7b1e0 Author: Li RongQing Date: Mon Aug 13 10:42:46 2018 +0800 packet: switch kvzalloc to allocate memory The patches includes following change: *Use modern kvzalloc()/kvfree() instead of custom allocations. *Remove order argument for alloc_pg_vec, it can get from req. *Remove order argument for free_pg_vec, free_pg_vec now uses kvfree which does not need order argument. *Remove pg_vec_order from struct packet_ring_buffer, no longer need to save/restore 'order' *Remove variable 'order' for packet_set_ring, it is now unused Signed-off-by: Zhang Yu Signed-off-by: Li RongQing Signed-off-by: David S. Miller commit 0192e7d46c776f7f735560bfa4d40eac3fd700f9 Author: Zong Li Date: Mon Aug 13 10:26:52 2018 +0800 net: Change the layout of structure trace_event_raw_fib_table_lookup There is an unalignment access about the structure 'trace_event_raw_fib_table_lookup'. In include/trace/events/fib.h, there is a memory operation which casting the 'src' data member to a pointer, and then store a value to this pointer point to. p32 = (__be32 *) __entry->src; *p32 = flp->saddr; The offset of 'src' in structure trace_event_raw_fib_table_lookup is not four bytes alignment. On some architectures, they don't permit the unalignment access, it need to pay the price to handle this situation in exception handler. Adjust the layout of structure to avoid this case. Fixes: 9f323973c915 ("net/ipv4: Udate fib_table_lookup tracepoint") Signed-off-by: Zong Li Acked-by: David Ahern Signed-off-by: David S. Miller commit a72ce9ad7cfc96e640122b2821f6bbc3588815b2 Merge: 9af18e56d43c 7c5790c4da0e Author: David S. Miller Date: Mon Aug 13 09:06:22 2018 -0700 Merge branch 'net-sched-actions-rename-for-grep-ability-and-consistency' Jamal Hadi Salim says: ==================== net: sched: actions rename for grep-ability and consistency Having a structure (example tcf_mirred) and a function with the same name is not good for readability or grepability. This long overdue patchset improves it and make sure there is consistency across all actions ==================== Signed-off-by: David S. Miller commit 7c5790c4da0e5b96b147d683c94ba3ed93e5f0fe Author: Jamal Hadi Salim Date: Sun Aug 12 09:35:01 2018 -0400 net: sched: act_mirred method rename for grep-ability and consistency Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 8aa7f22e5649db6f994cda1212a37e7f8ae4e63e Author: Jamal Hadi Salim Date: Sun Aug 12 09:35:00 2018 -0400 net: sched: act_vlan method rename for grep-ability and consistency Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 353d2c253f4cc5c7b28a041a79949f46ed5edb25 Author: Jamal Hadi Salim Date: Sun Aug 12 09:34:59 2018 -0400 net: sched: act_skbmod method rename for grep-ability and consistency Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 45da1dac612c0658ed946d573000e88f0d8ec5bc Author: Jamal Hadi Salim Date: Sun Aug 12 09:34:58 2018 -0400 net: sched: act_skbedit method rename for grep-ability and consistency Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 798de374e50309dba39cee16527cb3534e84ba86 Author: Jamal Hadi Salim Date: Sun Aug 12 09:34:57 2018 -0400 net: sched: act_simple method rename for grep-ability and consistency Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 2ac063474dc738700eab3425d1f7c4ad98776bcd Author: Jamal Hadi Salim Date: Sun Aug 12 09:34:56 2018 -0400 net: sched: act_police method rename for grep-ability and consistency Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 6a2b401cd17d41944672563b2edf65cdef44c242 Author: Jamal Hadi Salim Date: Sun Aug 12 09:34:55 2018 -0400 net: sched: act_pedit method rename for grep-ability and consistency Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 0390514fe15501e9ddc4e87bdeed35fec9fc4802 Author: Jamal Hadi Salim Date: Sun Aug 12 09:34:54 2018 -0400 net: sched: act_nat method rename for grep-ability and consistency Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 11b9695b3ff06990333d77963607944574953c98 Author: Jamal Hadi Salim Date: Sun Aug 12 09:34:53 2018 -0400 net: sched: act_ipt method rename for grep-ability and consistency Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 1740005e2a0cae1ba87e3efe2690755fe169837b Author: Jamal Hadi Salim Date: Sun Aug 12 09:34:52 2018 -0400 net: sched: act_gact method rename for grep-ability and consistency Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit c831549c3f53537e3b8a205c5d67cbc16c054f6a Author: Jamal Hadi Salim Date: Sun Aug 12 09:34:51 2018 -0400 net: sched: act_sum method rename for grep-ability and consistency Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 2fbec27f816bd95ebc468d17a784b20a72b95896 Author: Jamal Hadi Salim Date: Sun Aug 12 09:34:50 2018 -0400 net: sched: act_bpf method rename for grep-ability and consistency Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 962ad1f937d86456e88d8cbcd93766746297f711 Author: Jamal Hadi Salim Date: Sun Aug 12 09:34:49 2018 -0400 net: sched: act_connmark method rename for grep-ability and consistency Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 9af18e56d43ca4864ce65c3542c513827c2697de Author: Willem de Bruijn Date: Sun Aug 12 09:14:03 2018 -0400 cpumask: make cpumask_next_wrap available without smp The kbuild robot shows build failure on machines without CONFIG_SMP: drivers/net/virtio_net.c:1916:10: error: implicit declaration of function 'cpumask_next_wrap' cpumask_next_wrap is exported from lib/cpumask.o, which has lib-$(CONFIG_SMP) += cpumask.o same as other functions, also define it as static inline in the NR_CPUS==1 branch in include/linux/cpumask.h. If wrap is true and next == start, return nr_cpumask_bits, or 1. Else wrap across the range of valid cpus, here [0]. Fixes: 2ca653d607ce ("virtio_net: Stripe queue affinities across cores.") Signed-off-by: Willem de Bruijn Tested-by: Krzysztof Kozlowski Signed-off-by: David S. Miller commit 7c53a722459c1d6ffb0f5b2058c06ca8980b8600 Author: Heiner Kallweit Date: Sun Aug 12 13:26:26 2018 +0200 r8169: don't use MSI-X on RTL8168g There have been two reports that network doesn't come back on resume from suspend when using MSI-X. Both cases affect the same chip version (RTL8168g - version 40), on different systems. Falling back to MSI fixes the issue. Even though we don't really have a proof yet that the network chip version is to blame, let's disable MSI-X for this version. Reported-by: Steve Dodd Reported-by: Lou Reed Tested-by: Steve Dodd Tested-by: Lou Reed Fixes: 6c6aa15fdea5 ("r8169: improve interrupt handling") Signed-off-by: Heiner Kallweit Signed-off-by: David S. Miller commit 0fcf6c02b205f80f24eb548b236543ec151cb01c Author: Yan, Zheng Date: Fri Aug 3 16:24:49 2018 +0800 ceph: don't drop message if it contains more data than expected Later version mds may encode more data into messages. Signed-off-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit 342ce1823ebaec573ac269b56bca78c698fec5c3 Author: Yan, Zheng Date: Fri May 11 18:47:29 2018 +0800 ceph: support cephfs' own feature bits Signed-off-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit 4de17aea5ceffe6d8350fde9d903a02037b221c6 Author: YueHaibing Date: Wed Aug 8 19:52:57 2018 +0800 crush: fix using plain integer as NULL warning Fixes the following sparse warnings: net/ceph/crush/mapper.c:517:76: warning: Using plain integer as NULL pointer net/ceph/crush/mapper.c:728:68: warning: Using plain integer as NULL pointer Signed-off-by: YueHaibing Reviewed-by: Ilya Dryomov Signed-off-by: Ilya Dryomov commit bad87216fb8426302cd53a5fcfdd45c3a5d54383 Author: YueHaibing Date: Tue Aug 7 21:02:34 2018 +0800 libceph: remove unnecessary non NULL check for request_key request_key never return NULL,so no need do non-NULL check. Signed-off-by: YueHaibing Reviewed-by: Ilya Dryomov Signed-off-by: Ilya Dryomov commit e5bc08d09f5fac5cd2901f34b510e67c524894ab Author: Chengguang Xu Date: Sat Jul 28 23:15:37 2018 +0800 ceph: refactor error handling code in ceph_reserve_caps() Call new helper __ceph_unreserve_caps() to reduce duplicated code. Signed-off-by: Chengguang Xu Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit 7bf8f736c8e0f2e854d41838eed12e317fb29963 Author: Chengguang Xu Date: Sat Jul 28 23:15:35 2018 +0800 ceph: refactor ceph_unreserve_caps() The code of ceph_unreserve_caps() and error handling in ceph_reserve_caps() are duplicated, so introduce a helper __ceph_unreserve_caps() to reduce duplicated code. Signed-off-by: Chengguang Xu Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit d5548492902967dd088bd0a21df7d047df10f9f6 Author: Chengguang Xu Date: Sat Jul 28 16:30:48 2018 +0800 ceph: change to void return type for __do_request() We do not check return code for __do_request() in all callers, so change to void return type. Signed-off-by: Chengguang Xu Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit 9da12e3a7de1665a14063653b60e872da0ee7810 Author: Chengguang Xu Date: Thu Jul 19 22:15:27 2018 +0800 ceph: compare fsc->max_file_size and inode->i_size for max file size limit In ceph_llseek(), we compare fsc->max_file_size and inode->i_size to choose max file size limit. Signed-off-by: Chengguang Xu Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit 36a4c72d1c6f5f50d4db14a38f296855ae82571b Author: Chengguang Xu Date: Sun Aug 5 19:33:01 2018 +0800 ceph: add additional size check in ceph_setattr() ceph_setattr() finally calls vfs function inode_newsize_ok() to do offset validation and that is based on sb->s_maxbytes. Because we set sb->s_maxbytes to MAX_LFS_FILESIZE to through VFS check and do proper offset validation in cephfs level, we need adding proper offset validation before calling inode_newsize_ok(). Signed-off-by: Chengguang Xu Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit 9ebcc22c1be80b090983caff218932593a1d58a7 Merge: 6d37fa49da1e fd5cf434a4b0 Author: David S. Miller Date: Mon Aug 13 08:49:37 2018 -0700 Merge branch 'nixge-Minor-cleanups' Moritz Fischer says: ==================== net: nixge: Minor cleanups in preparation of my 64-bit support series, here's some minor cleanup in preparation that gets rid of unneccesary accesses to the descriptor application fields. I've confirmed that the hardware does not access the fields in all our configurations. ==================== Signed-off-by: David S. Miller commit fd5cf434a4b0b25fc6f76b90373302a26d541ac8 Author: Moritz Fischer Date: Fri Aug 10 18:19:41 2018 -0700 net: nixge: Don't store skb in app4 field of descriptor Don't store skb in app4 field of descriptor since it is not being used anywhere (including hardware). Signed-off-by: Moritz Fischer Signed-off-by: David S. Miller commit e158770e22892f8f8e11810267e2a100d25d22c7 Author: Moritz Fischer Date: Fri Aug 10 18:19:40 2018 -0700 net: nixge: Do not zero application specific fields in desc Do not zero application specific fields in DMA descriptors. The hardware does ignore them, so should software. Signed-off-by: Moritz Fischer Signed-off-by: David S. Miller commit 6d37fa49da1e8db8fb1995be22ac837ca41ac8a8 Author: Wei Wang Date: Fri Aug 10 11:14:56 2018 -0700 l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache In l2tp code, if it is a L2TP_UDP_ENCAP tunnel, tunnel->sk points to a UDP socket. User could call sendmsg() on both this tunnel and the UDP socket itself concurrently. As l2tp_xmit_skb() holds socket lock and call __sk_dst_check() to refresh sk->sk_dst_cache, while udpv6_sendmsg() is lockless and call sk_dst_check() to refresh sk->sk_dst_cache, there could be a race and cause the dst cache to be freed multiple times. So we fix l2tp side code to always call sk_dst_check() to garantee xchg() is called when refreshing sk->sk_dst_cache to avoid race conditions. Syzkaller reported stack trace: BUG: KASAN: use-after-free in atomic_read include/asm-generic/atomic-instrumented.h:21 [inline] BUG: KASAN: use-after-free in atomic_fetch_add_unless include/linux/atomic.h:575 [inline] BUG: KASAN: use-after-free in atomic_add_unless include/linux/atomic.h:597 [inline] BUG: KASAN: use-after-free in dst_hold_safe include/net/dst.h:308 [inline] BUG: KASAN: use-after-free in ip6_hold_safe+0xe6/0x670 net/ipv6/route.c:1029 Read of size 4 at addr ffff8801aea9a880 by task syz-executor129/4829 CPU: 0 PID: 4829 Comm: syz-executor129 Not tainted 4.18.0-rc7-next-20180802+ #30 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x30d mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 kasan_check_read+0x11/0x20 mm/kasan/kasan.c:272 atomic_read include/asm-generic/atomic-instrumented.h:21 [inline] atomic_fetch_add_unless include/linux/atomic.h:575 [inline] atomic_add_unless include/linux/atomic.h:597 [inline] dst_hold_safe include/net/dst.h:308 [inline] ip6_hold_safe+0xe6/0x670 net/ipv6/route.c:1029 rt6_get_pcpu_route net/ipv6/route.c:1249 [inline] ip6_pol_route+0x354/0xd20 net/ipv6/route.c:1922 ip6_pol_route_output+0x54/0x70 net/ipv6/route.c:2098 fib6_rule_lookup+0x283/0x890 net/ipv6/fib6_rules.c:122 ip6_route_output_flags+0x2c5/0x350 net/ipv6/route.c:2126 ip6_dst_lookup_tail+0x1278/0x1da0 net/ipv6/ip6_output.c:978 ip6_dst_lookup_flow+0xc8/0x270 net/ipv6/ip6_output.c:1079 ip6_sk_dst_lookup_flow+0x5ed/0xc50 net/ipv6/ip6_output.c:1117 udpv6_sendmsg+0x2163/0x36b0 net/ipv6/udp.c:1354 inet_sendmsg+0x1a1/0x690 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:632 ___sys_sendmsg+0x51d/0x930 net/socket.c:2115 __sys_sendmmsg+0x240/0x6f0 net/socket.c:2210 __do_sys_sendmmsg net/socket.c:2239 [inline] __se_sys_sendmmsg net/socket.c:2236 [inline] __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2236 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x446a29 Code: e8 ac b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f4de5532db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 0000000000446a29 RDX: 00000000000000b8 RSI: 0000000020001b00 RDI: 0000000000000003 RBP: 00000000006dcc30 R08: 00007f4de5533700 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc3c R13: 00007ffe2b830fdf R14: 00007f4de55339c0 R15: 0000000000000001 Fixes: 71b1391a4128 ("l2tp: ensure sk->dst is still valid") Reported-by: syzbot+05f840f3b04f211bad55@syzkaller.appspotmail.com Signed-off-by: Wei Wang Signed-off-by: Martin KaFai Lau Cc: Guillaume Nault Cc: David Ahern Cc: Cong Wang Signed-off-by: David S. Miller commit e6f86b0f7ae473969a3301b74bf98af9e42ecd0e Author: Virgile Jarry Date: Fri Aug 10 17:48:15 2018 +0200 ipv6: Add icmp_echo_ignore_all support for ICMPv6 Preventing the kernel from responding to ICMP Echo Requests messages can be useful in several ways. The sysctl parameter 'icmp_echo_ignore_all' can be used to prevent the kernel from responding to IPv4 ICMP echo requests. For IPv6 pings, such a sysctl kernel parameter did not exist. Add the ability to prevent the kernel from responding to IPv6 ICMP echo requests through the use of the following sysctl parameter : /proc/sys/net/ipv6/icmp/echo_ignore_all. Update the documentation to reflect this change. Signed-off-by: Virgile Jarry Signed-off-by: David S. Miller commit 8f78004442202b4ee28657513d78e6bb937e877c Merge: 78cbac647e61 0b243d004ea6 Author: David S. Miller Date: Mon Aug 13 08:41:09 2018 -0700 Merge branch 'net-tls-Combined-memory-allocation-for-decryption-request' Vakul Garg says: ==================== net/tls: Combined memory allocation for decryption request This patch does a combined memory allocation from heap for scatterlists, aead_request, aad and iv for the tls record decryption path. In present code, aead_request is allocated from heap, scatterlists on a conditional basis are allocated on heap or on stack. This is inefficient as it may requires multiple kmalloc/kfree. The initialization vector passed in cryption request is allocated on stack. This is a problem since the stack memory is not dma-able from crypto accelerators. Doing one combined memory allocation for each decryption request fixes both the above issues. It also paves a way to be able to submit multiple async decryption requests while the previous one is pending i.e. being processed or queued. ==================== Signed-off-by: David S. Miller commit 0b243d004ea640875115d1500ec429a3e9f9fae9 Author: Vakul Garg Date: Fri Aug 10 20:46:41 2018 +0530 net/tls: Combined memory allocation for decryption request For preparing decryption request, several memory chunks are required (aead_req, sgin, sgout, iv, aad). For submitting the decrypt request to an accelerator, it is required that the buffers which are read by the accelerator must be dma-able and not come from stack. The buffers for aad and iv can be separately kmalloced each, but it is inefficient. This patch does a combined allocation for preparing decryption request and then segments into aead_req || sgin || sgout || iv || aad. Signed-off-by: Vakul Garg Signed-off-by: David S. Miller commit 4c42ae4f6ab78f9ce3fa7e66de44f666733288da Author: Atish Patra Date: Mon Aug 6 16:17:36 2018 -0700 RISC-V: Fix !CONFIG_SMP compilation error Enabling both CONFIG_PERF_EVENTS without !CONFIG_SMP generates following compilation error. arch/riscv/include/asm/perf_event.h:80:2: error: expected specifier-qualifier-list before 'irqreturn_t' irqreturn_t (*handle_irq)(int irq_num, void *dev); ^~~~~~~~~~~ Include interrupt.h in proper place to avoid compilation error. Signed-off-by: Atish Patra Signed-off-by: Palmer Dabbelt commit 8237f8bc4f6eb7e5ce2a19276079cfd3a7c6314a Author: Christoph Hellwig Date: Thu Jul 26 16:27:00 2018 +0200 irqchip: add a SiFive PLIC driver Add a driver for the SiFive implementation of the RISC-V Platform Level Interrupt Controller (PLIC). The PLIC connects global interrupt sources to the local interrupt controller on each hart. This driver is based on the driver in the RISC-V tree from Palmer Dabbelt, but has been almost entirely rewritten since, and includes many fixes from Atish Patra. Signed-off-by: Christoph Hellwig Acked-by: Thomas Gleixner Reviewed-by: Atish Patra [Binding update by Palmer] Signed-off-by: Palmer Dabbelt commit 94f592f0e5b9c17a7505119a2d6c0f1f529ae93d Author: Zong Li Date: Thu Aug 2 23:21:56 2018 +0800 RISC-V: Add the directive for alignment of stvec's value The stvec's value must be 4 byte alignment by specification definition. These directives avoid to stvec be set the non-alignment value. Signed-off-by: Zong Li Signed-off-by: Palmer Dabbelt commit 62b0194368147def8c5a77ce604a125d620fc582 Author: Palmer Dabbelt Date: Sat Aug 4 10:23:19 2018 +0200 clocksource: new RISC-V SBI timer driver The RISC-V ISA defines a per-hart real-time clock and timer, which is present on all systems. The clock is accessed via the 'rdtime' pseudo-instruction (which reads a CSR), and the timer is set via an SBI call. Contains various improvements from Atish Patra . Signed-off-by: Dmitriy Cherkasov Signed-off-by: Palmer Dabbelt [hch: remove dead code, add SPDX tags, used riscv_of_processor_hart(), minor cleanups, merged hotplug cpu support and other improvements from Atish] Signed-off-by: Christoph Hellwig Acked-by: Thomas Gleixner Reviewed-by: Atish Patra Signed-off-by: Palmer Dabbelt commit 6ea0f26a7913b2a72f9cbe84e77ad2cbeaaa9dde Author: Christoph Hellwig Date: Sat Aug 4 10:23:16 2018 +0200 RISC-V: implement low-level interrupt handling Add support for a routine that dispatches exceptions with the interrupt flags set to either the IPI or irqdomain code (and the clock source in the future). Loosely based on the irq-riscv-int.c irqchip driver from the RISC-V tree. Signed-off-by: Christoph Hellwig Signed-off-by: Palmer Dabbelt commit bec2e6ac353d5c8a47c6eea639136bac3990093e Author: Christoph Hellwig Date: Sat Aug 4 10:23:15 2018 +0200 RISC-V: add a definition for the SIE SEIE bit This mirrors the SIE_SSIE and SETE bits that are used in a similar fashion. Signed-off-by: Christoph Hellwig Signed-off-by: Palmer Dabbelt commit 4b40e9ddc892de508c3b3a3d82ee568c07c4308a Author: Christoph Hellwig Date: Sat Aug 4 10:23:14 2018 +0200 RISC-V: remove INTERRUPT_CAUSE_* defines from asm/irq.h These are only of use to the local irq controller driver, so add them in that driver implementation instead, which will be submitted soon. Signed-off-by: Christoph Hellwig Signed-off-by: Palmer Dabbelt commit b9d5535746e306a456691177228a08f04b923a7b Author: Christoph Hellwig Date: Sat Aug 4 10:23:13 2018 +0200 RISC-V: simplify software interrupt / IPI code Rename handle_ipi to riscv_software_interrupt, drop the unused return value and move the prototype to irq.h together with riscv_timer_interupt. This allows simplifying the upcoming interrupt handling support. Signed-off-by: Christoph Hellwig Signed-off-by: Palmer Dabbelt commit b9490350f751e5d17a24d0ae5af1f9e7f55c7c31 Author: Christoph Hellwig Date: Sat Aug 4 10:23:12 2018 +0200 RISC-V: remove timer leftovers This code is currently unused and will be added back later in a different place with the real interrupt and clocksource support. Signed-off-by: Christoph Hellwig Signed-off-by: Palmer Dabbelt commit 5b5c2a2c44d7225ab3abbcc7e1881b97ea9872dd Author: Palmer Dabbelt Date: Fri Dec 8 15:10:35 2017 -0800 RISC-V: Add early printk support via the SBI console This code lives entirely within the RISC-V arch code. I've left it within an "#ifdef CONFIG_EARLY_PRINTK" despite always having EARLY_PRINTK support on RISC-V just in case someone wants to remove it. Reviewed-by: Christoph Hellwig Signed-off-by: Palmer Dabbelt commit 758914fea278658943e3a56e4d373ae8c6f0d9e5 Author: Jim Wilson Date: Sat Jul 14 17:34:39 2018 -0700 RISC-V: Don't increment sepc after breakpoint. Adding 4 to sepc is pointless, and is wrong if we executed a 2-byte compressed breakpoint. This plus a corresponding gdb patch allows compressed breakpoints to work in gdb. Gdb maintainers have already agreed that this is the right approach. Signed-off-by: Jim Wilson Signed-off-by: Palmer Dabbelt commit a89757daf25cfe5320a5f40773271d86e2456c10 Author: Alex Guo Date: Sun Jul 29 01:14:47 2018 +0000 RISC-V: implement __lshrti3. Signed-off-by: Alex Guo Signed-off-by: Palmer Dabbelt commit 4938c79bd0f5f3650c8c2cd4cdc972f0a6962ce4 Author: Palmer Dabbelt Date: Wed Jul 4 14:07:14 2018 -0700 RISC-V: Use KBUILD_CFLAGS instead of KCFLAGS when building the vDSO If you use a 64-bit compiler to build a 32-bit kernel then you'll get an error when building the vDSO due to a library mismatch. The happens because the relevant "-march" argument isn't supplied to the GCC run that generates one of the vDSO intermediate files. I'm not actually sure what the right thing to do here is as I'm not particularly familiar with the kernel build system. I poked the documentation and it appears that KCFLAGS is the correct thing to do (it's suggested that should be used when building modules), but we set KBUILD_CFLAGS in arch/riscv/Makefile. This does at least fix the build error. Reviewed-by: Christoph Hellwig Signed-off-by: Palmer Dabbelt commit c61b466d4f886613c7e71de8282701646a4d999d Merge: afc9f65e01cd 001a30c4d0e8 a3c0f84765bb Author: Russell King Date: Mon Aug 13 16:28:50 2018 +0100 Merge branches 'fixes', 'misc' and 'spectre' into for-linus Conflicts: arch/arm/include/asm/uaccess.h Signed-off-by: Russell King commit 53ccb22b8d4a9293cf4249f3b526892810038fd3 Author: Bartosz Golaszewski Date: Thu Jun 28 15:42:20 2018 +0100 ARM: 8778/1: clkdev: don't call __of_clk_get_by_name() unnecessarily from clk_get() The way this function is implemented caused some confusion when converting the TI DaVinci platform to using the common clock framework. Current kernel supports booting DaVinci boards both in device tree as well as legacy, board-file mode. In the latter, we always end up calling clk_get_sys() as of_node is NULL and __of_clk_get_by_name() returns -ENOENT. It was not obvious at first glance how clk_get(dev, NULL) will work in board-file mode since we always call __of_clk_get_by_name(). Let's make it clearer by checking if of_node is NULL and skipping right to clk_get_sys(). Cc: Sekhar Nori Cc: Kevin Hilman Cc: David Lechner Reviewed-by: David Lechner Reviewed-by: Sekhar Nori Signed-off-by: Bartosz Golaszewski Signed-off-by: Russell King commit f3b28362b683d8763e40ec9beee2f1d3bc616b8b Author: Krzysztof Kozlowski Date: Mon Aug 13 17:11:44 2018 +0200 irqchip/s3c24xx: Remove unneeded comparison of unsigned long to 0 irq_data->hwirq is unsigned long. This fixes GCC warning: drivers/irqchip/irq-s3c24xx.c: In function 's3c_irqext0_type': drivers/irqchip/irq-s3c24xx.c:253:19: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits] if ((data->hwirq >= 0) && (data->hwirq <= 3)) { ^~ Signed-off-by: Krzysztof Kozlowski Signed-off-by: Marc Zyngier commit 4ce719f846a4177f2631e4149503e3baf3dce87b Author: Jason Gunthorpe Date: Thu Aug 9 20:14:44 2018 -0600 IB/uverbs: Do not check for device disassociation during ioctl Now that the ioctl path and uobjects are converted to use uverbs_api, it is now safe to remove the disassociation protection from the common ioctl code. This completes the work to make destroy functions continue to work even after device disassociation. Signed-off-by: Jason Gunthorpe commit 51d0a2b4cfa9979fd8a59faf483b4e84587ab4ea Author: Jason Gunthorpe Date: Thu Aug 9 20:14:43 2018 -0600 IB/uverbs: Remove struct uverbs_root_spec and all supporting code Everything now uses the uverbs_uapi data structure. Signed-off-by: Jason Gunthorpe commit 3a863577a7496278892360a69d90d8465733100c Author: Jason Gunthorpe Date: Thu Aug 9 20:14:42 2018 -0600 IB/uverbs: Use uverbs_api to unmarshal ioctl commands Convert the ioctl method syscall path to use the uverbs_api data structures. The new uapi structure includes all the same information, just in a different and more optimal way. - Use attr_bkey instead of 2 level radix trees for everything related to attributes. This includes the attribute storage, presence, and detection of missing mandatory attributes. - Avoid iterating over all attribute storage at finish, instead use find_first_bit with the attr_bkey to locate only those attrs that need cleanup. - Organize things to always run, and always rely on, cleanup. This avoids a bunch of tricky error unwind cases. - Locate the method using the radix tree, and locate the attributes using a very efficient incremental radix tree lookup - Use the precomputed destroy_bkey to handle uobject destruction - Use the precomputed allocation sizes and precomputed 'need_stack' to avoid maths in the fast path. This is optimal if userspace does not pass (many) unsupported attributes. Overall this results in much better codegen for the attribute accessors, everything is now stored in bitmaps or linear arrays indexed by attr_bkey. The compiler can compute attr_bkey values at compile time for all method attributes, meaning things like uverbs_attr_is_valid() now compile into single instruction bit tests. Signed-off-by: Jason Gunthorpe commit b61815e241652096b61f59ca2063edecb23602a2 Author: Jason Gunthorpe Date: Thu Aug 9 20:14:41 2018 -0600 IB/uverbs: Use uverbs_alloc for allocations Several handlers need temporary allocations for the life of the method, switch them to use the uverbs_alloc allocator. Signed-off-by: Jason Gunthorpe Reviewed-by: Leon Romanovsky commit 461bb2eee4e162617e790c74d9b4ab10056cad7f Author: Jason Gunthorpe Date: Thu Aug 9 20:14:40 2018 -0600 IB/uverbs: Add a simple allocator to uverbs_attr_bundle This is similar in spirit to devm, it keeps track of any allocations linked to this method call and ensures they are all freed when the method exits. Further, if there is space in the internal/onstack buffer then the allocator will hand out that memory and avoid an expensive call to kalloc/kfree in the syscall path. Signed-off-by: Jason Gunthorpe Reviewed-by: Leon Romanovsky commit 00d22a1c367d03f469f8e1e924b062b09b0545e8 Author: Darrick J. Wong Date: Fri Aug 10 17:55:56 2018 -0700 xfs: recalculate summary counters at mount time if icount is bad Since the sb write verifier trips on bad icounts, we should also force a mount time recalculation of the summary counters if the icount is bad. This helps us avoid blowing up at freeze/unmount time when the bad counter gets written back out. Signed-off-by: Darrick J. Wong Reviewed-by: Allison Henderson Reviewed-by: Carlos Maiolino commit 976d34e2dab10ece5ea8fe7090b7692913f89084 Author: Punit Agrawal Date: Mon Aug 13 11:43:51 2018 +0100 KVM: arm/arm64: Skip updating PTE entry if no change When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of the architecture can lead to additional refaulting due to TLB invalidation. Avoid this by skipping a page table update if the new value of the PTE matches the previous value. Cc: stable@vger.kernel.org Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup") Reviewed-by: Suzuki Poulose Acked-by: Christoffer Dall Signed-off-by: Punit Agrawal Signed-off-by: Marc Zyngier commit 86658b819cd0a9aa584cd84453ed268a6f013770 Author: Punit Agrawal Date: Mon Aug 13 11:43:50 2018 +0100 KVM: arm/arm64: Skip updating PMD entry if no change Contention on updating a PMD entry by a large number of vcpus can lead to duplicate work when handling stage 2 page faults. As the page table update follows the break-before-make requirement of the architecture, it can lead to repeated refaults due to clearing the entry and flushing the tlbs. This problem is more likely when - * there are large number of vcpus * the mapping is large block mapping such as when using PMD hugepages (512MB) with 64k pages. Fix this by skipping the page table update if there is no change in the entry being updated. Cc: stable@vger.kernel.org Fixes: ad361f093c1e ("KVM: ARM: Support hugetlbfs backed huge pages") Reviewed-by: Suzuki Poulose Acked-by: Christoffer Dall Signed-off-by: Punit Agrawal Signed-off-by: Marc Zyngier commit f11b9abc9318d5506f08156b4950c24e3cba73e5 Author: Harish Jenny K N Date: Thu Jul 19 17:24:04 2018 +0530 Documentation: remove dynamic-resolution-notes reference to non-existent file File dt-object-internal.txt does not exist. This patch removes a reference to it. Signed-off-by: Harish Jenny K N Reviewed-by: Frank Rowand Signed-off-by: Rob Herring commit 330ad75f6a79d46f11f7bf8937852ebb4673b1d5 Author: Dan Carpenter Date: Mon Aug 13 12:32:35 2018 +0300 Bluetooth: mediatek: pass correct size to h4_recv_buf() We're supposed to pass the number of elements in the mtk_recv_pkts, not the number of bytes. Fixes: 7237c4c9ec92 ("Bluetooth: mediatek: Add protocol support for MediaTek serial devices") Signed-off-by: Dan Carpenter Signed-off-by: Marcel Holtmann commit f5b6c1fcb42fe7d6f2f6eb2220512e2a5f875133 Merge: 73b383141d29 4aa5db22d355 Author: Takashi Iwai Date: Mon Aug 13 12:12:31 2018 +0200 Merge tag 'asoc-v4.19' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Updates for v4.19 A fairly big update, including quite a bit of core activity this time around (which is good to see) along with a fairly large set of new drivers. - A new snd_pcm_stop_xrun() helper which is now used in several drivers. - Support for providing name prefixes to generic component nodes. - Quite a few fixes for DPCM as it gains a bit wider use and more robust testing. - Generalization of the DIO2125 support to a simple amplifier driver. - Accessory detection support for the audio graph card. - DT support for PXA AC'97 devices. - Quirks for a number of new x86 systems. - Support for AM Logic Meson, Everest ES7154, Intel systems with RT5682, Qualcomm QDSP6 and WCD9335, Realtek RT5682 and TI TAS5707. commit 4096165d55218a6f58b6c2ebc5d2428aa0aa70e4 Author: Dan Carpenter Date: Wed Aug 8 15:03:19 2018 +0300 irqchip/stm32: Fix init error handling If there are any errors in stm32_exti_host_init() then it leads to a NULL dereference in the callers. The function should clean up after itself. Fixes: f9fc1745501e ("irqchip/stm32: Add host and driver data structures") Reviewed-by: Ludovic Barre Signed-off-by: Dan Carpenter Signed-off-by: Marc Zyngier commit 0702bc4d2fe793018ad9aa0eb14bff7f526c4095 Author: Jonas Gorski Date: Thu Aug 9 10:59:01 2018 +0200 irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP When compiling bmips with SMP disabled, the build fails with: drivers/irqchip/irq-bcm7038-l1.o: In function `bcm7038_l1_cpu_offline': drivers/irqchip/irq-bcm7038-l1.c:242: undefined reference to `irq_set_affinity_locked' make[5]: *** [vmlinux] Error 1 Fix this by adding and setting bcm7038_l1_cpu_offline only when actually compiling for SMP. It wouldn't have been used anyway, as it requires CPU_HOTPLUG, which in turn requires SMP. Fixes: 34c535793bcb ("irqchip/bcm7038-l1: Implement irq_cpu_offline() callback") Signed-off-by: Jonas Gorski Signed-off-by: Marc Zyngier commit c8921d72e390cb6fca3fb2b0c2badfda851647eb Author: Helge Deller Date: Sun Aug 5 00:03:29 2018 +0200 parisc: Fix and improve kernel stack unwinding This patchset fixes and improves stack unwinding a lot: 1. Show backward stack traces with up to 30 callsites 2. Add callinfo to ENTRY_CFI() such that every assembler function will get an entry in the unwind table 3. Use constants instead of numbers in call_on_stack() 4. Do not depend on CONFIG_KALLSYMS to generate backtraces. 5. Speed up backtrace generation Make sure you have this patch to GNU as installed: https://sourceware.org/ml/binutils/2018-07/msg00474.html Without this patch, unwind info in the kernel is often wrong for various functions. Signed-off-by: Helge Deller commit 3b885ac1dc35b87a39ee176a6c7e2af9c789d8b8 Author: John David Anglin Date: Sun Aug 12 16:31:17 2018 -0400 parisc: Remove unnecessary barriers from spinlock.h Now that mb() is an instruction barrier, it will slow performance if we issue unnecessary barriers. The spinlock defines have a number of unnecessary barriers.  The __ldcw() define is both a hardware and compiler barrier.  The mb() barriers in the routines using __ldcw() serve no purpose. The only barrier needed is the one in arch_spin_unlock().  We need to ensure all accesses are complete prior to releasing the lock. Signed-off-by: John David Anglin Cc: stable@vger.kernel.org # 4.0+ Signed-off-by: Helge Deller commit 7797167ffde1f00446301cb22b37b7c03194cfaf Author: John David Anglin Date: Sun Aug 12 16:38:03 2018 -0400 parisc: Remove ordered stores from syscall.S Now that we use a sync prior to releasing the locks in syscall.S, we don't need the PA 2.0 ordered stores used to release some locks.  Using an ordered store, potentially slows the release and subsequent code. There are a number of other ordered stores and loads that serve no purpose.  I have converted these to normal stores. Signed-off-by: John David Anglin Cc: stable@vger.kernel.org # 4.0+ Signed-off-by: Helge Deller commit 4a53ec1ccf932f86845c96a5092ba4507621c84d Author: Nick Desaulniers Date: Wed Aug 1 11:22:56 2018 -0700 parisc: prefer _THIS_IP_ and _RET_IP_ statement expressions As part of the effort to reduce the code duplication between _THIS_IP_ and current_text_addr(), let's consolidate callers of current_text_addr() to use _THIS_IP_. Signed-off-by: Nick Desaulniers Signed-off-by: Helge Deller commit 75ebedf1d26376cafad87b43196c15161463b82a Author: Helge Deller Date: Thu Jun 28 22:47:11 2018 +0200 parisc: Add HAVE_REGS_AND_STACK_ACCESS_API feature Some parts of the HAVE_REGS_AND_STACK_ACCESS_API feature is needed for the rseq syscall. This patch adds the most important parts, and as long as we don't support kprobes, we should be fine. Signed-off-by: Helge Deller commit 93cb8e20d56be40c541475f77b5f565fbb385a4b Author: Helge Deller Date: Sun Jul 1 18:18:15 2018 +0200 parisc: Drop architecture-specific ENOTSUP define parisc is the only Linux architecture which has defined a value for ENOTSUP. All other architectures #define ENOTSUP as EOPNOTSUPP in their libc headers. Having an own value for ENOTSUP which is different than EOPNOTSUPP often gives problems with userspace programs which expect both to be the same. One such example is a build error in the libuv package, as can be seen in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900237. Since we dropped HP-UX support, there is no real benefit in keeping an own value for ENOTSUP. This patch drops the parisc value for ENOTSUP from the kernel sources. glibc needs no patch, it reuses the exported headers. Signed-off-by: Helge Deller commit c1f59375b3782f478ac2c488889abdc00dd8e25f Author: Christoph Hellwig Date: Tue Jun 19 09:04:55 2018 +0200 parisc: use generic dma_noncoherent_ops Switch to the generic noncoherent direct mapping implementation. Fix sync_single_for_cpu to do skip the cache flush unless the transfer is to the device to match the more tested unmap_single path which should have the same cache coherency implications. Signed-off-by: Christoph Hellwig Signed-off-by: Helge Deller commit 7f1501053811414ddeff63db8f5d41bdbe38068f Author: Christoph Hellwig Date: Tue Jun 19 09:04:54 2018 +0200 parisc: always use flush_kernel_dcache_range for DMA cache maintainance Current the S/G list based DMA ops use flush_kernel_vmap_range which contains a few UP optimizations, while the rest of the DMA operations uses flush_kernel_dcache_range. The single vs sg operations are supposed to have the same effect, so they should use the same routines. Use the more conservation version for now, but if people more familiar with parisc think the vmap version is generally fine for DMA we should switch all interfaces over to it. Signed-off-by: Christoph Hellwig Signed-off-by: Helge Deller commit a34a9b9682a5a9de53386ed0872c7d38ca9d6b38 Author: Christoph Hellwig Date: Tue Jun 19 09:04:53 2018 +0200 parisc: merge pcx_dma_ops and pcxl_dma_ops The only difference is that pcxl supports dma coherent allocations, while pcx only supports non-consistent allocations and otherwise fails. But dma_alloc* is not in the fast path, and merging these two allows an easy migration path to the generic dma-noncoherent implementation, so do it. Signed-off-by: Christoph Hellwig Signed-off-by: Helge Deller commit a2dc009afa9ae8b92305be7728676562a104cb40 Author: Aneesh Kumar K.V Date: Mon Aug 13 11:14:57 2018 +0530 powerpc/mm/book3s/radix: Add mapping statistics Add statistics that show how memory is mapped within the kernel linear mapping. This is similar to commit 37cd944c8d8f ("s390/pgtable: add mapping statistics") We don't do this with Hash translation mode. Hash uses one size (mmu_linear_psize) to map the kernel linear mapping and we print the linear psize during boot as below. "Page orders: linear mapping = 24, virtual = 16, io = 16, vmemmap = 24" A sample output looks like: DirectMap4k: 0 kB DirectMap64k: 18432 kB DirectMap2M: 1030144 kB DirectMap1G: 11534336 kB Signed-off-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman commit 241b5f7ffcbe6b93304c6a282e5a339e22dac5b4 Merge: 70b5c4ee8e3b bd96461249bd Author: Michael Ellerman Date: Mon Aug 13 16:06:23 2018 +1000 Merge branch 'next' of https://git.kernel.org/pub/scm/linux/kernel/git/scottwood/linux into next Merge some updates from Scott: "This contains an 8xx compilation fix, and a dpaa device tree fix." commit 70b5c4ee8e3bf7ce107d6926d9c7d8ebb68578c2 Merge: b3124ec2f997 9f65b81f36e3 Author: Michael Ellerman Date: Mon Aug 13 16:04:10 2018 +1000 Merge branch 'topic/hvc' into next This branch held some hvc related commits (Hypervisor Virtual Console) so that they could get some wider testing in linux-next before merging. commit b3124ec2f9970c7374d34b00843d9791fca66afc Merge: f7a6947cd49b cca19f0b684f Author: Michael Ellerman Date: Mon Aug 13 15:59:06 2018 +1000 Merge branch 'fixes' into next Merge our fixes branch from the 4.18 cycle to resolve some minor conflicts. commit f9090d4c22130c861b9e00e063812ac69d93a4a2 Author: Hang Yuan Date: Tue Aug 7 18:29:21 2018 +0800 drm/i915/gvt: free workload in vgpu release Some workloads may be prepared in vgpu's queue but not be scheduled to run yet. If vgpu is released at this time, they will not be freed in workload complete callback and so need to be freed in vgpu release operation. Add new vgpu_release operation in gvt_ops to stop vgpu and release runtime resources. gvt_ops vgpu_deactivate operation will only stop vgpu. v2: add new gvt ops to clean vgpu running status (Xiong Zhang) Signed-off-by: Hang Yuan Reviewed-by: Xiong Zhang Signed-off-by: Zhenyu Wang commit 56869d45e364244a721de34ce9c5dc9ed022779e Author: Masahiro Yamada Date: Thu Aug 9 15:47:06 2018 +0900 kconfig: fix the rule of mainmenu_stmt symbol The rule of mainmenu_stmt does not have debug print of zconf_lineno(), but if it had, it would print a wrong line number for the same reason as commit b2d00d7c61c8 ("kconfig: fix line numbers for if-entries in menu tree"). The mainmenu_stmt does not need to eat following empty lines because they are reduced to common_stmt. Signed-off-by: Masahiro Yamada commit edcd9d977354304cb85aee61c2b96809edce41ed Author: piaojun Date: Fri Aug 3 17:22:20 2018 +0800 net/9p/trans_virtio.c: add null terminal for mount tag chan->tag is Non-null terminated which will result in printing messy code when debugging code. So we should add '\0' for tag to make the code more convenient and robust. In addition, I drop char->tag_len to simplify the code. Link: http://lkml.kernel.org/r/5B641ECC.5030401@huawei.com Signed-off-by: Jun Piao Signed-off-by: Dominique Martinet commit 23cba9cbde0bba05d772b335fe5f66aa82b9ad19 Author: jiangyiwen Date: Fri Aug 3 12:11:34 2018 +0800 9p/virtio: fix off-by-one error in sg list bounds check Because the value of limit is VIRTQUEUE_NUM, if index is equal to limit, it will cause sg array out of bounds, so correct the judgement of BUG_ON. Link: http://lkml.kernel.org/r/5B63D5F6.6080109@huawei.com Signed-off-by: Yiwen Jiang Reported-By: Dan Carpenter Acked-by: Jun Piao Cc: stable@vger.kernel.org Signed-off-by: Dominique Martinet commit c69f297d7f0b46187919d5c2aa36183688ecf3d4 Author: Stephen Hemminger Date: Tue Jul 24 12:29:10 2018 -0700 9p: fix whitespace issues Remove trailing whitespace and blank lines at EOF Link: http://lkml.kernel.org/m/20180724192918.31165-11-sthemmin@microsoft.com Signed-off-by: Stephen Hemminger Signed-off-by: Dominique Martinet commit 10aa14527f458e9867cf3d2cc6b8cb0f6704448b Author: Tomas Bortoli Date: Fri Jul 27 13:05:58 2018 +0200 9p: fix multiple NULL-pointer-dereferences Added checks to prevent GPFs from raising. Link: http://lkml.kernel.org/r/20180727110558.5479-1-tomasbortoli@gmail.com Signed-off-by: Tomas Bortoli Reported-by: syzbot+1a262da37d3bead15c39@syzkaller.appspotmail.com Cc: stable@vger.kernel.org Signed-off-by: Dominique Martinet commit 3111784bee81591ea2815011688d28b65df03627 Author: piaojun Date: Wed Jul 25 11:13:16 2018 +0800 fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed In my testing, v9fs_fid_xattr_set will return successfully even if the backend ext4 filesystem has no space to store xattr key-value. That will cause inconsistent behavior between front end and back end. The reason is that lsetxattr will be triggered by p9_client_clunk, and unfortunately we did not catch the error. This patch will catch the error to notify upper caller. p9_client_clunk (in 9p) p9_client_rpc(clnt, P9_TCLUNK, "d", fid->fid); v9fs_clunk (in qemu) put_fid free_fid v9fs_xattr_fid_clunk v9fs_co_lsetxattr s->ops->lsetxattr ext4_xattr_user_set (in host ext4 filesystem) Link: http://lkml.kernel.org/r/5B57EACC.2060900@huawei.com Signed-off-by: Jun Piao Cc: Eric Van Hensbergen Cc: Ron Minnich Cc: Latchesar Ionkov Cc: Andrew Morton Cc: stable@vger.kernel.org Signed-off-by: Dominique Martinet commit f984579a01d85166ee7380204a96d978a67687a1 Author: Tomas Bortoli Date: Mon Jul 23 17:44:04 2018 +0200 9p: validate PDU length This commit adds length check for the PDU size. The size contained in the header has to match the actual size, except for TCP (trans_fd.c) where actual length is not known ahead and the header's length will be checked only against the validity range. Link: http://lkml.kernel.org/r/20180723154404.2406-1-tomasbortoli@gmail.com Signed-off-by: Tomas Bortoli Reported-by: syzbot+65c6b72f284a39d416b4@syzkaller.appspotmail.com To: Eric Van Hensbergen To: Ron Minnich To: Latchesar Ionkov Cc: David S. Miller Signed-off-by: Dominique Martinet commit 9f476d7c540cb57556d3cc7e78704e6cd5100f5f Author: Tomas Bortoli Date: Mon Jul 23 20:42:53 2018 +0200 net/9p/trans_fd.c: fix race by holding the lock It may be possible to run p9_fd_cancel() with a deleted req->req_list and incur in a double del. To fix hold the client->lock while changing the status, so the other threads will be synchronized. Link: http://lkml.kernel.org/r/20180723184253.6682-1-tomasbortoli@gmail.com Signed-off-by: Tomas Bortoli Reported-by: syzbot+735d926e9d1317c3310c@syzkaller.appspotmail.com To: Eric Van Hensbergen To: Ron Minnich To: Latchesar Ionkov Cc: Yiwen Jiang Cc: David S. Miller Signed-off-by: Dominique Martinet commit 430ac66eb4c5b5c4eb846b78ebf65747510b30f1 Author: Tomas Bortoli Date: Fri Jul 20 11:27:30 2018 +0200 net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() The patch adds the flush in p9_mux_poll_stop() as it the function used by p9_conn_destroy(), in turn called by p9_fd_close() to stop the async polling associated with the data regarding the connection. Link: http://lkml.kernel.org/r/20180720092730.27104-1-tomasbortoli@gmail.com Signed-off-by: Tomas Bortoli Reported-by: syzbot+39749ed7d9ef6dfb23f6@syzkaller.appspotmail.com To: Eric Van Hensbergen To: Ron Minnich To: Latchesar Ionkov Cc: Yiwen Jiang Cc: stable@vger.kernel.org Signed-off-by: Dominique Martinet commit 31934da810365f603dec5a67e690e00cf900fc73 Author: jiangyiwen Date: Thu Jul 19 15:17:00 2018 +0800 net/9p/virtio: Fix hard lockup in req_done When client has multiple threads that issue io requests all the time, and the server has a very good performance, it may cause cpu is running in the irq context for a long time because it can check virtqueue has buf in the *while* loop. So we should keep chan->lock in the whole loop. [ Dominique: reworded subject line ] Link: http://lkml.kernel.org/r/5B503AEC.5080404@huawei.com Signed-off-by: Yiwen Jiang To: Andrew Morton To: Eric Van Hensbergen To: Ron Minnich To: Latchesar Ionkov Signed-off-by: Dominique Martinet commit c7ebbae7cf9c50253a978f25d72d16e012bd46f1 Author: piaojun Date: Wed Jul 18 11:45:29 2018 +0800 net/9p/trans_virtio.c: fix some spell mistakes in comments Fix spelling mistake in comments of p9_virtio_zc_request(). Link: http://lkml.kernel.org/r/5B4EB7D9.9010108@huawei.com Signed-off-by: Jun Piao Cc: Eric Van Hensbergen Cc: Ron Minnich Cc: Latchesar Ionkov Cc: Andrew Morton Signed-off-by: Dominique Martinet commit d28c756caee6e414d9ba367d0b92da24145af2a8 Author: Chirantan Ekbote Date: Mon Jul 16 17:35:29 2018 -0700 9p/net: Fix zero-copy path in the 9p virtio transport The zero-copy optimization when reading or writing large chunks of data is quite useful. However, the 9p messages created through the zero-copy write path have an incorrect message size: it should be the size of the header + size of the data being written but instead it's just the size of the header. This only works if the server ignores the size field of the message and otherwise breaks the framing of the protocol. Fix this by re-writing the message size field with the correct value. Tested by running `dd if=/dev/zero of=out bs=4k count=1` inside a virtio-9p mount. Link: http://lkml.kernel.org/r/20180717003529.114368-1-chirantan@chromium.org Signed-off-by: Chirantan Ekbote Reviewed-by: Greg Kurz Tested-by: Greg Kurz Cc: Dylan Reid Cc: Guenter Roeck Cc: stable@vger.kernel.org Signed-off-by: Dominique Martinet commit 2557d0c57c0c11af915d0d4d97402527958c0c01 Author: Matthew Wilcox Date: Wed Jul 11 14:02:23 2018 -0700 9p: Embed wait_queue_head into p9_req_t On a 64-bit system, the wait_queue_head_t is 24 bytes while the pointer to it is 8 bytes. Growing the p9_req_t by 16 bytes is better than performing a 24-byte memory allocation. Link: http://lkml.kernel.org/r/20180711210225.19730-5-willy@infradead.org Signed-off-by: Matthew Wilcox Reviewed-by: Greg Kurz Cc: Eric Van Hensbergen Cc: Ron Minnich Cc: Latchesar Ionkov Signed-off-by: Dominique Martinet commit f28cdf0430fc92acaa718e15598bdad6cb236a4d Author: Matthew Wilcox Date: Wed Jul 11 14:02:22 2018 -0700 9p: Replace the fidlist with an IDR The p9_idpool being used to allocate the IDs uses an IDR to allocate the IDs ... which we then keep in a doubly-linked list, rather than in the IDR which allocated them. We can use an IDR directly which saves two pointers per p9_fid, and a tiny memory allocation per p9_client. Link: http://lkml.kernel.org/r/20180711210225.19730-4-willy@infradead.org Signed-off-by: Matthew Wilcox Cc: Eric Van Hensbergen Cc: Ron Minnich Cc: Latchesar Ionkov Signed-off-by: Dominique Martinet commit b5303be2bee3c8b29de3f7f4ea8ae00c4e816760 Author: Matthew Wilcox Date: Wed Jul 11 14:02:21 2018 -0700 9p: Change p9_fid_create calling convention Return NULL instead of ERR_PTR when we can't allocate a FID. The ENOSPC return value was getting all the way back to userspace, and that's confusing for a userspace program which isn't expecting read() to tell it there's no space left on the filesystem. The best error we can return to indicate a temporary failure caused by lack of client resources is ENOMEM. Maybe it would be better to sleep until a FID is available, but that's not a change I'm comfortable making. Link: http://lkml.kernel.org/r/20180711210225.19730-3-willy@infradead.org Signed-off-by: Matthew Wilcox Reviewed-by: Jun Piao Reviewed-by: Greg Kurz Reviewed-by: Yiwen Jiang Cc: Eric Van Hensbergen Cc: Ron Minnich Cc: Latchesar Ionkov Signed-off-by: Dominique Martinet commit 2d58f63f72f28ba297a9ae344a5b5f0cf75bcd94 Author: Matthew Wilcox Date: Wed Jul 11 14:02:20 2018 -0700 9p: Fix comment on smp_wmb The previous comment misled me into thinking the barrier wasn't needed at all. Link: http://lkml.kernel.org/r/20180711210225.19730-2-willy@infradead.org Signed-off-by: Matthew Wilcox Reviewed-by: Greg Kurz Cc: Eric Van Hensbergen Cc: Ron Minnich Cc: Latchesar Ionkov Signed-off-by: Dominique Martinet commit 7913690dcc5e18e235769fd87c34143072f5dbea Author: Tomas Bortoli Date: Tue Jul 10 00:29:43 2018 +0200 net/9p/client.c: version pointer uninitialized The p9_client_version() does not initialize the version pointer. If the call to p9pdu_readf() returns an error and version has not been allocated in p9pdu_readf(), then the program will jump to the "error" label and will try to free the version pointer. If version is not initialized, free() will be called with uninitialized, garbage data and will provoke a crash. Link: http://lkml.kernel.org/r/20180709222943.19503-1-tomasbortoli@gmail.com Signed-off-by: Tomas Bortoli Reported-by: syzbot+65c6b72f284a39d416b4@syzkaller.appspotmail.com Reviewed-by: Jun Piao Reviewed-by: Yiwen Jiang Cc: Eric Van Hensbergen Cc: Ron Minnich Cc: Latchesar Ionkov Signed-off-by: Andrew Morton Cc: stable@vger.kernel.org Signed-off-by: Dominique Martinet commit 6baaac096179e7f49b7c3d1bc7785d7cd88215ee Author: Colin Ian King Date: Tue Jul 17 19:14:49 2018 -0700 fs/9p/v9fs.c: fix spelling mistake "Uknown" -> "Unknown" fix spelling mistake in pr_info message text Link: http://lkml.kernel.org/r/20180526150650.10562-1-colin.king@canonical.com Signed-off-by: Colin Ian King Cc: Eric Van Hensbergen Cc: Ron Minnich Cc: Latchesar Ionkov Signed-off-by: Andrew Morton Signed-off-by: Dominique Martinet commit 92aef4675d5b1b55404e1532379e343bed0e5cf2 Author: Jean-Philippe Brucker Date: Tue Jul 17 19:14:45 2018 -0700 net/9p: fix error path of p9_virtio_probe Currently when virtio_find_single_vq fails, we go through del_vqs which throws a warning (Trying to free already-free IRQ). Skip del_vqs if vq allocation failed. Link: http://lkml.kernel.org/r/20180524101021.49880-1-jean-philippe.brucker@arm.com Signed-off-by: Jean-Philippe Brucker Reviewed-by: Greg Kurz Cc: Eric Van Hensbergen Cc: Ron Minnich Cc: Latchesar Ionkov Signed-off-by: Andrew Morton Signed-off-by: Dominique Martinet commit b87d1d26521ef9f2e42bb182184d1427b4e07b26 Author: piaojun Date: Wed Jul 11 08:43:49 2018 +0800 9p/net/protocol.c: return -ENOMEM when kmalloc() failed We should return -ENOMEM to upper user when kmalloc failed to indicate accurate errno. Link: http://lkml.kernel.org/r/5B4552C5.60000@huawei.com Signed-off-by: Jun Piao Reviewed-by: Yiwen Jiang Reviewed-by: Andrew Morton Cc: Eric Van Hensbergen Cc: Ron Minnich Cc: Latchesar Ionkov Signed-off-by: Andrew Morton Signed-off-by: Dominique Martinet commit 64ad31f3284060d59850da6d573ddbab542365cf Author: piaojun Date: Tue Jul 10 14:56:26 2018 +0800 net/9p/client.c: add missing '\n' at the end of p9_debug() In p9_client_getattr_dotl(), we should add '\n' at the end of printing log. Link: http://lkml.kernel.org/r/5B44589A.50302@huawei.com Signed-off-by: Jun Piao Reviewed-by: Yiwen Jiang Cc: Eric Van Hensbergen Cc: Ron Minnich Cc: Latchesar Ionkov Signed-off-by: Andrew Morton Signed-off-by: Dominique Martinet commit fe6340e2d1f5ef9ebb9a82665b053c362837cbd6 Author: Souptick Joarder Date: Tue Jul 17 19:14:35 2018 -0700 fs/9p/vfs_file.c: use new return type vm_fault_t Use new return type vm_fault_t for page_mkwrite handler. See 1c8f422059ae ("mm: change return type to vm_fault_t") for reference. Link: http://lkml.kernel.org/r/20180702154928.GA3964@jordon-HP-15-Notebook-PC Signed-off-by: Souptick Joarder Reviewed-by: Matthew Wilcox Acked-by: Jun Piao Cc: Eric Van Hensbergen Cc: Ron Minnich Cc: Latchesar Ionkov Signed-off-by: Andrew Morton Signed-off-by: Dominique Martinet commit 2ce3206b9eb3943de09f3bf4ec9134568420d8b9 Merge: e8d2bec04579 5ecd8c22739b Author: Daniel Borkmann Date: Mon Aug 13 01:02:40 2018 +0200 Merge branch 'bpf-ancestor-cgroup-id' Andrey Ignatov says: ==================== This patch set adds new BPF helper bpf_skb_ancestor_cgroup_id that returns id of cgroup v2 that is ancestor of cgroup associated with the skb at the ancestor_level. The helper is useful to implement policies in TC based on cgroups that are upper in hierarchy than immediate cgroup associated with skb. v1->v2: - more reliable check for testing IPv6 to become ready in selftest. ==================== Signed-off-by: Daniel Borkmann commit 5ecd8c22739b9a5f6d6431234decd912aa3f48ad Author: Andrey Ignatov Date: Sun Aug 12 10:49:30 2018 -0700 selftests/bpf: Selftest for bpf_skb_ancestor_cgroup_id Add selftests for bpf_skb_ancestor_cgroup_id helper. test_skb_cgroup_id.sh prepares testing interface and adds tc qdisc and filter for it using BPF object compiled from test_skb_cgroup_id_kern.c program. BPF program in test_skb_cgroup_id_kern.c gets ancestor cgroup id using the new helper at different levels of cgroup hierarchy that skb belongs to, including root level and non-existing level, and saves it to the map where the key is the level of corresponding cgroup and the value is its id. To trigger BPF program, user space program test_skb_cgroup_id_user is run. It adds itself into testing cgroup and sends UDP datagram to link-local multicast address of testing interface. Then it reads cgroup ids saved in kernel for different levels from the BPF map and compares them with those in user space. They must be equal for every level of ancestry. Example of run: # ./test_skb_cgroup_id.sh Wait for testing link-local IP to become available ... OK Note: 8 bytes struct bpf_elf_map fixup performed due to size mismatch! [PASS] Signed-off-by: Andrey Ignatov Signed-off-by: Daniel Borkmann commit 02f6ac7456a0d77360cb47b8d2ed4366b883096d Author: Andrey Ignatov Date: Sun Aug 12 10:49:29 2018 -0700 selftests/bpf: Add cgroup id helpers to bpf_helpers.h Add bpf_skb_cgroup_id and bpf_skb_ancestor_cgroup_id helpers to bpf_helpers.h to use them in tests and samples. Signed-off-by: Andrey Ignatov Signed-off-by: Daniel Borkmann commit 539764d07b49c5b322cc065d275f65df275e4991 Author: Andrey Ignatov Date: Sun Aug 12 10:49:28 2018 -0700 bpf: Sync bpf.h to tools/ Sync skb_ancestor_cgroup_id() related bpf UAPI changes to tools/. Signed-off-by: Andrey Ignatov Signed-off-by: Daniel Borkmann commit 7723628101aaeb1d723786747529b4ea65c5b5c5 Author: Andrey Ignatov Date: Sun Aug 12 10:49:27 2018 -0700 bpf: Introduce bpf_skb_ancestor_cgroup_id helper == Problem description == It's useful to be able to identify cgroup associated with skb in TC so that a policy can be applied to this skb, and existing bpf_skb_cgroup_id helper can help with this. Though in real life cgroup hierarchy and hierarchy to apply a policy to don't map 1:1. It's often the case that there is a container and corresponding cgroup, but there are many more sub-cgroups inside container, e.g. because it's delegated to containerized application to control resources for its subsystems, or to separate application inside container from infra that belongs to containerization system (e.g. sshd). At the same time it may be useful to apply a policy to container as a whole. If multiple containers like this are run on a host (what is often the case) and many of them have sub-cgroups, it may not be possible to apply per-container policy in TC with existing helpers such as bpf_skb_under_cgroup or bpf_skb_cgroup_id: * bpf_skb_cgroup_id will return id of immediate cgroup associated with skb, i.e. if it's a sub-cgroup inside container, it can't be used to identify container's cgroup; * bpf_skb_under_cgroup can work only with one cgroup and doesn't scale, i.e. if there are N containers on a host and a policy has to be applied to M of them (0 <= M <= N), it'd require M calls to bpf_skb_under_cgroup, and, if M changes, it'd require to rebuild & load new BPF program. == Solution == The patch introduces new helper bpf_skb_ancestor_cgroup_id that can be used to get id of cgroup v2 that is an ancestor of cgroup associated with skb at specified level of cgroup hierarchy. That way admin can place all containers on one level of cgroup hierarchy (what is a good practice in general and already used in many configurations) and identify specific cgroup on this level no matter what sub-cgroup skb is associated with. E.g. if there is a cgroup hierarchy: root/ root/container1/ root/container1/app11/ root/container1/app11/sub-app-a/ root/container1/app12/ root/container2/ root/container2/app21/ root/container2/app22/ root/container2/app22/sub-app-b/ , then having skb associated with root/container1/app11/sub-app-a/ it's possible to get ancestor at level 1, what is container1 and apply policy for this container, or apply another policy if it's container2. Policies can be kept e.g. in a hash map where key is a container cgroup id and value is an action. Levels where container cgroups are created are usually known in advance whether cgroup hierarchy inside container may be hard to predict especially in case when its creation is delegated to containerized application. == Implementation details == The helper gets ancestor by walking parents up to specified level. Another option would be to get different kind of "id" from cgroup->ancestor_ids[level] and use it with idr_find() to get struct cgroup for ancestor. But that would require radix lookup what doesn't seem to be better (at least it's not obviously better). Format of return value of the new helper is same as that of bpf_skb_cgroup_id. Signed-off-by: Andrey Ignatov Signed-off-by: Daniel Borkmann commit e8d2bec0457962e8f348a9a3627b398f7fe5c5fc Author: Daniel Borkmann Date: Sun Aug 12 01:59:17 2018 +0200 bpf: decouple btf from seq bpf fs dump and enable more maps Commit a26ca7c982cb ("bpf: btf: Add pretty print support to the basic arraymap") and 699c86d6ec21 ("bpf: btf: add pretty print for hash/lru_hash maps") enabled support for BTF and dumping via BPF fs for array and hash/lru map. However, both can be decoupled from each other such that regular BPF maps can be supported for attaching BTF key/value information, while not all maps necessarily need to dump via map_seq_show_elem() callback. The basic sanity check which is a prerequisite for all maps is that key/value size has to match in any case, and some maps can have extra checks via map_check_btf() callback, e.g. probing certain types or indicating no support in general. With that we can also enable retrieving BTF info for per-cpu map types and lpm. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Acked-by: Yonghong Song commit 47ac76662ca9c5852fd353093f19de3ae85f2e66 Author: Mark Date: Sun Aug 12 11:47:16 2018 -0400 tty: serial: 8250: Revert NXP SC16C2552 workaround Revert commit ecb988a3b7985913d1f0112f66667cdd15e40711: tty: serial: 8250: 8250_core: NXP SC16C2552 workaround The above commit causes userland application to no longer write correctly its first write to a dumb terminal connected to /dev/ttyS0. This commit seems to be the culprit. It's as though the TX FIFO is being reset during that write. What should be displayed is: PSW 80000000 INST 00000000 HALT // What is displayed is some variation of: T 00000000 HAL// Reverting this commit via this patch fixes my problem. Signed-off-by: Mark Hounschell Fixes: ecb988a3b798 ("tty: serial: 8250: 8250_core: NXP SC16C2552 workaround") Cc: stable Signed-off-by: Greg Kroah-Hartman commit 01239d77b9dd978863d1a75f0d095ab942a1fe66 Author: Shan Hai Date: Fri Aug 10 17:55:55 2018 -0700 xfs: fix a null pointer dereference in xfs_bmap_extents_to_btree Fuzzing tool reports a write to null pointer error in the xfs_bmap_extents_to_btree, fix it by bailing out on encountering a null pointer. Signed-off-by: Shan Hai Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit fa6c668d807b1e9ac041101dfcb59bd8e279cfe5 Author: Eric Sandeen Date: Fri Aug 10 13:56:25 2018 -0700 xfs: remove b_last_holder & associated macros The old lock tracking infrastructure in xfs using the b_last_holder field seems to only be useful if you can get into the system with a debugger; it seems that the existing tracepoints would be the way to go these days, and this old infrastructure can be removed. Signed-off-by: Eric Sandeen Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit 10259de1d8690a8c6dd98d564ff2690b5511c8f7 Author: Andreas Gruenbacher Date: Fri Aug 10 11:46:14 2018 -0700 iomap: Switch to offset_in_page for clarity Instead of open-coding pos & (PAGE_SIZE - 1) and pos & ~PAGE_MASK, use the offset_in_page macro. Signed-off-by: Andreas Gruenbacher Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit e25ff835af89a80aa6a4de58f413e494b2b96bd1 Author: Dave Jiang Date: Fri Aug 10 08:48:18 2018 -0700 xfs: Close race between direct IO and xfs_break_layouts() This patch is the duplicate of ross's fix for ext4 for xfs. If the refcount of a page is lowered between the time that it is returned by dax_busy_page() and when the refcount is again checked in xfs_break_layouts() => ___wait_var_event(), the waiting function xfs_wait_dax_page() will never be called. This means that xfs_break_layouts() will still have 'retry' set to false, so we'll stop looping and never check the refcount of other pages in this inode. Instead, always continue looping as long as dax_layout_busy_page() gives us a page which it found with an elevated refcount. Signed-off-by: Dave Jiang Reviewed-by: Jan Kara Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit 3d27c4de8d4fb2d4099ff324671792aa2578c6f9 Author: Xiubo Li Date: Sun Aug 12 07:58:23 2018 -0400 Revert "uio: use request_threaded_irq instead" Since mutex lock in irq hanler is useless currently, here will remove it together with it. This reverts commit 9421e45f5ff3d558cf8b75a8cc0824530caf3453. Reported-by: james.r.harris@intel.com CC: Ahsan Atta Signed-off-by: Xiubo Li Signed-off-by: Greg Kroah-Hartman commit 062a585ec21ea478be4826be7ddddb5b3ac49789 Author: Gustavo A. R. Silva Date: Tue Aug 7 19:04:40 2018 -0500 KVM: arm: Use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Marc Zyngier commit d0823cb346bc6f685f230bdbec51910a329e3fe3 Author: Jia He Date: Fri Aug 3 21:57:04 2018 +0800 KVM: arm/arm64: vgic: Do not use spin_lock_irqsave/restore with irq disabled kvm_vgic_sync_hwstate is only called with IRQ being disabled. There is thus no need to call spin_lock_irqsave/restore in vgic_fold_lr_state and vgic_prune_ap_list. This patch replace them with the non irq-safe version. Signed-off-by: Jia He Acked-by: Christoffer Dall [maz: commit message tidy-up] Signed-off-by: Marc Zyngier commit dc961e5395dde279b77e2cdbdcc99560b89bdfd9 Author: Jia He Date: Fri Aug 3 21:57:03 2018 +0800 KVM: arm/arm64: vgic: Move DEBUG_SPINLOCK_BUG_ON to vgic.h DEBUG_SPINLOCK_BUG_ON can be used with both vgic-v2 and vgic-v3, so let's move it to vgic.h Signed-off-by: Jia He [maz: commit message tidy-up] Signed-off-by: Marc Zyngier commit 3e8a8a50c7ef1a4f71921731f0e1748a7f70ddaa Author: Marc Zyngier Date: Mon Aug 6 13:06:01 2018 +0100 KVM: arm: vgic-v3: Add support for ICC_SGI0R and ICC_ASGI1R accesses In order to generate Group0 SGIs, let's add some decoding logic to access_gic_sgi(), and pass the generating group accordingly. Reviewed-by: Eric Auger Reviewed-by: Christoffer Dall Signed-off-by: Marc Zyngier commit 03bd646d863d1e4399d9dec658e1e5735f24cd2c Author: Marc Zyngier Date: Mon Aug 6 13:03:36 2018 +0100 KVM: arm64: vgic-v3: Add support for ICC_SGI0R_EL1 and ICC_ASGI1R_EL1 accesses In order to generate Group0 SGIs, let's add some decoding logic to access_gic_sgi(), and pass the generating group accordingly. Reviewed-by: Eric Auger Reviewed-by: Christoffer Dall Signed-off-by: Marc Zyngier commit 6249f2a479268702f7259aeee3671db2be3b922c Author: Marc Zyngier Date: Mon Aug 6 12:51:19 2018 +0100 KVM: arm/arm64: vgic-v3: Add core support for Group0 SGIs Although vgic-v3 now supports Group0 interrupts, it still doesn't deal with Group0 SGIs. As usually with the GIC, nothing is simple: - ICC_SGI1R can signal SGIs of both groups, since GICD_CTLR.DS==1 with KVM (as per 8.1.10, Non-secure EL1 access) - ICC_SGI0R can only generate Group0 SGIs - ICC_ASGI1R sees its scope refocussed to generate only Group0 SGIs (as per the note at the bottom of Table 8-14) We only support Group1 SGIs so far, so no material change. Reviewed-by: Eric Auger Reviewed-by: Christoffer Dall Signed-off-by: Marc Zyngier commit e22fa39cd0132c409c8648e60282837d19643634 Author: Marc Zyngier Date: Mon Aug 6 11:44:07 2018 +0100 KVM: arm64: Remove non-existent AArch32 ICC_SGI1R encoding ICC_SGI1R is a 64bit system register, even on AArch32. It is thus pointless to have such an encoding in the 32bit cp15 array. Let's drop it. Reviewed-by: Eric Auger Acked-by: Christoffer Dall Signed-off-by: Marc Zyngier commit 73b383141d296c55bfbc0ce336a4a946627e7780 Merge: 627661ced824 91c6e15efc17 Author: Takashi Iwai Date: Sun Aug 12 08:55:01 2018 +0200 Merge branch 'for-next' into for-linus Preparation for 4.19 merge material. Signed-off-by: Takashi Iwai commit 78cbac647e61fb20ad615075949ea77cedf74e0c Merge: 6a92ef08a135 a4fd284a1f8f Author: David S. Miller Date: Sat Aug 11 17:54:18 2018 -0700 Merge branch 'ip-faster-in-order-IP-fragments' Peter Oskolkov says: ==================== ip: faster in-order IP fragments Added "Signed-off-by" in v2. ==================== Signed-off-by: David S. Miller commit a4fd284a1f8fd4b6c59aa59db2185b1e17c5c11c Author: Peter Oskolkov Date: Sat Aug 11 20:27:25 2018 +0000 ip: process in-order fragments efficiently This patch changes the runtime behavior of IP defrag queue: incoming in-order fragments are added to the end of the current list/"run" of in-order fragments at the tail. On some workloads, UDP stream performance is substantially improved: RX: ./udp_stream -F 10 -T 2 -l 60 TX: ./udp_stream -c -H -F 10 -T 5 -l 60 with this patchset applied on a 10Gbps receiver: throughput=9524.18 throughput_units=Mbit/s upstream (net-next): throughput=4608.93 throughput_units=Mbit/s Reported-by: Willem de Bruijn Signed-off-by: Peter Oskolkov Cc: Eric Dumazet Cc: Florian Westphal Signed-off-by: David S. Miller commit 353c9cb360874e737fb000545f783df756c06f9a Author: Peter Oskolkov Date: Sat Aug 11 20:27:24 2018 +0000 ip: add helpers to process in-order fragments faster. This patch introduces several helper functions/macros that will be used in the follow-up patch. No runtime changes yet. The new logic (fully implemented in the second patch) is as follows: * Nodes in the rb-tree will now contain not single fragments, but lists of consecutive fragments ("runs"). * At each point in time, the current "active" run at the tail is maintained/tracked. Fragments that arrive in-order, adjacent to the previous tail fragment, are added to this tail run without triggering the re-balancing of the rb-tree. * If a fragment arrives out of order with the offset _before_ the tail run, it is inserted into the rb-tree as a single fragment. * If a fragment arrives after the current tail fragment (with a gap), it starts a new "tail" run, as is inserted into the rb-tree at the end as the head of the new run. skb->cb is used to store additional information needed here (suggested by Eric Dumazet). Reported-by: Willem de Bruijn Signed-off-by: Peter Oskolkov Cc: Eric Dumazet Cc: Florian Westphal Signed-off-by: David S. Miller commit 6a92ef08a1351e4977d6acde2196fa94e9c3a660 Merge: 9a95d9c6429b ec0c96714e7d Author: David S. Miller Date: Sat Aug 11 17:52:00 2018 -0700 Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net commit eb2b3d034511f7f5f5fa781b9354ea4d5dbd4fc5 Author: Coly Li Date: Sat Aug 11 13:20:00 2018 +0800 bcache: add the missing comments for smp_mb()/smp_wmb() Checkpatch.pl warns there are 2 locations of smp_mb() and smp_wmb() without code comment. This patch adds the missing code comments for these memory barrier calls. Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit d0c1b89a409fb8f55783e95effeb60d703f81061 Author: Coly Li Date: Sat Aug 11 13:19:59 2018 +0800 bcache: remove unnecessary space before ioctl function pointer arguments This is warned by checkpatch.pl, this patch removes the extra space. Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit 87418ef9f07ac6bc00af7992dc1ccd96da46cd68 Author: Coly Li Date: Sat Aug 11 13:19:58 2018 +0800 bcache: add missing SPDX header The SPDX header is missing fro closure.c, super.c and util.c, this patch adds SPDX header for GPL-2.0 into these files. Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit b3cf37bfa1a48acd5620d7be3dea05a4f76d87fd Author: Coly Li Date: Sat Aug 11 13:19:57 2018 +0800 bcache: move open brace at end of function definitions to next line This is not a preferred style to place open brace '{' at the end of function definition, checkpatch.pl reports error for such coding style. This patch moves them into the start of the next new line. Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit e1f08f1bc0134c2ebd655fc63ed82e160c123b7b Author: Coly Li Date: Sat Aug 11 13:19:56 2018 +0800 bcache: add static const prefix to char * array declarations This patch declares char * array with const prefix in sysfs.c, which is suggested by checkpatch.pl. Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit 3be11dbab67a3ed28358a950671de9b8e7fb5a02 Author: Coly Li Date: Sat Aug 11 13:19:55 2018 +0800 bcache: fix code comments style This patch fixes 3 style issues warned by checkpatch.pl, - Comment lines are not aligned - Comments use "/*" on subsequent lines - Comment lines use a trailing "*/" Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit 3069211be30015b78e096fc4d3774b7d4ba29781 Author: Coly Li Date: Sat Aug 11 13:19:54 2018 +0800 bcache: do not check NULL pointer before calling kmem_cache_destroy kmem_cache_destroy() is safe for NULL pointer as input, the NULL pointer checking is unncessary. This patch just removes the NULL pointer checking to make code simpler. Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit bc81b47e828adfc3631e616fddc6b2203876b65d Author: Coly Li Date: Sat Aug 11 13:19:53 2018 +0800 bcache: prefer 'help' in Kconfig Current bcache Kconfig uses '---help---' as header of help information, for now 'help' is prefered. This patch fixes this style by replacing '---help---' by 'help' in bcache Kconfig file. Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit 2b1edd23ecc6f5839d107a723a282a73bf00df3f Author: Coly Li Date: Sat Aug 11 13:19:52 2018 +0800 bcache: fix typo 'succesfully' to 'successfully' This patch fixes typo 'succesfully' to correct 'successfully', which is suggested by checkpatch.pl. Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit d9c61d30e86a024b2f7c728706b8ab2c9e6ec2c1 Author: Coly Li Date: Sat Aug 11 13:19:51 2018 +0800 bcache: replace '%pF' by '%pS' in seq_printf() '%pF' and '%pf' are deprecated vsprintf pointer extensions, this patch replace them by '%pS', which is suggested by checkpatch.pl. Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit c63ca7871aa3f1777e2af978ea1967b2f5bf0ae2 Author: Coly Li Date: Sat Aug 11 13:19:50 2018 +0800 bcache: fix indent by replacing blank by tabs bch_btree_insert_check_key() has unaligned indent, or indent by blank characters. This patch makes the indent aligned and replace blank by tabs. Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit 6ae63e3501c493616612b90be26b35a6084fc75d Author: Coly Li Date: Sat Aug 11 13:19:49 2018 +0800 bcache: replace printk() by pr_*() routines There are still many places in bcache use printk to display kernel message, which are suggested to be preplaced by pr_*() routines like pr_err(), pr_info(), or pr_notice(). This patch replaces all printk() with a proper pr_*() routine for bcache code. Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit 958bf494ecf0a6755309569a9083bf123d6e3754 Author: Coly Li Date: Sat Aug 11 13:19:48 2018 +0800 bcache: replace Symbolic permissions by octal permission numbers Symbolic permission names are used in bcache, for now octal permission numbers are encouraged to use for readability. This patch replaces all symbolic permissions by octal permission numbers. Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit b0d30981c05f32d8cc032b209408ca3224f05f36 Author: Coly Li Date: Sat Aug 11 13:19:47 2018 +0800 bcache: style fixes for lines over 80 characters This patch fixes the lines over 80 characters into more lines, to minimize warnings by checkpatch.pl. There are still some lines exceed 80 characters, but it is better to be a single line and I don't change them. Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit fc2d5988b5972bced859944986fb36d902ac3698 Author: Coly Li Date: Sat Aug 11 13:19:46 2018 +0800 bcache: add identifier names to arguments of function definitions There are many function definitions do not have identifier argument names, scripts/checkpatch.pl complains warnings like this, WARNING: function definition argument 'struct bcache_device *' should also have an identifier name #16735: FILE: writeback.h:120: +void bch_sectors_dirty_init(struct bcache_device *); This patch adds identifier argument names to all bcache function definitions to fix such warnings. Signed-off-by: Coly Li Reviewed: Shenghui Wang Signed-off-by: Jens Axboe commit 1fae7cf05293d3a2c9e59c1bc59372322386467c Author: Coly Li Date: Sat Aug 11 13:19:45 2018 +0800 bcache: style fix to add a blank line after declarations Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit 6f10f7d1b02b1bbc305f88d7696445dd38b13881 Author: Coly Li Date: Sat Aug 11 13:19:44 2018 +0800 bcache: style fix to replace 'unsigned' by 'unsigned int' This patch fixes warning reported by checkpatch.pl by replacing 'unsigned' with 'unsigned int'. Signed-off-by: Coly Li Reviewed-by: Shenghui Wang Signed-off-by: Jens Axboe commit b86d865cb1cae1e61527ea0b8977078bbf694328 Author: Bart Van Assche Date: Fri Aug 10 13:28:07 2018 -0700 blkcg: Make blkg_root_lookup() work for queues in bypass mode For legacy queues the only call of blkg_root_lookup() happens after bypass mode has been enabled. Since blkg_lookup() returns NULL for queues in bypass mode, modify the blkg_root_lookup() such that it no longer depends on bypass mode. Rename the function into blk_queue_root_blkg() as suggested by Tejun. Suggested-by: Tejun Heo Fixes: 6bad9b210a22 ("blkcg: Introduce blkg_root_lookup()") Signed-off-by: Bart Van Assche Cc: Tejun Heo Signed-off-by: Jens Axboe commit 9a95d9c6429bb58905fdfc95da2e1b7cc3fb55b7 Merge: 2b14e1ea212d e329bc427395 Author: David S. Miller Date: Sat Aug 11 12:37:10 2018 -0700 Merge branch 'Remove-rtnl-lock-dependency-from-all-action-implementations' Vlad Buslov says: ==================== Remove rtnl lock dependency from all action implementations Currently, all netlink protocol handlers for updating rules, actions and qdiscs are protected with single global rtnl lock which removes any possibility for parallelism. This patch set is a second step to remove rtnl lock dependency from TC rules update path. Recently, new rtnl registration flag RTNL_FLAG_DOIT_UNLOCKED was added. Handlers registered with this flag are called without RTNL taken. End goal is to have rule update handlers(RTM_NEWTFILTER, RTM_DELTFILTER, etc.) to be registered with UNLOCKED flag to allow parallel execution. However, there is no intention to completely remove or split rtnl lock itself. This patch set addresses specific problems in implementation of tc actions that prevent their control path from being executed concurrently. Additional changes are required to refactor classifiers API and individual classifiers for parallel execution. This patch set lays groundwork to eventually register rule update handlers as rtnl-unlocked. Action API is already prepared for parallel execution with previous patch set, which means that action ops that use action API for their implementation do not require additional modifications. (delete, search, etc.) Action API implements concurrency-safe reference counting and guarantees that cleanup/delete is called only once, after last reference to action is released. The goal of this change is to update specific actions APIs that access action private state directly, in order to be independent from external locking. General approach is to re-use existing tcf_lock spinlock (used by some action implementation to synchronize control path with data path) to protect action private state from concurrent modification. If action has rcu-protected pointer, tcf spinlock is used to protect its update code, instead of relying on rtnl lock. Some actions need to determine rtnl mutex status in order to release it. For example, ife action can load additional kernel modules(meta ops) and must make sure that no locks are held during module load. In such cases 'rtnl_held' argument is used to conditionally release rtnl mutex. Changes from V1 to V2: - Patch 12: - new patch - Patch 14: - refactor gen_new_estimator() to reuse stats_lock when re-assigning rate estimator statistics pointer - Remove mirred and tunnel_key helper function changes. (to be submitted and standalone patch) ==================== Signed-off-by: David S. Miller commit e329bc427395e2d74f2bb685ef3dddda91a6695f Author: Vlad Buslov Date: Fri Aug 10 20:51:55 2018 +0300 net: sched: act_police: remove dependency on rtnl lock Use tcf spinlock to protect police action private data from concurrent modification during dump. (init already uses tcf spinlock when changing police action state) Pass tcf spinlock as estimator lock argument to gen_replace_estimator() during action init. Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit 51a9f5ae653979ac4bdbd81778a10431f0177e3c Author: Vlad Buslov Date: Fri Aug 10 20:51:54 2018 +0300 net: core: protect rate estimator statistics pointer with lock Extend gen_new_estimator() to also take stats_lock when re-assigning rate estimator statistics pointer. (to be used by unlocked actions) Rename 'stats_lock' to 'lock' and change argument description to explain that it is now also used for control path. Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit 4e232818bd32b29f15bef532f320a14367d172b4 Author: Vlad Buslov Date: Fri Aug 10 20:51:53 2018 +0300 net: sched: act_mirred: remove dependency on rtnl lock Re-introduce mirred list spinlock, that was removed some time ago, in order to protect it from concurrent modifications, instead of relying on rtnl lock. Use tcf spinlock to protect mirred action private data from concurrent modification in init and dump. Rearrange access to mirred data in order to be performed only while holding the lock. Rearrange net dev access to always hold reference while working with it, instead of relying on rntl lock. Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit 84a75b329be84c108a21ab9c02a52a9bf9e5a919 Author: Vlad Buslov Date: Fri Aug 10 20:51:52 2018 +0300 net: sched: extend action ops with put_dev callback As a preparation for removing dependency on rtnl lock from rules update path, all users of shared objects must take reference while working with them. Extend action ops with put_dev() API to be used on net device returned by get_dev(). Modify mirred action (only action that implements get_dev callback): - Take reference to net device in get_dev. - Implement put_dev API that releases reference to net device. Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit 764e9a24480f6ffba5493fb21e6a7b030d6b8b67 Author: Vlad Buslov Date: Fri Aug 10 20:51:51 2018 +0300 net: sched: act_vlan: remove dependency on rtnl lock Use tcf spinlock to protect vlan action private data from concurrent modification during dump and init. Use rcu swap operation to reassign params pointer under protection of tcf lock. (old params value is not used by init, so there is no need of standalone rcu dereference step) Remove rtnl assertion that is no longer necessary. Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit 729e01260989cc06c8a78491b46545793aef323a Author: Vlad Buslov Date: Fri Aug 10 20:51:50 2018 +0300 net: sched: act_tunnel_key: remove dependency on rtnl lock Use tcf lock to protect tunnel key action struct private data from concurrent modification in init and dump. Use rcu swap operation to reassign params pointer under protection of tcf lock. (old params value is not used by init, so there is no need of standalone rcu dereference step) Remove rtnl lock assertion that is no longer required. Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit c8814552fe51358f5fc46bc1c4aa4bb68454f4eb Author: Vlad Buslov Date: Fri Aug 10 20:51:49 2018 +0300 net: sched: act_skbmod: remove dependency on rtnl lock Move read of skbmod_p rcu pointer to be protected by tcf spinlock. Use tcf spinlock to protect private skbmod data from concurrent modification during dump. Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit 5e48180ed8bcfa60e02887ba801307caf14bbe40 Author: Vlad Buslov Date: Fri Aug 10 20:51:48 2018 +0300 net: sched: act_simple: remove dependency on rtnl lock Use tcf spinlock to protect private simple action data from concurrent modification during dump. (simple init already uses tcf spinlock when changing action state) Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit d7728495665601658c7f94f3b5fa4e3f54d71c18 Author: Vlad Buslov Date: Fri Aug 10 20:51:47 2018 +0300 net: sched: act_sample: remove dependency on rtnl lock Use tcf spinlock to protect private sample action data from concurrent modification during dump and init. Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit 67b0c1a3c9ced3726dea73000f8900f453fc894f Author: Vlad Buslov Date: Fri Aug 10 20:51:46 2018 +0300 net: sched: act_pedit: remove dependency on rtnl lock Rearrange pedit init code to only access pedit action data while holding tcf spinlock. Change keys allocation type to atomic to allow it to execute while holding tcf spinlock. Take tcf spinlock in dump function when accessing pedit action data. Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit ff25276de997f41197ebab91935627c249a30fc4 Author: Vlad Buslov Date: Fri Aug 10 20:51:45 2018 +0300 net: sched: act_ipt: remove dependency on rtnl lock Use tcf spinlock to protect ipt action private data from concurrent modification during dump. Ipt init already takes tcf spinlock when modifying ipt state. Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit 54d0d423a48aa0e61bb39665d20376ba7b940535 Author: Vlad Buslov Date: Fri Aug 10 20:51:44 2018 +0300 net: sched: act_ife: remove dependency on rtnl lock Use tcf spinlock and rcu to protect params pointer from concurrent modification during dump and init. Use rcu swap operation to reassign params pointer under protection of tcf lock. (old params value is not used by init, so there is no need of standalone rcu dereference step) Ife action has meta-actions that are compiled as standalone modules. Rtnl mutex must be released while loading a kernel module. In order to support execution without rtnl mutex, propagate 'rtnl_held' argument to meta action loading functions. When requesting meta action module, conditionally release rtnl lock depending on 'rtnl_held' argument. Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit e8917f437006686b8fa1b9e54f31d7abc0ea7e97 Author: Vlad Buslov Date: Fri Aug 10 20:51:43 2018 +0300 net: sched: act_gact: remove dependency on rtnl lock Use tcf spinlock to protect gact action private state from concurrent modification during dump and init. Remove rtnl assertion that is no longer necessary. Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit b6a2b971c0b00253197682fbdf1c55fc0e2610a4 Author: Vlad Buslov Date: Fri Aug 10 20:51:42 2018 +0300 net: sched: act_csum: remove dependency on rtnl lock Use tcf lock to protect csum action struct private data from concurrent modification in init and dump. Use rcu swap operation to reassign params pointer under protection of tcf lock. (old params value is not used by init, so there is no need of standalone rcu dereference step) Remove rtnl assertion that is no longer necessary. Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit 2142236b45843dbcbe9691d24cf06caff91a78fd Author: Vlad Buslov Date: Fri Aug 10 20:51:41 2018 +0300 net: sched: act_bpf: remove dependency on rtnl lock Use tcf spinlock to protect bpf action private data from concurrent modification during dump and init. Remove rtnl lock assertion that is no longer necessary. Signed-off-by: Vlad Buslov Signed-off-by: David S. Miller commit 2b14e1ea212d6ce90a657ab8fe2161ea00518878 Merge: b70f1f3af47f 0d493b4d0be3 Author: David S. Miller Date: Sat Aug 11 12:25:15 2018 -0700 Merge branch 'net-sctp-Avoid-allocating-high-order-memory-with-kmalloc' Konstantin Khorenko says: ==================== net/sctp: Avoid allocating high order memory with kmalloc() Each SCTP association can have up to 65535 input and output streams. For each stream type an array of sctp_stream_in or sctp_stream_out structures is allocated using kmalloc_array() function. This function allocates physically contiguous memory regions, so this can lead to allocation of memory regions of very high order, i.e.: sizeof(struct sctp_stream_out) == 24, ((65535 * 24) / 4096) == 383 memory pages (4096 byte per page), which means 9th memory order. This can lead to a memory allocation failures on the systems under a memory stress. We actually do not need these arrays of memory to be physically contiguous. Possible simple solution would be to use kvmalloc() instread of kmalloc() as kvmalloc() can allocate physically scattered pages if contiguous pages are not available. But the problem is that the allocation can happed in a softirq context with GFP_ATOMIC flag set, and kvmalloc() cannot be used in this scenario. So the other possible solution is to use flexible arrays instead of contiguios arrays of memory so that the memory would be allocated on a per-page basis. This patchset replaces kvmalloc() with flex_array usage. It consists of two parts: * First patch is preparatory - it mechanically wraps all direct access to assoc->stream.out[] and assoc->stream.in[] arrays with SCTP_SO() and SCTP_SI() wrappers so that later a direct array access could be easily changed to an access to a flex_array (or any other possible alternative). * Second patch replaces kmalloc_array() with flex_array usage. v2 changes: sctp_stream_in() users are updated to provide stream as an argument, sctp_stream_{in,out}_ptr() are now just sctp_stream_{in,out}(). v3 changes: Move type chages struct sctp_stream_out -> flex_array to next patch. Make sctp_stream_{in,out}() static incline and move them to a header. Performance results (single stream): ==================================== * Kernel: v4.18-rc6 - stock and with 2 patches from Oleg (earlier in this thread) * Node: CPU (8 cores): Intel(R) Xeon(R) CPU E31230 @ 3.20GHz RAM: 32 Gb * netperf: taken from https://github.com/HewlettPackard/netperf.git, compiled from sources with sctp support * netperf server and client are run on the same node * ip link set lo mtu 1500 The script used to run tests: # cat run_tests.sh #!/bin/bash for test in SCTP_STREAM SCTP_STREAM_MANY SCTP_RR SCTP_RR_MANY; do echo "TEST: $test"; for i in `seq 1 3`; do echo "Iteration: $i"; set -x netperf -t $test -H localhost -p 22222 -S 200000,200000 -s 200000,200000 \ -l 60 -- -m 1452; set +x done done ================================================ Results (a bit reformatted to be more readable): Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec v4.18-rc7 v4.18-rc7 + fixes TEST: SCTP_STREAM 212992 212992 1452 60.21 1125.52 1247.04 212992 212992 1452 60.20 1376.38 1149.95 212992 212992 1452 60.20 1131.40 1163.85 TEST: SCTP_STREAM_MANY 212992 212992 1452 60.00 1111.00 1310.05 212992 212992 1452 60.00 1188.55 1130.50 212992 212992 1452 60.00 1108.06 1162.50 =========== Local /Remote Socket Size Request Resp. Elapsed Trans. Send Recv Size Size Time Rate bytes Bytes bytes bytes secs. per sec v4.18-rc7 v4.18-rc7 + fixes TEST: SCTP_RR 212992 212992 1 1 60.00 45486.98 46089.43 212992 212992 1 1 60.00 45584.18 45994.21 212992 212992 1 1 60.00 45703.86 45720.84 TEST: SCTP_RR_MANY 212992 212992 1 1 60.00 40.75 40.77 212992 212992 1 1 60.00 40.58 40.08 212992 212992 1 1 60.00 39.98 39.97 Performance results for many streams: ===================================== * Kernel: v4.18-rc8 - stock and with 2 patches v3 * Node: CPU (8 cores): Intel(R) Xeon(R) CPU E31230 @ 3.20GHz RAM: 32 Gb * sctp_test: https://github.com/sctp/lksctp-tools * both server and client are run on the same node * ip link set lo mtu 1500 * sysctl -w vm.max_map_count=65530000 (need it to make memory fragmented) The script used to run tests: ============================= # cat run_sctp_test.sh #!/bin/bash set -x uname -r ip link set lo mtu 1500 swapoff -a free cat /proc/buddyinfo ./src/apps/sctp_test -H 127.0.0.1 -P 22222 -l -d 0 & sleep 3 time ./src/apps/sctp_test -H 127.0.0.1 -P 22221 -h 127.0.0.1 -p 22222 \ -s -c 1 -M 65535 -T -t 1 -x 100000 -d 0 1>/dev/null killall -9 lt-sctp_test =============================== Results (a bit reformatted to be more readable): 1) ms stock kernel v4.18-rc8, no memory fragmentation test 1 test 2 test 3 real 0m14.715s 0m14.593s 0m15.954s user 0m0.954s 0m0.955s 0m0.854s sys 0m13.388s 0m12.537s 0m13.749s 2) kernel with fixes, no memory fragmentation test 1 test 2 test 3 real 0m14.959s 0m14.693s 0m14.762s user 0m0.948s 0m0.921s 0m0.929s sys 0m13.538s 0m13.225s 0m13.217s 3) kernel with fixes, memory fragmented 'free': total used free shared buff/cache available Mem: 32906008 30555200 302740 764 2048068 266452 Mem: 32906008 30379948 541436 764 1984624 442376 Mem: 32906008 30717312 262380 764 1926316 109908 /proc/buddyinfo: Node 0, zone Normal 40773 37 34 29 0 0 0 0 0 0 0 Node 0, zone Normal 100332 68 8 4 2 1 1 0 0 0 0 Node 0, zone Normal 31113 7 2 1 0 0 0 0 0 0 0 test 1 test 2 test 3 real 0m14.159s 0m15.252s 0m15.826s user 0m0.839s 0m1.004s 0m1.048s sys 0m11.827s 0m14.240s 0m14.778s ==================== Signed-off-by: David S. Miller commit 0d493b4d0be352b5e361e4fa0bc3efe952d8b10e Author: Konstantin Khorenko Date: Fri Aug 10 20:11:43 2018 +0300 net/sctp: Replace in/out stream arrays with flex_array This path replaces physically contiguous memory arrays allocated using kmalloc_array() with flexible arrays. This enables to avoid memory allocation failures on the systems under a memory stress. Signed-off-by: Oleg Babin Signed-off-by: Konstantin Khorenko Signed-off-by: David S. Miller commit 05364ca03cfd419caecb292fede20eb39667eaae Author: Konstantin Khorenko Date: Fri Aug 10 20:11:42 2018 +0300 net/sctp: Make wrappers for accessing in/out streams This patch introduces wrappers for accessing in/out streams indirectly. This will enable to replace physically contiguous memory arrays of streams with flexible arrays (or maybe any other appropriate mechanism) which do memory allocation on a per-page basis. Signed-off-by: Oleg Babin Signed-off-by: Konstantin Khorenko Signed-off-by: David S. Miller commit b70f1f3af47f4a21a25678f9ee587ed7986d62f8 Author: Keara Leibovitz Date: Fri Aug 10 10:09:41 2018 -0400 tc: Update README and add config Updated README. Added config file that contains the minimum required features enabled to run the tests currently present in the kernel. This must be updated when new unittests are created and require their own modules. Signed-off-by: Keara Leibovitz Signed-off-by: David S. Miller commit 3305f9a90524c8e9e59f29a62312c10ab00a7364 Merge: 8a8982d1e213 4f5f85e9a70e Author: David S. Miller Date: Sat Aug 11 12:13:49 2018 -0700 Merge branch 'l2tp-rework-pppol2tp-ioctl-handling' Guillaume Nault says: ==================== l2tp: rework pppol2tp ioctl handling The current ioctl() handling code can be simplified. It tests for non-relevant conditions and uselessly holds sockets. Once useless code is removed, it becomes even simpler to let pppol2tp_ioctl() handle commands directly, rather than dispatch them to pppol2tp_tunnel_ioctl() or pppol2tp_session_ioctl(). That is the approach taken by this series. Patch #1 and #2 define helper functions aimed at simplifying the rest of the patch set. Patch #3 drops useless tests in pppol2p_ioctl() and avoid holding a refcount on the socket. Patches #4, #5 and #6 are the core of the series. They let pppol2tp_ioctl() handle all ioctls and drop the tunnel and session specific functions. Then patch #6 brings a little bit of consolidation. Finally, patch #7 takes advantage of the simplified code to make pppol2tp sockets compatible with dev_ioctl(). Certainly not a killer feature, but it is trivial and it is always nice to see l2tp getting better integration with the rest of the stack. ==================== Signed-off-by: David S. Miller commit 4f5f85e9a70e13c8919e26609914253d18fbf858 Author: Guillaume Nault Date: Fri Aug 10 13:22:03 2018 +0200 l2tp: let pppol2tp_ioctl() fallback to dev_ioctl() Return -ENOIOCTLCMD for unknown ioctl commands. This lets dev_ioctl() handle generic socket ioctls like SIOCGIFNAME or SIOCGIFINDEX. PF_PPPOX/PX_PROTO_OL2TP was one of the few socket types not honouring this mechanism. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit 7390ed8a405013d0a7e1f4dc8ac495e0ac04996f Author: Guillaume Nault Date: Fri Aug 10 13:22:02 2018 +0200 l2tp: zero out stats in pppol2tp_copy_stats() Integrate memset(0) in pppol2tp_copy_stats() to avoid calling it manually every time. While there, constify 'stats'. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit b0e29063dcb3bf14f515f95e748b60e4bab45e7c Author: Guillaume Nault Date: Fri Aug 10 13:22:01 2018 +0200 l2tp: remove pppol2tp_session_ioctl() pppol2tp_ioctl() has everything in place for handling PPPIOCGL2TPSTATS on session sockets. We just need to copy the stats and set ->session_id. As a side effect of sharing session and tunnel code, ->using_ipsec is properly set even when the request was made using a session socket. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit 528534f0deda05c668756313a22974429a9df05a Author: Guillaume Nault Date: Fri Aug 10 13:22:00 2018 +0200 l2tp: remove pppol2tp_tunnel_ioctl() Handle PPPIOCGL2TPSTATS in pppol2tp_ioctl() if the socket represents a tunnel. This one is a bit special because the caller may use the tunnel socket to retrieve statistics of one of its sessions. If the session_id is set, the corresponding session's statistics are returned, instead of those of the tunnel. This is handled by the new pppol2tp_tunnel_copy_stats() helper function. Set ->tunnel_id and ->using_ipsec out of the conditional, so that it can be used by the 'else' branch in the following patch. We cannot do that for ->session_id, because tunnel sockets have to report the value that was originally passed in 'stats.session_id', while session sockets have to report their own session_id. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit 79e6760e64d1b69a20af4d97ead291159d4c11c2 Author: Guillaume Nault Date: Fri Aug 10 13:21:58 2018 +0200 l2tp: handle PPPIOC[GS]MRU and PPPIOC[GS]FLAGS in pppol2tp_ioctl() Let pppol2tp_ioctl() handle ioctl commands directly. It still relies on pppol2tp_{session,tunnel}_ioctl() for PPPIOCGL2TPSTATS. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit bdd0292f96e43de46283ea0efdef8d13b4ffe895 Author: Guillaume Nault Date: Fri Aug 10 13:21:58 2018 +0200 l2tp: simplify pppol2tp_ioctl() * Drop test on 'sk': sock->sk cannot be NULL, or pppox_ioctl() could not have called us. * Drop test on 'SOCK_DEAD' state: if this flag was set, the socket would be in the process of being released and no ioctl could be running anymore. * Drop test on 'PPPOX_*' state: we depend on ->sk_user_data to get the session structure. If it is non-NULL, then the socket is connected. Testing for PPPOX_* is redundant. * Retrieve session using ->sk_user_data directly, instead of going through pppol2tp_sock_to_session(). This avoids grabbing a useless reference on the socket. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit 01e28b921b19cb99a09dda89ab0e5dc49bf4ab38 Author: Guillaume Nault Date: Fri Aug 10 13:21:57 2018 +0200 l2tp: split l2tp_session_get() l2tp_session_get() is used for two different purposes. If 'tunnel' is NULL, the session is searched globally in the supplied network namespace. Otherwise it is searched exclusively in the tunnel context. Callers always know the context in which they need to search the session. But some of them do provide both a namespace and a tunnel, making the semantic of the call unclear. This patch defines l2tp_tunnel_get_session() for lookups done in a tunnel and restricts l2tp_session_get() to namespace searches. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit d6a61ec936676dbe25a6eb76e1229787dc2fbba8 Author: Guillaume Nault Date: Fri Aug 10 13:21:55 2018 +0200 l2tp: define l2tp_tunnel_uses_xfrm() Use helper function to figure out if a tunnel is using ipsec. Also, avoid accessing ->sk_policy directly since it's RCU protected. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit 8a8982d1e2137aa020dd9fbc96b5e3c4fd871d0c Merge: 78aca3bbee88 b6311b7bea41 Author: David S. Miller Date: Sat Aug 11 12:11:36 2018 -0700 Merge branch 'netsec-driver-improvements' Ilias Apalodimas says: ==================== netsec driver improvements This patchset introduces some improvements on socionext netsec driver. - patch 1/2, avoids unneeded MMIO reads on the Rx path - patch 2/2, is adjusting the numbers of descriptors used Changes since v1: - Move dma_rmb() to protect descriptor accesses until the device has updated the NETSEC_RX_PKT_OWN_FIELD bit ==================== Signed-off-by: David S. Miller commit b6311b7bea41963c81da3ab58730dcc3c1aa388e Author: Ilias Apalodimas Date: Fri Aug 10 09:12:39 2018 +0300 net: socionext: Increase descriptors to 256 Increasing descriptors to 256 from 128 and adjusting the NAPI weight to 64 increases performace on Rx by ~20% on 64byte packets Signed-off-by: Ilias Apalodimas Signed-off-by: David S. Miller commit 63ae7949e94aad607c24d00b8ce3f5661c0a1e9d Author: Ilias Apalodimas Date: Fri Aug 10 09:12:38 2018 +0300 net: socionext: Use descriptor info instead of MMIO reads on Rx MMIO reads for remaining packets in queue occur (at least)twice per invocation of netsec_process_rx(). We can use the packet descriptor to identify if it's owned by the hardware and break out, avoiding the more expensive MMIO read operations. This has a ~2% increase on the pps of the Rx path when tested with 64byte packets Signed-off-by: Ilias Apalodimas Signed-off-by: David S. Miller commit 78aca3bbee880ea4d6f30d603c057058b03bdc77 Author: YueHaibing Date: Fri Aug 10 14:08:37 2018 +0800 vxge: remove set but not used variable 'req_out', 'status' and 'ret' Fixes gcc '-Wunused-but-set-variable' warning: drivers/net/ethernet/neterion/vxge/vxge-config.c:1097:6: warning: variable 'ret' set but not used [-Wunused-but-set-variable] drivers/net/ethernet/neterion/vxge/vxge-config.c:2263:6: warning: variable 'req_out' set but not used [-Wunused-but-set-variable] drivers/net/ethernet/neterion/vxge/vxge-config.c:2262:22: warning: variable 'status' set but not used [-Wunused-but-set-variable] drivers/net/ethernet/neterion/vxge/vxge-config.c:2360:22: warning: variable 'status' set but not used [-Wunused-but-set-variable] enum vxge_hw_status status = VXGE_HW_OK; Signed-off-by: YueHaibing Signed-off-by: David S. Miller commit 29afde505178403ccba6d3af919cc5b15a621ef7 Merge: 07624df1c9ef 2ca653d607ce Author: David S. Miller Date: Sat Aug 11 12:02:18 2018 -0700 Merge branch 'virtio_net-Expand-affinity-to-arbitrary-numbers-of-cpu-and-vq' Caleb Raitto says: ==================== virtio_net: Expand affinity to arbitrary numbers of cpu and vq Virtio-net tries to pin each virtual queue rx and tx interrupt to a cpu if there are as many queues as cpus. Expand this heuristic to configure a reasonable affinity setting also when the number of cpus != the number of virtual queues. Patch 1 allows vqs to take an affinity mask with more than 1 cpu. Patch 2 generalizes the algorithm in virtnet_set_affinity beyond the case where #cpus == #vqs. v2 changes: Renamed "virtio_net: Make vp_set_vq_affinity() take a mask." to "virtio: Make vp_set_vq_affinity() take a mask." Tested: [InstanceSetup] set_multiqueue = false $ cd /proc/irq $ for i in `seq 24 60` ; do sudo grep ".*" $i/smp_affinity_list; done 0-15 0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 8 8 9 9 10 10 11 11 12 12 13 13 14 14 15 15 0-15 0-15 0-15 0-15 $ cd /sys/class/net/eth0/queues/ $ for i in `seq 0 15` ; do sudo grep ".*" tx-$i/xps_cpus; done 0001 0002 0004 0008 0010 0020 0040 0080 0100 0200 0400 0800 1000 2000 4000 8000 $ sudo ethtool -L eth0 combined 15 $ cd /proc/irq $ for i in `seq 24 60` ; do sudo grep ".*" $i/smp_affinity_list; done 0-15 0-1 0-1 2 2 3 3 4 4 5 5 6 6 7 7 8 8 9 9 10 10 11 11 12 12 13 13 14 14 15 15 15 15 0-15 0-15 0-15 0-15 $ cd /sys/class/net/eth0/queues/ $ for i in `seq 0 14` ; do sudo grep ".*" tx-$i/xps_cpus; done 0003 0004 0008 0010 0020 0040 0080 0100 0200 0400 0800 1000 2000 4000 8000 $ sudo ethtool -L eth0 combined 8 $ cd /proc/irq $ for i in `seq 24 60` ; do sudo grep ".*" $i/smp_affinity_list; done 0-15 0-1 0-1 2-3 2-3 4-5 4-5 6-7 6-7 8-9 8-9 10-11 10-11 12-13 12-13 14-15 14-15 9 9 10 10 11 11 12 12 13 13 14 14 15 15 15 15 0-15 0-15 0-15 0-15 $ cd /sys/class/net/eth0/queues/ $ for i in `seq 0 7` ; do sudo grep ".*" tx-$i/xps_cpus; done 0003 000c 0030 00c0 0300 0c00 3000 c000 $ sudo ethtool -L eth0 combined 16 $ sudo sh -c "echo 0 > /sys/devices/system/cpu/cpu15/online" $ cd /proc/irq $ for i in `seq 24 60` ; do sudo grep ".*" $i/smp_affinity_list; done 0-15 0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 8 8 9 9 10 10 11 11 12 12 13 13 14 14 0 0 0-15 0-15 0-15 0-15 $ cd /sys/class/net/eth0/queues/ $ for i in `seq 0 15` ; do sudo grep ".*" tx-$i/xps_cpus; done 0001 0002 0004 0008 0010 0020 0040 0080 0100 0200 0400 0800 1000 2000 4000 0001 $ for i in `seq 8 15`; \ do sudo sh -c "echo 0 > /sys/devices/system/cpu/cpu$i/online"; done $ cd /proc/irq $ for i in `seq 24 60` ; do sudo grep ".*" $i/smp_affinity_list; done 0-15 0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 0-15 0-15 0-15 0-15 $ cd /sys/class/net/eth0/queues/ $ for i in `seq 0 15` ; do sudo grep ".*" tx-$i/xps_cpus; done 0001 0002 0004 0008 0010 0020 0040 0080 0001 0002 0004 0008 0010 0020 0040 0080 ==================== Signed-off-by: David S. Miller commit 2ca653d607ce59f2729173a7ea56dbfa6330ec88 Author: Caleb Raitto Date: Thu Aug 9 17:28:40 2018 -0700 virtio_net: Stripe queue affinities across cores. Always set the affinity hint, even if #cpu != #vq. Handle the case where #cpu > #vq (including when #cpu % #vq != 0) and when #vq > #cpu (including when #vq % #cpu != 0). Signed-off-by: Caleb Raitto Signed-off-by: Willem de Bruijn Acked-by: Jon Olson Signed-off-by: David S. Miller commit 19e226e8cc5da02f17ed119f9137036c0f0f5d80 Author: Caleb Raitto Date: Thu Aug 9 18:18:28 2018 -0700 virtio: Make vp_set_vq_affinity() take a mask. Make vp_set_vq_affinity() take a cpumask instead of taking a single CPU. If there are fewer queues than cores, queue affinity should be able to map to multiple cores. Link: https://patchwork.ozlabs.org/patch/948149/ Suggested-by: Willem de Bruijn Signed-off-by: Caleb Raitto Acked-by: Gonglei Signed-off-by: David S. Miller commit 07624df1c9efd4b7f2f6762581587c590b03c7a2 Author: Bryan Whitehead Date: Thu Aug 9 15:36:10 2018 -0400 lan743x: lan743x: Add PTP support PTP support includes: Ingress, and egress timestamping. One step timestamping available. PTP clock support. Periodic output support. Signed-off-by: Bryan Whitehead Signed-off-by: David S. Miller commit 217e502b89d42dce2afa80a1256adceae070237e Merge: 8a8a894ebbc2 fd2123a3d752 Author: David S. Miller Date: Sat Aug 11 11:31:36 2018 -0700 Merge branch 'tcp-new-mechanism-to-ACK-immediately' Yuchung Cheng says: ==================== tcp: new mechanism to ACK immediately This patch is a follow-up feature improvement to the recent fixes on the performance issues in ECN (delayed) ACKs. Many of the fixes use tcp_enter_quickack_mode routine to force immediate ACKs. However the routine also reset tracking interactive session. This is not ideal because these immediate ACKs are required by protocol specifics unrelated to the interactiveness nature of the application. This patch set introduces a new flag to send a one-time immediate ACK without changing the status of interactive session tracking. With this patch set the immediate ACKs are generated upon these protocol states: 1) When a hole is repaired 2) When CE status changes between subsequent data packets received 3) When a data packet carries CWR flag ==================== Signed-off-by: David S. Miller commit fd2123a3d7527d4c7092633d55e877c0cc1d84a3 Author: Yuchung Cheng Date: Thu Aug 9 09:38:12 2018 -0700 tcp: avoid resetting ACK timer upon receiving packet with ECN CWR flag Previously commit 9aee40006190 ("tcp: ack immediately when a cwr packet arrives") calls tcp_enter_quickack_mode to force sending two immediate ACKs upon receiving a packet w/ CWR flag. The side effect is it'll also reset the delayed ACK timer and interactive session tracking. This patch removes that side effect by using the new ACK_NOW flag to force an immmediate ACK. Packetdrill to demonstrate: 0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3 +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 +0 setsockopt(3, SOL_TCP, TCP_CONGESTION, "dctcp", 5) = 0 +0 bind(3, ..., ...) = 0 +0 listen(3, 1) = 0 +0 < [ect0] SEW 0:0(0) win 32792 +0 > SE. 0:0(0) ack 1 +.1 < [ect0] . 1:1(0) ack 1 win 257 +0 accept(3, ..., ...) = 4 +0 < [ect0] . 1:1001(1000) ack 1 win 257 +0 > [ect01] . 1:1(0) ack 1001 +0 write(4, ..., 1) = 1 +0 > [ect01] P. 1:2(1) ack 1001 +0 < [ect0] . 1001:2001(1000) ack 2 win 257 +0 write(4, ..., 1) = 1 +0 > [ect01] P. 2:3(1) ack 2001 +0 < [ect0] . 2001:3001(1000) ack 3 win 257 +0 < [ect0] . 3001:4001(1000) ack 3 win 257 // Ack delayed ... +.01 < [ce] P. 4001:4501(500) ack 3 win 257 +0 > [ect01] . 3:3(0) ack 4001 +0 > [ect01] E. 3:3(0) ack 4501 +.001 read(4, ..., 4500) = 4500 +0 write(4, ..., 1) = 1 +0 > [ect01] PE. 3:4(1) ack 4501 win 100 +.01 < [ect0] W. 4501:5501(1000) ack 4 win 257 // No delayed ACK on CWR flag +0 > [ect01] . 4:4(0) ack 5501 +.31 < [ect0] . 5501:6501(1000) ack 4 win 257 +0 > [ect01] . 4:4(0) ack 6501 Fixes: 9aee40006190 ("tcp: ack immediately when a cwr packet arrives") Signed-off-by: Yuchung Cheng Signed-off-by: Neal Cardwell Signed-off-by: David S. Miller commit 15bdd5686c2c61373680b9015e95abf31778e4fd Author: Yuchung Cheng Date: Thu Aug 9 09:38:11 2018 -0700 tcp: always ACK immediately on hole repairs RFC 5681 sec 4.2: To provide feedback to senders recovering from losses, the receiver SHOULD send an immediate ACK when it receives a data segment that fills in all or part of a gap in the sequence space. When a gap is partially filled, __tcp_ack_snd_check already checks the out-of-order queue and correctly send an immediate ACK. However when a gap is fully filled, the previous implementation only resets pingpong mode which does not guarantee an immediate ACK because the quick ACK counter may be zero. This patch addresses this issue by marking the one-time immediate ACK flag instead. Signed-off-by: Yuchung Cheng Signed-off-by: Neal Cardwell Signed-off-by: Wei Wang Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller commit d2ccd7bc8acdcb9166c07a0255fb85bf877edb1f Author: Yuchung Cheng Date: Thu Aug 9 09:38:10 2018 -0700 tcp: avoid resetting ACK timer in DCTCP The recent fix of acking immediately in DCTCP on CE status change has an undesirable side-effect: it also resets TCP ack timer and disables pingpong mode (interactive session). But the CE status change has nothing to do with them. This patch addresses that by using the new one-time immediate ACK flag instead of calling tcp_enter_quickack_mode(). Signed-off-by: Yuchung Cheng Signed-off-by: Neal Cardwell Signed-off-by: Wei Wang Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller commit 466466dc6c28ca9dc401f10e235b9cde9a7c9162 Author: Yuchung Cheng Date: Thu Aug 9 09:38:09 2018 -0700 tcp: mandate a one-time immediate ACK Add a new flag to indicate a one-time immediate ACK. This flag is occasionaly set under specific TCP protocol states in addition to the more common quickack mechanism for interactive application. In several cases in the TCP code we want to force an immediate ACK but do not want to call tcp_enter_quickack_mode() because we do not want to forget the icsk_ack.pingpong or icsk_ack.ato state. Signed-off-by: Yuchung Cheng Signed-off-by: Neal Cardwell Signed-off-by: Wei Wang Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller commit 8a8a894ebbc23f52669b80c2ca5bf62d75267324 Author: Gustavo A. R. Silva Date: Thu Aug 9 10:47:20 2018 -0500 wimax: usb-tx: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Notice that in this particular case, I placed the "fall through" annotation at the bottom of the case, which is what GCC is expecting to find. Addresses-Coverity-ID: 115075 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 849063074a84fe388a15f5655bc26fdf3290a2ac Author: Gustavo A. R. Silva Date: Thu Aug 9 10:39:44 2018 -0500 wimax: usb-fw: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Notice that in this particular case, I placed the "fall through" annotation at the bottom of the case, which is what GCC is expecting to find. Addresses-Coverity-ID: 1369529 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit d331e7589753f02f93db350910e4bcbbecf6f726 Author: Gustavo A. R. Silva Date: Thu Aug 9 10:08:24 2018 -0500 net: dp83640: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Notice that in this particular case, I replaced the code comment at the top of the switch statement with a proper "fall through" annotation for each case, which is what GCC is expecting to find. Addresses-Coverity-ID: 1056542 ("Missing break in switch") Addresses-Coverity-ID: 1339579 ("Missing break in switch") Addresses-Coverity-ID: 1369526 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Acked-by: Richard Cochran Signed-off-by: David S. Miller commit 98ed1e642c451b3ed9f4c5785b291a3fc9e82166 Author: Colin Ian King Date: Thu Aug 9 12:00:49 2018 +0100 rxrpc: remove redundant static int 'zero' The static int 'zero' is defined but is never used hence it is redundant and can be removed. The use of this variable was removed with commit a158bdd3247b ("rxrpc: Fix call timeouts"). Cleans up clang warning: warning: 'zero' defined but not used [-Wunused-const-variable=] Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit f741917e24e9de4cf5abe041ff1b4f28f9522387 Author: zhong jiang Date: Thu Aug 9 09:39:13 2018 +0800 drivers/net/usb/r8152: remove the unneeded variable "ret" in rtl8152_system_suspend rtl8152_system_suspend defines the variable "ret", but it is not modified after initialization. So just remove it. Signed-off-by: zhong jiang Signed-off-by: David S. Miller commit 9805d4bcf8f98dbeb1a66c3195f2ea8b917a083e Author: Boris Brezillon Date: Sat Aug 11 15:47:12 2018 +0200 mtd: rawnand: atmel: Select GENERIC_ALLOCATOR The driver uses genalloc functions. Select GENERIC_ALLOCATOR to prevent build errors when selected through COMPILE_TEST. Fixes: 88a40e7dca00 ("mtd: rawnand: atmel: Allow selection of this driver when COMPILE_TEST=y") Reported-by: Randy Dunlap Signed-off-by: Boris Brezillon Acked-by: Miquel Raynal Acked-by: Randy Dunlap commit d0eea5d8db42a9fbf89943253908579865a3eaad Merge: da86748bf600 bb276262e88d Author: Boris Brezillon Date: Sat Aug 11 12:19:35 2018 +0200 Merge tag 'spi-nor/for-4.19' of git://git.infradead.org/linux-mtd into mtd/next Pull SPI NOR updates from Boris Brezillon: " Core changes: - Apply reset hacks only when reset is explicitly marked as broken in the DT Driver changes: - Minor cleanup/fixes in the m25p80 driver - Release flash_np in the nxp-spifi driver - Add suspend/resume hooks to the atmel-quadspi driver - Include gpio/consumer.h instead of gpio.h in the atmel-quadspi driver - Use %pK instead of %p in the stm32-quadspi driver - Improve timeout handling in the cadence-quadspi driver - Use mtd_device_register() instead of mtd_device_parse_register() in the intel-spi driver " commit da86748bf60068e0d6ad56e5c919ca7e6782c4ba Merge: 76a832254ab0 ed128e8b757b Author: Boris Brezillon Date: Sat Aug 11 12:15:19 2018 +0200 Merge tag 'nand/for-4.19' of git://git.infradead.org/linux-mtd into mtd/next Pull NAND updates from Miquel Raynal: " NAND core changes: - Add the SPI-NAND framework. - Create a helper to find the best ECC configuration. - Create NAND controller operations. - Allocate dynamically ONFI parameters structure. - Add defines for ONFI version bits. - Add manufacturer fixup for ONFI parameter page. - Add an option to specify NAND chip as a boot device. - Add Reed-Solomon error correction algorithm. - Better name for the controller structure. - Remove unused caller_is_module() definition. - Make subop helpers return unsigned values. - Expose _notsupp() helpers for raw page accessors. - Add default values for dynamic timings. - Kill the chip->scan_bbt() hook. - Rename nand_default_bbt() into nand_create_bbt(). - Start to clean the nand_chip structure. - Remove stale prototype from rawnand.h. Raw NAND controllers drivers changes: - Qcom: structuring cleanup. - Denali: use core helper to find the best ECC configuration. - Possible build of almost all drivers by adding a dependency on COMPILE_TEST for almost all of them in Kconfig, implies various fixes, Kconfig cleanup, GPIO headers inclusion cleanup, and even changes in sparc64 and ia64 architectures. - Clean the ->probe() functions error path of a lot of drivers. - Migrate all drivers to use nand_scan() instead of nand_scan_ident()/nand_scan_tail() pair. - Use mtd_device_register() where applicable to simplify the code. - Marvell: * Handle on-die ECC. * Better clocks handling. * Remove bogus comment. * Add suspend and resume support. - Tegra: add NAND controller driver. - Atmel: * Add module param to avoid using dma. * Drop Wenyou Yang from MAINTAINERS. - Denali: optimize timings handling. - FSMC: Stop using chip->read_buf(). - FSL: * Switch to SPDX license tag identifiers. * Fix qualifiers in MXC init functions. Raw NAND chip drivers changes: - Micron: * Add fixup for ONFI revision. * Update ecc_stats.corrected. * Make ECC activation stateful. * Avoid enabling/disabling ECC when it can't be disabled. * Get the actual number of bitflips. * Allow forced on-die ECC. * Support 8/512 on-die ECC. * Fix on-die ECC detection logic. - Hynix: * Fix decoding the OOB size on H27UCG8T2BTR. * Use ->exec_op() in hynix_nand_reg_write_op(). " commit 42a0cc3478584d4d63f68f2f5af021ddbea771fa Author: Jann Horn Date: Mon Jun 25 18:34:10 2018 +0200 sys: don't hold uts_sem while accessing userspace memory Holding uts_sem as a writer while accessing userspace memory allows a namespace admin to stall all processes that attempt to take uts_sem. Instead, move data through stack buffers and don't access userspace memory while uts_sem is held. Cc: stable@vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jann Horn Signed-off-by: Eric W. Biederman commit 5820f140edef111a9ea2ef414ab2428b8cb805b1 Author: Jann Horn Date: Mon Jun 25 18:34:19 2018 +0200 userns: move user access out of the mutex The old code would hold the userns_state_mutex indefinitely if memdup_user_nul stalled due to e.g. a userfault region. Prevent that by moving the memdup_user_nul in front of the mutex_lock(). Note: This changes the error precedence of invalid buf/count/*ppos vs map already written / capabilities missing. Fixes: 22d917d80e84 ("userns: Rework the user_namespace adding uid/gid...") Cc: stable@vger.kernel.org Signed-off-by: Jann Horn Acked-by: Christian Brauner Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman commit 355139a8dba446cc11a424cddbf7afebc3041ba1 Author: Eddie.Horng Date: Fri Jul 20 15:30:00 2018 +0800 cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() The code in cap_inode_getsecurity(), introduced by commit 8db6c34f1dbc ("Introduce v3 namespaced file capabilities"), should use d_find_any_alias() instead of d_find_alias() do handle unhashed dentry correctly. This is needed, for example, if execveat() is called with an open but unlinked overlayfs file, because overlayfs unhashes dentry on unlink. This is a regression of real life application, first reported at https://www.spinics.net/lists/linux-unionfs/msg05363.html Below reproducer and setup can reproduce the case. const char* exec="echo"; const char *newargv[] = { "echo", "hello", NULL}; const char *newenviron[] = { NULL }; int fd, err; fd = open(exec, O_PATH); unlink(exec); err = syscall(322/*SYS_execveat*/, fd, "", newargv, newenviron, AT_EMPTY_PATH); if(err<0) fprintf(stderr, "execveat: %s\n", strerror(errno)); gcc compile into ~/test/a.out mount -t overlay -orw,lowerdir=/mnt/l,upperdir=/mnt/u,workdir=/mnt/w none /mnt/m cd /mnt/m cp /bin/echo . ~/test/a.out Expected result: hello Actually result: execveat: Invalid argument dmesg: Invalid argument reading file caps for /dev/fd/3 The 2nd reproducer and setup emulates similar case but for regular filesystem: const char* exec="echo"; int fd, err; char buf[256]; fd = open(exec, O_RDONLY); unlink(exec); err = fgetxattr(fd, "security.capability", buf, 256); if(err<0) fprintf(stderr, "fgetxattr: %s\n", strerror(errno)); gcc compile into ~/test_fgetxattr cd /tmp cp /bin/echo . ~/test_fgetxattr Result: fgetxattr: Invalid argument On regular filesystem, for example, ext4 read xattr from disk and return to execveat(), will not trigger this issue, however, the overlay attr handler pass real dentry to vfs_getxattr() will. This reproducer calls fgetxattr() with an unlinked fd, involkes vfs_getxattr() then reproduced the case that d_find_alias() in cap_inode_getsecurity() can't find the unlinked dentry. Suggested-by: Amir Goldstein Acked-by: Amir Goldstein Acked-by: Serge E. Hallyn Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") Cc: # v4.14 Signed-off-by: Eddie Horng Signed-off-by: Eric W. Biederman commit 8605212a7c37b5d786544263bae5e697c1aaaa16 Author: Vasundhara Volam Date: Fri Aug 10 18:24:43 2018 -0400 bnxt_en: Fix strcpy() warnings in bnxt_ethtool.c This patch fixes following smatch warnings: drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:2826 bnxt_fill_coredump_seg_hdr() error: strcpy() '"sEgM"' too large for 'seg_hdr->signature' (5 vs 4) drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:2858 bnxt_fill_coredump_record() error: strcpy() '"cOrE"' too large for 'record->signature' (5 vs 4) drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:2879 bnxt_fill_coredump_record() error: strcpy() 'utsname()->sysname' too large for 'record->os_name' (65 vs 32) Fixes: 6c5657d085ae ("bnxt_en: Add support for ethtool get dump.") Reported-by: Dan Carpenter Signed-off-by: Vasundhara Volam Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 4bcb4ad6634ea1084faa630fe35d72f75b5e80fa Author: Paul Burton Date: Fri Aug 10 16:03:31 2018 -0700 MIPS: Consistently declare TLB functions Since at least the beginning of the git era we've declared our TLB exception handling functions inconsistently. They're actually functions, but we declare them as arrays of u32 where each u32 is an encoded instruction. This has always been the case for arch/mips/mm/tlbex.c, and has also been true for arch/mips/kernel/traps.c since commit 86a1708a9d54 ("MIPS: Make tlb exception handler definitions and declarations match.") which aimed for consistency but did so by consistently making the our C code inconsistent with our assembly. This is all usually harmless, but when using GCC 7 or newer to build a kernel targeting microMIPS (ie. CONFIG_CPU_MICROMIPS=y) it becomes problematic. With microMIPS bit 0 of the program counter indicates the ISA mode. When bit 0 is zero instructions are decoded using the standard MIPS32 or MIPS64 ISA. When bit 0 is one instructions are decoded using microMIPS. This means that function pointers become odd - their least significant bit is one for microMIPS code. We work around this in cases where we need to access code using loads & stores with our msk_isa16_mode() macro which simply clears bit 0 of the value it is given: #define msk_isa16_mode(x) ((x) & ~0x1) For example we do this for our TLB load handler in build_r4000_tlb_load_handler(): u32 *p = (u32 *)msk_isa16_mode((ulong)handle_tlbl); We then write code to p, expecting it to be suitably aligned (our LEAF macro aligns functions on 4 byte boundaries, so (ulong)handle_tlbl will give a value one greater than a multiple of 4 - ie. the start of a function on a 4 byte boundary, with the ISA mode bit 0 set). This worked fine up to GCC 6, but GCC 7 & onwards is smart enough to presume that handle_tlbl which we declared as an array of u32s must be aligned sufficiently that bit 0 of its address will never be set, and as a result optimize out msk_isa16_mode(). This leads to p having an address with bit 0 set, and when we go on to attempt to store code at that address we take an address error exception due to the unaligned memory access. This leads to an exception prior to the kernel having configured its own exception handlers, so we jump to whatever handlers the bootloader configured. In the case of QEMU this results in a silent hang, since it has no useful general exception vector. Fix this by consistently declaring our TLB-related functions as functions. For handle_tlbl(), handle_tlbs() & handle_tlbm() we do this in asm/tlbex.h & we make use of the existing declaration of tlbmiss_handler_setup_pgd() in asm/mmu_context.h. Our TLB handler generation code in arch/mips/mm/tlbex.c is adjusted to deal with these definitions, in most cases simply by casting the function pointers to u32 pointers. This allows us to include asm/mmu_context.h in arch/mips/mm/tlbex.c to get the definitions of tlbmiss_handler_setup_pgd & pgd_current, removing some needless duplication. Consistently using msk_isa16_mode() on function pointers means we no longer need the tlbmiss_handler_setup_pgd_start symbol so that is removed entirely. Now that we're declaring our functions as functions GCC stops optimizing out msk_isa16_mode() & a microMIPS kernel built with either GCC 7.3.0 or 8.1.0 boots successfully. Signed-off-by: Paul Burton commit b29fea3676033c48a1145b075b3e88c785271f70 Author: Paul Burton Date: Fri Aug 10 15:24:39 2018 -0700 MIPS: Export tlbmiss_handler_setup_pgd near its definition We export tlbmiss_handler_setup_pgd in arch/mips/mm/tlbex.c close to a declaration of it, rather than close to its definition as is standard. We've supported exporting symbols in assembly code since commit 22823ab419d8 ("EXPORT_SYMBOL() for asm"), so move the export to follow the function's (stub) definition. Signed-off-by: Paul Burton commit 9d6f417714c3aaf67b23ffdc1d2b036cce3ecc1c Merge: 74b247f4c363 91134d849a0e Author: Daniel Borkmann Date: Sat Aug 11 01:58:47 2018 +0200 Merge branch 'bpf-reuseport-map' Martin KaFai Lau says: ==================== This series introduces a new map type "BPF_MAP_TYPE_REUSEPORT_SOCKARRAY" and a new prog type BPF_PROG_TYPE_SK_REUSEPORT. Here is a snippet from a commit message: "To unleash the full potential of a bpf prog, it is essential for the userspace to be capable of directly setting up a bpf map which can then be consumed by the bpf prog to make decision. In this case, decide which SO_REUSEPORT sk to serve the incoming request. By adding BPF_MAP_TYPE_REUSEPORT_SOCKARRAY, the userspace has total control and visibility on where a SO_REUSEPORT sk should be located in a bpf map. The later patch will introduce BPF_PROG_TYPE_SK_REUSEPORT such that the bpf prog can directly select a sk from the bpf map. That will raise the programmability of the bpf prog attached to a reuseport group (a group of sk serving the same IP:PORT). For example, in UDP, the bpf prog can peek into the payload (e.g. through the "data" pointer introduced in the later patch) to learn the application level's connection information and then decide which sk to pick from a bpf map. The userspace can tightly couple the sk's location in a bpf map with the application logic in generating the UDP payload's connection information. This connection info contact/API stays within the userspace. Also, when used with map-in-map, the userspace can switch the old-server-process's inner map to a new-server-process's inner map in one call "bpf_map_update_elem(outer_map, &index, &new_reuseport_array)". The bpf prog will then direct incoming requests to the new process instead of the old process. The old process can finish draining the pending requests (e.g. by "accept()") before closing the old-fds. [Note that deleting a fd from a bpf map does not necessary mean the fd is closed]" ==================== Signed-off-by: Daniel Borkmann commit 91134d849a0e8fbc70b8607d280e0d325dcaf7bb Author: Martin KaFai Lau Date: Wed Aug 8 01:01:31 2018 -0700 bpf: Test BPF_PROG_TYPE_SK_REUSEPORT This patch add tests for the new BPF_PROG_TYPE_SK_REUSEPORT. The tests cover: - IPv4/IPv6 + TCP/UDP - TCP syncookie - TCP fastopen - Cases when the bpf_sk_select_reuseport() returning errors - Cases when the bpf prog returns SK_DROP - Values from sk_reuseport_md - outer_map => reuseport_array The test depends on commit 3eee1f75f2b9 ("bpf: fix bpf_skb_load_bytes_relative pkt length check") Signed-off-by: Martin KaFai Lau Acked-by: Alexei Starovoitov Signed-off-by: Daniel Borkmann commit 6bc8529c414f931ce0acef3099b015cf2f5c4291 Author: Martin KaFai Lau Date: Wed Aug 8 01:01:30 2018 -0700 bpf: test BPF_MAP_TYPE_REUSEPORT_SOCKARRAY This patch adds tests for the new BPF_MAP_TYPE_REUSEPORT_SOCKARRAY. Signed-off-by: Martin KaFai Lau Acked-by: Alexei Starovoitov Signed-off-by: Daniel Borkmann commit 3bd43a8c91cba0493e507ed7baefa9b5613c28a9 Author: Martin KaFai Lau Date: Wed Aug 8 01:01:29 2018 -0700 bpf: Sync bpf.h uapi to tools/ This patch sync include/uapi/linux/bpf.h to tools/include/uapi/linux/ Signed-off-by: Martin KaFai Lau Acked-by: Alexei Starovoitov Signed-off-by: Daniel Borkmann commit aa5f0c96cc7b96a678779055b2ff4cd9dabd8ba7 Author: Martin KaFai Lau Date: Wed Aug 8 01:01:27 2018 -0700 bpf: Refactor ARRAY_SIZE macro to bpf_util.h This patch refactors the ARRAY_SIZE macro to bpf_util.h. Signed-off-by: Martin KaFai Lau Acked-by: Alexei Starovoitov Signed-off-by: Daniel Borkmann commit 8217ca653ec601246832d562207bc24bdf652d2f Author: Martin KaFai Lau Date: Wed Aug 8 01:01:26 2018 -0700 bpf: Enable BPF_PROG_TYPE_SK_REUSEPORT bpf prog in reuseport selection This patch allows a BPF_PROG_TYPE_SK_REUSEPORT bpf prog to select a SO_REUSEPORT sk from a BPF_MAP_TYPE_REUSEPORT_ARRAY introduced in the earlier patch. "bpf_run_sk_reuseport()" will return -ECONNREFUSED when the BPF_PROG_TYPE_SK_REUSEPORT prog returns SK_DROP. The callers, in inet[6]_hashtable.c and ipv[46]/udp.c, are modified to handle this case and return NULL immediately instead of continuing the sk search from its hashtable. It re-uses the existing SO_ATTACH_REUSEPORT_EBPF setsockopt to attach BPF_PROG_TYPE_SK_REUSEPORT. The "sk_reuseport_attach_bpf()" will check if the attaching bpf prog is in the new SK_REUSEPORT or the existing SOCKET_FILTER type and then check different things accordingly. One level of "__reuseport_attach_prog()" call is removed. The "sk_unhashed() && ..." and "sk->sk_reuseport_cb" tests are pushed back to "reuseport_attach_prog()" in sock_reuseport.c. sock_reuseport.c seems to have more knowledge on those test requirements than filter.c. In "reuseport_attach_prog()", after new_prog is attached to reuse->prog, the old_prog (if any) is also directly freed instead of returning the old_prog to the caller and asking the caller to free. The sysctl_optmem_max check is moved back to the "sk_reuseport_attach_filter()" and "sk_reuseport_attach_bpf()". As of other bpf prog types, the new BPF_PROG_TYPE_SK_REUSEPORT is only bounded by the usual "bpf_prog_charge_memlock()" during load time instead of bounded by both bpf_prog_charge_memlock and sysctl_optmem_max. Signed-off-by: Martin KaFai Lau Acked-by: Alexei Starovoitov Signed-off-by: Daniel Borkmann commit 2dbb9b9e6df67d444fbe425c7f6014858d337adf Author: Martin KaFai Lau Date: Wed Aug 8 01:01:25 2018 -0700 bpf: Introduce BPF_PROG_TYPE_SK_REUSEPORT This patch adds a BPF_PROG_TYPE_SK_REUSEPORT which can select a SO_REUSEPORT sk from a BPF_MAP_TYPE_REUSEPORT_ARRAY. Like other non SK_FILTER/CGROUP_SKB program, it requires CAP_SYS_ADMIN. BPF_PROG_TYPE_SK_REUSEPORT introduces "struct sk_reuseport_kern" to store the bpf context instead of using the skb->cb[48]. At the SO_REUSEPORT sk lookup time, it is in the middle of transiting from a lower layer (ipv4/ipv6) to a upper layer (udp/tcp). At this point, it is not always clear where the bpf context can be appended in the skb->cb[48] to avoid saving-and-restoring cb[]. Even putting aside the difference between ipv4-vs-ipv6 and udp-vs-tcp. It is not clear if the lower layer is only ipv4 and ipv6 in the future and will it not touch the cb[] again before transiting to the upper layer. For example, in udp_gro_receive(), it uses the 48 byte NAPI_GRO_CB instead of IP[6]CB and it may still modify the cb[] after calling the udp[46]_lib_lookup_skb(). Because of the above reason, if sk->cb is used for the bpf ctx, saving-and-restoring is needed and likely the whole 48 bytes cb[] has to be saved and restored. Instead of saving, setting and restoring the cb[], this patch opts to create a new "struct sk_reuseport_kern" and setting the needed values in there. The new BPF_PROG_TYPE_SK_REUSEPORT and "struct sk_reuseport_(kern|md)" will serve all ipv4/ipv6 + udp/tcp combinations. There is no protocol specific usage at this point and it is also inline with the current sock_reuseport.c implementation (i.e. no protocol specific requirement). In "struct sk_reuseport_md", this patch exposes data/data_end/len with semantic similar to other existing usages. Together with "bpf_skb_load_bytes()" and "bpf_skb_load_bytes_relative()", the bpf prog can peek anywhere in the skb. The "bind_inany" tells the bpf prog that the reuseport group is bind-ed to a local INANY address which cannot be learned from skb. The new "bind_inany" is added to "struct sock_reuseport" which will be used when running the new "BPF_PROG_TYPE_SK_REUSEPORT" bpf prog in order to avoid repeating the "bind INANY" test on "sk_v6_rcv_saddr/sk->sk_rcv_saddr" every time a bpf prog is run. It can only be properly initialized when a "sk->sk_reuseport" enabled sk is adding to a hashtable (i.e. during "reuseport_alloc()" and "reuseport_add_sock()"). The new "sk_select_reuseport()" is the main helper that the bpf prog will use to select a SO_REUSEPORT sk. It is the only function that can use the new BPF_MAP_TYPE_REUSEPORT_ARRAY. As mentioned in the earlier patch, the validity of a selected sk is checked in run time in "sk_select_reuseport()". Doing the check in verification time is difficult and inflexible (consider the map-in-map use case). The runtime check is to compare the selected sk's reuseport_id with the reuseport_id that we want. This helper will return -EXXX if the selected sk cannot serve the incoming request (e.g. reuseport_id not match). The bpf prog can decide if it wants to do SK_DROP as its discretion. When the bpf prog returns SK_PASS, the kernel will check if a valid sk has been selected (i.e. "reuse_kern->selected_sk != NULL"). If it does , it will use the selected sk. If not, the kernel will select one from "reuse->socks[]" (as before this patch). The SK_DROP and SK_PASS handling logic will be in the next patch. Signed-off-by: Martin KaFai Lau Acked-by: Alexei Starovoitov Signed-off-by: Daniel Borkmann commit 5dc4c4b7d4e8115e7cde96a030f98cb3ab2e458c Author: Martin KaFai Lau Date: Wed Aug 8 01:01:24 2018 -0700 bpf: Introduce BPF_MAP_TYPE_REUSEPORT_SOCKARRAY This patch introduces a new map type BPF_MAP_TYPE_REUSEPORT_SOCKARRAY. To unleash the full potential of a bpf prog, it is essential for the userspace to be capable of directly setting up a bpf map which can then be consumed by the bpf prog to make decision. In this case, decide which SO_REUSEPORT sk to serve the incoming request. By adding BPF_MAP_TYPE_REUSEPORT_SOCKARRAY, the userspace has total control and visibility on where a SO_REUSEPORT sk should be located in a bpf map. The later patch will introduce BPF_PROG_TYPE_SK_REUSEPORT such that the bpf prog can directly select a sk from the bpf map. That will raise the programmability of the bpf prog attached to a reuseport group (a group of sk serving the same IP:PORT). For example, in UDP, the bpf prog can peek into the payload (e.g. through the "data" pointer introduced in the later patch) to learn the application level's connection information and then decide which sk to pick from a bpf map. The userspace can tightly couple the sk's location in a bpf map with the application logic in generating the UDP payload's connection information. This connection info contact/API stays within the userspace. Also, when used with map-in-map, the userspace can switch the old-server-process's inner map to a new-server-process's inner map in one call "bpf_map_update_elem(outer_map, &index, &new_reuseport_array)". The bpf prog will then direct incoming requests to the new process instead of the old process. The old process can finish draining the pending requests (e.g. by "accept()") before closing the old-fds. [Note that deleting a fd from a bpf map does not necessary mean the fd is closed] During map_update_elem(), Only SO_REUSEPORT sk (i.e. which has already been added to a reuse->socks[]) can be used. That means a SO_REUSEPORT sk that is "bind()" for UDP or "bind()+listen()" for TCP. These conditions are ensured in "reuseport_array_update_check()". A SO_REUSEPORT sk can only be added once to a map (i.e. the same sk cannot be added twice even to the same map). SO_REUSEPORT already allows another sk to be created for the same IP:PORT. There is no need to re-create a similar usage in the BPF side. When a SO_REUSEPORT is deleted from the "reuse->socks[]" (e.g. "close()"), it will notify the bpf map to remove it from the map also. It is done through "bpf_sk_reuseport_detach()" and it will only be called if >=1 of the "reuse->sock[]" has ever been added to a bpf map. The map_update()/map_delete() has to be in-sync with the "reuse->socks[]". Hence, the same "reuseport_lock" used by "reuse->socks[]" has to be used here also. Care has been taken to ensure the lock is only acquired when the adding sk passes some strict tests. and freeing the map does not require the reuseport_lock. The reuseport_array will also support lookup from the syscall side. It will return a sock_gen_cookie(). The sock_gen_cookie() is on-demand (i.e. a sk's cookie is not generated until the very first map_lookup_elem()). The lookup cookie is 64bits but it goes against the logical userspace expectation on 32bits sizeof(fd) (and as other fd based bpf maps do also). It may catch user in surprise if we enforce value_size=8 while userspace still pass a 32bits fd during update. Supporting different value_size between lookup and update seems unintuitive also. We also need to consider what if other existing fd based maps want to return 64bits value from syscall's lookup in the future. Hence, reuseport_array supports both value_size 4 and 8, and assuming user will usually use value_size=4. The syscall's lookup will return ENOSPC on value_size=4. It will will only return 64bits value from sock_gen_cookie() when user consciously choose value_size=8 (as a signal that lookup is desired) which then requires a 64bits value in both lookup and update. Signed-off-by: Martin KaFai Lau Acked-by: Alexei Starovoitov Signed-off-by: Daniel Borkmann commit 736b46027eb4a4c602d3b8b93d2f48c9facbd915 Author: Martin KaFai Lau Date: Wed Aug 8 01:01:22 2018 -0700 net: Add ID (if needed) to sock_reuseport and expose reuseport_lock A later patch will introduce a BPF_MAP_TYPE_REUSEPORT_ARRAY which allows a SO_REUSEPORT sk to be added to a bpf map. When a sk is removed from reuse->socks[], it also needs to be removed from the bpf map. Also, when adding a sk to a bpf map, the bpf map needs to ensure it is indeed in a reuse->socks[]. Hence, reuseport_lock is needed by the bpf map to ensure its map_update_elem() and map_delete_elem() operations are in-sync with the reuse->socks[]. The BPF_MAP_TYPE_REUSEPORT_ARRAY map will only acquire the reuseport_lock after ensuring the adding sk is already in a reuseport group (i.e. reuse->socks[]). The map_lookup_elem() will be lockless. This patch also adds an ID to sock_reuseport. A later patch will introduce BPF_PROG_TYPE_SK_REUSEPORT which allows a bpf prog to select a sk from a bpf map. It is inflexible to statically enforce a bpf map can only contain the sk belonging to a particular reuse->socks[] (i.e. same IP:PORT) during the bpf verification time. For example, think about the the map-in-map situation where the inner map can be dynamically changed in runtime and the outer map may have inner maps belonging to different reuseport groups. Hence, when the bpf prog (in the new BPF_PROG_TYPE_SK_REUSEPORT type) selects a sk, this selected sk has to be checked to ensure it belongs to the requesting reuseport group (i.e. the group serving that IP:PORT). The "sk->sk_reuseport_cb" pointer cannot be used for this checking purpose because the pointer value will change after reuseport_grow(). Instead of saving all checking conditions like the ones preced calling "reuseport_add_sock()" and compare them everytime a bpf_prog is run, a 32bits ID is introduced to survive the reuseport_grow(). The ID is only acquired if any of the reuse->socks[] is added to the newly introduced "BPF_MAP_TYPE_REUSEPORT_ARRAY" map. If "BPF_MAP_TYPE_REUSEPORT_ARRAY" is not used, the changes in this patch is a no-op. Signed-off-by: Martin KaFai Lau Acked-by: Alexei Starovoitov Signed-off-by: Daniel Borkmann commit 40a1227ea845a37ab197dd1caffb60b047fa36b1 Author: Martin KaFai Lau Date: Wed Aug 8 01:01:21 2018 -0700 tcp: Avoid TCP syncookie rejected by SO_REUSEPORT socket Although the actual cookie check "__cookie_v[46]_check()" does not involve sk specific info, it checks whether the sk has recent synq overflow event in "tcp_synq_no_recent_overflow()". The tcp_sk(sk)->rx_opt.ts_recent_stamp is updated every second when it has sent out a syncookie (through "tcp_synq_overflow()"). The above per sk "recent synq overflow event timestamp" works well for non SO_REUSEPORT use case. However, it may cause random connection request reject/discard when SO_REUSEPORT is used with syncookie because it fails the "tcp_synq_no_recent_overflow()" test. When SO_REUSEPORT is used, it usually has multiple listening socks serving TCP connection requests destinated to the same local IP:PORT. There are cases that the TCP-ACK-COOKIE may not be received by the same sk that sent out the syncookie. For example, if reuse->socks[] began with {sk0, sk1}, 1) sk1 sent out syncookies and tcp_sk(sk1)->rx_opt.ts_recent_stamp was updated. 2) the reuse->socks[] became {sk1, sk2} later. e.g. sk0 was first closed and then sk2 was added. Here, sk2 does not have ts_recent_stamp set. There are other ordering that will trigger the similar situation below but the idea is the same. 3) When the TCP-ACK-COOKIE comes back, sk2 was selected. "tcp_synq_no_recent_overflow(sk2)" returns true. In this case, all syncookies sent by sk1 will be handled (and rejected) by sk2 while sk1 is still alive. The userspace may create and remove listening SO_REUSEPORT sockets as it sees fit. E.g. Adding new thread (and SO_REUSEPORT sock) to handle incoming requests, old process stopping and new process starting...etc. With or without SO_ATTACH_REUSEPORT_[CB]BPF, the sockets leaving and joining a reuseport group makes picking the same sk to check the syncookie very difficult (if not impossible). The later patches will allow bpf prog more flexibility in deciding where a sk should be located in a bpf map and selecting a particular SO_REUSEPORT sock as it sees fit. e.g. Without closing any sock, replace the whole bpf reuseport_array in one map_update() by using map-in-map. Getting the syncookie check working smoothly across socks in the same "reuse->socks[]" is important. A partial solution is to set the newly added sk's ts_recent_stamp to the max ts_recent_stamp of a reuseport group but that will require to iterate through reuse->socks[] OR pessimistically set it to "now - TCP_SYNCOOKIE_VALID" when a sk is joining a reuseport group. However, neither of them will solve the existing sk getting moved around the reuse->socks[] and that sk may not have ts_recent_stamp updated, unlikely under continuous synflood but not impossible. This patch opts to treat the reuseport group as a whole when considering the last synq overflow timestamp since they are serving the same IP:PORT from the userspace (and BPF program) perspective. "synq_overflow_ts" is added to "struct sock_reuseport". The tcp_synq_overflow() and tcp_synq_no_recent_overflow() will update/check reuse->synq_overflow_ts if the sk is in a reuseport group. Similar to the reuseport decision in __inet_lookup_listener(), both sk->sk_reuseport and sk->sk_reuseport_cb are tested for SO_REUSEPORT usage. Update on "synq_overflow_ts" happens at roughly once every second. A synflood test was done with a 16 rx-queues and 16 reuseport sockets. No meaningful performance change is observed. Before and after the change is ~9Mpps in IPv4. Cc: Eric Dumazet Signed-off-by: Martin KaFai Lau Acked-by: Alexei Starovoitov Signed-off-by: Daniel Borkmann commit c4f7173ac3b7e22934e51f0121833642a581d723 Author: Steve French Date: Fri Aug 10 18:46:58 2018 -0500 smb3: create smb3 equivalent alias for cifs pseudo-xattrs We really, really don't want to be encouraging people to use cifs (the dialect) since it is insecure, so to avoid confusion we want to move them to names which include 'smb3' instead of 'cifs' - so this simply creates an alias for the pseudo-xattrs e.g. can now do: getfattr -n user.smb3.creationtime /mnt1/file and getfattr -n user.smb3.dosattrib /mnt1/file and getfattr -n system.smb3_acl /mnt1/file instead of forcing you to use the string 'cifs' in these (e.g. getfattr -n system.cifs_acl /mnt1/file) Signed-off-by: Steve French commit 3093336481565248ce47557445977eeac21bfca8 Author: Chao Yu Date: Sat Jul 28 18:37:58 2018 +0800 f2fs: fix to reset i_gc_failures correctly Let's reset i_gc_failures to zero when we unset pinned state for file. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit d3f07c049dab1a3f1740f476afd3d5e5b738c21c Author: Chao Yu Date: Thu Aug 2 22:59:12 2018 +0800 f2fs: fix invalid memory access syzbot found the following crash on: HEAD commit: d9bd94c0bcaa Add linux-next specific files for 20180801 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=1001189c400000 kernel config: https://syzkaller.appspot.com/x/.config?x=cc8964ea4d04518c dashboard link: https://syzkaller.appspot.com/bug?extid=c966a82db0b14aa37e81 compiler: gcc (GCC) 8.0.1 20180413 (experimental) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+c966a82db0b14aa37e81@syzkaller.appspotmail.com loop7: rw=12288, want=8200, limit=20 netlink: 65342 bytes leftover after parsing attributes in process `syz-executor4'. openvswitch: netlink: Message has 8 unknown bytes. kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN CPU: 1 PID: 7615 Comm: syz-executor7 Not tainted 4.18.0-rc7-next-20180801+ #29 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__read_once_size include/linux/compiler.h:188 [inline] RIP: 0010:compound_head include/linux/page-flags.h:142 [inline] RIP: 0010:PageLocked include/linux/page-flags.h:272 [inline] RIP: 0010:f2fs_put_page fs/f2fs/f2fs.h:2011 [inline] RIP: 0010:validate_checkpoint+0x66d/0xec0 fs/f2fs/checkpoint.c:835 Code: e8 58 05 7f fe 4c 8d 6b 80 4d 8d 74 24 08 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 c6 04 02 00 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 f4 06 00 00 4c 89 ea 4d 8b 7c 24 08 48 b8 00 00 RSP: 0018:ffff8801937cebe8 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff8801937cef30 RCX: ffffc90006035000 RDX: 0000000000000000 RSI: ffffffff82fd9658 RDI: 0000000000000005 RBP: ffff8801937cef58 R08: ffff8801ab254700 R09: fffff94000d9e026 R10: fffff94000d9e026 R11: ffffea0006cf0137 R12: fffffffffffffffb R13: ffff8801937ceeb0 R14: 0000000000000003 R15: ffff880193419b40 FS: 00007f36a61d5700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc04ff93000 CR3: 00000001d0562000 CR4: 00000000001426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: f2fs_get_valid_checkpoint+0x436/0x1ec0 fs/f2fs/checkpoint.c:860 f2fs_fill_super+0x2d42/0x8110 fs/f2fs/super.c:2883 mount_bdev+0x314/0x3e0 fs/super.c:1344 f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3133 legacy_get_tree+0x131/0x460 fs/fs_context.c:729 vfs_get_tree+0x1cb/0x5c0 fs/super.c:1743 do_new_mount fs/namespace.c:2603 [inline] do_mount+0x6f2/0x1e20 fs/namespace.c:2927 ksys_mount+0x12d/0x140 fs/namespace.c:3143 __do_sys_mount fs/namespace.c:3157 [inline] __se_sys_mount fs/namespace.c:3154 [inline] __x64_sys_mount+0xbe/0x150 fs/namespace.c:3154 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45943a Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd 8a fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9a 8a fb ff c3 66 0f 1f 84 00 00 00 00 00 RSP: 002b:00007f36a61d4a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f36a61d4b30 RCX: 000000000045943a RDX: 00007f36a61d4ad0 RSI: 0000000020000100 RDI: 00007f36a61d4af0 RBP: 0000000020000100 R08: 00007f36a61d4b30 R09: 00007f36a61d4ad0 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000013 R13: 0000000000000000 R14: 00000000004c8ea0 R15: 0000000000000000 Modules linked in: Dumping ftrace buffer: (ftrace buffer empty) ---[ end trace bd8550c129352286 ]--- RIP: 0010:__read_once_size include/linux/compiler.h:188 [inline] RIP: 0010:compound_head include/linux/page-flags.h:142 [inline] RIP: 0010:PageLocked include/linux/page-flags.h:272 [inline] RIP: 0010:f2fs_put_page fs/f2fs/f2fs.h:2011 [inline] RIP: 0010:validate_checkpoint+0x66d/0xec0 fs/f2fs/checkpoint.c:835 Code: e8 58 05 7f fe 4c 8d 6b 80 4d 8d 74 24 08 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 c6 04 02 00 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 f4 06 00 00 4c 89 ea 4d 8b 7c 24 08 48 b8 00 00 RSP: 0018:ffff8801937cebe8 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff8801937cef30 RCX: ffffc90006035000 RDX: 0000000000000000 RSI: ffffffff82fd9658 RDI: 0000000000000005 netlink: 65342 bytes leftover after parsing attributes in process `syz-executor4'. RBP: ffff8801937cef58 R08: ffff8801ab254700 R09: fffff94000d9e026 openvswitch: netlink: Message has 8 unknown bytes. R10: fffff94000d9e026 R11: ffffea0006cf0137 R12: fffffffffffffffb R13: ffff8801937ceeb0 R14: 0000000000000003 R15: ffff880193419b40 FS: 00007f36a61d5700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc04ff93000 CR3: 00000001d0562000 CR4: 00000000001426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 In validate_checkpoint(), if we failed to call get_checkpoint_version(), we will pass returned invalid page pointer into f2fs_put_page, cause accessing invalid memory, this patch tries to handle error path correctly to fix this issue. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 50fa53eccf9f911a5b435248a2b0bd484fd82e5e Author: Chao Yu Date: Thu Aug 2 23:03:19 2018 +0800 f2fs: fix to avoid broken of dnode block list f2fs recovery flow is relying on dnode block link list, it means fsynced file recovery depends on previous dnode's persistence in the list, so during fsync() we should wait on all regular inode's dnode writebacked before issuing flush. By this way, we can avoid dnode block list being broken by out-of-order IO submission due to IO scheduler or driver. Sheng Yong helps to do the test with this patch: Target:/data (f2fs, -) 64MB / 32768KB / 4KB / 8 1 / PERSIST / Index Base: SEQ-RD(MB/s) SEQ-WR(MB/s) RND-RD(IOPS) RND-WR(IOPS) Insert(TPS) Update(TPS) Delete(TPS) 1 867.82 204.15 41440.03 41370.54 680.8 1025.94 1031.08 2 871.87 205.87 41370.3 40275.2 791.14 1065.84 1101.7 3 866.52 205.69 41795.67 40596.16 694.69 1037.16 1031.48 Avg 868.7366667 205.2366667 41535.33333 40747.3 722.21 1042.98 1054.753333 After: SEQ-RD(MB/s) SEQ-WR(MB/s) RND-RD(IOPS) RND-WR(IOPS) Insert(TPS) Update(TPS) Delete(TPS) 1 798.81 202.5 41143 40613.87 602.71 838.08 913.83 2 805.79 206.47 40297.2 41291.46 604.44 840.75 924.27 3 814.83 206.17 41209.57 40453.62 602.85 834.66 927.91 Avg 806.4766667 205.0466667 40883.25667 40786.31667 603.3333333 837.83 922.0033333 Patched/Original: 0.928332713 0.999074239 0.984300676 1.000957528 0.835398753 0.803303994 0.874141189 It looks like atomic write will suffer performance regression. I suspect that the criminal is that we forcing to wait all dnode being in storage cache before we issue PREFLUSH+FUA. BTW, will commit ("f2fs: don't need to wait for node writes for atomic write") cause the problem: we will lose data of last transaction after SPO, even if atomic write return no error: - atomic_open(); - write() P1, P2, P3; - atomic_commit(); - writeback data: P1, P2, P3; - writeback node: N1, N2, N3; <--- If N1, N2 is not writebacked, N3 with fsync_mark is writebacked, In SPOR, we won't find N3 since node chain is broken, turns out that losing last transaction. - preflush + fua; - power-cut If we don't wait dnode writeback for atomic_write: SEQ-RD(MB/s) SEQ-WR(MB/s) RND-RD(IOPS) RND-WR(IOPS) Insert(TPS) Update(TPS) Delete(TPS) 1 779.91 206.03 41621.5 40333.16 716.9 1038.21 1034.85 2 848.51 204.35 40082.44 39486.17 791.83 1119.96 1083.77 3 772.12 206.27 41335.25 41599.65 723.29 1055.07 971.92 Avg 800.18 205.55 41013.06333 40472.99333 744.0066667 1071.08 1030.18 Patched/Original: 0.92108464 1.001526693 0.987425886 0.993268102 1.030180511 1.026942031 0.976702294 SQLite's performance recovers. Jaegeuk: "Practically, I don't see db corruption becase of this. We can excuse to lose the last transaction." Finally, we decide to keep original implementation of atomic write interface sematics that we don't wait all dnode writeback before preflush+fua submission. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 6e45f2a59ffb440f28719ab3a68bee5b8e9df16b Author: Gustavo A. R. Silva Date: Wed Aug 1 19:51:38 2018 -0500 f2fs: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This issue was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim commit e494c2f995d6181d6e29c4927d68e0f295ecf75b Author: Chao Yu Date: Wed Aug 1 19:16:11 2018 +0800 f2fs: fix to do sanity check with cp_pack_start_sum After fuzzing, cp_pack_start_sum could be corrupted, so current log's summary info should be wrong due to loading incorrect summary block. Then, if segment's type in current log is exceeded NR_CURSEG_TYPE, it can lead accessing invalid dirty_i->dirty_segmap bitmap finally. Add sanity check for cp_pack_start_sum to fix this issue. https://bugzilla.kernel.org/show_bug.cgi?id=200419 - Reproduce - Kernel message (f2fs-dev w/ KASAN) [ 3117.578432] F2FS-fs (loop0): Invalid log blocks per segment (8) [ 3117.578445] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 3117.581364] F2FS-fs (loop0): invalid crc_offset: 30716 [ 3117.583564] WARNING: CPU: 1 PID: 1225 at fs/f2fs/checkpoint.c:90 __get_meta_page+0x448/0x4b0 [ 3117.583570] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer joydev input_leds serio_raw snd soundcore mac_hid i2c_piix4 ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi btrfs zstd_decompress zstd_compress xxhash raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear 8139too qxl ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel psmouse aes_x86_64 8139cp crypto_simd cryptd mii glue_helper pata_acpi floppy [ 3117.584014] CPU: 1 PID: 1225 Comm: mount Not tainted 4.17.0+ #1 [ 3117.584017] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 3117.584022] RIP: 0010:__get_meta_page+0x448/0x4b0 [ 3117.584023] Code: 00 49 8d bc 24 84 00 00 00 e8 74 54 da ff 41 83 8c 24 84 00 00 00 08 4c 89 f6 4c 89 ef e8 c0 d9 95 00 48 89 ef e8 18 e3 00 00 <0f> 0b f0 80 4d 48 04 e9 0f fe ff ff 0f 0b 48 89 c7 48 89 04 24 e8 [ 3117.584072] RSP: 0018:ffff88018eb678c0 EFLAGS: 00010286 [ 3117.584082] RAX: ffff88018f0a6a78 RBX: ffffea0007a46600 RCX: ffffffff9314d1b2 [ 3117.584085] RDX: ffffffff00000001 RSI: 0000000000000000 RDI: ffff88018f0a6a98 [ 3117.584087] RBP: ffff88018ebe9980 R08: 0000000000000002 R09: 0000000000000001 [ 3117.584090] R10: 0000000000000001 R11: ffffed00326e4450 R12: ffff880193722200 [ 3117.584092] R13: ffff88018ebe9afc R14: 0000000000000206 R15: ffff88018eb67900 [ 3117.584096] FS: 00007f5694636840(0000) GS:ffff8801f3b00000(0000) knlGS:0000000000000000 [ 3117.584098] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3117.584101] CR2: 00000000016f21b8 CR3: 0000000191c22000 CR4: 00000000000006e0 [ 3117.584112] Call Trace: [ 3117.584121] ? f2fs_set_meta_page_dirty+0x150/0x150 [ 3117.584127] ? f2fs_build_segment_manager+0xbf9/0x3190 [ 3117.584133] ? f2fs_npages_for_summary_flush+0x75/0x120 [ 3117.584145] f2fs_build_segment_manager+0xda8/0x3190 [ 3117.584151] ? f2fs_get_valid_checkpoint+0x298/0xa00 [ 3117.584156] ? f2fs_flush_sit_entries+0x10e0/0x10e0 [ 3117.584184] ? map_id_range_down+0x17c/0x1b0 [ 3117.584188] ? __put_user_ns+0x30/0x30 [ 3117.584206] ? find_next_bit+0x53/0x90 [ 3117.584237] ? cpumask_next+0x16/0x20 [ 3117.584249] f2fs_fill_super+0x1948/0x2b40 [ 3117.584258] ? f2fs_commit_super+0x1a0/0x1a0 [ 3117.584279] ? sget_userns+0x65e/0x690 [ 3117.584296] ? set_blocksize+0x88/0x130 [ 3117.584302] ? f2fs_commit_super+0x1a0/0x1a0 [ 3117.584305] mount_bdev+0x1c0/0x200 [ 3117.584310] mount_fs+0x5c/0x190 [ 3117.584320] vfs_kern_mount+0x64/0x190 [ 3117.584330] do_mount+0x2e4/0x1450 [ 3117.584343] ? lockref_put_return+0x130/0x130 [ 3117.584347] ? copy_mount_string+0x20/0x20 [ 3117.584357] ? kasan_unpoison_shadow+0x31/0x40 [ 3117.584362] ? kasan_kmalloc+0xa6/0xd0 [ 3117.584373] ? memcg_kmem_put_cache+0x16/0x90 [ 3117.584377] ? __kmalloc_track_caller+0x196/0x210 [ 3117.584383] ? _copy_from_user+0x61/0x90 [ 3117.584396] ? memdup_user+0x3e/0x60 [ 3117.584401] ksys_mount+0x7e/0xd0 [ 3117.584405] __x64_sys_mount+0x62/0x70 [ 3117.584427] do_syscall_64+0x73/0x160 [ 3117.584440] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3117.584455] RIP: 0033:0x7f5693f14b9a [ 3117.584456] Code: 48 8b 0d 01 c3 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ce c2 2b 00 f7 d8 64 89 01 48 [ 3117.584505] RSP: 002b:00007fff27346488 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3117.584510] RAX: ffffffffffffffda RBX: 00000000016e2030 RCX: 00007f5693f14b9a [ 3117.584512] RDX: 00000000016e2210 RSI: 00000000016e3f30 RDI: 00000000016ee040 [ 3117.584514] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000013 [ 3117.584516] R10: 00000000c0ed0000 R11: 0000000000000206 R12: 00000000016ee040 [ 3117.584519] R13: 00000000016e2210 R14: 0000000000000000 R15: 0000000000000003 [ 3117.584523] ---[ end trace a8e0d899985faf31 ]--- [ 3117.685663] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 3117.685673] F2FS-fs (loop0): recover_data: ino = 2 (i_size: recover) recovered = 1, err = 0 [ 3117.685707] ================================================================== [ 3117.685955] BUG: KASAN: slab-out-of-bounds in __remove_dirty_segment+0xdd/0x1e0 [ 3117.686175] Read of size 8 at addr ffff88018f0a63d0 by task mount/1225 [ 3117.686477] CPU: 0 PID: 1225 Comm: mount Tainted: G W 4.17.0+ #1 [ 3117.686481] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 3117.686483] Call Trace: [ 3117.686494] dump_stack+0x71/0xab [ 3117.686512] print_address_description+0x6b/0x290 [ 3117.686517] kasan_report+0x28e/0x390 [ 3117.686522] ? __remove_dirty_segment+0xdd/0x1e0 [ 3117.686527] __remove_dirty_segment+0xdd/0x1e0 [ 3117.686532] locate_dirty_segment+0x189/0x190 [ 3117.686538] f2fs_allocate_new_segments+0xa9/0xe0 [ 3117.686543] recover_data+0x703/0x2c20 [ 3117.686547] ? f2fs_recover_fsync_data+0x48f/0xd50 [ 3117.686553] ? ksys_mount+0x7e/0xd0 [ 3117.686564] ? policy_nodemask+0x1a/0x90 [ 3117.686567] ? policy_node+0x56/0x70 [ 3117.686571] ? add_fsync_inode+0xf0/0xf0 [ 3117.686592] ? blk_finish_plug+0x44/0x60 [ 3117.686597] ? f2fs_ra_meta_pages+0x38b/0x5e0 [ 3117.686602] ? find_inode_fast+0xac/0xc0 [ 3117.686606] ? f2fs_is_valid_blkaddr+0x320/0x320 [ 3117.686618] ? __radix_tree_lookup+0x150/0x150 [ 3117.686633] ? dqget+0x670/0x670 [ 3117.686648] ? pagecache_get_page+0x29/0x410 [ 3117.686656] ? kmem_cache_alloc+0x176/0x1e0 [ 3117.686660] ? f2fs_is_valid_blkaddr+0x11d/0x320 [ 3117.686664] f2fs_recover_fsync_data+0xc23/0xd50 [ 3117.686670] ? f2fs_space_for_roll_forward+0x60/0x60 [ 3117.686674] ? rb_insert_color+0x323/0x3d0 [ 3117.686678] ? f2fs_recover_orphan_inodes+0xa5/0x700 [ 3117.686683] ? proc_register+0x153/0x1d0 [ 3117.686686] ? f2fs_remove_orphan_inode+0x10/0x10 [ 3117.686695] ? f2fs_attr_store+0x50/0x50 [ 3117.686700] ? proc_create_single_data+0x52/0x60 [ 3117.686707] f2fs_fill_super+0x1d06/0x2b40 [ 3117.686728] ? f2fs_commit_super+0x1a0/0x1a0 [ 3117.686735] ? sget_userns+0x65e/0x690 [ 3117.686740] ? set_blocksize+0x88/0x130 [ 3117.686745] ? f2fs_commit_super+0x1a0/0x1a0 [ 3117.686748] mount_bdev+0x1c0/0x200 [ 3117.686753] mount_fs+0x5c/0x190 [ 3117.686758] vfs_kern_mount+0x64/0x190 [ 3117.686762] do_mount+0x2e4/0x1450 [ 3117.686769] ? lockref_put_return+0x130/0x130 [ 3117.686773] ? copy_mount_string+0x20/0x20 [ 3117.686777] ? kasan_unpoison_shadow+0x31/0x40 [ 3117.686780] ? kasan_kmalloc+0xa6/0xd0 [ 3117.686786] ? memcg_kmem_put_cache+0x16/0x90 [ 3117.686790] ? __kmalloc_track_caller+0x196/0x210 [ 3117.686795] ? _copy_from_user+0x61/0x90 [ 3117.686801] ? memdup_user+0x3e/0x60 [ 3117.686804] ksys_mount+0x7e/0xd0 [ 3117.686809] __x64_sys_mount+0x62/0x70 [ 3117.686816] do_syscall_64+0x73/0x160 [ 3117.686824] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3117.686829] RIP: 0033:0x7f5693f14b9a [ 3117.686830] Code: 48 8b 0d 01 c3 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ce c2 2b 00 f7 d8 64 89 01 48 [ 3117.686887] RSP: 002b:00007fff27346488 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3117.686892] RAX: ffffffffffffffda RBX: 00000000016e2030 RCX: 00007f5693f14b9a [ 3117.686894] RDX: 00000000016e2210 RSI: 00000000016e3f30 RDI: 00000000016ee040 [ 3117.686896] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000013 [ 3117.686899] R10: 00000000c0ed0000 R11: 0000000000000206 R12: 00000000016ee040 [ 3117.686901] R13: 00000000016e2210 R14: 0000000000000000 R15: 0000000000000003 [ 3117.687005] Allocated by task 1225: [ 3117.687152] kasan_kmalloc+0xa6/0xd0 [ 3117.687157] kmem_cache_alloc_trace+0xfd/0x200 [ 3117.687161] f2fs_build_segment_manager+0x2d09/0x3190 [ 3117.687165] f2fs_fill_super+0x1948/0x2b40 [ 3117.687168] mount_bdev+0x1c0/0x200 [ 3117.687171] mount_fs+0x5c/0x190 [ 3117.687174] vfs_kern_mount+0x64/0x190 [ 3117.687177] do_mount+0x2e4/0x1450 [ 3117.687180] ksys_mount+0x7e/0xd0 [ 3117.687182] __x64_sys_mount+0x62/0x70 [ 3117.687186] do_syscall_64+0x73/0x160 [ 3117.687190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3117.687285] Freed by task 19: [ 3117.687412] __kasan_slab_free+0x137/0x190 [ 3117.687416] kfree+0x8b/0x1b0 [ 3117.687460] ttm_bo_man_put_node+0x61/0x80 [ttm] [ 3117.687476] ttm_bo_cleanup_refs+0x15f/0x250 [ttm] [ 3117.687492] ttm_bo_delayed_delete+0x2f0/0x300 [ttm] [ 3117.687507] ttm_bo_delayed_workqueue+0x17/0x50 [ttm] [ 3117.687528] process_one_work+0x2f9/0x740 [ 3117.687531] worker_thread+0x78/0x6b0 [ 3117.687541] kthread+0x177/0x1c0 [ 3117.687545] ret_from_fork+0x35/0x40 [ 3117.687638] The buggy address belongs to the object at ffff88018f0a6300 which belongs to the cache kmalloc-192 of size 192 [ 3117.688014] The buggy address is located 16 bytes to the right of 192-byte region [ffff88018f0a6300, ffff88018f0a63c0) [ 3117.688382] The buggy address belongs to the page: [ 3117.688554] page:ffffea00063c2980 count:1 mapcount:0 mapping:ffff8801f3403180 index:0x0 [ 3117.688788] flags: 0x17fff8000000100(slab) [ 3117.688944] raw: 017fff8000000100 ffffea00063c2840 0000000e0000000e ffff8801f3403180 [ 3117.689166] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3117.689386] page dumped because: kasan: bad access detected [ 3117.689653] Memory state around the buggy address: [ 3117.689816] ffff88018f0a6280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3117.690027] ffff88018f0a6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3117.690239] >ffff88018f0a6380: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3117.690448] ^ [ 3117.690644] ffff88018f0a6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3117.690868] ffff88018f0a6480: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3117.691077] ================================================================== [ 3117.691290] Disabling lock debugging due to kernel taint [ 3117.693893] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 [ 3117.694120] PGD 80000001f01bc067 P4D 80000001f01bc067 PUD 1d9638067 PMD 0 [ 3117.694338] Oops: 0002 [#1] SMP KASAN PTI [ 3117.694490] CPU: 1 PID: 1225 Comm: mount Tainted: G B W 4.17.0+ #1 [ 3117.694703] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 3117.695073] RIP: 0010:__remove_dirty_segment+0xe2/0x1e0 [ 3117.695246] Code: c4 48 89 c7 e8 cf bb d7 ff 45 0f b6 24 24 41 83 e4 3f 44 88 64 24 07 41 83 e4 3f 4a 8d 7c e3 08 e8 b3 bc d7 ff 4a 8b 4c e3 08 4c 0f b3 29 0f 82 94 00 00 00 48 8d bd 20 04 00 00 e8 97 bb d7 [ 3117.695793] RSP: 0018:ffff88018eb67638 EFLAGS: 00010292 [ 3117.695969] RAX: 0000000000000000 RBX: ffff88018f0a6300 RCX: 0000000000000000 [ 3117.696182] RDX: 0000000000000000 RSI: 0000000000000297 RDI: 0000000000000297 [ 3117.696391] RBP: ffff88018ebe9980 R08: ffffed003e743ebb R09: ffffed003e743ebb [ 3117.696604] R10: 0000000000000001 R11: ffffed003e743eba R12: 0000000000000019 [ 3117.696813] R13: 0000000000000014 R14: 0000000000000320 R15: ffff88018ebe99e0 [ 3117.697032] FS: 00007f5694636840(0000) GS:ffff8801f3b00000(0000) knlGS:0000000000000000 [ 3117.697280] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3117.702357] CR2: 00007fe89bb1a000 CR3: 0000000191c22000 CR4: 00000000000006e0 [ 3117.707235] Call Trace: [ 3117.712077] locate_dirty_segment+0x189/0x190 [ 3117.716891] f2fs_allocate_new_segments+0xa9/0xe0 [ 3117.721617] recover_data+0x703/0x2c20 [ 3117.726316] ? f2fs_recover_fsync_data+0x48f/0xd50 [ 3117.730957] ? ksys_mount+0x7e/0xd0 [ 3117.735573] ? policy_nodemask+0x1a/0x90 [ 3117.740198] ? policy_node+0x56/0x70 [ 3117.744829] ? add_fsync_inode+0xf0/0xf0 [ 3117.749487] ? blk_finish_plug+0x44/0x60 [ 3117.754152] ? f2fs_ra_meta_pages+0x38b/0x5e0 [ 3117.758831] ? find_inode_fast+0xac/0xc0 [ 3117.763448] ? f2fs_is_valid_blkaddr+0x320/0x320 [ 3117.768046] ? __radix_tree_lookup+0x150/0x150 [ 3117.772603] ? dqget+0x670/0x670 [ 3117.777159] ? pagecache_get_page+0x29/0x410 [ 3117.781648] ? kmem_cache_alloc+0x176/0x1e0 [ 3117.786067] ? f2fs_is_valid_blkaddr+0x11d/0x320 [ 3117.790476] f2fs_recover_fsync_data+0xc23/0xd50 [ 3117.794790] ? f2fs_space_for_roll_forward+0x60/0x60 [ 3117.799086] ? rb_insert_color+0x323/0x3d0 [ 3117.803304] ? f2fs_recover_orphan_inodes+0xa5/0x700 [ 3117.807563] ? proc_register+0x153/0x1d0 [ 3117.811766] ? f2fs_remove_orphan_inode+0x10/0x10 [ 3117.815947] ? f2fs_attr_store+0x50/0x50 [ 3117.820087] ? proc_create_single_data+0x52/0x60 [ 3117.824262] f2fs_fill_super+0x1d06/0x2b40 [ 3117.828367] ? f2fs_commit_super+0x1a0/0x1a0 [ 3117.832432] ? sget_userns+0x65e/0x690 [ 3117.836500] ? set_blocksize+0x88/0x130 [ 3117.840501] ? f2fs_commit_super+0x1a0/0x1a0 [ 3117.844420] mount_bdev+0x1c0/0x200 [ 3117.848275] mount_fs+0x5c/0x190 [ 3117.852053] vfs_kern_mount+0x64/0x190 [ 3117.855810] do_mount+0x2e4/0x1450 [ 3117.859441] ? lockref_put_return+0x130/0x130 [ 3117.862996] ? copy_mount_string+0x20/0x20 [ 3117.866417] ? kasan_unpoison_shadow+0x31/0x40 [ 3117.869719] ? kasan_kmalloc+0xa6/0xd0 [ 3117.872948] ? memcg_kmem_put_cache+0x16/0x90 [ 3117.876121] ? __kmalloc_track_caller+0x196/0x210 [ 3117.879333] ? _copy_from_user+0x61/0x90 [ 3117.882467] ? memdup_user+0x3e/0x60 [ 3117.885604] ksys_mount+0x7e/0xd0 [ 3117.888700] __x64_sys_mount+0x62/0x70 [ 3117.891742] do_syscall_64+0x73/0x160 [ 3117.894692] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3117.897669] RIP: 0033:0x7f5693f14b9a [ 3117.900563] Code: 48 8b 0d 01 c3 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ce c2 2b 00 f7 d8 64 89 01 48 [ 3117.906922] RSP: 002b:00007fff27346488 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3117.910159] RAX: ffffffffffffffda RBX: 00000000016e2030 RCX: 00007f5693f14b9a [ 3117.913469] RDX: 00000000016e2210 RSI: 00000000016e3f30 RDI: 00000000016ee040 [ 3117.916764] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000013 [ 3117.920071] R10: 00000000c0ed0000 R11: 0000000000000206 R12: 00000000016ee040 [ 3117.923393] R13: 00000000016e2210 R14: 0000000000000000 R15: 0000000000000003 [ 3117.926680] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer joydev input_leds serio_raw snd soundcore mac_hid i2c_piix4 ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi btrfs zstd_decompress zstd_compress xxhash raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear 8139too qxl ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel psmouse aes_x86_64 8139cp crypto_simd cryptd mii glue_helper pata_acpi floppy [ 3117.949979] CR2: 0000000000000000 [ 3117.954283] ---[ end trace a8e0d899985faf32 ]--- [ 3117.958575] RIP: 0010:__remove_dirty_segment+0xe2/0x1e0 [ 3117.962810] Code: c4 48 89 c7 e8 cf bb d7 ff 45 0f b6 24 24 41 83 e4 3f 44 88 64 24 07 41 83 e4 3f 4a 8d 7c e3 08 e8 b3 bc d7 ff 4a 8b 4c e3 08 4c 0f b3 29 0f 82 94 00 00 00 48 8d bd 20 04 00 00 e8 97 bb d7 [ 3117.971789] RSP: 0018:ffff88018eb67638 EFLAGS: 00010292 [ 3117.976333] RAX: 0000000000000000 RBX: ffff88018f0a6300 RCX: 0000000000000000 [ 3117.980926] RDX: 0000000000000000 RSI: 0000000000000297 RDI: 0000000000000297 [ 3117.985497] RBP: ffff88018ebe9980 R08: ffffed003e743ebb R09: ffffed003e743ebb [ 3117.990098] R10: 0000000000000001 R11: ffffed003e743eba R12: 0000000000000019 [ 3117.994761] R13: 0000000000000014 R14: 0000000000000320 R15: ffff88018ebe99e0 [ 3117.999392] FS: 00007f5694636840(0000) GS:ffff8801f3b00000(0000) knlGS:0000000000000000 [ 3118.004096] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3118.008816] CR2: 00007fe89bb1a000 CR3: 0000000191c22000 CR4: 00000000000006e0 - Location https://elixir.bootlin.com/linux/v4.18-rc3/source/fs/f2fs/segment.c#L775 if (test_and_clear_bit(segno, dirty_i->dirty_segmap[t])) dirty_i->nr_dirty[t]--; Here dirty_i->dirty_segmap[t] can be NULL which leads to crash in test_and_clear_bit() Reported-by Wen Xu Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 8d714f8aa34cf6a49b8d8d291ab01a59699604bd Author: Jaegeuk Kim Date: Tue Jul 31 09:09:01 2018 -0700 f2fs: avoid f2fs_bug_on() in cp_error case There is a subtle race condition to invoke f2fs_bug_on() in shutdown tests. I've confirmed that the last checkpoint is preserved in consistent state, so it'd be fine to just return error at this moment. Signed-off-by: Jaegeuk Kim commit 66110abc4c931f879d70e83e1281f891699364bf Author: Chao Yu Date: Sun Jul 29 12:16:59 2018 +0800 f2fs: fix to clear PG_checked flag in set_page_dirty() PG_checked flag will be set on data page during GC, later, we can recognize such page by the flag and migrate page to cold segment. But previously, we don't clear this flag when invalidating data page, after page redirtying, we will write it into wrong log. Let's clear PG_checked flag in set_page_dirty() to avoid this. Signed-off-by: Weichao Guo Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 546907de9952d718dd0ae1a78a665a56ab583635 Author: Colin Ian King Date: Wed Aug 8 18:18:33 2018 +0100 drm/msm: a6xx: fix spelling mistake: "initalization" -> "initialization" Trivial fix to spelling mistake in dev_err message and comment Signed-off-by: Colin Ian King Signed-off-by: Rob Clark commit 77a209cd7153cd758aa1b1417fb10017bead9454 Author: Jeykumar Sankaran Date: Tue Aug 7 19:56:51 2018 -0700 drm/msm/disp/dpu: fix early dereference of physical encoder This change validates the physical encoder before it is dereferenced. Signed-off-by: Jeykumar Sankaran Signed-off-by: Rob Clark commit 4b565ca5a2cbbbb6345e8789da89c193b6b00e5a Author: Jordan Crouse Date: Mon Aug 6 11:33:24 2018 -0600 drm/msm: Add A6XX device support Add support for the A6XX family of Adreno GPUs. The biggest addition is the GMU (Graphics Management Unit) which takes over most of the power management of the GPU itself but in a ironic twist of fate needs a goodly amount of management itself. Add support for the A6XX core code, the GMU and the HFI (hardware firmware interface) queue that the CPU uses to communicate with the GMU. Signed-off-by: Jordan Crouse Signed-off-by: Rob Clark commit 2d756322533322650f4476265ba413498e998b56 Author: Rob Clark Date: Mon Aug 6 14:57:14 2018 -0400 drm/msm: update generated headers Resync generated headers to pull in a6xx registers. Signed-off-by: Rob Clark commit 2c087a336676961513f61a0012a88e399e69e943 Author: Jordan Crouse Date: Mon Aug 6 11:33:22 2018 -0600 drm/msm/adreno: Load the firmware before bringing up the hardware Failure to load firmware is the primary reason to fail adreno_load_gpu(). Try to load it first before going into the hardware initialization code and unwinding it. This is important for a6xx because the GMU gets loaded from the runtime power code and it is more costly to fail in that path because of missing firmware. Signed-off-by: Jordan Crouse Signed-off-by: Rob Clark commit 8e54eea503caec53d39e67407ffa785690f38ba4 Author: Jordan Crouse Date: Mon Aug 6 11:33:21 2018 -0600 drm/msm: Add a helper function to parse clock names Add a helper function to parse the clock names and set up the bulk data so we can take advantage of the bulk clock functions instead of rolling our own. This is added as a helper function so the upcoming a6xx GMU code can also take advantage of it. Signed-off-by: Jordan Crouse Signed-off-by: Rob Clark commit 3d83d3188460bf97afa0ac9895265422411e473a Author: Randy Dunlap Date: Mon Aug 6 16:24:55 2018 -0700 Documentation: corrections to console/console.txt Fix typos, line length, grammar, punctuation, and capitalization in console.txt. Signed-off-by: Randy Dunlap Cc: Antonino A. Daplas Cc: Greg Kroah-Hartman Signed-off-by: Jonathan Corbet commit 96fdb7c49957085b575127ae226e8c076cfcdf31 Author: Randy Dunlap Date: Tue Aug 7 08:28:25 2018 -0700 Documentation: add ioctl number entry for v4l2-subdev.h Update ioctl-number.txt for ioctl's that are defined in . Signed-off-by: Randy Dunlap Signed-off-by: Jonathan Corbet commit ee97d8abacb90487a2314eac5dd632fac920ca32 Author: Fox Foster Date: Tue Aug 7 19:47:51 2018 +0100 Remove gendered language from management style documentation This small commit replaces gendered pronouns for neutral ones. Signed-off-by: Fox Foster Signed-off-by: Jonathan Corbet commit 6a1f444fefeba392d1232b408aaf5902e33e0982 Author: Jason Gunthorpe Date: Thu Aug 9 20:14:39 2018 -0600 IB/uverbs: Remove the ib_uverbs_attr pointer from each attr Memory in the bundle is valuable, do not waste it holding an 8 byte pointer for the rare case of writing to a PTR_OUT. We can compute the pointer by storing a small 1 byte array offset and the base address of the uattr memory in the bundle private memory. This also means we can access the kernel's copy of the ib_uverbs_attr, so drop the copy of flags as well. Since the uattr base should be private bundle information this also de-inlines the already too big uverbs_copy_to inline and moves create_udata into uverbs_ioctl.c so they can see the private struct definition. Signed-off-by: Jason Gunthorpe Reviewed-by: Leon Romanovsky commit 4b3dd2bbf0818ccb23e7f2831f2ca4a86789cd1f Author: Jason Gunthorpe Date: Thu Aug 9 20:14:38 2018 -0600 IB/uverbs: Provide implementation private memory for the uverbs_attr_bundle This already existed as the anonymous 'ctx' structure, but this was not really a useful form. Hoist this struct into bundle_priv and rework the internal things to use it instead. Move a bunch of the processing internal state into the priv and reduce the excessive use of function arguments. Signed-off-by: Jason Gunthorpe Reviewed-by: Leon Romanovsky commit 6b0d08f4a27134e6fb49aa33ceb53356081bc92e Author: Jason Gunthorpe Date: Thu Aug 9 20:14:37 2018 -0600 IB/uverbs: Use uverbs_api to manage the object type inside the uobject Currently the struct uverbs_obj_type stored in the ib_uobject is part of the .rodata segment of the module that defines the object. This is a problem if drivers define new uapi objects as we will be left with a dangling pointer after device disassociation. Switch the uverbs_obj_type for struct uverbs_api_object, which is allocated memory that is part of the uverbs_api and is guaranteed to always exist. Further this moves the 'type_class' into this memory which means access to the IDR/FD function pointers is also guaranteed. Drivers cannot define new types. This makes it safe to continue to use all uobjects, including driver defined ones, after disassociation. Signed-off-by: Jason Gunthorpe commit 9ed3e5f447723a41de6bcc29633e9f7e6246d2f7 Author: Jason Gunthorpe Date: Thu Aug 9 20:14:36 2018 -0600 IB/uverbs: Build the specs into a radix tree at runtime This radix tree datastructure is intended to replace the 'hash' structure used today for parsing ioctl methods during system calls. This first commit introduces the structure and builds it from the existing .rodata descriptions. The so-called hash arrangement is actually a 5 level open coded radix tree. This new version uses a 3 level radix tree built using the radix tree library. Overall this is much less code and much easier to build as the radix tree API allows for dynamic modification during the building. There is a small memory penalty to pay for this, but since the radix tree is allocated on a per device basis, a few kb of RAM seems immaterial considering the gained simplicity. The radix tree is similar to the existing tree, but also has a 'attr_bkey' concept, which is a small value'd index for each method attribute. This is used to simplify and improve performance of everything in the next patches. Signed-off-by: Jason Gunthorpe Reviewed-by: Leon Romanovsky Reviewed-by: Michael J. Ruhl commit 7d96c9b17636b6148534617ddf95dead18617776 Author: Jason Gunthorpe Date: Thu Aug 9 20:14:35 2018 -0600 IB/uverbs: Have the core code create the uverbs_root_spec There is no reason for drivers to do this, the core code should take of everything. The drivers will provide their information from rodata to describe their modifications to the core's base uapi specification. The core uses this to build up the runtime uapi for each device. Signed-off-by: Jason Gunthorpe Reviewed-by: Michael J. Ruhl Reviewed-by: Leon Romanovsky commit 0520344cdb1efa7c6404168b66f8dd0b1fe5face Author: Raghu Vatsavayi Date: Thu Aug 9 13:54:12 2018 -0700 liquidio: copperhead LED identification Add LED identification support for liquidio TP copperhead cards. Signed-off-by: Raghu Vatsavayi Acked-by: Derek Chickles Signed-off-by: Felix Manlunas Signed-off-by: David S. Miller commit 1e7953bc560451302dcb5d5b3fafd1949447579a Author: kbuild test robot Date: Fri Aug 10 09:29:59 2018 +0800 qed/qede: qede_setup_tc() can be static Fixes: 5e7baf0fcb2a ("qed/qede: Multi CoS support.") Signed-off-by: kbuild test robot Signed-off-by: David S. Miller commit 4f23c43c414d81b377a07b936e7edfe7167660b5 Author: YueHaibing Date: Fri Aug 10 10:37:30 2018 +0800 mlxsw: core: remove unnecessary function mlxsw_core_driver_put The function mlxsw_core_driver_put only traverse mlxsw_core_driver_list to find the matched mlxsw_driver,but never used it. So it can be removed safely. Signed-off-by: YueHaibing Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller commit 0f5c6c30a0f8c629b92ecdaef61b315c43fde10a Author: Jisheng Zhang Date: Fri Aug 10 11:36:27 2018 +0800 net: mvneta: fix mvneta_config_rss on armada 3700 The mvneta Ethernet driver is used on a few different Marvell SoCs. Some SoCs have per cpu interrupts for Ethernet events, the driver uses a per CPU napi structure for this case. Some SoCs such as armada 3700 have a single interrupt for Ethernet events, the driver uses a global napi structure for this case. Current mvneta_config_rss() always operates the per cpu napi structure. Fix it by operating a global napi for "single interrupt" case, and per cpu napi structure for remaining cases. Signed-off-by: Jisheng Zhang Fixes: 2636ac3cc2b4 ("net: mvneta: Add network support for Armada 3700 SoC") Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 0d86caff06363151df21603eb1f4e3207ea91bd2 Author: Ursula Braun Date: Fri Aug 10 17:45:11 2018 +0200 net/smc: send response to test link signal With SMC-D z/OS sends a test link signal every 10 seconds. Linux is supposed to answer, otherwise the SMC-D connection breaks. Signed-off-by: Ursula Braun Signed-off-by: David S. Miller commit a487711aac3b720b4a3a63d737604f47cd8dc36c Merge: bc4fcd0a1b76 abe8b2f71e28 Author: David S. Miller Date: Fri Aug 10 14:32:35 2018 -0700 Merge branch 'r8169-smaller-improvements' Heiner Kallweit says: ==================== r8169: smaller improvements This series includes smaller improvements, no functional change intended. ==================== Signed-off-by: David S. Miller commit abe8b2f71e28f0193e7a4c989ef5fae227e5a9f9 Author: Heiner Kallweit Date: Fri Aug 10 22:40:37 2018 +0200 r8169: don't configure max jumbo frame size per chip version We don't have to configure the max jumbo frame size per chip (sub-)version. It can be easily determined based on the chip family. And new members of the RTL8168 family (if there are any) should be automatically covered. Signed-off-by: Heiner Kallweit Signed-off-by: David S. Miller commit eb88f5f7128ced3d6ab81004686035fb03087475 Author: Heiner Kallweit Date: Fri Aug 10 22:39:29 2018 +0200 r8169: don't configure csum function per chip version We don't have to configure the csum function per chip (sub-)version. The distinction is simple, versions RTL8102e and from RTL8168c onwards support csum_v2. Signed-off-by: Heiner Kallweit Signed-off-by: David S. Miller commit 05bbe5584ff9dc218f20398755de29f02dbc6093 Author: Heiner Kallweit Date: Fri Aug 10 22:38:29 2018 +0200 r8169: simplify interrupt handler Simplify the interrupt handler a little and make it better readable. Signed-off-by: Heiner Kallweit Signed-off-by: David S. Miller commit 098b01ad9837b4d4d0022f407300f069a999e55a Author: Heiner Kallweit Date: Fri Aug 10 22:37:31 2018 +0200 r8169: don't include asm headers directly The asm headers shouldn't be included directly. asm/irq.h is implicitly included by linux/interrupt.h, and instead of asm/io.h include linux/io.h. Signed-off-by: Heiner Kallweit Signed-off-by: David S. Miller commit bc4fcd0a1b7635b012e5b2f3f0fb85a2d29fe13a Author: Heiner Kallweit Date: Fri Aug 10 21:27:55 2018 +0200 r8169: remove version info The version number hasn't changed for ages and in general I doubt it provides any benefit. The message in rtl_init_one() may even be misleading because it's printed also if something fails in probe. Therefore let's remove the version information. Signed-off-by: Heiner Kallweit Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 0780b866668ed5f88fd79e96ea8ac94258939ae0 Merge: fd685657cd54 aa12af77aae0 Author: David S. Miller Date: Fri Aug 10 14:24:57 2018 -0700 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next Johan Hedberg says: ==================== pull request: bluetooth-next 2018-08-10 Here's one more (most likely last) bluetooth-next pull request for the 4.19 kernel. - Added support for MediaTek serial Bluetooth devices - Initial skeleton for controller-side address resolution support - Fix BT_HCIUART_RTL related Kconfig dependencies - A few other minor fixes/cleanups Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller commit a5ec96ddfd55c501d451cb310566a1170c267ecb Author: Leonid Bloch Date: Thu Aug 9 01:26:36 2018 +0300 gpio: it87: Add support for IT8613 This was tested on actual hardware and found to work fine, but currently the official specifications of this chip could not be obtained to confirm the numbers. Signed-off-by: Leonid Bloch Signed-off-by: Linus Walleij commit 62885203f71b1116d6f56ae2e6014767e1d47995 Author: Ivan Podovalov Date: Wed Aug 8 11:46:22 2018 +0300 gpio: it87: add support for IT8718F Super I/O. The DIO connector on the WAFER-945GSE is interfaced to GPIO ports on the ITE IT8718F Super I/O chipset. From the datasheet of ITE IT8718F, the GPIO interface is identical to IT8728, so just add it to the same case as the other chip. Signed-off-by: Ivan Podovalov Signed-off-by: Linus Walleij commit 3789f5acb9bbe088f70779002f32e7c6a64000bc Author: Biju Das Date: Tue Aug 7 08:15:18 2018 +0100 gpiolib: Avoid calling chip->request() for unused gpios Add a check for unused gpios to avoid chip->request() call to client driver for unused gpios. Signed-off-by: Biju Das Reviewed-by: Fabrizio Castro Reviewed-by: Geert Uytterhoeven Signed-off-by: Linus Walleij commit 21041daba2300c88f0da538b3480a9fae37430ea Author: Linus Walleij Date: Mon Aug 6 17:38:33 2018 +0200 gpio: tegra: Include the right header This is a GPIO driver so include only . Drop the use of GPIOF_* flags: these are for consumers, not drivers. Just return 0/1. Cc: Stefan Agner Cc: Thierry Reding Reviewed-by: Dmitry Osipenko Signed-off-by: Linus Walleij commit d799a4de0a250f1bdd99765bb8e55a5e2f469a1f Author: Linus Walleij Date: Fri Aug 3 00:52:18 2018 +0200 gpio: mmio: Fix up inverted direction registers The bgpio_init() takes one of two arguments to specify a register to set the direction of the GPIO line: either dirout that indicates that a 1 in the bit in that register sets the corresponding line to output, or dirin which indicates that a 1 in the bit in that register sets the corresponding line to input. Conversely setting the bit to 0 on these will turn the line into input and output respectively. One of these can be defined but not both. This means that a platform that sets a bit to 1 for output only defines dirout and a platform that sets a bit to 0 for output only defines dirin. In short this defines the polarity of the direction register. Both can also be left as NULL meaning the GPIO chip is either input only or output only. Tomer Maimon discovered that for get/set chips (those where the get and set registers are defined but no separate clear register, and specifying BGPIOF_READ_OUTPUT_REG_SET so that we say we want to read the output value from the SET register) we are unconditionally reading the value from the SET register when the direction bit is 1 and from the DAT register when the direction bit is 0, not taking the direction bit polarity into account. It would be expected that when the direction bit is inverted (dirin is defined but not dirout) we read the current value from the DAT register when the bit is 1 and from the SET register when the bit is 0. Currently only some versions of ATH79, brcmstb, some versions of CLP711x, GE, IOP and Loongson use the dirin mode (a 1 in the register means input). They are unaffected because BGPIOF_READ_OUTPUT_REG_SET is not set on any of them. (They do not read back the SET register to figure out the output value.) So this is no regression with current drivers. However the behaviour is wrong and does not work with Tomer's new driver where he needs to use the BGIOF_READ_OUTPUT_REG_SET. This fixes the above issue by: - Instead of defining separate functions for the inverted case, set up a flag in the gpio_chip that indicates that the direction is inverted. - Remove the special inverted functions for setting input/output and getting the direction, rely on the flag instead. - Respect this flag in bgpio_get_set() and bgpio_get_set_multiple() Reported-by: Tomer Maimon Signed-off-by: Linus Walleij commit 516df4eb284d5a5ee8f80f7b59170ba8e919b299 Author: Linus Walleij Date: Mon Aug 6 18:39:59 2018 +0200 gpio: xilinx: Use the right include This is a GPIO driver so use only . Acked-by: Michal Simek Signed-off-by: Linus Walleij commit c2944a9a09a21b917fa86858f078e77115ca9d22 Author: Dan Carpenter Date: Wed Aug 8 15:04:49 2018 +0300 pinctrl: nomadik: silence uninitialized variable warning This is harmless, but "val" isn't necessarily initialized if abx500_get_register_interruptible() fails. I've re-arranged the code to just return an error code in that situation. Signed-off-by: Dan Carpenter Signed-off-by: Linus Walleij commit 504c76979bccec66e4c2e41f6a006e49e284466f Author: Anton Vasilyev Date: Mon Aug 6 19:06:35 2018 +0300 pinctrl: axp209: Fix NULL pointer dereference after allocation There is no check that allocation in axp20x_funcs_groups_from_mask is successful. The patch adds corresponding check and return values. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Anton Vasilyev Acked-by: Chen-Yu Tsai Signed-off-by: Linus Walleij commit 50fe83a3eb5000a9ea3586e1fcd8034bd3892b90 Author: Linus Walleij Date: Mon Aug 6 17:42:46 2018 +0200 gpio: timberdale: Include the right header This is a GPIO driver so include only . Cc: Richard Röjfors Signed-off-by: Linus Walleij commit 32e49b9a808a59791513ec59fec6466d8577a5fa Author: Linus Walleij Date: Mon Aug 6 16:18:05 2018 +0200 gpio: tb10x: Use the right include This driver includes the legacy and but all it needs is really . Signed-off-by: Linus Walleij commit 6ff0497402ef7269ee6a72f62eb85adaa7a4768e Author: Biju Das Date: Mon Aug 6 10:48:01 2018 +0100 gpiolib: Fix of_node inconsistency Some platforms are not setting of_node in the driver. On these platforms defining gpio-reserved-ranges on device tree leads to kernel crash. It is due to some parts of the gpio core relying on the driver to set up of_node,while other parts do themselves.This inconsistent behaviour leads to a crash. gpiochip_add_data_with_key() calls gpiochip_init_valid_mask() with of_node as NULL. of_gpiochip_add() fills "of_node" and calls of_gpiochip_init_valid_mask(). The fix is to move the assignment to chip->of_node from of_gpiochip_add() to gpiochip_add_data_with_key(). Signed-off-by: Biju Das Reviewed-by: Geert Uytterhoeven Tested-by: Geert Uytterhoeven Signed-off-by: Linus Walleij commit 01f1974e5f08732de6cecc4287788a99cfc3b325 Author: Krzysztof Kozlowski Date: Mon Aug 6 18:33:40 2018 +0200 pinctrl: samsung: Remove duplicated "wakeup" in printk Double "wakeup" appears in printed message. Signed-off-by: Krzysztof Kozlowski Signed-off-by: Linus Walleij commit f8a79d5c7ef47c62d97a30e16064caf2ef91f648 Author: Steven Rostedt (VMware) Date: Fri Aug 10 12:17:50 2018 -0400 tracepoints: Free early tracepoints after RCU is initialized When enabling trace events via the kernel command line, I hit this warning: WARNING: CPU: 0 PID: 13 at kernel/rcu/srcutree.c:236 check_init_srcu_struct+0xe/0x61 Modules linked in: CPU: 0 PID: 13 Comm: watchdog/0 Not tainted 4.18.0-rc6-test+ #6 Hardware name: MSI MS-7823/CSM-H87M-G43 (MS-7823), BIOS V1.6 02/22/2014 RIP: 0010:check_init_srcu_struct+0xe/0x61 Code: 48 c7 c6 ec 8a 65 b4 e8 ff 79 fe ff 48 89 df 31 f6 e8 f2 fa ff ff 5a 5b 41 5c 5d c3 0f 1f 44 00 00 83 3d 68 94 b8 01 01 75 02 <0f> 0b 48 8b 87 f0 0a 00 00 a8 03 74 45 55 48 89 e5 41 55 41 54 4c RSP: 0000:ffff96eb9ea03e68 EFLAGS: 00010246 RAX: ffff96eb962b5b01 RBX: ffffffffb4a87420 RCX: 0000000000000001 RDX: ffffffffb3107969 RSI: ffff96eb962b5b40 RDI: ffffffffb4a87420 RBP: ffff96eb9ea03eb0 R08: ffffabbd00cd7f48 R09: 0000000000000000 R10: ffff96eb9ea03e68 R11: ffffffffb4a6eec0 R12: ffff96eb962b5b40 R13: ffff96eb9ea03ef8 R14: ffffffffb3107969 R15: ffffffffb3107948 FS: 0000000000000000(0000) GS:ffff96eb9ea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff96eb13ab2000 CR3: 0000000192a1e001 CR4: 00000000001606f0 Call Trace: ? __call_srcu+0x2d/0x290 ? rcu_process_callbacks+0x26e/0x448 ? allocate_probes+0x2b/0x2b call_srcu+0x13/0x15 rcu_free_old_probes+0x1f/0x21 rcu_process_callbacks+0x2ed/0x448 __do_softirq+0x172/0x336 irq_exit+0x62/0xb2 smp_apic_timer_interrupt+0x161/0x19e apic_timer_interrupt+0xf/0x20 The problem is that the enabling of trace events before RCU is set up will cause SRCU to give this warning. To avoid this, add a list to store probes that need to be freed till after RCU is initialized, and then free them then. Link: http://lkml.kernel.org/r/20180810113554.1df28050@gandalf.local.home Link: http://lkml.kernel.org/r/20180810123517.5e9714ad@gandalf.local.home Acked-by: Paul E. McKenney Reviewed-by: Joel Fernandes (Google) Fixes: e6753f23d961d ("tracepoint: Make rcuidle tracepoint callers use SRCU") Signed-off-by: Steven Rostedt (VMware) commit 016f8ffc48cb01d1e7701649c728c5d2e737d295 Author: Steven Rostedt (VMware) Date: Thu Aug 9 15:37:59 2018 -0400 uprobes: Use synchronize_rcu() not synchronize_sched() While debugging another bug, I was looking at all the synchronize*() functions being used in kernel/trace, and noticed that trace_uprobes was using synchronize_sched(), with a comment to synchronize with {u,ret}_probe_trace_func(). When looking at those functions, the data is protected with "rcu_read_lock()" and not with "rcu_read_lock_sched()". This is using the wrong synchronize_*() function. Link: http://lkml.kernel.org/r/20180809160553.469e1e32@gandalf.local.home Cc: stable@vger.kernel.org Fixes: 70ed91c6ec7f8 ("tracing/uprobes: Support ftrace_event_file base multibuffer") Acked-by: Oleg Nesterov Signed-off-by: Steven Rostedt (VMware) commit d878efce73fe86db34ddb2013260adf571a701a7 Author: Joerg Roedel Date: Wed Aug 8 13:16:40 2018 +0200 x86/mm/pti: Move user W+X check into pti_finalize() The user page-table gets the updated kernel mappings in pti_finalize(), which runs after the RO+X permissions got applied to the kernel page-table in mark_readonly(). But with CONFIG_DEBUG_WX enabled, the user page-table is already checked in mark_readonly() for insecure mappings. This causes false-positive warnings, because the user page-table did not get the updated mappings yet. Move the W+X check for the user page-table into pti_finalize() after it updated all required mappings. [ tglx: Folded !NX supported fix ] Signed-off-by: Joerg Roedel Signed-off-by: Thomas Gleixner Cc: "H . Peter Anvin" Cc: linux-mm@kvack.org Cc: Linus Torvalds Cc: Andy Lutomirski Cc: Dave Hansen Cc: Josh Poimboeuf Cc: Juergen Gross Cc: Peter Zijlstra Cc: Borislav Petkov Cc: Jiri Kosina Cc: Boris Ostrovsky Cc: Brian Gerst Cc: David Laight Cc: Denys Vlasenko Cc: Eduardo Valentin Cc: Greg KH Cc: Will Deacon Cc: aliguori@amazon.com Cc: daniel.gruss@iaik.tugraz.at Cc: hughd@google.com Cc: keescook@google.com Cc: Andrea Arcangeli Cc: Waiman Long Cc: Pavel Machek Cc: "David H . Gutteridge" Cc: joro@8bytes.org Link: https://lkml.kernel.org/r/1533727000-9172-1-git-send-email-joro@8bytes.org commit e0a568dcd18bdaa77877d558700ce4d3bbbb12b8 Author: Steven Rostedt (VMware) Date: Thu Aug 9 15:31:48 2018 -0400 tracing: Fix synchronizing to event changes with tracepoint_synchronize_unregister() Now that some trace events can be protected by srcu_read_lock(tracepoint_srcu), we need to make sure all locations that depend on this are also protected. There were many places that did a synchronize_sched() thinking that it was enough to protect againts access to trace events. This use to be the case, but now that we use SRCU for _rcuidle() trace events, they may not be protected by synchronize_sched(), as they may be called in paths that RCU is not watching for preempt disable. Fixes: e6753f23d961d ("tracepoint: Make rcuidle tracepoint callers use SRCU") Signed-off-by: Steven Rostedt (VMware) commit b207de3ec531ff364843708c9fea968700aae8fe Author: Colin Ian King Date: Thu Aug 9 13:56:09 2018 +0100 ftrace: Remove unused pointer ftrace_swapper_pid Pointer ftrace_swapper_pid is defined but is never used hence it is redundant and can be removed. The use of this variable was removed in commit 345ddcc882d8 ("ftrace: Have set_ftrace_pid use the bitmap like events do"). Cleans up clang warning: warning: 'ftrace_swapper_pid' defined but not used [-Wunused-const-variable=] Link: http://lkml.kernel.org/r/20180809125609.13142-1-colin.king@canonical.com Signed-off-by: Colin Ian King Signed-off-by: Steven Rostedt (VMware) commit 3f1756dc210e5abb37121da3e7c10d65920f6ec0 Author: Steven Rostedt (VMware) Date: Wed Aug 8 21:28:05 2018 -0400 tracing: More reverting of "tracing: Centralize preemptirq tracepoints and unify their usage" Joel Fernandes created a nice patch that cleaned up the duplicate hooks used by lockdep and irqsoff latency tracer. It made both use tracepoints. But the latency tracer is triggering warnings when using tracepoints to call into the latency tracer's routines. Mainly, they can be called from NMI context. If that happens, then the SRCU may not work properly because on some architectures, SRCU is not safe to be called in both NMI and non-NMI context. This is a partial revert of the clean up patch c3bc8fd637a9 ("tracing: Centralize preemptirq tracepoints and unify their usage") that adds back the direct calls into the latency tracer. It also only calls the trace events when not in NMI. Link: http://lkml.kernel.org/r/20180809210654.622445925@goodmis.org Reviewed-by: Joel Fernandes (Google) Fixes: c3bc8fd637a9 ("tracing: Centralize preemptirq tracepoints and unify their usage") Signed-off-by: Steven Rostedt (VMware) commit f27107fa20ad531ace5fd580473ff8dd0c6b9ca9 Author: Steven Rostedt (VMware) Date: Tue Aug 7 17:03:12 2018 -0400 tracing/irqsoff: Handle preempt_count for different configs I was hitting the following warning: WARNING: CPU: 0 PID: 1 at kernel/trace/trace_irqsoff.c:631 tracer_hardirqs_off+0x15/0x2a Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.18.0-rc6-test+ #13 Hardware name: MSI MS-7823/CSM-H87M-G43 (MS-7823), BIOS V1.6 02/22/2014 EIP: tracer_hardirqs_off+0x15/0x2a Code: ff 85 c0 74 0e 8b 45 00 8b 50 04 8b 45 04 e8 35 ff ff ff 5d c3 55 64 a1 cc 37 51 c1 a9 ff ff ff 7f 89 e5 53 89 d3 89 ca 75 02 <0f> 0b e8 90 fc ff ff 85 c0 74 07 89 d8 e8 0c ff ff ff 5b 5d c3 55 EAX: 80000000 EBX: c04337f0 ECX: c04338e3 EDX: c04338e3 ESI: c04337f0 EDI: c04338e3 EBP: f2aa1d68 ESP: f2aa1d64 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210046 CR0: 80050033 CR2: 00000000 CR3: 01668000 CR4: 001406f0 Call Trace: trace_irq_disable_rcuidle+0x63/0x6c trace_hardirqs_off+0x26/0x30 default_send_IPI_mask_allbutself_logical+0x31/0x93 default_send_IPI_allbutself+0x37/0x48 native_send_call_func_ipi+0x4d/0x6a smp_call_function_many+0x165/0x19d ? add_nops+0x34/0x34 ? trace_hardirqs_on_caller+0x2d/0x2d ? add_nops+0x34/0x34 smp_call_function+0x1f/0x23 on_each_cpu+0x15/0x43 ? trace_hardirqs_on_caller+0x2d/0x2d ? trace_hardirqs_on_caller+0x2d/0x2d ? trace_irq_disable_rcuidle+0x1/0x6c text_poke_bp+0xa0/0xc2 ? trace_hardirqs_on_caller+0x2d/0x2d arch_jump_label_transform+0xa7/0xcb ? trace_irq_disable_rcuidle+0x5/0x6c __jump_label_update+0x3e/0x6d jump_label_update+0x7d/0x81 static_key_slow_inc_cpuslocked+0x58/0x6d static_key_slow_inc+0x19/0x20 tracepoint_probe_register_prio+0x19e/0x1d1 ? start_critical_timings+0x1c/0x1c tracepoint_probe_register+0xf/0x11 irqsoff_tracer_init+0x21/0xf2 tracer_init+0x16/0x1a trace_selftest_startup_irqsoff+0x25/0xc4 run_tracer_selftest+0xca/0x131 register_tracer+0xd5/0x172 ? trace_event_define_fields_preemptirq_template+0x45/0x45 init_irqsoff_tracer+0xd/0x11 do_one_initcall+0xab/0x1e8 ? rcu_read_lock_sched_held+0x3d/0x44 ? trace_initcall_level+0x52/0x86 kernel_init_freeable+0x195/0x21a ? rest_init+0xb4/0xb4 kernel_init+0xd/0xe4 ret_from_fork+0x2e/0x38 It is due to running a CONFIG_PREEMPT_VOLUNTARY kernel, which would trigger this warning every time: WARN_ON_ONCE(preempt_count()); Because on CONFIG_PREEMPT_VOLUNTARY, preempt_count() is always zero. This warning is to make sure preempt_count is set because tracer_hardirqs_on() does a preempt_enable_notrace() to make the preempt_trace() work properly, as being called by a trace event, the trace event code disables preemption, and the tracer wants to know what the preemption was before it was called. Instead of enabling preemption like this, just record the preempt_count, subtract PREEMPT_DISABLE_OFFSET from it (which is zero with !CONFIG_PREEMPT set), and pass that value to the necessary functions, which should use the passed in parameter instead of calling preempt_count() directly. Fixes: da5b3ebb45277 ("tracing: irqsoff: Account for additional preempt_disable") Signed-off-by: Steven Rostedt (VMware) commit bff1b208a5d1dbb2355822ef859edcb9be0379e4 Author: Steven Rostedt (VMware) Date: Mon Aug 6 15:50:58 2018 -0400 tracing: Partial revert of "tracing: Centralize preemptirq tracepoints and unify their usage" Joel Fernandes created a nice patch that cleaned up the duplicate hooks used by lockdep and irqsoff latency tracer. It made both use tracepoints. But it caused lockdep to trigger several false positives. We have not figured out why yet, but removing lockdep from using the trace event hooks and just call its helper functions directly (like it use to), makes the problem go away. This is a partial revert of the clean up patch c3bc8fd637a9 ("tracing: Centralize preemptirq tracepoints and unify their usage") that adds direct calls for lockdep, but also keeps most of the clean up done to get rid of the horrible preprocessor if statements. Link: http://lkml.kernel.org/r/20180806155058.5ee875f4@gandalf.local.home Cc: Peter Zijlstra Reviewed-by: Joel Fernandes (Google) Fixes: c3bc8fd637a9 ("tracing: Centralize preemptirq tracepoints and unify their usage") Signed-off-by: Steven Rostedt (VMware) commit da2048b7348a0be92f706ac019e022139e29495e Author: Mauro Carvalho Chehab Date: Fri Aug 10 15:06:18 2018 -0400 Revert "media: vivid: shut up warnings due to a non-trivial logic" 0day kernel testing robot got the below dmesg and the first bad commit is https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master commit 3354b54f9f7037a1122d3b6009aa9d39829d6843 [ 248.847809] BUG: unable to handle kernel paging request at ffffc90000393131 [ 248.848015] Call Trace: [ 248.848015] ? vivid_dev_release+0xc0/0xc0 [ 248.848015] ? acpi_dev_pm_attach+0x27/0xd0 This reverts commit 3354b54f9f7037a1122d3b6009aa9d39829d6843. commit 74b247f4c36315e5c08580700a68e0eb3b72de03 Merge: 60afdf066a35 af2a81dab447 Author: Daniel Borkmann Date: Fri Aug 10 20:54:08 2018 +0200 Merge branch 'bpf-btf-for-htab-lru' Yonghong Song says: ==================== Commit a26ca7c982cb ("bpf: btf: Add pretty print support to the basic arraymap") added pretty print support to array map. This patch adds pretty print for hash and lru_hash maps. The following example shows the pretty-print result of a pinned hashmap. Without this patch set, user will get an error instead. struct map_value { int count_a; int count_b; }; cat /sys/fs/bpf/pinned_hash_map: 87907: {87907,87908} 57354: {37354,57355} 76625: {76625,76626} ... Patch #1 fixed a bug in bpffs map_seq_next() function so that all elements in the hash table will be traversed. Patch #2 implemented map_seq_show_elem() and map_check_btf() callback functions for hash and lru hash maps. Patch #3 enhanced tools/testing/selftests/bpf/test_btf.c to test bpffs hash and lru hash map pretty print. ==================== Signed-off-by: Daniel Borkmann commit af2a81dab44758de0b94679615ea75e8ee30aace Author: Yonghong Song Date: Thu Aug 9 08:55:21 2018 -0700 tools/bpf: add bpffs pretty print btf test for hash/lru_hash maps Pretty print tests for hash/lru_hash maps are added in test_btf.c. The btf type blob is the same as pretty print array map test. The test result: $ mount -t bpf bpf /sys/fs/bpf $ ./test_btf -p BTF pretty print array......OK BTF pretty print hash......OK BTF pretty print lru hash......OK PASS:3 SKIP:0 FAIL:0 Signed-off-by: Yonghong Song Signed-off-by: Daniel Borkmann commit 699c86d6ec21d0f885d12800249d138659de8489 Author: Yonghong Song Date: Thu Aug 9 08:55:20 2018 -0700 bpf: btf: add pretty print for hash/lru_hash maps Commit a26ca7c982cb ("bpf: btf: Add pretty print support to the basic arraymap") added pretty print support to array map. This patch adds pretty print for hash and lru_hash maps. The following example shows the pretty-print result of a pinned hashmap: struct map_value { int count_a; int count_b; }; cat /sys/fs/bpf/pinned_hash_map: 87907: {87907,87908} 57354: {37354,57355} 76625: {76625,76626} ... Signed-off-by: Yonghong Song Signed-off-by: Daniel Borkmann commit dc1508a579e682a1e5f1ed0753390e0aa7c23a97 Author: Yonghong Song Date: Thu Aug 9 08:55:19 2018 -0700 bpf: fix bpffs non-array map seq_show issue In function map_seq_next() of kernel/bpf/inode.c, the first key will be the "0" regardless of the map type. This works for array. But for hash type, if it happens key "0" is in the map, the bpffs map show will miss some items if the key "0" is not the first element of the first bucket. This patch fixed the issue by guaranteeing to get the first element, if the seq_show is just started, by passing NULL pointer key to map_get_next_key() callback. This way, no missing elements will occur for bpffs hash table show even if key "0" is in the map. Fixes: a26ca7c982cb5 ("bpf: btf: Add pretty print support to the basic arraymap") Acked-by: Alexei Starovoitov Signed-off-by: Yonghong Song Signed-off-by: Daniel Borkmann commit 13942aa94a8b5df662d93c42c307b2f50cbe88b0 Author: Darrick J. Wong Date: Thu Aug 9 22:43:04 2018 -0700 xfs: repair the AGI Rebuild the AGI header items with some help from the rmapbt. Signed-off-by: Darrick J. Wong Reviewed-by: Brian Foster commit 0e93d3f43ec7d3308bff25ce1be81d46330168c9 Author: Darrick J. Wong Date: Thu Aug 9 22:43:02 2018 -0700 xfs: repair the AGFL Repair the AGFL from the rmap data. Signed-off-by: Darrick J. Wong Reviewed-by: Brian Foster commit f9ed6debca45dd9bcc02d77c98822d50aba342f4 Author: Darrick J. Wong Date: Thu Aug 9 22:42:53 2018 -0700 xfs: repair the AGF Regenerate the AGF from the rmap data. Signed-off-by: Darrick J. Wong Reviewed-by: Brian Foster commit 096177a8b51937ba3004164f0366ef20656bb17a Author: Tzvetomir Stoyanov (VMware) Date: Wed Aug 8 14:02:46 2018 -0400 tools lib traceevent, perf tools: Rename struct pevent to struct tep_handle In order to make libtraceevent into a proper library, variables, data structures and functions require a unique prefix to prevent name space conflicts. That prefix will be "tep_" and not "pevent_". This changes the struct pevent to struct tep_handle. Signed-off-by: Tzvetomir Stoyanov (VMware) Cc: Andrew Morton Cc: Peter Zijlstra Cc: Yordan Karadzhov (VMware) Cc: linux-trace-devel@vger.kernel.org Link: http://lkml.kernel.org/r/20180808180659.706175783@goodmis.org Signed-off-by: Steven Rostedt Signed-off-by: Arnaldo Carvalho de Melo commit 46451874c7c9afaa4e014aea0f0970f886444e0d Author: Coly Li Date: Fri Aug 10 23:45:50 2018 +0800 bcache: fix error setting writeback_rate through sysfs interface Commit ea8c5356d390 ("bcache: set max writeback rate when I/O request is idle") changes struct bch_ratelimit member rate from uint32_t to atomic_long_t and uses atomic_long_set() in drivers/md/bcache/sysfs.c to set new writeback rate, after the input is converted from memory buf to long int by sysfs_strtoul_clamp(). The above change has a problem because there is an implicit return inside sysfs_strtoul_clamp() so the following atomic_long_set() won't be called. This error is detected by 0day system with following snipped smatch warnings: drivers/md/bcache/sysfs.c:271 __cached_dev_store() error: uninitialized symbol 'v'. 270 sysfs_strtoul_clamp(writeback_rate, v, 1, INT_MAX); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @271 atomic_long_set(&dc->writeback_rate.rate, v); This patch fixes the above error by using strtoul_safe_clamp() to convert the input buffer into a long int type result. Fixes: ea8c5356d390 ("bcache: set max writeback rate when I/O request is idle") Cc: Kai Krakow Cc: Stefan Priebe Signed-off-by: Coly Li Signed-off-by: Jens Axboe commit fd685657cd5441e504113db1928196d030c8c414 Merge: ebddd97afb89 e7ea2a52ffaf Author: David S. Miller Date: Fri Aug 10 10:33:08 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following batch contains netfilter updates for your net-next tree: 1) Expose NFT_OSF_MAXGENRELEN maximum OS name length from the new OS passive fingerprint matching extension, from Fernando Fernandez. 2) Add extension to support for fine grain conntrack timeout policies from nf_tables. As preparation works, this patchset moves nf_ct_untimeout() to nf_conntrack_timeout and it also decouples the timeout policy from the ctnl_timeout object, most work done by Harsha Sharma. 3) Enable connection tracking when conntrack helper is in place. 4) Missing enumeration in uapi header when splitting original xt_osf to nfnetlink_osf, also from Fernando. 5) Fix a sparse warning due to incorrect typing in the nf_osf_find(), from Wei Yongjun. ==================== Signed-off-by: David S. Miller commit 2d1ce5ec2117d16047334a1aa4b62e0cfb5a0605 Author: Alexandru Gagniuc Date: Mon Aug 6 18:25:35 2018 -0500 PCI: Check for PCIe Link downtraining When both ends of a PCIe Link are capable of a higher bandwidth than is currently in use, the Link is said to be "downtrained". A downtrained Link may indicate hardware or configuration problems in the system, but it's hard to identify such Links from userspace. Refactor pcie_print_link_status() so it continues to always print PCIe bandwidth information, as several NIC drivers desire. Add a new internal __pcie_print_link_status() to emit a message only when a device's bandwidth is constrained by the fabric and call it from the PCI core for all devices, which identifies all downtrained Links. It also emits messages for a few cases that are technically not downtrained, such as a x4 device in an open-ended x1 slot. Signed-off-by: Alexandru Gagniuc [bhelgaas: changelog, move __pcie_print_link_status() declaration to drivers/pci/, rename pcie_check_upstream_link() to pcie_report_downtraining()] Signed-off-by: Bjorn Helgaas commit ebddd97afb89cb1e88cc037aef2913ad4723a59f Author: Ganesh Goudar Date: Fri Aug 10 14:47:01 2018 +0530 cxgb4: add support to display DCB info display Data Center bridging information in debug fs. Signed-off-by: Casey Leedom Signed-off-by: Ganesh Goudar Signed-off-by: David S. Miller commit e4ed2b9eff1dcc4ed7a85fa1e63f86b471215416 Author: Colin Ian King Date: Fri Aug 10 09:02:17 2018 +0100 net: chelsio: cxgb2: remove unused array pci_speed Array pci_speed is defined but is never used hence it is redundant and can be removed. Cleans up clang warning: warning: 'pci_speed' defined but not used [-Wunused-const-variable=] Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit 29a06a779977d2af8ec783525e3d10cb616a4272 Author: Colin Ian King Date: Fri Aug 10 08:53:28 2018 +0100 mlxsw: remove unused arrays mlxsw_i2c_driver_name and mlxsw_pci_driver_name Arrays mlxsw_i2c_driver_name and mlxsw_pci_driver_name are defined but never used hence they are redundant and can be removed. Cleans up clang warnings: warning: 'mlxsw_i2c_driver_name' defined but not used warning: 'mlxsw_pci_driver_name' defined but not used Signed-off-by: Colin Ian King Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller commit c9fbb2d25295a566b97d62e6904741e8e1702d83 Author: Krzysztof Kozlowski Date: Fri Aug 10 10:47:43 2018 +0200 net: Provide stub for __netif_set_xps_queue if there is no CONFIG_XPS Building virtio_net driver without CONFIG_XPS fails with: drivers/net/virtio_net.c: In function ‘virtnet_set_affinity’: drivers/net/virtio_net.c:1910:3: error: implicit declaration of function ‘__netif_set_xps_queue’ [-Werror=implicit-function-declaration] __netif_set_xps_queue(vi->dev, mask, i, false); ^ Fixes: 4d99f6602cb5 ("net: allow to call netif_reset_xps_queues() under cpus_read_lock") Signed-off-by: Krzysztof Kozlowski Signed-off-by: David S. Miller commit cdeaf9d04a5a0f51220d2f025385c553220bfb5c Author: Steve French Date: Fri Aug 10 02:25:06 2018 -0500 smb3: allow previous versions to be mounted with snapshot= mount parm mounting with the "snapshots=" mount parm allows a read-only view of a previous version of a file system (see MS-SMB2 and "timewarp" tokens, section 2.2.13.2.6) based on the timestamp passed in on the snapshots mount parm. Add processing to optionally send this create context. Example output: /mnt1 is mounted with "snapshots=..." and will see an earlier version of the directory, with three fewer files than /mnt2 the current version of the directory. root@Ubuntu-17-Virtual-Machine:~/cifs-2.6# cat /proc/mounts | grep cifs //172.22.149.186/public /mnt1 cifs ro,relatime,vers=default,cache=strict,username=smfrench,uid=0,noforceuid,gid=0,noforcegid,addr=172.22.149.186,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,snapshot=131748608570000000,actimeo=1 //172.22.149.186/public /mnt2 cifs rw,relatime,vers=default,cache=strict,username=smfrench,uid=0,noforceuid,gid=0,noforcegid,addr=172.22.149.186,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1 root@Ubuntu-17-Virtual-Machine:~/cifs-2.6# ls /mnt1 EmptyDir newerdir root@Ubuntu-17-Virtual-Machine:~/cifs-2.6# ls /mnt1/newerdir root@Ubuntu-17-Virtual-Machine:~/cifs-2.6# ls /mnt2 EmptyDir file newerdir newestdir timestamp-trace.cap root@Ubuntu-17-Virtual-Machine:~/cifs-2.6# ls /mnt2/newerdir new-file-not-in-snapshot Snapshots are extremely useful for comparing previous versions of files or directories, and recovering from data corruptions or mistakes. Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg commit e55954a5f7ce0e321cea9f91f4ebeb2a4e0165f4 Author: Ronnie Sahlberg Date: Fri Aug 10 11:31:10 2018 +1000 cifs: don't show domain= in mount output when domain is empty Reported-by: Xiaoli Feng Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky commit c1777df1a5d541cda918ff0450c8adcc8b69c2fd Author: Ronnie Sahlberg Date: Fri Aug 10 11:03:55 2018 +1000 cifs: add missing support for ACLs in SMB 3.11 We were missing the methods for get_acl and friends for the 3.11 dialect. Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French CC: Stable Reviewed-by: Pavel Shilovsky commit c1acb21b32a3bb601453764c9eac9fc8fbb3a81d Merge: c3c7126248a0 401c0d7712eb Author: Mark Brown Date: Fri Aug 10 17:51:52 2018 +0100 Merge branch 'spi-4.19' into spi-next commit c3c7126248a0750790ee33c4bd80a1847f55f5b6 Merge: 1ffaddd029c8 563a53f3906a Author: Mark Brown Date: Fri Aug 10 17:51:50 2018 +0100 Merge branch 'spi-4.18' into spi-linus commit d22d59362b7b2c749245f1269d447011c76ca41d Merge: a8afa92ec0d9 46fc033eba42 Author: Mark Brown Date: Fri Aug 10 17:31:24 2018 +0100 Merge branch 'regulator-4.19' into regulator-next commit a8afa92ec0d9312b23fd291aa8db95da266f2d5f Merge: 1ffaddd029c8 a9191579ba10 Author: Mark Brown Date: Fri Aug 10 17:31:22 2018 +0100 Merge branch 'regulator-4.18' into regulator-linus commit 46fc033eba42f5a4fb583b2ab53f0a9918468452 Author: David Collins Date: Fri Jul 13 18:50:59 2018 -0700 regulator: add QCOM RPMh regulator driver Add the QCOM RPMh regulator driver to manage PMIC regulators which are controlled via RPMh on some Qualcomm Technologies, Inc. SoCs. RPMh is a hardware block which contains several accelerators which are used to manage various hardware resources that are shared between the processors of the SoC. The final hardware state of a regulator is determined within RPMh by performing max aggregation of the requests made by all of the processors. Add support for PMIC regulator control via the voltage regulator manager (VRM) and oscillator buffer (XOB) RPMh accelerators. VRM supports manipulation of enable state, voltage, and mode. XOB supports manipulation of enable state. Signed-off-by: David Collins Reviewed-by: Douglas Anderson Reviewed-by: Matthias Kaehlcke Signed-off-by: Mark Brown commit 0db021f7a2731cc559f0c5beb19ff3f677ff8626 Author: David Collins Date: Fri Jul 13 18:50:58 2018 -0700 regulator: dt-bindings: add QCOM RPMh regulator bindings Introduce bindings for RPMh regulator devices found on some Qualcomm Technlogies, Inc. SoCs. These devices allow a given processor within the SoC to make PMIC regulator requests which are aggregated within the RPMh hardware block along with requests from other processors in the SoC to determine the final PMIC regulator hardware state. Signed-off-by: David Collins Reviewed-by: Rob Herring Reviewed-by: Douglas Anderson Signed-off-by: Mark Brown commit 2de4471a263dd4f803d6cf89c543f38b2558ad88 Merge: 4f3fb2873583 78ee559d7fc6 Author: Mark Brown Date: Fri Aug 10 17:29:43 2018 +0100 Merge tag 'qcom-drivers-for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/agross/linux into regulator-4.19 for RPMH Qualcomm ARM Based Driver Updates for v4.19 * Add Qualcomm LLCC driver * Add Qualcomm RPMH controller * Fix memleak in Qualcomm RMTFS * Add dummy qcom_scm_assign_mem() * Fix check for global partition in SMEM commit 4afec79f652b11189c07ce49498c4477adda887c Author: Tokunori Ikegami Date: Wed Aug 8 10:32:19 2018 +0900 hwmon: (adt7475) Change show functions to return error data correctly Change update device function to return an error pointer if needed, and report the error to user space. Signed-off-by: Tokunori Ikegami Cc: Guenter Roeck Cc: Chris Packham [groeck: Clarified/updated description] Signed-off-by: Guenter Roeck commit 702afead45e15407bea94ccee16b801bbe9db13e Author: Tokunori Ikegami Date: Wed Aug 8 10:32:18 2018 +0900 hwmon: (adt7475) Change update functions to add error handling I2C SMBus sometimes returns error codes. In the error case, measurement values are updated incorrectly. The sensor application then generates warning log messages and SNMP traps. To prevent this, add error handling into the update functions. Signed-off-by: Tokunori Ikegami Cc: Guenter Roeck Cc: Chris Packham [groeck: Update description] Signed-off-by: Guenter Roeck commit b36fb17159adad16a724f0d298a5b50269839ead Author: Tokunori Ikegami Date: Wed Aug 8 10:32:17 2018 +0900 hwmon: (adt7475) Change valid parameter to bool type Currently the valid variable is of type char, but it is used as boolean. So let's change it to bool. Signed-off-by: Tokunori Ikegami Cc: Guenter Roeck Cc: Chris Packham [groeck: Update description] Signed-off-by: Guenter Roeck commit 5cf943ede4af95313665ea81f224533d2aa272bb Author: Tokunori Ikegami Date: Wed Aug 8 10:32:16 2018 +0900 hwmon: (adt7475) Split device update function to measure and limits The update function reads both measurement and limit values. Those parts can be split so split them for a maintainability. Signed-off-by: Tokunori Ikegami Cc: Guenter Roeck Cc: Chris Packham [groeck: Clarify description] Signed-off-by: Guenter Roeck commit f39684524b391c5a7ed0ac44db4fec3357af1c5d Author: Randy Dunlap Date: Fri Aug 10 17:23:02 2018 +0200 Documentation/fb: corrections for fbcon.txt Fix grammar, spacing, indentation, and Kconfig menu locations in fbcon.txt. Signed-off-by: Randy Dunlap Cc: Antonino Daplas Cc: Geert Uytterhoeven Cc: Jonathan Corbet Signed-off-by: Bartlomiej Zolnierkiewicz commit df37e225f25933732c17e43cbe7d21eec31b24be Author: Hans de Goede Date: Fri Aug 10 17:23:02 2018 +0200 fbcon: Do not takeover the console from atomic context Taking over the console involves allocating mem with GFP_KERNEL, talking to drm drivers, etc. So this should not be done from an atomic context. But the console-output trigger deferred console takeover may happen from an atomic context, which leads to "BUG: sleeping function called from invalid context" errors. This commit fixes these errors by doing the deferred takeover from a workqueue. Signed-off-by: Hans de Goede [b.zolnierkie: remove unused variable] Signed-off-by: Bartlomiej Zolnierkiewicz commit 4d64c8e02cdad5ada0b9e1e3d20b73c279cafaf2 Author: Hans de Goede Date: Fri Aug 10 17:23:02 2018 +0200 dummycon: Stop exporting dummycon_[un]register_output_notifier Now that we only allow FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER when fbdev+fbcon are builtin exporting these is no longer necessary. Signed-off-by: Hans de Goede Signed-off-by: Bartlomiej Zolnierkiewicz commit bedb38fc917527e7a6a7e5a0ecedd44690fab167 Author: Hans de Goede Date: Fri Aug 10 17:23:01 2018 +0200 fbcon: Only defer console takeover if the current console driver is the dummycon We rely on dummycon's output notifier mechanism to defer the takeover. If say vgacon is the current console driver then dummycon will never get used so its output notifier will also never get called and fbcon never takes over. This commit fixes this by only deferring the console takeover if the current console driver is the dummycon driver. This commit also moves the entirety of fbcon_start under the console_lock, since the conswitchp which fbcon_start now checks is protected by it. This commit also inlines fbcon_register_output_notifier, since we now need a #ifdef CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER in fbcon_start anyways because of the write access to the deferred_takeover variable, this has the added advantage that it puts the dummycon_register_output_notifier() call directly after the "conswitchp != &dummy_con" comparison making it clear why that check is there. Note the arch setup code will set conswitchp to either dummy_con or vga_con, in the cases where it gets set to vga_con even though their is no vga_con present we rely on vga_con_startup() to set conswitchp to dummy_con. vga_con_startup() is guaranteed to happen before fb_console_init() as it gets called as a console_initcall where as fb_console_init() gets called as a subsys_initcall. Signed-off-by: Hans de Goede Signed-off-by: Bartlomiej Zolnierkiewicz commit 15f4c357f909d5fbde43b36e137756d5c654a59d Author: Hans de Goede Date: Fri Aug 10 17:23:01 2018 +0200 fbcon: Only allow FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER if fbdev is builtin Having FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER with fbdev+fbcon being build as a module does not make much sense. Having FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER only when fbdev+fbcon are builtin was always the intention, hence the =y checks but they were checking the wrong option, fbcon is build as part of fb.ko, so we must check for FB=y. Signed-off-by: Hans de Goede Signed-off-by: Bartlomiej Zolnierkiewicz commit aa12af77aae05008b3e637b85944dcd512f75eba Author: Ankit Navik Date: Tue Aug 7 13:16:35 2018 +0530 Bluetooth: Add definitions for LE set address resolution Add the definitions for LE address resolution enable HCI commands. When the LE address resolution enable gets changed via HCI commands make sure that flag gets updated. Signed-off-by: Ankit Navik Signed-off-by: Marcel Holtmann commit 60afdf066a35317efd5d1d7ae7c7f4ef2b32601f Merge: c4c202175424 638264dc9022 Author: Daniel Borkmann Date: Fri Aug 10 16:12:22 2018 +0200 Merge branch 'bpf-veth-xdp-support' Toshiaki Makita says: ==================== This patch set introduces driver XDP for veth. Basically this is used in conjunction with redirect action of another XDP program. NIC -----------> veth===veth (XDP) (redirect) (XDP) In this case xdp_frame can be forwarded to the peer veth without modification, so we can expect far better performance than generic XDP. Envisioned use-cases -------------------- * Container managed XDP program Container host redirects frames to containers by XDP redirect action, and privileged containers can deploy their own XDP programs. * XDP program cascading Two or more XDP programs can be called for each packet by redirecting xdp frames to veth. * Internal interface for an XDP bridge When using XDP redirection to create a virtual bridge, veth can be used to create an internal interface for the bridge. Implementation -------------- This changeset is making use of NAPI to implement ndo_xdp_xmit and XDP_TX/REDIRECT. This is mainly because XDP heavily relies on NAPI context. - patch 1: Export a function needed for veth XDP. - patch 2-3: Basic implementation of veth XDP. - patch 4-6: Add ndo_xdp_xmit. - patch 7-9: Add XDP_TX and XDP_REDIRECT. - patch 10: Performance optimization for multi-queue env. Tests and performance numbers ----------------------------- Tested with a simple XDP program which only redirects packets between NIC and veth. I used i40e 25G NIC (XXV710) for the physical NIC. The server has 20 of Xeon Silver 2.20 GHz cores. pktgen --(wire)--> XXV710 (i40e) <--(XDP redirect)--> veth===veth (XDP) The rightmost veth loads XDP progs and just does DROP or TX. The number of packets is measured in the XDP progs. The leftmost pktgen sends packets at 37.1 Mpps (almost 25G wire speed). veth XDP action Flows Mpps ================================ DROP 1 10.6 DROP 2 21.2 DROP 100 36.0 TX 1 5.0 TX 2 10.0 TX 100 31.0 I also measured netperf TCP_STREAM but was not so great performance due to lack of tx/rx checksum offload and TSO, etc. netperf <--(wire)--> XXV710 (i40e) <--(XDP redirect)--> veth===veth (XDP PASS) Direction Flows Gbps ============================== external->veth 1 20.8 external->veth 2 23.5 external->veth 100 23.6 veth->external 1 9.0 veth->external 2 17.8 veth->external 100 22.9 Also tested doing ifup/down or load/unload a XDP program repeatedly during processing XDP packets in order to check if enabling/disabling NAPI is working as expected, and found no problems. v8: - Don't use xdp_frame pointer address to calculate skb->head, headroom, and xdp_buff.data_hard_start. v7: - Introduce xdp_scrub_frame() to clear kernel pointers in xdp_frame and use it instead of memset(). v6: - Check skb->len only if reallocation is needed. - Add __GFP_NOWARN to alloc_page() since it can be triggered by external events. - Fix sparse warning around EXPORT_SYMBOL. v5: - Fix broken SOBs. v4: - Don't adjust MTU automatically. - Skip peer IFF_UP check on .ndo_xdp_xmit() because it is unnecessary. Add comments to explain that. - Use redirect_info instead of xdp_mem_info for storing no_direct flag to avoid per packet copy cost. v3: - Drop skb bulk xmit patch since it makes little performance difference. The hotspot in TCP skb xmit at this point is checksum computation in skb_segment and packet copy on XDP_REDIRECT due to cloned/nonlinear skb. - Fix race on closing device. - Add extack messages in ndo_bpf. v2: - Squash NAPI patch with "Add driver XDP" patch. - Remove conversion from xdp_frame to skb when NAPI is not enabled. - Introduce per-queue XDP ring (patch 8). - Introduce bulk skb xmit when XDP is enabled on the peer (patch 9). ==================== Signed-off-by: Toshiaki Makita Signed-off-by: Daniel Borkmann commit 638264dc90227cca00d20c26680171addce18e51 Author: Toshiaki Makita Date: Fri Aug 3 16:58:18 2018 +0900 veth: Support per queue XDP ring Move XDP and napi related fields from veth_priv to newly created veth_rq structure. When xdp_frames are enqueued from ndo_xdp_xmit and XDP_TX, rxq is selected by current cpu. When skbs are enqueued from the peer device, rxq is one to one mapping of its peer txq. This way we have a restriction that the number of rxqs must not less than the number of peer txqs, but leave the possibility to achieve bulk skb xmit in the future because txq lock would make it possible to remove rxq ptr_ring lock. v3: - Add extack messages. - Fix array overrun in veth_xmit. Signed-off-by: Toshiaki Makita Signed-off-by: Daniel Borkmann commit d1396004dd868642ea2596abe058d96dcf97990f Author: Toshiaki Makita Date: Fri Aug 3 16:58:17 2018 +0900 veth: Add XDP TX and REDIRECT This allows further redirection of xdp_frames like NIC -> veth--veth -> veth--veth (XDP) (XDP) (XDP) The intermediate XDP, redirecting packets from NIC to the other veth, reuses xdp_mem_info from NIC so that page recycling of the NIC works on the destination veth's XDP. In this way return_frame is not fully guarded by NAPI, since another NAPI handler on another cpu may use the same xdp_mem_info concurrently. Thus disable napi_direct by xdp_set_return_frame_no_direct() during the NAPI context. v8: - Don't use xdp_frame pointer address for data_hard_start of xdp_buff. v4: - Use xdp_[set|clear]_return_frame_no_direct() instead of a flag in xdp_mem_info. v3: - Fix double free when veth_xdp_tx() returns a positive value. - Convert xdp_xmit and xdp_redir variables into flags. Signed-off-by: Toshiaki Makita Signed-off-by: Daniel Borkmann commit 2539650fadbf63a431e76535a9de7bff6ea5e409 Author: Toshiaki Makita Date: Fri Aug 3 16:58:16 2018 +0900 xdp: Helpers for disabling napi_direct of xdp_return_frame We need some mechanism to disable napi_direct on calling xdp_return_frame_rx_napi() from some context. When veth gets support of XDP_REDIRECT, it will redirects packets which are redirected from other devices. On redirection veth will reuse xdp_mem_info of the redirection source device to make return_frame work. But in this case .ndo_xdp_xmit() called from veth redirection uses xdp_mem_info which is not guarded by NAPI, because the .ndo_xdp_xmit() is not called directly from the rxq which owns the xdp_mem_info. This approach introduces a flag in bpf_redirect_info to indicate that napi_direct should be disabled even when _rx_napi variant is used as well as helper functions to use it. A NAPI handler who wants to use this flag needs to call xdp_set_return_frame_no_direct() before processing packets, and call xdp_clear_return_frame_no_direct() after xdp_do_flush_map() before exiting NAPI. v4: - Use bpf_redirect_info for storing the flag instead of xdp_mem_info to avoid per-frame copy cost. Signed-off-by: Toshiaki Makita Signed-off-by: Daniel Borkmann commit 0b19cc0a8694d4295383f88bc3441765875a57bc Author: Toshiaki Makita Date: Fri Aug 3 16:58:15 2018 +0900 bpf: Make redirect_info accessible from modules We are going to add kern_flags field in redirect_info for kernel internal use. In order to avoid function call to access the flags, make redirect_info accessible from modules. Also as it is now non-static, add prefix bpf_ to redirect_info. v6: - Fix sparse warning around EXPORT_SYMBOL. Signed-off-by: Toshiaki Makita Signed-off-by: Daniel Borkmann commit af87a3aa1b5f397a2f5c99b97b000943c5177da7 Author: Toshiaki Makita Date: Fri Aug 3 16:58:14 2018 +0900 veth: Add ndo_xdp_xmit This allows NIC's XDP to redirect packets to veth. The destination veth device enqueues redirected packets to the napi ring of its peer, then they are processed by XDP on its peer veth device. This can be thought as calling another XDP program by XDP program using REDIRECT, when the peer enables driver XDP. Note that when the peer veth device does not set driver xdp, redirected packets will be dropped because the peer is not ready for NAPI. v4: - Don't use xdp_ok_fwd_dev() because checking IFF_UP is not necessary. Add comments about it and check only MTU. v2: - Drop the part converting xdp_frame into skb when XDP is not enabled. - Implement bulk interface of ndo_xdp_xmit. - Implement XDP_XMIT_FLUSH bit and drop ndo_xdp_flush. Signed-off-by: Toshiaki Makita Acked-by: John Fastabend Signed-off-by: Daniel Borkmann commit 9fc8d518d9d590998209f2686e026a488f65d41e Author: Toshiaki Makita Date: Fri Aug 3 16:58:13 2018 +0900 veth: Handle xdp_frames in xdp napi ring This is preparation for XDP TX and ndo_xdp_xmit. This allows napi handler to handle xdp_frames through xdp ring as well as sk_buff. v8: - Don't use xdp_frame pointer address to calculate skb->head and headroom. v7: - Use xdp_scrub_frame() instead of memset(). v3: - Revert v2 change around rings and use a flag to differentiate skb and xdp_frame, since bulk skb xmit makes little performance difference for now. v2: - Use another ring instead of using flag to differentiate skb and xdp_frame. This approach makes bulk skb transmit possible in veth_xmit later. - Clear xdp_frame feilds in skb->head. - Implement adjust_tail. Signed-off-by: Toshiaki Makita Acked-by: John Fastabend Acked-by: Jesper Dangaard Brouer Signed-off-by: Daniel Borkmann commit a8d5b4ab353738e16e5f9d21ab1e3d44b37983d0 Author: Toshiaki Makita Date: Fri Aug 3 16:58:12 2018 +0900 xdp: Helper function to clear kernel pointers in xdp_frame xdp_frame has kernel pointers which should not be readable from bpf programs. When we want to reuse xdp_frame region but it may be read by bpf programs later, we can use this helper to clear kernel pointers. This is more efficient than calling memset() for the entire struct. Signed-off-by: Toshiaki Makita Acked-by: Jesper Dangaard Brouer Signed-off-by: Daniel Borkmann commit dc2248220a4aa61560c95aca98d4162095bd7e8a Author: Toshiaki Makita Date: Fri Aug 3 16:58:11 2018 +0900 veth: Avoid drops by oversized packets when XDP is enabled Oversized packets including GSO packets can be dropped if XDP is enabled on receiver side, so don't send such packets from peer. Drop TSO and SCTP fragmentation features so that veth devices themselves segment packets with XDP enabled. Also cap MTU accordingly. v4: - Don't auto-adjust MTU but cap max MTU. Signed-off-by: Toshiaki Makita Signed-off-by: Daniel Borkmann commit 948d4f214fde43743c57aae0c708bff44f6345f2 Author: Toshiaki Makita Date: Fri Aug 3 16:58:10 2018 +0900 veth: Add driver XDP This is the basic implementation of veth driver XDP. Incoming packets are sent from the peer veth device in the form of skb, so this is generally doing the same thing as generic XDP. This itself is not so useful, but a starting point to implement other useful veth XDP features like TX and REDIRECT. This introduces NAPI when XDP is enabled, because XDP is now heavily relies on NAPI context. Use ptr_ring to emulate NIC ring. Tx function enqueues packets to the ring and peer NAPI handler drains the ring. Currently only one ring is allocated for each veth device, so it does not scale on multiqueue env. This can be resolved by allocating rings on the per-queue basis later. Note that NAPI is not used but netif_rx is used when XDP is not loaded, so this does not change the default behaviour. v6: - Check skb->len only when allocation is needed. - Add __GFP_NOWARN to alloc_page() as it can be triggered by external events. v3: - Fix race on closing the device. - Add extack messages in ndo_bpf. v2: - Squashed with the patch adding NAPI. - Implement adjust_tail. - Don't acquire consumer lock because it is guarded by NAPI. - Make poll_controller noop since it is unnecessary. - Register rxq_info on enabling XDP rather than on opening the device. Signed-off-by: Toshiaki Makita Signed-off-by: Daniel Borkmann commit b0768a86585d4d951a30ff565f19598dbbd67897 Author: Toshiaki Makita Date: Fri Aug 3 16:58:09 2018 +0900 net: Export skb_headers_offset_update This is needed for veth XDP which does skb_copy_expand()-like operation. v2: - Drop skb_copy_header part because it has already been exported now. Signed-off-by: Toshiaki Makita Signed-off-by: Daniel Borkmann commit c4c20217542469b9caf7f700ac9a2eeb32cb3742 Merge: eb91e4d4db06 1bca4e6b1863 Author: Daniel Borkmann Date: Fri Aug 10 16:07:50 2018 +0200 Merge branch 'bpf-sample-cpumap-lb' Jesper Dangaard Brouer says: ==================== Background: cpumap moves the SKB allocation out of the driver code, and instead allocate it on the remote CPU, and invokes the regular kernel network stack with the newly allocated SKB. The idea behind the XDP CPU redirect feature, is to use XDP as a load-balancer step in-front of regular kernel network stack. But the current sample code does not provide a good example of this. Part of the reason is that, I have implemented this as part of Suricata XDP load-balancer. Given this is the most frequent feature request I get. This patchset implement the same XDP load-balancing as Suricata does, which is a symmetric hash based on the IP-pairs + L4-protocol. The expected setup for the use-case is to reduce the number of NIC RX queues via ethtool (as XDP can handle more per core), and via smp_affinity assign these RX queues to a set of CPUs, which will be handling RX packets. The CPUs that runs the regular network stack is supplied to the sample xdp_redirect_cpu tool by specifying the --cpu option multiple times on the cmdline. I do note that cpumap SKB creation is not feature complete yet, and more work is coming. E.g. given GRO is not implemented yet, do expect TCP workloads to be slower. My measurements do indicate UDP workloads are faster. ==================== Signed-off-by: Daniel Borkmann commit 1bca4e6b1863c0a006fde6a66720a87823109294 Author: Jesper Dangaard Brouer Date: Fri Aug 10 14:03:02 2018 +0200 samples/bpf: xdp_redirect_cpu load balance like Suricata This implement XDP CPU redirection load-balancing across available CPUs, based on the hashing IP-pairs + L4-protocol. This equivalent to xdp-cpu-redirect feature in Suricata, which is inspired by the Suricata 'ippair' hashing code. An important property is that the hashing is flow symmetric, meaning that if the source and destination gets swapped then the selected CPU will remain the same. This is helps locality by placing both directions of a flows on the same CPU, in a forwarding/routing scenario. The hashing INITVAL (15485863 the 10^6th prime number) was fairly arbitrary choosen, but experiments with kernel tree pktgen scripts (pktgen_sample04_many_flows.sh +pktgen_sample05_flow_per_thread.sh) showed this improved the distribution. This patch also change the default loaded XDP program to be this load-balancer. As based on different user feedback, this seems to be the expected behavior of the sample xdp_redirect_cpu. Link: https://github.com/OISF/suricata/commit/796ec08dd7a63 Signed-off-by: Jesper Dangaard Brouer Signed-off-by: Daniel Borkmann commit 11395686586bc9ca867b3f27501fd6c48244187a Author: Jesper Dangaard Brouer Date: Fri Aug 10 14:02:57 2018 +0200 samples/bpf: add Paul Hsieh's (LGPL 2.1) hash function SuperFastHash Adjusted function call API to take an initval. This allow the API user to set the initial value, as a seed. This could also be used for inputting the previous hash. Signed-off-by: Jesper Dangaard Brouer Signed-off-by: Daniel Borkmann commit eb91e4d4db06adef06e7f50c02813c13c6ca5a5b Author: Björn Töpel Date: Fri Aug 10 11:28:02 2018 +0200 Revert "xdp: add NULL pointer check in __xdp_return()" This reverts commit 36e0f12bbfd3016f495904b35e41c5711707509f. The reverted commit adds a WARN to check against NULL entries in the mem_id_ht rhashtable. Any kernel path implementing the XDP (generic or driver) fast path is required to make a paired xdp_rxq_info_reg/xdp_rxq_info_unreg call for proper function. In addition, a driver using a different allocation scheme than the default MEM_TYPE_PAGE_SHARED is required to additionally call xdp_rxq_info_reg_mem_model. For MEM_TYPE_ZERO_COPY, an xdp_rxq_info_reg_mem_model call ensures that the mem_id_ht rhashtable has a properly inserted allocator id. If not, this would be a driver bug. A NULL pointer kernel OOPS is preferred to the WARN. Suggested-by: Jesper Dangaard Brouer Signed-off-by: Björn Töpel Acked-by: Jesper Dangaard Brouer Signed-off-by: Daniel Borkmann commit f7a6947cd49b7ff4e03f1b4f7e7b223003d752ca Author: Michael Ellerman Date: Tue Jul 10 16:20:56 2018 +1000 powerpc/uaccess: Enable get_user(u64, *p) on 32-bit Currently if you build a 32-bit powerpc kernel and use get_user() to load a u64 value it will fail to build with eg: kernel/rseq.o: In function `rseq_get_rseq_cs': kernel/rseq.c:123: undefined reference to `__get_user_bad' This is hitting the check in __get_user_size() that makes sure the size we're copying doesn't exceed the size of the destination: #define __get_user_size(x, ptr, size, retval) do { retval = 0; __chk_user_ptr(ptr); if (size > sizeof(x)) (x) = __get_user_bad(); Which doesn't immediately make sense because the size of the destination is u64, but it's not really, because __get_user_check() etc. internally create an unsigned long and copy into that: #define __get_user_check(x, ptr, size) ({ long __gu_err = -EFAULT; unsigned long __gu_val = 0; The problem being that on 32-bit unsigned long is not big enough to hold a u64. We can fix this with a trick from hpa in the x86 code, we statically check the type of x and set the type of __gu_val to either unsigned long or unsigned long long. Signed-off-by: Michael Ellerman commit f405b510c93eeb7390d0e2c6ef8d12af9a33021a Author: Aneesh Kumar K.V Date: Thu Aug 9 19:06:42 2018 +0530 powerpc/mm/hash: Remove unnecessary do { } while(0) loop Avoid coverity false warnings like: *** CID 187347: Control flow issues (UNREACHABLE) /arch/powerpc/mm/hash_native_64.c: 819 in native_flush_hash_range() 813 slot += hidx & _PTEIDX_GROUP_IX; 814 hptep = htab_address + slot; 815 want_v = hpte_encode_avpn(vpn, psize, ssize); 816 hpte_v = hpte_get_old_v(hptep); 817 818 if (!HPTE_V_COMPARE(hpte_v, want_v) || !(hpte_v & HPTE_V_VALID)) >>> CID 187347: Control flow issues (UNREACHABLE) Signed-off-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman commit e7e81847478b37a3958a3163171bf6aee99f87d7 Author: Nicholas Piggin Date: Fri Aug 10 16:42:48 2018 +1000 powerpc/64s: move machine check SLB flushing to mm/slb.c The machine check code that flushes and restores bolted segments in real mode belongs in mm/slb.c. This will also be used by pseries machine check and idle code in future changes. Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman commit ae24ce5e12127eeef6bf946c3ee0e95f3797caaf Author: Aneesh Kumar K.V Date: Thu Aug 9 19:07:20 2018 +0530 powerpc/powernv/idle: Fix build error Fix the below build error using strlcpy instead of strncpy In function 'pnv_parse_cpuidle_dt', inlined from 'pnv_init_idle_states' at arch/powerpc/platforms/powernv/idle.c:840:7, inlined from '__machine_initcall_powernv_pnv_init_idle_states' at arch/powerpc/platforms/powernv/idle.c:870:1: arch/powerpc/platforms/powernv/idle.c:820:3: error: 'strncpy' specified bound 16 equals destination size [-Werror=stringop-truncation] strncpy(pnv_idle_states[i].name, temp_string[i], ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PNV_IDLE_NAME_LEN); Signed-off-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman commit 0b6aa1a20add96437c46db77c9bae2d7529dfbc1 Author: Aneesh Kumar K.V Date: Thu Aug 9 19:06:59 2018 +0530 powerpc/mm/tlbflush: update the mmu_gather page size while iterating address range This patch makes sure we update the mmu_gather page size even if we are requesting for a fullmm flush. This avoids triggering VM_WARN_ON in code paths like __tlb_remove_page_size that explicitly check for removing range page size to be same as mmu gather page size. Fixes: 5a6099346c41 ("powerpc/64s/radix: tlb do not flush on page size when fullmm") Signed-off-by: Aneesh Kumar K.V Acked-by: Nicholas Piggin Signed-off-by: Michael Ellerman commit fce278af81daf8599f9e94883cbe43068b6c4785 Author: Mathieu Malaterre Date: Fri Jun 22 21:27:47 2018 +0200 powerpc/mm: remove warning about ‘type’ being set ‘type’ is only used when CONFIG_DEBUG_HIGHMEM is set. So add a possibly unused tag to variable. Remove warning treated as error with W=1: arch/powerpc/mm/highmem.c:59:6: error: variable ‘type’ set but not used [-Werror=unused-but-set-variable] Signed-off-by: Mathieu Malaterre Signed-off-by: Michael Ellerman commit f2c6d0d1092e3da2bd36c768777e883fa3908548 Author: Mathieu Malaterre Date: Fri Jun 22 21:26:53 2018 +0200 powerpc/32: Include setup.h header file to fix warnings Make sure to include setup.h to provide the following prototypes: - irqstack_early_init - setup_power_save - initialize_cache_info Fix the following warnings (treated as error in W=1): arch/powerpc/kernel/setup_32.c:198:13: error: no previous prototype for ‘irqstack_early_init’ arch/powerpc/kernel/setup_32.c:238:13: error: no previous prototype for ‘setup_power_save’ arch/powerpc/kernel/setup_32.c:253:13: error: no previous prototype for ‘initialize_cache_info’ Signed-off-by: Mathieu Malaterre Signed-off-by: Michael Ellerman commit eab00a208eb63d863b6cc0a03f68b4424ef5add8 Author: Mathieu Malaterre Date: Wed Apr 4 22:08:35 2018 +0200 powerpc: Move `path` variable inside DEBUG_PROM Add gcc attribute unused for two variables. Fix warnings treated as errors with W=1: arch/powerpc/kernel/prom_init.c:1388:8: error: variable ‘path’ set but not used [-Werror=unused-but-set-variable] Suggested-by: Christophe Leroy Signed-off-by: Mathieu Malaterre Signed-off-by: Michael Ellerman commit 618a89d738fdd97f6fc58b7b666c7a84b2bb95e3 Author: Mathieu Malaterre Date: Wed Mar 28 21:39:35 2018 +0200 powerpc/powermac: Make some functions static These functions can all be static, make it so. Fix warnings treated as errors with W=1: arch/powerpc/platforms/powermac/pci.c:1022:6: error: no previous prototype for ‘pmac_pci_fixup_ohci’ arch/powerpc/platforms/powermac/pci.c:1057:6: error: no previous prototype for ‘pmac_pci_fixup_cardbus’ arch/powerpc/platforms/powermac/pci.c:1094:6: error: no previous prototype for ‘pmac_pci_fixup_pciata’ Remove has_address declaration and assignment since it's not used. Also add gcc attribute unused to fix a warning treated as error with W=1: arch/powerpc/platforms/powermac/pci.c:784:19: error: variable ‘has_address’ set but not used arch/powerpc/platforms/powermac/pci.c:907:22: error: variable ‘ht’ set but not used Suggested-by: Christophe Leroy Signed-off-by: Mathieu Malaterre Signed-off-by: Michael Ellerman commit 8921305c1ec9d9ea23e5f8eac3063021e836530a Author: Mathieu Malaterre Date: Wed Mar 28 21:30:28 2018 +0200 powerpc/powermac: Remove variable x that's never read Since the value of x is never intended to be read, remove it. Fix warning treated as error with W=1: arch/powerpc/platforms/powermac/udbg_scc.c:76:9: error: variable ‘x’ set but not used Suggested-by: Christophe Leroy Signed-off-by: Mathieu Malaterre Reviewed-by: Christophe Leroy Signed-off-by: Michael Ellerman commit e4ecafb14fd9cd77d8f4320af1922e700db56d2b Author: Mathieu Malaterre Date: Thu Mar 22 22:05:28 2018 +0100 cxl: remove a dead branch In commit 14baf4d9c739 ("cxl: Add guest-specific code") the following code was added: if (afu->crs_len < 0) { dev_err(&afu->dev, "Unexpected configuration record size value\n"); return -EINVAL; } However the variable `crs_len` is of type u64 and cannot be compared < 0. Remove the dead code section. Fix the following warning treated as error with W=1: ../drivers/misc/cxl/guest.c:919:19: error: comparison of unsigned expression < 0 is always false [-Werror=type-limits] Signed-off-by: Mathieu Malaterre Signed-off-by: Michael Ellerman commit 2fff0f07b8441a481eb5fc0bfcd0e46d6dbd90db Author: Mathieu Malaterre Date: Thu Mar 22 21:20:02 2018 +0100 powerpc/powermac: Add missing include of header pmac.h The header `pmac.h` was not included, leading to the following warnings, treated as error with W=1: arch/powerpc/platforms/powermac/time.c:69:13: error: no previous prototype for ‘pmac_time_init’ [-Werror=missing-prototypes] arch/powerpc/platforms/powermac/time.c:207:15: error: no previous prototype for ‘pmac_get_boot_time’ [-Werror=missing-prototypes] arch/powerpc/platforms/powermac/time.c:222:6: error: no previous prototype for ‘pmac_get_rtc_time’ [-Werror=missing-prototypes] arch/powerpc/platforms/powermac/time.c:240:5: error: no previous prototype for ‘pmac_set_rtc_time’ [-Werror=missing-prototypes] arch/powerpc/platforms/powermac/time.c:259:12: error: no previous prototype for ‘via_calibrate_decr’ [-Werror=missing-prototypes] arch/powerpc/platforms/powermac/time.c:311:13: error: no previous prototype for ‘pmac_calibrate_decr’ [-Werror=missing-prototypes] The function `via_calibrate_decr` was made static to silence a warning. Signed-off-by: Mathieu Malaterre Signed-off-by: Michael Ellerman commit baedcdf5054c151a33e34392af7d8c3a244f16e6 Author: Markus Elfring Date: Sun Mar 11 09:03:42 2018 +0100 powerpc/kexec: Use common error handling code in setup_new_fdt() Add a jump target so that a bit of exception handling can be better reused at the end of this function. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring Reviewed-by: Thiago Jung Bauermann Signed-off-by: Michael Ellerman commit 302c7b0c4ff5aed585419603f835dee30207e5d5 Author: Boqun Feng Date: Tue Nov 22 17:20:09 2016 +0800 powerpc/xmon: Add address lookup for percpu symbols Currently, in xmon, there is no obvious way to get an address for a percpu symbol for a particular cpu. Having such an ability would be good for debugging the system when percpu variables got involved. Therefore, this patch introduces a new xmon command "lp" to lookup the address for percpu symbols. Usage of "lp" is similar to "ls", except that we could add a cpu number to choose the variable of which cpu we want to lookup. If no cpu number is given, lookup for current cpu. Signed-off-by: Boqun Feng Signed-off-by: Michael Ellerman commit 646dbe40fa2a54118975792fa9b98cefac7d232e Author: Christophe Leroy Date: Wed Aug 8 15:36:34 2018 +0000 powerpc/mm: remove huge_pte_offset_and_shift() prototype huge_pte_offset_and_shift() has never existed Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman commit fa54a981ea7a852c145b05c95abba11e81fc1157 Author: Christophe Leroy Date: Thu Aug 9 08:14:41 2018 +0000 powerpc/lib: Use patch_site to patch copy_32 functions once cache is enabled The symbol memcpy_nocache_branch defined in order to allow patching of memset function once cache is enabled leads to confusing reports by perf tool. Using the new patch_site functionality solves this issue. Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman commit cd813e1cd7122f2c261dce5b54d1e0c97f80e1a5 Author: Mahesh Salgaonkar Date: Tue Aug 7 19:46:46 2018 +0530 powerpc/pseries: Fix endianness while restoring of r3 in MCE handler. During Machine Check interrupt on pseries platform, register r3 points RTAS extended event log passed by hypervisor. Since hypervisor uses r3 to pass pointer to rtas log, it stores the original r3 value at the start of the memory (first 8 bytes) pointed by r3. Since hypervisor stores this info and rtas log is in BE format, linux should make sure to restore r3 value in correct endian format. Without this patch when MCE handler, after recovery, returns to code that that caused the MCE may end up with Data SLB access interrupt for invalid address followed by kernel panic or hang. Severe Machine check interrupt [Recovered] NIP [d00000000ca301b8]: init_module+0x1b8/0x338 [bork_kernel] Initiator: CPU Error type: SLB [Multihit] Effective address: d00000000ca70000 cpu 0xa: Vector: 380 (Data SLB Access) at [c0000000fc7775b0] pc: c0000000009694c0: vsnprintf+0x80/0x480 lr: c0000000009698e0: vscnprintf+0x20/0x60 sp: c0000000fc777830 msr: 8000000002009033 dar: a803a30c000000d0 current = 0xc00000000bc9ef00 paca = 0xc00000001eca5c00 softe: 3 irq_happened: 0x01 pid = 8860, comm = insmod vscnprintf+0x20/0x60 vprintk_emit+0xb4/0x4b0 vprintk_func+0x5c/0xd0 printk+0x38/0x4c init_module+0x1c0/0x338 [bork_kernel] do_one_initcall+0x54/0x230 do_init_module+0x8c/0x248 load_module+0x12b8/0x15b0 sys_finit_module+0xa8/0x110 system_call+0x58/0x6c --- Exception: c00 (System Call) at 00007fff8bda0644 SP (7fffdfbfe980) is in userspace This patch fixes this issue. Fixes: a08a53ea4c97 ("powerpc/le: Enable RTAS events support") Cc: stable@vger.kernel.org # v3.15+ Reviewed-by: Nicholas Piggin Signed-off-by: Mahesh Salgaonkar Signed-off-by: Michael Ellerman commit ced1bf52f47783135b985d2aacf53fa77fd72e2e Author: Hari Bathini Date: Tue Aug 7 02:12:54 2018 +0530 powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements With dynamic memory allocation support for crash memory ranges array, there is no hard limit on the no. of crash memory ranges kernel could export, but program headers count could overflow in the /proc/vmcore ELF file while exporting each memory range as PT_LOAD segment. Reduce the likelihood of a such scenario, by folding adjacent crash memory ranges which minimizes the total number of PT_LOAD segments. Signed-off-by: Hari Bathini Reviewed-by: Mahesh Salgaonkar Signed-off-by: Michael Ellerman commit 1bd6a1c4b80a28d975287630644e6b47d0f977a5 Author: Hari Bathini Date: Tue Aug 7 02:12:45 2018 +0530 powerpc/fadump: handle crash memory ranges array index overflow Crash memory ranges is an array of memory ranges of the crashing kernel to be exported as a dump via /proc/vmcore file. The size of the array is set based on INIT_MEMBLOCK_REGIONS, which works alright in most cases where memblock memory regions count is less than INIT_MEMBLOCK_REGIONS value. But this count can grow beyond INIT_MEMBLOCK_REGIONS value since commit 142b45a72e22 ("memblock: Add array resizing support"). On large memory systems with a few DLPAR operations, the memblock memory regions count could be larger than INIT_MEMBLOCK_REGIONS value. On such systems, registering fadump results in crash or other system failures like below: task: c00007f39a290010 ti: c00000000b738000 task.ti: c00000000b738000 NIP: c000000000047df4 LR: c0000000000f9e58 CTR: c00000000010f180 REGS: c00000000b73b570 TRAP: 0300 Tainted: G L X (4.4.140+) MSR: 8000000000009033 CR: 22004484 XER: 20000000 CFAR: c000000000008500 DAR: 000007a450000000 DSISR: 40000000 SOFTE: 0 ... NIP [c000000000047df4] smp_send_reschedule+0x24/0x80 LR [c0000000000f9e58] resched_curr+0x138/0x160 Call Trace: resched_curr+0x138/0x160 (unreliable) check_preempt_curr+0xc8/0xf0 ttwu_do_wakeup+0x38/0x150 try_to_wake_up+0x224/0x4d0 __wake_up_common+0x94/0x100 ep_poll_callback+0xac/0x1c0 __wake_up_common+0x94/0x100 __wake_up_sync_key+0x70/0xa0 sock_def_readable+0x58/0xa0 unix_stream_sendmsg+0x2dc/0x4c0 sock_sendmsg+0x68/0xa0 ___sys_sendmsg+0x2cc/0x2e0 __sys_sendmsg+0x5c/0xc0 SyS_socketcall+0x36c/0x3f0 system_call+0x3c/0x100 as array index overflow is not checked for while setting up crash memory ranges causing memory corruption. To resolve this issue, dynamically allocate memory for crash memory ranges and resize it incrementally, in units of pagesize, on hitting array size limit. Fixes: 2df173d9e85d ("fadump: Initialize elfcore header and add PT_LOAD program headers.") Cc: stable@vger.kernel.org # v3.4+ Signed-off-by: Hari Bathini Reviewed-by: Mahesh Salgaonkar [mpe: Just use PAGE_SIZE directly, fixup variable placement] Signed-off-by: Michael Ellerman commit 6bd6d8672208e8dc0c18588d6eb4588a195fd788 Author: Christophe Leroy Date: Mon Aug 6 15:09:11 2018 +0000 powerpc/cpm1: fix compilation error with CONFIG_PPC_EARLY_DEBUG_CPM commit e8cb7a55eb8dc ("powerpc: remove superflous inclusions of asm/fixmap.h") removed inclusion of asm/fixmap.h from files not including objects from that file. However, asm/mmu-8xx.h includes call to __fix_to_virt(). The proper way would be to include asm/fixmap.h in asm/mmu-8xx.h but it creates an inclusion loop. So we have to leave asm/fixmap.h in sysdep/cpm_common.c for CONFIG_PPC_EARLY_DEBUG_CPM CC arch/powerpc/sysdev/cpm_common.o In file included from ./arch/powerpc/include/asm/mmu.h:340:0, from ./arch/powerpc/include/asm/reg_8xx.h:8, from ./arch/powerpc/include/asm/reg.h:29, from ./arch/powerpc/include/asm/processor.h:13, from ./arch/powerpc/include/asm/thread_info.h:28, from ./include/linux/thread_info.h:38, from ./arch/powerpc/include/asm/ptrace.h:159, from ./arch/powerpc/include/asm/hw_irq.h:12, from ./arch/powerpc/include/asm/irqflags.h:12, from ./include/linux/irqflags.h:16, from ./include/asm-generic/cmpxchg-local.h:6, from ./arch/powerpc/include/asm/cmpxchg.h:537, from ./arch/powerpc/include/asm/atomic.h:11, from ./include/linux/atomic.h:5, from ./include/linux/mutex.h:18, from ./include/linux/kernfs.h:13, from ./include/linux/sysfs.h:16, from ./include/linux/kobject.h:20, from ./include/linux/device.h:16, from ./include/linux/node.h:18, from ./include/linux/cpu.h:17, from ./include/linux/of_device.h:5, from arch/powerpc/sysdev/cpm_common.c:21: arch/powerpc/sysdev/cpm_common.c: In function ‘udbg_init_cpm’: ./arch/powerpc/include/asm/mmu-8xx.h:218:25: error: implicit declaration of function ‘__fix_to_virt’ [-Werror=implicit-function-declaration] #define VIRT_IMMR_BASE (__fix_to_virt(FIX_IMMR_BASE)) ^ arch/powerpc/sysdev/cpm_common.c:75:7: note: in expansion of macro ‘VIRT_IMMR_BASE’ VIRT_IMMR_BASE); ^ ./arch/powerpc/include/asm/mmu-8xx.h:218:39: error: ‘FIX_IMMR_BASE’ undeclared (first use in this function) #define VIRT_IMMR_BASE (__fix_to_virt(FIX_IMMR_BASE)) ^ arch/powerpc/sysdev/cpm_common.c:75:7: note: in expansion of macro ‘VIRT_IMMR_BASE’ VIRT_IMMR_BASE); ^ ./arch/powerpc/include/asm/mmu-8xx.h:218:39: note: each undeclared identifier is reported only once for each function it appears in #define VIRT_IMMR_BASE (__fix_to_virt(FIX_IMMR_BASE)) ^ arch/powerpc/sysdev/cpm_common.c:75:7: note: in expansion of macro ‘VIRT_IMMR_BASE’ VIRT_IMMR_BASE); ^ cc1: all warnings being treated as errors make[1]: *** [arch/powerpc/sysdev/cpm_common.o] Error 1 Fixes: e8cb7a55eb8dc ("powerpc: remove superflous inclusions of asm/fixmap.h") Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman commit c42d3be0c06f0c1c416054022aa535c08a1f9b39 Author: Dan Carpenter Date: Wed Aug 8 14:57:24 2018 +0300 powerpc: Fix size calculation using resource_size() The problem is the the calculation should be "end - start + 1" but the plus one is missing in this calculation. Fixes: 8626816e905e ("powerpc: add support for MPIC message register API") Signed-off-by: Dan Carpenter Reviewed-by: Tyrel Datwyler Signed-off-by: Michael Ellerman commit 24576a70e7dfa703617a5e7ae8e6cbd66cfb6e5d Author: Rashmica Gupta Date: Fri Aug 3 16:06:01 2018 +1000 Documentation: Update documentation on ppc-memtrace Signed-off-by: Rashmica Gupta Signed-off-by: Michael Ellerman commit d3da701d3308ce1fa457f32c6c9e2102aedea030 Author: Rashmica Gupta Date: Fri Aug 3 16:06:00 2018 +1000 powerpc/powernv: Allow memory that has been hot-removed to be hot-added This patch allows the memory removed by memtrace to be readded to the kernel. So now you don't have to reboot your system to add the memory back to the kernel or to have a different amount of memory removed. Signed-off-by: Rashmica Gupta Tested-by: Michael Neuling Signed-off-by: Michael Ellerman commit 563a53f3906a6b43692498e5b3ae891fac93a4af Author: Bartosz Golaszewski Date: Fri Aug 10 11:13:52 2018 +0200 spi: davinci: fix a NULL pointer dereference On non-OF systems spi->controlled_data may be NULL. This causes a NULL pointer derefence on dm365-evm. Signed-off-by: Bartosz Golaszewski Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit 07d981ad4cf1e78361c6db1c28ee5ba105f96cc1 Author: Josh Poimboeuf Date: Fri Aug 10 08:31:10 2018 +0100 x86/microcode: Allow late microcode loading with SMT disabled The kernel unnecessarily prevents late microcode loading when SMT is disabled. It should be safe to allow it if all the primary threads are online. Signed-off-by: Josh Poimboeuf Acked-by: Borislav Petkov Signed-off-by: David Woodhouse commit e02789a53d71334b067ad72eee5d4e88a0158083 Author: Steve French Date: Thu Aug 9 14:33:12 2018 -0500 smb3: enumerating snapshots was leaving part of the data off end When enumerating snapshots, the last few bytes of the final snapshot could be left off since we were miscalculating the length returned (leaving off the sizeof struct SRV_SNAPSHOT_ARRAY) See MS-SMB2 section 2.2.32.2. In addition fixup the length used to allow smaller buffer to be passed in, in order to allow returning the size of the whole snapshot array more easily. Sample userspace output with a kernel patched with this (mounted to a Windows volume with two snapshots). Before this patch, the second snapshot would be missing a few bytes at the end. ~/cifs-2.6# ~/enum-snapshots /mnt/file press enter to issue the ioctl to retrieve snapshot information ... size of snapshot array = 102 Num snapshots: 2 Num returned: 2 Array Size: 102 Snapshot 0:@GMT-2018.06.30-19.34.17 Snapshot 1:@GMT-2018.06.30-19.33.37 CC: Stable Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky commit 730928c8f4be88e9d6a027a16b1e8fa9c59fc077 Author: Ronnie Sahlberg Date: Wed Aug 8 15:07:49 2018 +1000 cifs: update smb2_queryfs() to use compounding Change smb2_queryfs() to use a Create/QueryInfo/Close compound request. Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French Reviewed-by: Paulo Alcantara Reviewed-by: Pavel Shilovsky commit b24df3e30cbf48255db866720fb71f14bf9d2f39 Author: Ronnie Sahlberg Date: Wed Aug 8 15:07:45 2018 +1000 cifs: update receive_encrypted_standard to handle compounded responses Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French Reviewed-by: Paulo Alcantara Reviewed-by: Pavel Shilovsky commit 557ce95051c8eff67af48612ab350d8408aa0541 Merge: 8511b7da1869 b045d3af7d1f Author: Dave Airlie Date: Fri Aug 10 11:43:02 2018 +1000 Merge branch 'drm-next-4.19' of git://people.freedesktop.org/~agd5f/linux into drm-next More fixes for 4.19: - Fixes for scheduler - Fix for SR-IOV - Fixes for display Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20180809200052.2777-1-alexander.deucher@amd.com commit 8511b7da18694491afb50a5cf1515c29a999c7a4 Merge: 4abfe15e2a0a 2d87e6c1b99c Author: Dave Airlie Date: Fri Aug 10 11:37:30 2018 +1000 Merge tag 'imx-drm-fixes-2018-08-03' of git://git.pengutronix.de/git/pza/linux into drm-next drm/imx: ipu-v3 plane offset and IPU id fixes - Fix U/V plane offsets for odd vertical offsets. Due to wrong operator order, the y offset was not rounded down properly for vertically chroma subsampled planar formats. - Fix IPU id number for boards that don't have an OF alias for their single IPU in the device tree. This is necessary to support imx-media on i.MX51 and i.MX53 SoCs. Signed-off-by: Dave Airlie From: Philipp Zabel Link: https://patchwork.freedesktop.org/patch/msgid/1533552680.4204.14.camel@pengutronix.de commit 4abfe15e2a0a700eb36587dc3b3b1c29a609e4fb Merge: 824da016fde1 5c41bb607125 Author: Dave Airlie Date: Fri Aug 10 10:44:20 2018 +1000 Merge tag 'imx-drm-next-2018-08-03' of git://git.pengutronix.de/git/pza/linux into drm-next drm/imx: use suspend/resume helpers, add ipu-v3 V4L2 XRGB32/XBGR32 support - Convert imx_drm_suspend/resume to use the drm_mode_config_helper_suspend/ resume functions. - Add support for V4L2_PIX_FMT_XRGB32/XBGR32, corresponding to DRM_FORMAT_XRGB8888/BGRX8888, respectively. Signed-off-by: Dave Airlie From: Philipp Zabel Link: https://patchwork.freedesktop.org/patch/msgid/1533552701.4204.15.camel@pengutronix.de commit 10dbc9fedcf151ab794f5e22d4f34f1eff01a08f Author: Logan Gunthorpe Date: Thu Aug 9 17:09:17 2018 -0500 PCI: Add ACS Redirect disable quirk for Intel Sunrise Point Intel Sunrise Point PCH hardware has an implementation of the ACS bits that does not comply with the PCIe standard. Add a device-specific quirk, pci_quirk_disable_intel_spt_pch_acs_redir() to disable ACS Redirection on this system. Signed-off-by: Logan Gunthorpe [bhelgaas: changelog, split to separate patch] Signed-off-by: Bjorn Helgaas Reviewed-by: Alex Williamson commit 73c47ddef29b5869a2221e93cefdb56fd8263718 Author: Logan Gunthorpe Date: Thu Aug 9 16:51:43 2018 -0500 PCI: Add device-specific ACS Redirect disable infrastructure Intel Sunrise Point (SPT) PCH hardware has an implementation of the ACS bits that does not comply with the PCIe standard. To deal with this we need device-specific quirks to disable ACS redirection. Add a new pci_dev_specific_disable_acs_redir() quirk and a new .disable_acs_redir() function pointer for use by non-compliant devices. No functional change intended. Signed-off-by: Logan Gunthorpe [bhelgaas: split to separate patch, move pci_dev_specific_disable_acs_redir() declarations to drivers/pci/pci.h] Signed-off-by: Bjorn Helgaas Reviewed-by: Alex Williamson commit 3b269185c19268027ac79388b03c9d7322518e4c Author: Logan Gunthorpe Date: Thu Aug 9 16:45:47 2018 -0500 PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE Convert the search for device-specific ACS enable quirks from searching a NULL-terminated array to iterating through the array, which is always fixed-size anyway. No functional change intended. Signed-off-by: Logan Gunthorpe [bhelgaas: changelog, split to separate patch for reviewability] Signed-off-by: Bjorn Helgaas Reviewed-by: Alex Williamson commit aaca43fda742223e4f62bd73e13055f5364e9a9b Author: Logan Gunthorpe Date: Mon Jul 30 10:18:40 2018 -0600 PCI: Add "pci=disable_acs_redir=" parameter for peer-to-peer support To support peer-to-peer traffic on a segment of the PCI hierarchy, we must disable the ACS redirect bits for select PCI bridges. The bridges must be selected before the devices are discovered by the kernel and the IOMMU groups created. Therefore, add a kernel command line parameter to specify devices which must have their ACS bits disabled. The new parameter takes a list of devices separated by a semicolon. Each device specified will have its ACS redirect bits disabled. This is similar to the existing 'resource_alignment' parameter. The ACS Request P2P Request Redirect, P2P Completion Redirect and P2P Egress Control bits are disabled, which is sufficient to always allow passing P2P traffic uninterrupted. The bits are set after the kernel (optionally) enables the ACS bits itself. It is also done regardless of whether the kernel or platform firmware sets the bits. If the user tries to disable the ACS redirect for a device without the ACS capability, print a warning to dmesg. Signed-off-by: Logan Gunthorpe [bhelgaas: reorder to add the generic code first and move the device-specific quirk to subsequent patches] Signed-off-by: Bjorn Helgaas Reviewed-by: Stephen Bates Reviewed-by: Alex Williamson Acked-by: Christian König commit 922983c2a1a2f679cd576eb7162f413c15a4e979 Author: Jason Gunthorpe Date: Thu Aug 9 19:19:35 2018 +0300 IB/uverbs: Fix reading of 32 bit flags This is missing a zeroing of the high bits of flags, and is also not correct for big endian machines. Properly zero extend the 32 bit flags into the 64 bit stack variable. Reported-by: Michael J. Ruhl Fixes: bccd06223f21 ("IB/uverbs: Add UVERBS_ATTR_FLAGS_IN to the specs language") Signed-off-by: Jason Gunthorpe Signed-off-by: Leon Romanovsky Reviewed-by: Michael J. Ruhl commit 22f20a110321efb7cde3e87ae99862e1036ca285 Author: Paul Burton Date: Thu Aug 9 14:43:42 2018 -0700 MIPS: Remove remnants of UASM_ISA Commit 33679a50370d ("MIPS: uasm: Remove needless ISA abstraction") removed use of the MIPS_ISA preprocessor macro, but left a couple of unused definitions of it behind. Remove the dead code. Signed-off-by: Paul Burton commit 36d2f761b5aa688567b6aebdc6d68e73682275d4 Author: Ganesh Goudar Date: Thu Aug 9 12:32:03 2018 +0530 cxgb4: update 1.20.8.0 as the latest firmware supported Change t4fw_version.h to update latest firmware version number to 1.20.8.0. Signed-off-by: Ganesh Goudar Signed-off-by: David S. Miller commit 4d99f6602cb552fb58db0c3b1d935bb6fa017f24 Author: Andrei Vagin Date: Wed Aug 8 20:07:35 2018 -0700 net: allow to call netif_reset_xps_queues() under cpus_read_lock The definition of static_key_slow_inc() has cpus_read_lock in place. In the virtio_net driver, XPS queues are initialized after setting the queue:cpu affinity in virtnet_set_affinity() which is already protected within cpus_read_lock. Lockdep prints a warning when we are trying to acquire cpus_read_lock when it is already held. This patch adds an ability to call __netif_set_xps_queue under cpus_read_lock(). Acked-by: Jason Wang ============================================ WARNING: possible recursive locking detected 4.18.0-rc3-next-20180703+ #1 Not tainted -------------------------------------------- swapper/0/1 is trying to acquire lock: 00000000cf973d46 (cpu_hotplug_lock.rw_sem){++++}, at: static_key_slow_inc+0xe/0x20 but task is already holding lock: 00000000cf973d46 (cpu_hotplug_lock.rw_sem){++++}, at: init_vqs+0x513/0x5a0 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(cpu_hotplug_lock.rw_sem); lock(cpu_hotplug_lock.rw_sem); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by swapper/0/1: #0: 00000000244bc7da (&dev->mutex){....}, at: __driver_attach+0x5a/0x110 #1: 00000000cf973d46 (cpu_hotplug_lock.rw_sem){++++}, at: init_vqs+0x513/0x5a0 #2: 000000005cd8463f (xps_map_mutex){+.+.}, at: __netif_set_xps_queue+0x8d/0xc60 v2: move cpus_read_lock() out of __netif_set_xps_queue() Cc: "Nambiar, Amritha" Cc: "Michael S. Tsirkin" Cc: Jason Wang Fixes: 8af2c06ff4b1 ("net-sysfs: Add interface for Rx queue(s) map per Tx queue") Signed-off-by: Andrei Vagin Signed-off-by: David S. Miller commit 45db33709ccc7330c55fc6751c96468de407f2ac Author: Logan Gunthorpe Date: Mon Jul 30 10:18:38 2018 -0600 PCI: Allow specifying devices using a base bus and path of devfns When specifying PCI devices on the kernel command line using a bus/device/function address, bus numbers can change when adding or replacing a device, changing motherboard firmware, or applying kernel parameters like "pci=assign-buses". When bus numbers change, it's likely the command line tweak will be applied to the wrong device. Therefore, it is useful to be able to specify devices with a base bus number and the path of devfns needed to get to it, similar to the "device scope" structure in the Intel VT-d spec, Section 8.3.1. Thus, we add an option to specify devices in the following format: [:]:.[/.]* The path can be any segment within the PCI hierarchy of any length and determined through the use of 'lspci -t'. When specified this way, it is less likely that a renumbered bus will result in a valid device specification and the tweak won't be applied to the wrong device. Signed-off-by: Logan Gunthorpe [bhelgaas: use "device" instead of "slot" in documentation since that's the usual language in the PCI specs] Signed-off-by: Bjorn Helgaas Reviewed-by: Stephen Bates Reviewed-by: Alex Williamson Acked-by: Christian König commit 07d8d7e57c28ca9a07dab4efd75dad3a654aeb85 Author: Logan Gunthorpe Date: Mon Jul 30 10:18:37 2018 -0600 PCI: Make specifying PCI devices in kernel parameters reusable Separate out the code to match a PCI device with a string (typically originating from a kernel parameter) from the pci_specified_resource_alignment() function into its own helper function. While we are at it, this change fixes the kernel style of the function (fixing a number of long lines and extra parentheses). Additionally, make the analogous change to the kernel parameter documentation: Separate the description of how to specify a PCI device into its own section at the head of the "pci=" parameter. This patch should have no functional alterations. Signed-off-by: Logan Gunthorpe [bhelgaas: use "device" instead of "slot" in documentation since that's the usual language in the PCI specs] Signed-off-by: Bjorn Helgaas Reviewed-by: Stephen Bates Reviewed-by: Alex Williamson Acked-by: Christian König commit bd2e9567db72e37f7f4b90faa5133bc7365b5f65 Author: Bjorn Helgaas Date: Thu Aug 9 16:19:52 2018 -0500 PCI: Hide ACS quirk declarations inside PCI core Move declarations for these functions: pci_dev_specific_acs_enabled() pci_dev_specific_enable_acs() from include/linux/pci.h to drivers/pci/pci.h because nothing outside the PCI core needs to use them. Signed-off-by: Bjorn Helgaas commit 4005a7cb4f553a21d60f24ed7a18fbd26c6db9f4 Author: Andrew Lunn Date: Wed Aug 8 20:54:12 2018 +0200 net: phy: sftp: print debug message with text, not numbers Convert the state numbers, device state, etc from numbers to strings when printing debug messages. Signed-off-by: Andrew Lunn Acked-by: Florian Fainelli Signed-off-by: David S. Miller commit 51507c5f6484055c3d6071e9fb7aac5567efc20f Author: Colin Ian King Date: Wed Aug 8 19:04:27 2018 +0100 ethernet/qlogic: remove unused array msi_tgt_status Array msi_tgt_status is defined but never used, hence it is redundant and can be removed. Cleans up clang warning: warning: 'msi_tgt_status' defined but not used [-Wunused-const-variable=] Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit 933de7866b57b2fc8adc160642a81f07175f138d Author: Linus Walleij Date: Wed Aug 8 14:38:55 2018 +0200 net: dsa: rtl8366rb: Support port 4 (WAN) The totally undocumented IO mode needs to be set to enumerator 0 to enable port 4 also known as WAN in most configurations, for ordinary traffic. The 3 bits in the register come up as 010 after reset, but need to be set to 000. The Realtek source code contains a name for these bits, but no explanation of what the 8 different IO modes may be. Set it to zero for the time being and drop a comment so people know what is going on if they run into trouble. This "mode zero" works fine with the D-Link DIR-685 with RTL8366RB. Signed-off-by: Linus Walleij Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit cd16e5b233aadad5c4652f5466d1505a9f78bade Author: YueHaibing Date: Wed Aug 8 20:29:08 2018 +0800 mlxsw: spectrum_flower: use PTR_ERR_OR_ZERO() Fix ptr_ret.cocci warnings: drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c:543:1-3: WARNING: PTR_ERR_OR_ZERO can be used Signed-off-by: YueHaibing Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller commit 63cc5bcc9fc467bbe61cc9ee52509294bdf04c4b Author: Jiri Pirko Date: Wed Aug 8 14:04:13 2018 +0200 net: sched: fix block->refcnt decrement Currently the refcnt is never decremented in case the value is not 1. Fix it by adding decrement in case the refcnt is not 1. Reported-by: Vlad Buslov Fixes: f71e0ca4db18 ("net: sched: Avoid implicit chain 0 creation") Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller commit 0bab1cdc8c4d5392a5d9037cfbdbb2cacc91ce5e Author: YueHaibing Date: Wed Aug 8 19:59:32 2018 +0800 decnet: fix using plain integer as NULL warning Fixes the following sparse warning: net/decnet/dn_route.c:407:30: warning: Using plain integer as NULL pointer net/decnet/dn_route.c:1923:22: warning: Using plain integer as NULL pointer Signed-off-by: YueHaibing Reviewed-by: Kees Cook Signed-off-by: David S. Miller commit 15693fd37fc3a49da356164ed15b571c175efc34 Author: YueHaibing Date: Wed Aug 8 19:40:31 2018 +0800 net: skbuff.h: fix using plain integer as NULL warning Fixes the following sparse warning: ./include/linux/skbuff.h:2365:58: warning: Using plain integer as NULL pointer Signed-off-by: YueHaibing Signed-off-by: David S. Miller commit 98471b5b7294665aeb9345d65eea2bf69687ad11 Author: Petr Oros Date: Wed Aug 8 13:35:01 2018 +0200 be2net: Use Kconfig flag to support for enabling/disabling adapters Add flags to enable/disable supported chips in be2net. With disable support are removed coresponding PCI IDs and also codepaths with [BE2|BE3|BEx|lancer|skyhawk]_chip checks. Disable chip will reduce module size by: BE2 ~2kb BE3 ~3kb Lancer ~10kb Skyhawk ~9kb When enable skyhawk only it will reduce module size by ~20kb New help style in Kconfig Reviewed-by: Ivan Vecera Signed-off-by: Petr Oros Signed-off-by: David S. Miller commit eb95f52fc72d15566fe06807c9e0cabbcd3480f1 Author: Maria Pasechnik Date: Wed Aug 8 11:46:30 2018 +0300 net: ipv6_gre: Fix GRO to work on IPv6 over GRE tap IPv6 GRO over GRE tap is not working while GRO is not set over the native interface. gro_list_prepare function updates the same_flow variable of existing sessions to 1 if their mac headers match the one of the incoming packet. same_flow is used to filter out non-matching sessions and keep potential ones for aggregation. The number of bytes to compare should be the number of bytes in the mac headers. In gro_list_prepare this number is set to be skb->dev->hard_header_len. For GRE interfaces this hard_header_len should be as it is set in the initialization process (when GRE is created), it should not be overridden. But currently it is being overridden by the value that is actually supposed to represent the needed_headroom. Therefore, the number of bytes compared in order to decide whether the the mac headers are the same is greater than the length of the headers. As it's documented in netdevice.h, hard_header_len is the maximum hardware header length, and needed_headroom is the extra headroom the hardware may need. hard_header_len is basically all the bytes received by the physical till layer 3 header of the packet received by the interface. For example, if the interface is a GRE tap then the needed_headroom should be the total length of the following headers: IP header of the physical, GRE header, mac header of GRE. It is often used to calculate the MTU of the created interface. This patch removes the override of the hard_header_len, and assigns the calculated value to needed_headroom. This way, the comparison in gro_list_prepare is really of the mac headers, and if the packets have the same mac headers the same_flow will be set to 1. Performance testing: 45% higher bandwidth. Measuring bandwidth of single-stream IPv4 TCP traffic over IPv6 GRE tap while GRO is not set on the native. NIC: ConnectX-4LX Before (GRO not working) : 7.2 Gbits/sec After (GRO working): 10.5 Gbits/sec Signed-off-by: Maria Pasechnik Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller commit 333771526fbe14de3c871d8717bafc7b5b5249b3 Merge: 2eee32a74f6a 2ce9c93eaca6 Author: David S. Miller Date: Thu Aug 9 14:05:31 2018 -0700 Merge branch 'qed-Enhancements' Manish Chopra says: ==================== qed*: Enhancements This patch series adds following support in drivers - 1. Egress mqprio offload. 2. Add destination IP based flow profile. 3. Ingress flower offload (for drop action). Please consider applying this series to "net-next". ==================== Signed-off-by: David S. Miller commit 2ce9c93eaca6c67e3fa8828a471738a32cd66770 Author: Manish Chopra Date: Thu Aug 9 11:13:51 2018 -0700 qede: Ingress tc flower offload (drop action) support. The main motive of this patch is to lay down driver's tc offload infrastructure in place. With these changes tc can offload various supported flow profiles (4 tuples, src-ip, dst-ip, l4 port) for the drop action. Dropped flows statistic is a global counter for all the offloaded flows for drop action and is populated in ethtool statistics as common "gft_filter_drop". Examples - tc qdisc add dev p4p1 ingress tc filter add dev p4p1 protocol ipv4 parent ffff: flower \ skip_sw ip_proto tcp dst_ip 192.168.40.200 action drop tc filter add dev p4p1 protocol ipv4 parent ffff: flower \ skip_sw ip_proto udp src_ip 192.168.40.100 action drop tc filter add dev p4p1 protocol ipv4 parent ffff: flower \ skip_sw ip_proto tcp src_ip 192.168.40.100 dst_ip 192.168.40.200 \ src_port 453 dst_port 876 action drop tc filter add dev p4p1 protocol ipv4 parent ffff: flower \ skip_sw ip_proto tcp dst_port 98 action drop Signed-off-by: Manish Chopra Signed-off-by: Ariel Elior Signed-off-by: David S. Miller commit 91a56adbf178fa840069d000fb9d902f30e52456 Author: Manish Chopra Date: Thu Aug 9 11:13:50 2018 -0700 qede: Add destination ip based flow profile. This patch adds support for dropping and redirecting the flows based on destination IP in the packet. This also moves the profile mode settings in their own functions which can be used through tc flows in successive patch. For example - ethtool -N p5p1 flow-type tcp4 dst-ip 192.168.40.100 action -1 ethtool -N p5p1 flow-type udp4 dst-ip 192.168.50.100 action 1 ethtool -N p5p1 flow-type tcp4 dst-ip 192.168.60.100 action 0x100000000 Signed-off-by: Manish Chopra Signed-off-by: Ariel Elior Signed-off-by: David S. Miller commit 5e7baf0fcb2a3aef7329f3c7543d4695a46bd321 Author: Manish Chopra Date: Thu Aug 9 11:13:49 2018 -0700 qed/qede: Multi CoS support. This patch adds support for tc mqprio offload, using this different traffic classes on the adapter can be utilized based on configured priority to tc map. For example - tc qdisc add dev eth0 root mqprio num_tc 4 map 0 1 2 3 This will cause SKBs with priority 0,1,2,3 to transmit over tc 0,1,2,3 hardware queues respectively. Signed-off-by: Manish Chopra Signed-off-by: Ariel Elior Signed-off-by: David S. Miller commit 2eee32a74f6ad6f64ec418286f8a383c3ce73ccb Merge: a736e0746807 1a363b0d3bdc Author: David S. Miller Date: Thu Aug 9 14:02:50 2018 -0700 Merge branch 's390-qeth-next' Julian Wiedmann says: ==================== s390/qeth: updates 2018-08-09 one more set of patches for net-next. This is all sorts of cleanups and more refactoring on the way to using netdev_priv. Please apply. ==================== Signed-off-by: David S. Miller commit 1a363b0d3bdc7ee369d1f46f2ed7538b1d9481c7 Author: Gustavo A. R. Silva Date: Thu Aug 9 14:48:04 2018 +0200 s390/qeth: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This issue was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit f15cdaf237e9acc2ee14663ba53b872a27ee7015 Author: Julian Wiedmann Date: Thu Aug 9 14:48:03 2018 +0200 s390/qeth: don't restrict qeth_card to DMA memory Allocating the main qeth_card struct with GFP_DMA blocks us from moving it into netdev_priv(). But the only reason why we need DMA memory is the ccw1 structs embedded into each ccw channel. So extract those into separate allocations, like we already do for the cmd buffers. Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit 95f4d8b75ad3fb774113450c9788af0dde91a27d Author: Julian Wiedmann Date: Thu Aug 9 14:48:02 2018 +0200 s390/qeth: clean up card initialization The qeth_card struct is kzalloc-ed, so remove all the redundant 0-initializations. While at it, split up what's left of qeth_determine_card_type(). Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit 24142fd8d87d763bfc401cb0c496bb1050fea0b8 Author: Julian Wiedmann Date: Thu Aug 9 14:48:01 2018 +0200 s390/qeth: do basic setup for data channel The data channel currently doesn't need a setup operation, because we don't use pre-allocated cmd buffers for its IO. But subsequent changes will introduce further setup that also applies to the data channel. This refactors things a bit, so that the new stuff can then be automatically applied to all channels. Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit 45ca2fd64682cd1ea14b480fbb4b38b601ac123b Author: Julian Wiedmann Date: Thu Aug 9 14:48:00 2018 +0200 s390/qeth: use qeth_setup_ccw() to set up all CCWs Re-work the helper a little bit, so that it can be used for all CCWs that qeth issues. Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit 750b162598ec5b65cdb44d18f050b45cb7f8d31b Author: Julian Wiedmann Date: Thu Aug 9 14:47:59 2018 +0200 s390/qeth: reduce hard-coded access to ccw channels Where possible use accessor macros and local pointers to access the ccw channels. This makes it less likely to miss a spot. Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit 73657a3e5b0de69ccdabed0e340dcbbc99f46119 Author: Julian Wiedmann Date: Thu Aug 9 14:47:58 2018 +0200 s390/qeth: extract helper for MPC protocol type Just a little code deduplication. Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit 61884de08f8368b9aa289ab8dc953e0ce4c755b1 Author: Jens Axboe Date: Thu Aug 9 14:22:41 2018 -0600 null_blk: add lock drop/acquire annotation sparse complains: drivers/block/null_blk_main.c:816:24: sparse: context imbalance in 'null_insert_page' - unexpected unlock Fix it by adding the necessary annotations to the function. Signed-off-by: Jens Axboe commit 51ba09452d11b17248d80c740c2fd14c9fdc2c99 Author: Alex Williamson Date: Thu Aug 9 14:04:31 2018 -0600 PCI: Delay after FLR of Intel DC P3700 NVMe Add a device-specific reset for Intel DC P3700 NVMe device which exhibits a timeout failure in drivers waiting for the ready status to update after NVMe enable if the driver interacts with the device too soon after FLR. As this has been observed in device assignment scenarios, resolve this with a device-specific reset quirk to add an additional, heuristically determined, delay after the FLR completes. Link: https://bugzilla.redhat.com/show_bug.cgi?id=1592654 Signed-off-by: Alex Williamson Signed-off-by: Bjorn Helgaas commit ffb0863426eb91a14101376051cfafa5527e665d Author: Alex Williamson Date: Thu Aug 9 15:18:33 2018 -0500 PCI: Disable Samsung SM961/PM961 NVMe before FLR The Samsung SM961/PM961 (960 EVO) sometimes fails to return from FLR with the PCI config space reading back as -1. A reproducible instance of this behavior is resolved by clearing the enable bit in the NVMe configuration register and waiting for the ready status to clear (disabling the NVMe controller) prior to FLR. Link: https://bugzilla.redhat.com/show_bug.cgi?id=1542494 Signed-off-by: Alex Williamson Signed-off-by: Bjorn Helgaas commit 2d2917f7747805a1f4188672f308d82a8ba01700 Author: Alex Williamson Date: Thu Aug 9 14:04:14 2018 -0600 PCI: Export pcie_has_flr() pcie_flr() suggests pcie_has_flr() to ensure that PCIe FLR support is present prior to calling. pcie_flr() is exported while pcie_has_flr() is not. Resolve this. Signed-off-by: Alex Williamson Signed-off-by: Bjorn Helgaas commit ac5bb5b3b0502b90b489e6b19c46b8c3dbe2e640 Author: zhong jiang Date: Tue Aug 7 07:20:00 2018 -0400 rpc: remove unneeded variable 'ret' in rdma_listen_handler The ret is not modified after initalization, So just remove the variable and return 0. Signed-off-by: zhong jiang Signed-off-by: J. Bruce Fields commit a677a78325b3057ce03b6129f549ece85b0c8dd2 Author: Gustavo A. R. Silva Date: Wed Aug 1 19:44:05 2018 -0500 nfsd: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This issue was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: J. Bruce Fields commit c2cdc2ab24873289db8588a0a7ccec508d7ad075 Author: Eric Biggers Date: Tue Jul 17 11:01:25 2018 -0700 nfsd: constify write_op[] write_op[] is never modified, so make it 'const'. Signed-off-by: Eric Biggers Signed-off-by: J. Bruce Fields commit 5ed96bc5451bb736a0b7d5d72a0f444316dc6559 Author: nixiaoming Date: Mon Jul 23 09:57:11 2018 +0800 fs/nfsd: Delete invalid assignment statements in nfsd4_decode_exchange_id READ_BUF(8); dummy = be32_to_cpup(p++); dummy = be32_to_cpup(p++); ... READ_BUF(4); dummy = be32_to_cpup(p++); Assigning value to "dummy" here, but that stored value is overwritten before it can be used. At the same time READ_BUF() will re-update the pointer p. delete invalid assignment statements Signed-off-by: nixiaoming Signed-off-by: Chuck Lever Signed-off-by: Trond Myklebust Signed-off-by: J. Bruce Fields commit 11b4d66ea3313d9b03a83b80458ddee64990e3c3 Author: Chuck Lever Date: Fri Jul 27 11:19:10 2018 -0400 NFSD: Handle full-length symlinks I've given up on the idea of zero-copy handling of SYMLINK on the server side. This is because the Linux VFS symlink API requires the symlink pathname to be in a NUL-terminated kmalloc'd buffer. The NUL-termination is going to be problematic (watching out for landing on a page boundary and dealing with a 4096-byte pathname). I don't believe that SYMLINK creation is on a performance path or is requested frequently enough that it will cause noticeable CPU cache pollution due to data copies. There will be two places where a transport callout will be necessary to fill in the rqstp: one will be in the svc_fill_symlink_pathname() helper that is used by NFSv2 and NFSv3, and the other will be in nfsd4_decode_create(). Signed-off-by: Chuck Lever Signed-off-by: J. Bruce Fields commit 3fd9557aec919e2db99365ad5a2c00d04ae8893c Author: Chuck Lever Date: Fri Jul 27 11:19:05 2018 -0400 NFSD: Refactor the generic write vector fill helper fill_in_write_vector() is nearly the same logic as svc_fill_write_vector(), but there are a few differences so that the former can handle multiple WRITE payloads in a single COMPOUND. svc_fill_write_vector() can be adjusted so that it can be used in the NFSv4 WRITE code path too. Instead of assuming the pages are coming from rq_args.pages, have the caller pass in the page list. The immediate benefit is a reduction of code duplication. It also prevents the NFSv4 WRITE decoder from passing an empty vector element when the transport has provided the payload in the xdr_buf's page array. Signed-off-by: Chuck Lever Signed-off-by: J. Bruce Fields commit 07d0ff3b0cd23a4ba7078fb5cc3aeb25e38b3557 Author: Chuck Lever Date: Fri Jul 27 11:18:59 2018 -0400 svcrdma: Clean up Read chunk path Simplify the error handling at the tail of recv_read_chunk() by re-arranging rq_pages[] housekeeping and documenting it properly. NB: In this path, svc_rdma_recvfrom returns zero. Therefore no subsequent reply processing is done on the svc_rqstp, and thus the rq_respages field does not need to be updated. Signed-off-by: Chuck Lever Signed-off-by: J. Bruce Fields commit a53d5cb0646a12586ae45c892c7a411d47ee1a1d Author: Chuck Lever Date: Fri Jul 27 11:18:54 2018 -0400 svcrdma: Avoid releasing a page in svc_xprt_release() svc_xprt_release() invokes svc_free_res_pages(), which releases pages between rq_respages and rq_next_page. Historically, the RPC/RDMA transport has set these two pointers to be different by one, which means: - one page gets released when svc_recv returns 0. This normally happens whenever one or more RDMA Reads need to be dispatched to complete construction of an RPC Call. - one page gets released after every call to svc_send. In both cases, this released page is immediately refilled by svc_alloc_arg. There does not seem to be a reason for releasing this page. To avoid this unnecessary memory allocator traffic, set rq_next_page more carefully. Signed-off-by: Chuck Lever Signed-off-by: J. Bruce Fields commit 7b4d6da4bb6d0ece17ca27f0b4612df87f873d83 Author: Gustavo A. R. Silva Date: Tue Jul 31 21:24:10 2018 -0500 nfsd: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Warning level 2 was used: -Wimplicit-fallthrough=2 Signed-off-by: Gustavo A. R. Silva Signed-off-by: J. Bruce Fields commit 9cc3b98d1fdb0d279c6ba9264cac1ae2210497d2 Author: YueHaibing Date: Wed Aug 1 14:28:10 2018 +0800 sunrpc: remove redundant variables 'checksumlen','blocksize' and 'data' Variables 'checksumlen','blocksize' and 'data' are being assigned, but are never used, hence they are redundant and can be removed. Fix the following warning: net/sunrpc/auth_gss/gss_krb5_wrap.c:443:7: warning: variable ‘blocksize’ set but not used [-Wunused-but-set-variable] net/sunrpc/auth_gss/gss_krb5_crypto.c:376:15: warning: variable ‘checksumlen’ set but not used [-Wunused-but-set-variable] net/sunrpc/xprtrdma/svc_rdma.c:97:9: warning: variable ‘data’ set but not used [-Wunused-but-set-variable] Signed-off-by: YueHaibing Reviewed-by: Chuck Lever Signed-off-by: J. Bruce Fields commit 64bed6cbe38bc95689fb9399872d9ce250192f90 Author: Amir Goldstein Date: Fri Jul 13 17:22:24 2018 +0300 nfsd: fix leaked file lock with nfs exported overlayfs nfsd and lockd call vfs_lock_file() to lock/unlock the inode returned by locks_inode(file). Many places in nfsd/lockd code use the inode returned by file_inode(file) for lock manipulation. With Overlayfs, file_inode() (the underlying inode) is not the same object as locks_inode() (the overlay inode). This can result in "Leaked POSIX lock" messages and eventually to a kernel crash as reported by Eddie Horng: https://marc.info/?l=linux-unionfs&m=153086643202072&w=2 Fix all the call sites in nfsd/lockd that should use locks_inode(). This is a correctness bug that manifested when overlayfs gained NFS export support in v4.16. Reported-by: Eddie Horng Tested-by: Eddie Horng Cc: Jeff Layton Fixes: 8383f1748829 ("ovl: wire up NFS export operations") Cc: stable@vger.kernel.org Signed-off-by: Amir Goldstein Signed-off-by: J. Bruce Fields commit cd6a2064dbf9e485b80c54687f0ce91cca91a6df Author: Guenter Roeck Date: Thu Aug 9 11:50:46 2018 -0700 hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table All announced Threadripper 29xx models have a temperature offset of 27 degrees C. Simplify temperature offset table to match all 29xx Threadripper models with a single entry. Also simplify the table to match all 19xx Threadripper models with a single entry. This effectively drops entries for Threadripper 1910/1920/1950 which never saw the light of day. Cc: Michael Larabel Cc: Clemens Ladisch Signed-off-by: Guenter Roeck commit a736e074680745faa5dc6be8dd3c58ad4850aab9 Merge: 192e91d244e3 112cbae26d18 Author: David S. Miller Date: Thu Aug 9 11:52:36 2018 -0700 Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net Overlapping changes in RXRPC, changing to ktime_get_seconds() whilst adding some tracepoints. Signed-off-by: David S. Miller commit 991f61fe7e1db3f74b72a3a5cbe6b012804eb0ee Author: Liu Bo Date: Fri Aug 10 01:47:02 2018 +0800 Blk-throttle: reduce tail io latency when iops limit is enforced When an application's iops has exceeded its cgroup's iops limit, surely it is throttled and kernel will set a timer for dispatching, thus IO latency includes the delay. However, the dispatch delay which is calculated by the limit and the elapsed jiffies is suboptimal. As the dispatch delay is only calculated once the application's iops is (iops limit + 1), it doesn't need to wait any longer than the remaining time of the current slice. The difference can be proved by the following fio job and cgroup iops setting, ----- $ echo 4 > /mnt/config/nullb/disk1/mbps # limit nullb's bandwidth to 4MB/s for testing. $ echo "253:1 riops=100 rbps=max" > /sys/fs/cgroup/unified/cg1/io.max $ cat r2.job [global] name=fio-rand-read filename=/dev/nullb1 rw=randread bs=4k direct=1 numjobs=1 time_based=1 runtime=60 group_reporting=1 [file1] size=4G ioengine=libaio iodepth=1 rate_iops=50000 norandommap=1 thinktime=4ms ----- wo patch: file1: (g=0): rw=randread, bs=(R) 4096B-4096B, (W) 4096B-4096B, (T) 4096B-4096B, ioengine=libaio, iodepth=1 fio-3.7-66-gedfc Starting 1 process read: IOPS=99, BW=400KiB/s (410kB/s)(23.4MiB/60001msec) slat (usec): min=10, max=336, avg=27.71, stdev=17.82 clat (usec): min=2, max=28887, avg=5929.81, stdev=7374.29 lat (usec): min=24, max=28901, avg=5958.73, stdev=7366.22 clat percentiles (usec): | 1.00th=[ 4], 5.00th=[ 4], 10.00th=[ 4], 20.00th=[ 4], | 30.00th=[ 4], 40.00th=[ 4], 50.00th=[ 6], 60.00th=[11731], | 70.00th=[11863], 80.00th=[11994], 90.00th=[12911], 95.00th=[22676], | 99.00th=[23725], 99.50th=[23987], 99.90th=[23987], 99.95th=[25035], | 99.99th=[28967] w/ patch: file1: (g=0): rw=randread, bs=(R) 4096B-4096B, (W) 4096B-4096B, (T) 4096B-4096B, ioengine=libaio, iodepth=1 fio-3.7-66-gedfc Starting 1 process read: IOPS=100, BW=400KiB/s (410kB/s)(23.4MiB/60005msec) slat (usec): min=10, max=155, avg=23.24, stdev=16.79 clat (usec): min=2, max=12393, avg=5961.58, stdev=5959.25 lat (usec): min=23, max=12412, avg=5985.91, stdev=5951.92 clat percentiles (usec): | 1.00th=[ 3], 5.00th=[ 3], 10.00th=[ 4], 20.00th=[ 4], | 30.00th=[ 4], 40.00th=[ 5], 50.00th=[ 47], 60.00th=[11863], | 70.00th=[11994], 80.00th=[11994], 90.00th=[11994], 95.00th=[11994], | 99.00th=[11994], 99.50th=[11994], 99.90th=[12125], 99.95th=[12125], | 99.99th=[12387] Signed-off-by: Liu Bo Signed-off-by: Jens Axboe commit a29dba161ad1a01bbfbc80aa184b089ddd169a4e Author: Joerg Roedel Date: Thu Aug 9 11:44:49 2018 +0200 x86/relocs: Add __end_rodata_aligned to S_REL This new symbol needs to be in the workaround-list for buggy binutils, otherwise the build with gcc-4.6 fails. Fixes: 39d668e04eda ('x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit') Reported-by: Stephen Rothwell Signed-off-by: Joerg Roedel Signed-off-by: Thomas Gleixner Tested-by: Sedat Dilek Cc: "H. Peter Anvin" Cc: Peter Zijlstra Cc: Linux-Next Mailing List Link: https://lkml.kernel.org/r/20180809094449.ddmnrkz7qkvo3j2x@suse.de commit 192e91d244e376b32d90ffbf78c87a0fb35a4040 Merge: ff50eda44d08 80dfb28641b2 Author: David S. Miller Date: Thu Aug 9 11:16:29 2018 -0700 Merge branch 'Add-support-for-XGMAC2-in-stmmac' Jose Abreu says: ==================== Add support for XGMAC2 in stmmac This series adds support for 10Gigabit IP in stmmac. The IP is called XGMAC2 and has many similarities with GMAC4. Due to this, its relatively easy to incorporate this new IP into stmmac driver by adding a new block and filling the necessary callbacks. The functionality added by this series is still reduced but its only a starting point which will later be expanded. I splitted the patches into funcionality and to ease the review. Only the patch 8/9 really enables the XGMAC2 block by adding a new compatible string. Version 4 addresses review comments of Florian Fainelli and Rob Herring. NOTE: Although the IP supports 10G, for now it was only possible to test it at 1G speed due to 10G PHY HW shipping problems. Here follows iperf3 results at 1G: Connecting to host 192.168.0.10, port 5201 [ 4] local 192.168.0.3 port 39178 connected to 192.168.0.10 port 5201 [ ID] Interval Transfer Bandwidth Retr Cwnd [ 4] 0.00-1.00 sec 110 MBytes 920 Mbits/sec 0 482 KBytes [ 4] 1.00-2.00 sec 113 MBytes 946 Mbits/sec 0 482 KBytes [ 4] 2.00-3.00 sec 112 MBytes 937 Mbits/sec 0 482 KBytes [ 4] 3.00-4.00 sec 113 MBytes 946 Mbits/sec 0 482 KBytes [ 4] 4.00-5.00 sec 112 MBytes 935 Mbits/sec 0 482 KBytes [ 4] 5.00-6.00 sec 113 MBytes 946 Mbits/sec 0 482 KBytes [ 4] 6.00-7.00 sec 112 MBytes 937 Mbits/sec 0 482 KBytes [ 4] 7.00-8.00 sec 113 MBytes 946 Mbits/sec 0 482 KBytes [ 4] 8.00-9.00 sec 112 MBytes 937 Mbits/sec 0 482 KBytes [ 4] 9.00-10.00 sec 113 MBytes 946 Mbits/sec 0 482 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Retr [ 4] 0.00-10.00 sec 1.09 GBytes 940 Mbits/sec 0 sender [ 4] 0.00-10.00 sec 1.09 GBytes 938 Mbits/sec receiver ==================== Signed-off-by: David S. Miller commit 80dfb28641b2284df846f9005233e542e5c4ec68 Author: Jose Abreu Date: Wed Aug 8 09:04:37 2018 +0100 dt-bindings: net: stmmac: Add the bindings documentation for XGMAC2. Adds the documentation for XGMAC2 DT bindings. Signed-off-by: Jose Abreu Cc: David S. Miller Cc: Joao Pinto Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Cc: Sergei Shtylyov Cc: devicetree@vger.kernel.org Cc: Rob Herring Signed-off-by: David S. Miller commit a3f142478a5aa155fca461cb764ace6a317a4ff1 Author: Jose Abreu Date: Wed Aug 8 09:04:36 2018 +0100 net: stmmac: Add the bindings parsing for XGMAC2 Add the bindings parsing for XGMAC2 IP block. Signed-off-by: Jose Abreu Cc: David S. Miller Cc: Joao Pinto Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Signed-off-by: David S. Miller commit 7d9e6c5afab6bfb932acaef93111448bb876911c Author: Jose Abreu Date: Wed Aug 8 09:04:35 2018 +0100 net: stmmac: Integrate XGMAC into main driver flow Now that we have all the XGMAC related callbacks, lets start integrating this IP block into main driver. Also, we corrected the initialization flow to only start DMA after setting descriptors length. Signed-off-by: Jose Abreu Cc: David S. Miller Cc: Joao Pinto Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Cc: Andrew Lunn Signed-off-by: David S. Miller commit 4bb7aff9e6d0f92483f27ec04683efc2fdd42d25 Author: Jose Abreu Date: Wed Aug 8 09:04:34 2018 +0100 net: stmmac: Add PTP support for XGMAC2 XGMAC2 uses the same engine of timestamping as GMAC4. Let's use the same callbacks. Signed-off-by: Jose Abreu Cc: David S. Miller Cc: Joao Pinto Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Signed-off-by: David S. Miller commit 6fc21117b791b601362fd2240fab833cbdbfdc15 Author: Jose Abreu Date: Wed Aug 8 09:04:33 2018 +0100 net: stmmac: Add MDIO related functions for XGMAC2 Add the MDIO related funcionalities for the new IP block XGMAC2. Signed-off-by: Jose Abreu Cc: David S. Miller Cc: Joao Pinto Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Cc: Andrew Lunn Cc: Florian Fainelli Signed-off-by: David S. Miller commit 874dfb65a484cff9b95014ed66c7cc6d2d6c4436 Author: Jose Abreu Date: Wed Aug 8 09:04:32 2018 +0100 net: stmmac: Add descriptor related callbacks for XGMAC2 Add the descriptor related callbacks for the new IP block XGMAC2. Signed-off-by: Jose Abreu Cc: David S. Miller Cc: Joao Pinto Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Signed-off-by: David S. Miller commit d6ddfacd95c79d43465d4a85dffb1c9beca343a9 Author: Jose Abreu Date: Wed Aug 8 09:04:31 2018 +0100 net: stmmac: Add DMA related callbacks for XGMAC2 Add the DMA related callbacks for the new IP block XGMAC2. Signed-off-by: Jose Abreu Cc: David S. Miller Cc: Joao Pinto Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Cc: Florian Fainelli Signed-off-by: David S. Miller commit 2142754f8b9c619e22e1c9d1973cacc4a214695c Author: Jose Abreu Date: Wed Aug 8 09:04:30 2018 +0100 net: stmmac: Add MAC related callbacks for XGMAC2 Add the MAC related callbacks for the new IP block XGMAC2. Signed-off-by: Jose Abreu Cc: David S. Miller Cc: Joao Pinto Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Signed-off-by: David S. Miller commit 48ae5554a076c1bca31448d60263e4038def9f6f Author: Jose Abreu Date: Wed Aug 8 09:04:29 2018 +0100 net: stmmac: Add XGMAC 2.10 HWIF entry Add a new entry to HWIF table for XGMAC 2.10. For now we fill it with empty callbacks which will be added in posterior patches. Signed-off-by: Jose Abreu Cc: David S. Miller Cc: Joao Pinto Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Signed-off-by: David S. Miller commit ff50eda44d08587322efb73c5489ac3fec271830 Merge: 78b39066c425 734447d4ed7b Author: David S. Miller Date: Thu Aug 9 11:08:21 2018 -0700 Merge branch 'More-complete-PHYLINK-support-for-mv88e6xxx' Andrew Lunn says: ==================== More complete PHYLINK support for mv88e6xxx Previous patches added sufficient PHYLINK support to the mv88e6xxx that it did not break existing use cases, basically fixed-link phys. This patchset builds out the support so that SFP modules, up to 2.5Gbps can be supported, on mv88e6390X, on ports 9 and 10. It also provides a framework which can be extended to support SFPs on ports 2-8 of mv88e6390X, 10Gbps PHYs, and SFP support on the 6352 family. Russell King did much of the initial work, implementing the validate and mac_link_state calls. However, there is an important TODO in the commit message: needs to call phylink_mac_change() when the port link comes up/goes down. The remaining patches implement this, by adding more support for the SERDES interfaces, in particular, interrupt support so we get notified when the SERDES gains/looses sync. This has been tested on the ZII devel C, using a Clearfog as peer device. ==================== Signed-off-by: David S. Miller commit 734447d4ed7b1f31617c28959fd5adfbd9e39d13 Author: Andrew Lunn Date: Thu Aug 9 15:38:49 2018 +0200 net: dsa: mv88e6xxx: Re-setup interrupts on CMODE change. When a port changes CMODE, the SERDES interface being used can change. Disable interrupts for the old SERDES interface, and enable interrupts on the new. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit efd1ba6af93ff63d40f92515a83405133145c028 Author: Andrew Lunn Date: Thu Aug 9 15:38:48 2018 +0200 net: dsa: mv88e6xxx: Add SERDES phydev_mac_change up for 6390 phylink wants to know when the MAC layers notices a change in the link. For the 6390 family, this is a change in the SERDES state. Add interrupt support for the SERDES interface used to implement SGMII/1000Base-X/2500Base-X. This is currently limited to ports 9 and 10. Support for the 10G SERDES and other ports will be added later, building on this basic framework. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit 7b898469b91ea08e42dbed52acf8dfcb4f5914d0 Author: Andrew Lunn Date: Thu Aug 9 15:38:47 2018 +0200 net: dsa: mv88e6xxx: link mv88e6xxx_port to mv88e6xxx_chip An up coming change will register interrupts for individual switch ports, using the mv88e6xxx_port as the interrupt context information. Add members to the mv88e6xxx_port structure so we can link it back to the mv88e6xxx_chip member the port belongs to and the port number of the port. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit 364e9d7776a389941cea6c40783f90c236b402ce Author: Andrew Lunn Date: Thu Aug 9 15:38:46 2018 +0200 net: dsa: mv88e6xxx: Power on/off SERDES on cmode change The 6390 family has a number of SERDES interfaces per port. When the cmode changes, eg 1000Base-X to XAUI, the SERDES interface in use will also change. Power down the old SERDES interface and power up the new SERDES interface. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit 2d2e1dd29962ce0e6bc2c35fe804d919bf3e7f68 Author: Andrew Lunn Date: Thu Aug 9 15:38:45 2018 +0200 net: dsa: mv88e6xxx: Cache the port cmode The ports CMODE indicates the type of link between the MAC and the PHY. It is used often in the SERDES code. Rather than read it each time, cache its value. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit f8236a0835597b166a9f0bab38b9b31bd932ce98 Author: Andrew Lunn Date: Thu Aug 9 15:38:44 2018 +0200 net: dsa: mv88e6xxx: 2500Base-X uses the 1000Base-X SERDES The 6390 has three different SERDES interface types. 2500Base-X is implemented by the SGMII/1000Base-X SERDES. So power on/off the correct SERDES. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit e6891c76dd89418d08efbf72f65c93efc4a94556 Author: Andrew Lunn Date: Thu Aug 9 15:38:43 2018 +0200 net: dsa: mv88e6xxx: Add serdes register read/write helper Add a helper for accessing SERDES registers of the 6390 family. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit 23ef57d8230b0f3a92443fc4c88b1ec52994a70a Author: Andrew Lunn Date: Thu Aug 9 15:38:42 2018 +0200 net: dsa: mv88e6xxx: Rename sgmii/10g power functions There is a need to add more functions manipulating the SERDES interfaces. Cleanup the namespace. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit 07ffbd74d1786d13a4f3a6bc01400ea59e8b19c0 Author: Andrew Lunn Date: Thu Aug 9 15:38:41 2018 +0200 net: dsa: mv88e6xxx: 6390 vs 6390X SERDES support The 6390 has two SERDES interfaces, used by ports 9 and 10. The 6390X has eight SERDES interfaces. These allow ports 9 and 10 to do 10G. Or if lower speeds are used, some of the SERDES interfaces can be used by ports 2-8 for 1000Base-X. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit a8c01c0d941d2f220a5a31ded77a67d89ddec3b0 Author: Andrew Lunn Date: Thu Aug 9 15:38:40 2018 +0200 net: dsa: mv88e6xxx: Refactor SERDES lane code The 6390 family has 8 SERDES lanes. What ports use these lanes depends on how ports 9 and 10 are configured. If 9 and 10 does not make use of a line, one of the lower ports can use it. Add a function to return the lane a port is using, if any, and simplify the code to power up/down the lane. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit 6c422e34b1b6533af5730280835365d4b50786d3 Author: Russell King Date: Thu Aug 9 15:38:39 2018 +0200 net: dsa: mv88e6xxx: add phylink support Add rudimentary phylink support to mv88e6xxx. TODO: - needs to call phylink_mac_change() when the port link comes up/goes down. Signed-off-by: Russell King Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit 624c0f0239f04cce78c86afa95eb2841c84fbab1 Author: Russell King Date: Thu Aug 9 15:38:38 2018 +0200 phylink: add helper for configuring 2500BaseX modes Add a helper for MAC drivers to use in their validate callback to deal with 2500BaseX vs 1000BaseX modes, where the hardware supports both but it is not possible to automatically select between them. This helper defaults to 1000BaseX, as that is the 802.3 standard, and will allow users to select 2500BaseX either by forcing the speed if AN is disabled, or by changing the advertising mask if AN is enabled. Disabling AN is not recommended as it is only the speed that we're interested in controlling, not the duplex or pause mode parameters. Signed-off-by: Russell King Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit 54186b91bde1711080d0b23ce25f0bee5a058fc9 Author: Andrew Lunn Date: Thu Aug 9 15:38:37 2018 +0200 net: dsa: mv88e6xxx: Add support to enabling pause The 6185 can enable/disable 802.3z pause be setting the MyPause bit in the port status register. Add an op to support this. Signed-off-by: Russell King Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit c3ad2c3b02e953ead2b8d52a0c9e70312930c3d0 Author: Eric W. Biederman Date: Mon Jul 23 15:20:37 2018 -0500 signal: Don't restart fork when signals come in. Wen Yang and majiang report that a periodic signal received during fork can cause fork to continually restart preventing an application from making progress. The code was being overly pessimistic. Fork needs to guarantee that a signal sent to multiple processes is logically delivered before the fork and just to the forking process or logically delivered after the fork to both the forking process and it's newly spawned child. For signals like periodic timers that are always delivered to a single process fork can safely complete and let them appear to logically delivered after the fork(). While examining this issue I also discovered that fork today will miss signals delivered to multiple processes during the fork and handled by another thread. Similarly the current code will also miss blocked signals that are delivered to multiple process, as those signals will not appear pending during fork. Add a list of each thread that is currently forking, and keep on that list a signal set that records all of the signals sent to multiple processes. When fork completes initialize the new processes shared_pending signal set with it. The calculate_sigpending function will see those signals and set TIF_SIGPENDING causing the new task to take the slow path to userspace to handle those signals. Making it appear as if those signals were received immediately after the fork. It is not possible to send real time signals to multiple processes and exceptions don't go to multiple processes, which means that that are no signals sent to multiple processes that require siginfo. This means it is safe to not bother collecting siginfo on signals sent during fork. The sigaction of a child of fork is initially the same as the sigaction of the parent process. So a signal the parent ignores the child will also initially ignore. Therefore it is safe to ignore signals sent to multiple processes and ignored by the forking process. Signals sent to only a single process or only a single thread and delivered during fork are treated as if they are received after the fork, and generally not dealt with. They won't cause any problems. V2: Added removal from the multiprocess list on failure. V3: Use -ERESTARTNOINTR directly V4: - Don't queue both SIGCONT and SIGSTOP - Initialize signal_struct.multiprocess in init_task - Move setting of shared_pending to before the new task is visible to signals. This prevents signals from comming in before shared_pending.signal is set to delayed.signal and being lost. V5: - rework list add and delete to account for idle threads v6: - Use sigdelsetmask when removing stop signals Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200447 Reported-by: Wen Yang and Reported-by: majiang Fixes: 4a2c7a7837da ("[PATCH] make fork() atomic wrt pgrp/session signals") Signed-off-by: "Eric W. Biederman" commit b9763cdfd4a91a34f95ccc5e881ff2aa366197ef Author: Marcel Holtmann Date: Thu Aug 9 10:33:07 2018 +0200 Bluetooth: Introduce BT_HCIUART_RTL configuration option Like all the other UART protocols, introduce a configuration option for Realtek based serial devices. Signed-off-by: Marcel Holtmann Signed-off-by: Hans de Goede Signed-off-by: Johan Hedberg commit 354b064b8ebc1e1ede58550ca9e08bfa81e6af43 Author: Sandipan Das Date: Thu Aug 9 21:49:29 2018 +0530 perf probe powerpc: Fix trace event post-processing In some cases, a symbol may have multiple aliases. Attempting to add an entry probe for such symbols results in a probe being added at an incorrect location while it fails altogether for return probes. This is only applicable for binaries with debug information. During the arch-dependent post-processing, the offset from the start of the symbol at which the probe is to be attached is determined and added to the start address of the symbol to get the probe's location. In case there are multiple aliases, this offset gets added multiple times for each alias of the symbol and we end up with an incorrect probe location. This can be verified on a powerpc64le system as shown below. $ nm /lib/modules/$(uname -r)/build/vmlinux | grep "sys_open$" ... c000000000414290 T __se_sys_open c000000000414290 T sys_open $ objdump -d /lib/modules/$(uname -r)/build/vmlinux | grep -A 10 "<__se_sys_open>:" c000000000414290 <__se_sys_open>: c000000000414290: 19 01 4c 3c addis r2,r12,281 c000000000414294: 70 c4 42 38 addi r2,r2,-15248 c000000000414298: a6 02 08 7c mflr r0 c00000000041429c: e8 ff a1 fb std r29,-24(r1) c0000000004142a0: f0 ff c1 fb std r30,-16(r1) c0000000004142a4: f8 ff e1 fb std r31,-8(r1) c0000000004142a8: 10 00 01 f8 std r0,16(r1) c0000000004142ac: c1 ff 21 f8 stdu r1,-64(r1) c0000000004142b0: 78 23 9f 7c mr r31,r4 c0000000004142b4: 78 1b 7e 7c mr r30,r3 For both the entry probe and the return probe, the probe location should be _text+4276888 (0xc000000000414298). Since another alias exists for 'sys_open', the post-processing code will end up adding the offset (8 for powerpc64le) twice and perf will attempt to add the probe at _text+4276896 (0xc0000000004142a0) instead. Before: # perf probe -v -a sys_open probe-definition(0): sys_open symbol:sys_open file:(null) line:0 offset:0 return:0 lazy:(null) 0 arguments Looking at the vmlinux_path (8 entries long) Using /lib/modules/4.18.0-rc8+/build/vmlinux for symbols Open Debuginfo file: /lib/modules/4.18.0-rc8+/build/vmlinux Try to find probe point from debuginfo. Symbol sys_open address found : c000000000414290 Matched function: __se_sys_open [2ad03a0] Probe point found: __se_sys_open+0 Found 1 probe_trace_events. Opening /sys/kernel/debug/tracing/kprobe_events write=1 Writing event: p:probe/sys_open _text+4276896 Added new event: probe:sys_open (on sys_open) ... # perf probe -v -a sys_open%return $retval probe-definition(0): sys_open%return symbol:sys_open file:(null) line:0 offset:0 return:1 lazy:(null) 0 arguments Looking at the vmlinux_path (8 entries long) Using /lib/modules/4.18.0-rc8+/build/vmlinux for symbols Open Debuginfo file: /lib/modules/4.18.0-rc8+/build/vmlinux Try to find probe point from debuginfo. Symbol sys_open address found : c000000000414290 Matched function: __se_sys_open [2ad03a0] Probe point found: __se_sys_open+0 Found 1 probe_trace_events. Opening /sys/kernel/debug/tracing/README write=0 Opening /sys/kernel/debug/tracing/kprobe_events write=1 Parsing probe_events: p:probe/sys_open _text+4276896 Group:probe Event:sys_open probe:p Writing event: r:probe/sys_open__return _text+4276896 Failed to write event: Invalid argument Error: Failed to add events. Reason: Invalid argument (Code: -22) After: # perf probe -v -a sys_open probe-definition(0): sys_open symbol:sys_open file:(null) line:0 offset:0 return:0 lazy:(null) 0 arguments Looking at the vmlinux_path (8 entries long) Using /lib/modules/4.18.0-rc8+/build/vmlinux for symbols Open Debuginfo file: /lib/modules/4.18.0-rc8+/build/vmlinux Try to find probe point from debuginfo. Symbol sys_open address found : c000000000414290 Matched function: __se_sys_open [2ad03a0] Probe point found: __se_sys_open+0 Found 1 probe_trace_events. Opening /sys/kernel/debug/tracing/kprobe_events write=1 Writing event: p:probe/sys_open _text+4276888 Added new event: probe:sys_open (on sys_open) ... # perf probe -v -a sys_open%return $retval probe-definition(0): sys_open%return symbol:sys_open file:(null) line:0 offset:0 return:1 lazy:(null) 0 arguments Looking at the vmlinux_path (8 entries long) Using /lib/modules/4.18.0-rc8+/build/vmlinux for symbols Open Debuginfo file: /lib/modules/4.18.0-rc8+/build/vmlinux Try to find probe point from debuginfo. Symbol sys_open address found : c000000000414290 Matched function: __se_sys_open [2ad03a0] Probe point found: __se_sys_open+0 Found 1 probe_trace_events. Opening /sys/kernel/debug/tracing/README write=0 Opening /sys/kernel/debug/tracing/kprobe_events write=1 Parsing probe_events: p:probe/sys_open _text+4276888 Group:probe Event:sys_open probe:p Writing event: r:probe/sys_open__return _text+4276888 Added new event: probe:sys_open__return (on sys_open%return) ... Reported-by: Aneesh Kumar Signed-off-by: Sandipan Das Acked-by: Naveen N. Rao Cc: Aneesh Kumar Cc: Jiri Olsa Cc: Ravi Bangoria Fixes: 99e608b5954c ("perf probe ppc64le: Fix probe location when using DWARF") Link: http://lkml.kernel.org/r/20180809161929.35058-1-sandipan@linux.ibm.com Signed-off-by: Arnaldo Carvalho de Melo commit 78b39066c425ce913af1c0353d8fdc5d8c416e32 Merge: 82b94f5d6891 88cc318ebd87 Author: David S. Miller Date: Thu Aug 9 10:36:11 2018 -0700 Merge branch 'mlxsw-Various-updates' Ido Schimmel says: ==================== mlxsw: Various updates Patches 1-3 update the driver to use a new firmware version. Due to a recently discovered issue, the version (and future ones) does not support matching on VLAN ID at egress. This is enforced in the driver and reported back to the user via extack. Patch 4 adds a new selftest for the recently introduced algorithmic TCAM. Patch 5 converts the driver to use SPDX identifiers. Patches 6-7 fix a bug in ethtool stats reporting and expose counters for all 16 TCs, following recent MC-aware changes that utilize TCs 8-15. ==================== Signed-off-by: David S. Miller commit 88cc318ebd8740eae4784566757cbbc760244f5b Author: Petr Machata Date: Thu Aug 9 11:59:13 2018 +0300 mlxsw: spectrum: Expose counter for all 16 TCs Before MC-aware mode was enabled in commit 7b8195306694 ("mlxsw: spectrum: Configure MC-aware mode on mlxsw ports"), only 8 traffic classes were used. Under MC-aware regime, however, besides using TCs 0-7 for UC traffic, it additionally uses TCs 8-15 for BUM traffic. It is therefore desirable to show counters for these TCs as well. Update ethtool stats pool length, mlxsw_sp_port_get_strings() and mlxsw_sp_port_get_stats() to include artifacts for all 16 TCs. For consistency and simplicity, expose tc_no_buffer_discard_uc_tc for BUM TCs as well, even though it ought to stay at 0 all the time. Signed-off-by: Petr Machata Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit 9897dce2e39aa2f1fa7260b4a936a34f3fc6e775 Author: Petr Machata Date: Thu Aug 9 11:59:12 2018 +0300 mlxsw: spectrum: Include RFC-2819 counters in stats length The function mlxsw_sp_port_get_sset_count() is supposed to return the total number of ethtool strings that mlxsw supports. Specifically for names of statistic counters (the only string type that mlxsw supports as of now), that number is stored in MLXSW_SP_PORT_ETHTOOL_STATS_LEN. However, when adding RFC-2891 counters, that define wasn't updated to include the new counters. As a result, ethtool snips out the counters towards the end of the list, which contains per-TC counters, and only the first three traffic classes end up being reported. Fix by adding MLXSW_SP_PORT_HW_RFC_2819_STATS_LEN as appropriate. Fixes: 1222d15a01c7 ("mlxsw: spectrum: Expose counters for various packet sizes") Signed-off-by: Petr Machata Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit 9948a0641a17a38935a28d05f6c56d9d1ffabae6 Author: Jiri Pirko Date: Thu Aug 9 11:59:11 2018 +0300 mlxsw: Replace license text with SPDX identifiers and adjust copyrights Signed-off-by: Jiri Pirko Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit 3dd91570564679e13c4755cc5cdf2a535e3e1e34 Author: Ido Schimmel Date: Thu Aug 9 11:59:10 2018 +0300 selftests: mlxsw: Add TC flower test for Spectrum-2 Signed-off-by: Ido Schimmel Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller commit c86d62cc410cc5ab54c7e53a0c58efd3a025cac3 Author: Jiri Pirko Date: Thu Aug 9 11:59:09 2018 +0300 mlxsw: spectrum: Reset FW after flash Recent FW fixes a bug and allows to load newly flashed FW image after reset. So make sure the reset happens after flash. Indicate the need down to PCI layer by -EAGAIN. Signed-off-by: Jiri Pirko Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit a716d55e4d52af551f250a54eb72882ddbc3fb87 Author: Nir Dotan Date: Thu Aug 9 11:59:08 2018 +0300 mlxsw: spectrum: Update the supported firmware to version 13.1702.6 This new firmware contains: - Support for new types of cables - Support for flashing future firmware without reboot - Support for Router ARP BC and UC traps Signed-off-by: Nir Dotan Acked-by: Jiri Pirko Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit 903fcf734f468afb5a3f153f870f58e4c1d5e525 Author: Nir Dotan Date: Thu Aug 9 11:59:07 2018 +0300 mlxsw: spectrum_flower: Disallow usage of vlan_id key on egress As recent spectrum FW imposes a limitation on using vlan_id key for egress ACL, disallow the usage of that key accordingly and return a proper extack message. Signed-off-by: Nir Dotan Reviewed-by: Jiri Pirko Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit 01675e9503c4e20c5ce9aebdfe6a9cf2ae4991e0 Author: Masami Hiramatsu Date: Sat Jul 28 22:56:24 2018 +0900 selftests/ftrace: Fix kprobe string testcase to not probe notrace function Fix kprobe string argument testcase to not probe notrace function. Instead, it probes tracefs function which must be available with ftrace. Signed-off-by: Masami Hiramatsu Acked-by: Steven Rostedt (VMware) Signed-off-by: Shuah Khan (Samsung OSG) commit 9a29ad52d5c0b4732b0decbddb67c4c3ff4a70ce Author: Anders Roxell Date: Tue Jun 26 17:32:13 2018 +0200 selftests: mount: remove no longer needed config option Since commit eedf265aa003 ("devpts: Make each mount of devpts an independent filesystem.") CONFIG_DEVPTS_MULTIPLE_INSTANCES isn't needed in the defconfig anymore. Signed-off-by: Anders Roxell Signed-off-by: Shuah Khan (Samsung OSG) commit a0dde8be2ab8a92ab512e99bea5343017b639c9e Author: Anders Roxell Date: Thu Jun 21 00:54:12 2018 +0200 selftests: cgroup: add gitignore file Add the executable 'test_memcontrol' to a .gitignore file. Signed-off-by: Anders Roxell Signed-off-by: Shuah Khan (Samsung OSG) commit b045d3af7d1f443dd5209a096568e0ce983127e9 Author: Emily Deng Date: Thu Aug 9 10:03:04 2018 +0800 drm/amdgpu/sriov: give 8s for recover vram under RUNTIME Extend the timeout for recovering vram bos from shadows on sr-iov to cover the worst case scenario for timeslices and VFs Under runtime, the wait fence time could be quite long when other VFs are in exclusive mode. For example, for 4 VF, every VF's exclusive timeout time is set to 3s, then the worst case is 9s. If the VF number is more than 4,then the worst case time will be longer. The 8s is the test data, with setting to 8s, it will pass the TDR test for 1000 times. SWDEV-161490 Signed-off-by: Monk Liu Signed-off-by: Emily Deng Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher commit 275e6fa8ecfd8ec1eb36a865d6dafc64f4bed462 Author: Nayan Deshmukh Date: Thu Aug 9 15:18:12 2018 +0530 drm/scheduler: fix param documentation We no longer have sched parameter so remove its description as well Signed-off-by: Nayan Deshmukh Signed-off-by: Alex Deucher commit 6b8d84e2f1299a5876ed812b137c49686cc85c7c Author: Olga Kornievskaia Date: Mon Jul 9 15:13:36 2018 -0400 NFS add a simple sync nfs4_proc_commit after async COPY A COPY with unstable write data needs a simple sync commit. Filehandle value is gotten as a part of the inner loop so in case of a reboot retry it should get the new value. Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker commit 539f57b3e0fdaad20ddb0a45913cefee0c8c29c1 Author: Olga Kornievskaia Date: Mon Jul 9 15:13:35 2018 -0400 NFS handle COPY ERR_OFFLOAD_NO_REQS If client sent async COPY and server replied with ERR_OFFLOAD_NO_REQS, client should retry with a synchronous copy. Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker commit c975c20926575e5968c617ec437647b2f9d87532 Author: Olga Kornievskaia Date: Mon Jul 9 15:13:34 2018 -0400 NFS send OFFLOAD_CANCEL when COPY killed When COPY is killed by the user send OFFLOAD_CANCEL to server processing the copy. Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker commit 0f913a57d74ddae9f168c59d4003f3fd3e293669 Author: Olga Kornievskaia Date: Mon Jul 9 15:13:33 2018 -0400 NFS export nfs4_async_handle_error Make this function available to nfs42proc.c Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker commit bc0c9079b48ddcf1f8a6e1aaa277288b263c78d8 Author: Olga Kornievskaia Date: Mon Jul 9 15:13:32 2018 -0400 NFS handle COPY reply CB_OFFLOAD call race It's possible that server replies back with CB_OFFLOAD call and COPY reply at the same time such that client will process CB_OFFLOAD before reply to COPY. For that keep a list of pending callback stateids received and then before waiting on completion check the pending list. Cleanup any pending copies on the client shutdown. Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker commit 62164f317972fcd36590578888f33a1994dda519 Author: Olga Kornievskaia Date: Mon Jul 9 15:13:31 2018 -0400 NFS add support for asynchronous COPY Change xdr to always send COPY asynchronously. Keep the list copies send in a list under a server structure. Once copy is sent, it waits on a completion structure that will be signalled by the callback thread that receives CB_OFFLOAD. If CB_OFFLOAD returned an error and even if it returned partial bytes, ignore them (as we can't commit without a verifier to match) and return an error. Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker commit 67aa7444c4beb40aafedd8d2c60bbcc54987adda Author: Olga Kornievskaia Date: Mon Jul 9 15:13:30 2018 -0400 NFS COPY xdr handle async reply If server returns async reply, it must include a callback stateid, wr_callback_id in the write_response4. Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker commit cb95deea0b4aa5c7c7423f4e075a3ddcd59e710b Author: Olga Kornievskaia Date: Mon Jul 9 15:13:29 2018 -0400 NFS OFFLOAD_CANCEL xdr Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker commit 5178a125f6d5fb0720315ea4f7cca642fb936031 Author: Olga Kornievskaia Date: Mon Jul 9 15:13:28 2018 -0400 NFS CB_OFFLOAD xdr Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker commit 0a1c749dee4c52465d5580d77e0f8aaa9215c357 Author: Gustavo A. R. Silva Date: Thu Aug 9 10:54:46 2018 -0500 block: paride: pd: mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1056543 ("Missing break in switch") Addresses-Coverity-ID: 1056544 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Jens Axboe commit 5b1fe7bec8a8d0cc547a22e7ddc2bd59acd67de4 Author: Ilya Dryomov Date: Thu Aug 9 12:38:28 2018 +0200 dm cache metadata: set dirty on all cache blocks after a crash Quoting Documentation/device-mapper/cache.txt: The 'dirty' state for a cache block changes far too frequently for us to keep updating it on the fly. So we treat it as a hint. In normal operation it will be written when the dm device is suspended. If the system crashes all cache blocks will be assumed dirty when restarted. This got broken in commit f177940a8091 ("dm cache metadata: switch to using the new cursor api for loading metadata") in 4.9, which removed the code that consulted cmd->clean_when_opened (CLEAN_SHUTDOWN on-disk flag) when loading cache blocks. This results in data corruption on an unclean shutdown with dirty cache blocks on the fast device. After the crash those blocks are considered clean and may get evicted from the cache at any time. This can be demonstrated by doing a lot of reads to trigger individual evictions, but uncache is more predictable: ### Disable auto-activation in lvm.conf to be able to do uncache in ### time (i.e. see uncache doing flushing) when the fix is applied. # xfs_io -d -c 'pwrite -b 4M -S 0xaa 0 1G' /dev/vdb # vgcreate vg_cache /dev/vdb /dev/vdc # lvcreate -L 1G -n lv_slowdev vg_cache /dev/vdb # lvcreate -L 512M -n lv_cachedev vg_cache /dev/vdc # lvcreate -L 256M -n lv_metadev vg_cache /dev/vdc # lvconvert --type cache-pool --cachemode writeback vg_cache/lv_cachedev --poolmetadata vg_cache/lv_metadev # lvconvert --type cache vg_cache/lv_slowdev --cachepool vg_cache/lv_cachedev # xfs_io -d -c 'pwrite -b 4M -S 0xbb 0 512M' /dev/mapper/vg_cache-lv_slowdev # xfs_io -d -c 'pread -v 254M 512' /dev/mapper/vg_cache-lv_slowdev | head -n 2 0fe00000: bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ 0fe00010: bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ # dmsetup status vg_cache-lv_slowdev 0 2097152 cache 8 27/65536 128 8192/8192 1 100 0 0 0 8192 7065 2 metadata2 writeback 2 migration_threshold 2048 smq 0 rw - ^^^^ 7065 * 64k = 441M yet to be written to the slow device # echo b >/proc/sysrq-trigger # vgchange -ay vg_cache # xfs_io -d -c 'pread -v 254M 512' /dev/mapper/vg_cache-lv_slowdev | head -n 2 0fe00000: bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ 0fe00010: bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ # lvconvert --uncache vg_cache/lv_slowdev Flushing 0 blocks for cache vg_cache/lv_slowdev. Logical volume "lv_cachedev" successfully removed Logical volume vg_cache/lv_slowdev is not cached. # xfs_io -d -c 'pread -v 254M 512' /dev/mapper/vg_cache-lv_slowdev | head -n 2 0fe00000: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................ 0fe00010: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................ This is the case with both v1 and v2 cache pool metatata formats. After applying this patch: # vgchange -ay vg_cache # xfs_io -d -c 'pread -v 254M 512' /dev/mapper/vg_cache-lv_slowdev | head -n 2 0fe00000: bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ 0fe00010: bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ # lvconvert --uncache vg_cache/lv_slowdev Flushing 3724 blocks for cache vg_cache/lv_slowdev. ... Flushing 71 blocks for cache vg_cache/lv_slowdev. Logical volume "lv_cachedev" successfully removed Logical volume vg_cache/lv_slowdev is not cached. # xfs_io -d -c 'pread -v 254M 512' /dev/mapper/vg_cache-lv_slowdev | head -n 2 0fe00000: bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ 0fe00010: bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ Cc: stable@vger.kernel.org Fixes: f177940a8091 ("dm cache metadata: switch to using the new cursor api for loading metadata") Signed-off-by: Ilya Dryomov Signed-off-by: Mike Snitzer commit 209b43759d65b2cc99ce7757249aacc82b03c4e2 Author: Michael Büsch Date: Tue Jul 31 22:15:09 2018 +0200 ssb: Remove SSB_WARN_ON, SSB_BUG_ON and SSB_DEBUG Use the standard WARN_ON instead. If a small kernel is desired, WARN_ON can be disabled globally. Also remove SSB_DEBUG. Besides WARN_ON it only adds a tiny debug check. Include this check unconditionally. Signed-off-by: Michael Buesch Signed-off-by: Kalle Valo commit b8b6069cf2087545fe53ec920e8353133e9a70bf Author: Michael Büsch Date: Tue Jul 31 21:56:38 2018 +0200 ssb: Remove home-grown printk wrappers Replace the ssb printk wrappers by standard print helpers. Also remove SSB_SILENT. Nobody should use it anyway. Originally submitted by Joe Perches . Modified to add dev_... based printks. Signed-off-by: Michael Buesch Tested-by: Michael Buesch Cc: Joe Perches Signed-off-by: Kalle Valo commit 4d77a89e3924b12f4a5628b21237e57ab4703866 Author: Michael Büsch Date: Tue Jul 31 21:14:16 2018 +0200 b43legacy/leds: Ensure NUL-termination of LED name string strncpy might not NUL-terminate the string, if the name equals the buffer size. Use strlcpy instead. Signed-off-by: Michael Buesch Cc: stable@vger.kernel.org Signed-off-by: Kalle Valo commit 2aa650d1950fce94f696ebd7db30b8830c2c946f Author: Michael Büsch Date: Tue Jul 31 21:14:04 2018 +0200 b43/leds: Ensure NUL-termination of LED name string strncpy might not NUL-terminate the string, if the name equals the buffer size. Use strlcpy instead. Signed-off-by: Michael Buesch Cc: stable@vger.kernel.org Signed-off-by: Kalle Valo commit c7743c428111912fffceb38b860024f7e33b3e3c Author: Gustavo A. R. Silva Date: Sat Aug 4 19:04:53 2018 -0500 ssb: driver_gige: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Reviewed-by: Michael Buesch Signed-off-by: Kalle Valo commit ad2e6d23bdadd7db7086c578f3c77f244d405b3b Author: YueHaibing Date: Mon Aug 6 12:54:40 2018 +0800 rtlwifi: btcoex: Fix if == else warnings in halbtc8723b2ant.c Fix following coccinelle warning: ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:2952:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:2961:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:3011:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:3020:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:3439:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:3448:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:3339:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:3348:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:3074:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:3083:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:3192:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:3201:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:3267:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:3276:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:3124:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:3133:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:2821:2-4: WARNING: possible condition with no effect (if == else) ./drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c:2830:2-4: WARNING: possible condition with no effect (if == else) Signed-off-by: YueHaibing Acked-by: Ping-Ke Shih Signed-off-by: Kalle Valo commit 26b701adc37855a51af3e998241791fae94f99ab Author: Colin Ian King Date: Fri Aug 3 14:42:24 2018 +0100 iwlegacy: fix spelling mistake "acumulative" -> "accumulative" fix spelling mistake in rx stats text Signed-off-by: Colin Ian King Acked-by: Stanislaw Gruszka Signed-off-by: Kalle Valo commit 35204d0aa83ff4f8bdab7b0eab927dcaa7c4b7f6 Author: Colin Ian King Date: Fri Aug 3 08:46:36 2018 +0100 rsi: remove redundant variables bss, wh and temp_flash_content Variables bss, wh and temp_flash_content are being assigned but are never used hence they are redundant and can be removed. Cleans up clang warnings: warning: variable 'bss' set but not used [-Wunused-but-set-variable] warning: variable 'wh' set but not used [-Wunused-but-set-variable] warning: variable 'temp_flash_content' set but not used [-Wunused-but-set-variable] Signed-off-by: Colin Ian King Signed-off-by: Kalle Valo commit 24ecc3585348b616993a3c4d6dc2c6b8007e358c Author: Bart Van Assche Date: Thu Aug 9 07:53:38 2018 -0700 block: Ensure that a request queue is dissociated from the cgroup controller Several block drivers call alloc_disk() followed by put_disk() if something fails before device_add_disk() is called without calling blk_cleanup_queue(). Make sure that also for this scenario a request queue is dissociated from the cgroup controller. This patch avoids that loading the parport_pc, paride and pf drivers triggers the following kernel crash: BUG: KASAN: null-ptr-deref in pi_init+0x42e/0x580 [paride] Read of size 4 at addr 0000000000000008 by task modprobe/744 Call Trace: dump_stack+0x9a/0xeb kasan_report+0x139/0x350 pi_init+0x42e/0x580 [paride] pf_init+0x2bb/0x1000 [pf] do_one_initcall+0x8e/0x405 do_init_module+0xd9/0x2f2 load_module+0x3ab4/0x4700 SYSC_finit_module+0x176/0x1a0 do_syscall_64+0xee/0x2b0 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Reported-by: Alexandru Moise <00moses.alexander00@gmail.com> Fixes: a063057d7c73 ("block: Fix a race between request queue removal and the block cgroup controller") # v4.17 Signed-off-by: Bart Van Assche Tested-by: Alexandru Moise <00moses.alexander00@gmail.com> Reviewed-by: Johannes Thumshirn Cc: Tejun Heo Cc: Christoph Hellwig Cc: Ming Lei Cc: Alexandru Moise <00moses.alexander00@gmail.com> Cc: Joseph Qi Cc: Signed-off-by: Jens Axboe commit 4cf6324b17e96b7b7ab4021c6929500934d46750 Author: Bart Van Assche Date: Thu Aug 9 07:53:37 2018 -0700 block: Introduce blk_exit_queue() This patch does not change any functionality. Signed-off-by: Bart Van Assche Reviewed-by: Johannes Thumshirn Cc: Christoph Hellwig Cc: Ming Lei Cc: Omar Sandoval Cc: Alexandru Moise <00moses.alexander00@gmail.com> Cc: Joseph Qi Cc: Signed-off-by: Jens Axboe commit 6bad9b210a228d2fe0e0efe26d9b115348529cee Author: Bart Van Assche Date: Thu Aug 9 07:53:36 2018 -0700 blkcg: Introduce blkg_root_lookup() This new function will be used in a later patch to verify whether a queue has been dissociated from the cgroup controller before being released. Signed-off-by: Bart Van Assche Cc: Tejun Heo Cc: Christoph Hellwig Cc: Ming Lei Cc: Omar Sandoval Cc: Johannes Thumshirn Cc: Alexandru Moise <00moses.alexander00@gmail.com> Cc: Joseph Qi Cc: Signed-off-by: Jens Axboe commit d863cb03fc5f913c98a9c5d7ecb66fb4a3b29bae Author: Claudio Date: Wed Jul 18 19:33:58 2018 +0200 Add cgroup core selftests This commit adds tests for some of the core functionalities of cgroups v2. The commit adds tests for some core principles of croup V2 API: - test_cgcore_internal_process_constraint Tests internal process constraint. You can't add a pid to a domain parent if a controller is enabled. - test_cgcore_top_down_constraint_enable Tests that you can't enable a controller on a child if it's not enabled on the parent. - test_cgcore_top_down_constraint_disable Tests that you can't disable a controller on a parent if it's enabled in a child. - test_cgcore_no_internal_process_constraint_on_threads Tests that there's no internal process constrain on threaded cgroups. You can add threads/processes on a parent with a controller enabled. - test_cgcore_parent_becomes_threaded Tests that when a child becomes threaded the parent type becomes domain threaded. - test_cgcore_invalid_domain In a situation like: A (domain threaded) - B (threaded) - C (domain) it tests that C can't be used until it is turned into a threaded cgroup. The "cgroup.type" file will report "domain (invalid)" in these cases. Operations which fail due to invalid topology use EOPNOTSUPP as the errno. - test_cgcore_populated In a situation like: A(0) - B(0) - C(1) \ D(0) It tests that A, B and C's "populated" fields would be 1 while D's 0. It tests that after the one process in C is moved to root, A,B and C's "populated" fields would flip to "0" and file modified events will be generated on the "cgroup.events" files of both cgroups. Signed-off-by: Claudio Zumbo Cc: Shuah Khan Cc: Roman Gushchin Cc: Tejun Heo Cc: kernel-team@fb.com Acked-by: Tejun Heo Reviewed-by: Roman Gushchin Signed-off-by: Shuah Khan (Samsung OSG) commit 1ec49a236565060566be547b6e050bb414d0da96 Author: Valdis Kletnieks Date: Wed Aug 8 16:16:54 2018 -0400 mt76: fix build for MediaTek MT7610U USB wireless dongle The mt76x0 driver requires the mt76 core driver to actually function. So add a 'select' to avoid embarrassing 'symbol unknown' errors when attempting to modprobe it in a module tree that doesn't include mt76.ko Signed-off-by: Valdis Kletnieks Signed-off-by: Kalle Valo commit b1f4267cc5448d20ae0c515a74141e74365e78a3 Author: Bart Van Assche Date: Thu Aug 9 07:47:28 2018 -0700 block: Remove two superfluous #include directives Commit 12f5b9314545 ("blk-mq: Remove generation seqeunce") removed the only seqcount_t and u64_stats_sync instances from but did not remove the corresponding #include directives. Since these include directives are no longer needed, remove them. Signed-off-by: Bart Van Assche Cc: Christoph Hellwig Cc: Keith Busch Cc: Ming Lei Cc: Jianchao Wang Cc: Hannes Reinecke , Cc: Johannes Thumshirn Signed-off-by: Jens Axboe commit 17ad18fd12a35bf84109741415594e21f2577e5e Author: Kees Cook Date: Tue Aug 7 15:50:40 2018 -0700 mt76x0: Remove VLA usage Even with "const" variables, the compiler will generate warnings about VLA usage. In the quest to remove all VLAs from the kernel[1], this uses a #define instead of a const to do the array sizing. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Fixes: e87b5039511a ("mt76x0: eeprom files") Signed-off-by: Kees Cook Acked-by: Stanislaw Gruszka Signed-off-by: Kalle Valo commit 1b622bd59e9fc4375febf8697684746211eaeb4a Author: Stanislaw Gruszka Date: Tue Aug 7 10:43:37 2018 +0200 mt76x0: perform mt76x0_mac_set_ampdu_factor Remove return added accidentally in mt76x0_mac_set_ampdu_factor. Reported-by: Dan Carpenter Fixes: a77443498137 ("mt76x0: mac files") Signed-off-by: Stanislaw Gruszka Signed-off-by: Kalle Valo commit 5dc5bf2899a505085492b1273d34d4a51c41e093 Author: Stanislaw Gruszka Date: Tue Aug 7 10:43:09 2018 +0200 mt76x0: correct type for eeprom gain value Change type to u8 to allow sanity check agaist 0xff; Reported-by: Dan Carpenter Fixes: e87b5039511a ("mt76x0: eeprom files") Signed-off-by: Stanislaw Gruszka Signed-off-by: Kalle Valo commit 27a8aea13053700ad2a08189024df7e341d1ee51 Author: Winnie Chang Date: Tue Aug 7 21:19:41 2018 -0500 brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference The kernel BUG happens when wowl is enabled from firmware. In brcmf_wiphy_wowl_params(), cfg is a NULL pointer because it is drvr->config returned from wiphy_to_cfg(), and drvr->config is not set yet. To fix it, set drvr->config before brcmf_setup_wiphy() which calls brcmf_wiphy_wowl_params(). Fixes: 856d5a011c86 ("brcmfmac: allocate struct brcmf_pub instance using wiphy_new()") Signed-off-by: Winnie Chang Signed-off-by: Chi-Hsien Lin Signed-off-by: Kalle Valo commit d263ed9926823c462f99a7679e18f0c9e5b8550d Author: Jianchao Wang Date: Thu Aug 9 08:34:17 2018 -0600 blk-mq: count the hctx as active before allocating tag Currently, we count the hctx as active after allocate driver tag successfully. If a previously inactive hctx try to get tag first time, it may fails and need to wait. However, due to the stale tag ->active_queues, the other shared-tags users are still able to occupy all driver tags while there is someone waiting for tag. Consequently, even if the previously inactive hctx is waked up, it still may not be able to get a tag and could be starved. To fix it, we count the hctx as active before try to allocate driver tag, then when it is waiting the tag, the other shared-tag users will reserve budget for it. Reviewed-by: Ming Lei Signed-off-by: Jianchao Wang Signed-off-by: Jens Axboe commit d6c02a9beb67f13d5f14f23e72fa9981e8b84477 Author: Greg Edwards Date: Wed Aug 8 13:27:53 2018 -0600 block: bvec_nr_vecs() returns value for wrong slab In commit ed996a52c868 ("block: simplify and cleanup bvec pool handling"), the value of the slab index is incremented by one in bvec_alloc() after the allocation is done to indicate an index value of 0 does not need to be later freed. bvec_nr_vecs() was not updated accordingly, and thus returns the wrong value. Decrement idx before performing the lookup. Fixes: ed996a52c868 ("block: simplify and cleanup bvec pool handling") Signed-off-by: Greg Edwards Signed-off-by: Jens Axboe commit 4884f8bf87f6af065b8268b3baf0d16aff95de4a Merge: cbb751c060fe 66414e80245e Author: Jens Axboe Date: Thu Aug 9 08:22:21 2018 -0600 Merge branch 'nvme-4.19' of git://git.infradead.org/nvme into for-4.19/block Pull NVMe updates from Christoph: "This should be the last round of NVMe updates before the 4.19 merge window opens. It conatins support for write protected (aka read-only) namespaces from Chaitanya, two ANA fixes from Hannes and a fabrics fix from Tal Shorer." * 'nvme-4.19' of git://git.infradead.org/nvme: nvme-fabrics: fix ctrl_loss_tmo < 0 to reconnect forever nvmet: add ns write protect support nvme: set gendisk read only based on nsattr nvme.h: add support for ns write protect definitions nvme.h: fixup ANA group descriptor format nvme: fixup crash on failed discovery commit cbb751c060fe61140e3f23dc7cd95190bba4c89e Author: Shenghui Wang Date: Thu Aug 9 15:48:51 2018 +0800 bcache: trivial - remove tailing backslash in macro BTREE_FLAG Remove the tailing backslash in macro BTREE_FLAG in btree.h Signed-off-by: Shenghui Wang Signed-off-by: Coly Li Signed-off-by: Jens Axboe commit e921efeb07048a6f5daa540e5f04f19ec9360da2 Author: Shenghui Wang Date: Thu Aug 9 15:48:50 2018 +0800 bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section The pr_err statement in the code for sysfs_attatch section would run for various error codes, which maybe confusing. E.g, Run the command twice: echo 796b5c05-b03c-4bc7-9cbd-a8df5e8be891 > \ /sys/block/bcache0/bcache/attach [the backing dev got attached on the first run] echo 796b5c05-b03c-4bc7-9cbd-a8df5e8be891 > \ /sys/block/bcache0/bcache/attach In dmesg, after the command run twice, we can get: bcache: bch_cached_dev_attach() Can't attach sda6: already attached bcache: __cached_dev_store() Can't attach 796b5c05-b03c-4bc7-9cbd-\ a8df5e8be891 : cache set not found The first statement in the message was right, but the second was confusing. bch_cached_dev_attach has various pr_ statements for various error codes, except ENOENT. After the change, rerun above command twice: echo 796b5c05-b03c-4bc7-9cbd-a8df5e8be891 > \ /sys/block/bcache0/bcache/attach echo 796b5c05-b03c-4bc7-9cbd-a8df5e8be891 > \ /sys/block/bcache0/bcache/attach In dmesg we only got: bcache: bch_cached_dev_attach() Can't attach sda6: already attached No confusing "cache set not found" message anymore. And for some not exist SET-UUID: echo 796b5c05-b03c-4bc7-9cbd-a8df5e8be898 > \ /sys/block/bcache0/bcache/attach In dmesg we can get: bcache: __cached_dev_store() Can't attach 796b5c05-b03c-4bc7-9cbd-\ a8df5e8be898 : cache set not found Signed-off-by: Shenghui Wang Signed-off-by: Coly Li Signed-off-by: Jens Axboe commit ea8c5356d39048bc94bae068228f51ddbecc6b89 Author: Coly Li Date: Thu Aug 9 15:48:49 2018 +0800 bcache: set max writeback rate when I/O request is idle Commit b1092c9af9ed ("bcache: allow quick writeback when backing idle") allows the writeback rate to be faster if there is no I/O request on a bcache device. It works well if there is only one bcache device attached to the cache set. If there are many bcache devices attached to a cache set, it may introduce performance regression because multiple faster writeback threads of the idle bcache devices will compete the btree level locks with the bcache device who have I/O requests coming. This patch fixes the above issue by only permitting fast writebac when all bcache devices attached on the cache set are idle. And if one of the bcache devices has new I/O request coming, minimized all writeback throughput immediately and let PI controller __update_writeback_rate() to decide the upcoming writeback rate for each bcache device. Also when all bcache devices are idle, limited wrieback rate to a small number is wast of thoughput, especially when backing devices are slower non-rotation devices (e.g. SATA SSD). This patch sets a max writeback rate for each backing device if the whole cache set is idle. A faster writeback rate in idle time means new I/Os may have more available space for dirty data, and people may observe a better write performance then. Please note bcache may change its cache mode in run time, and this patch still works if the cache mode is switched from writeback mode and there is still dirty data on cache. Fixes: Commit b1092c9af9ed ("bcache: allow quick writeback when backing idle") Cc: stable@vger.kernel.org #4.16+ Signed-off-by: Coly Li Tested-by: Kai Krakow Tested-by: Stefan Priebe Cc: Michael Lyle Signed-off-by: Jens Axboe commit b467a6ac0b4bf57ec8c2329212e8a8a0231a2ef2 Author: Coly Li Date: Thu Aug 9 15:48:48 2018 +0800 bcache: add code comments for bset.c This patch tries to add code comments in bset.c, to make some tricky code and designment to be more comprehensible. Most information of this patch comes from the discussion between Kent and I, he offers very informative details. If there is any mistake of the idea behind the code, no doubt that's from me misrepresentation. Signed-off-by: Coly Li Signed-off-by: Jens Axboe commit 0cba2e71111e4bd156e67086de3484c7b907a4fc Author: Coly Li Date: Thu Aug 9 15:48:47 2018 +0800 bcache: fix mistaken comments in request.c This patch updates code comment in bch_keylist_realloc() by fixing incorrected function names, to make the code to be more comprehennsible. Signed-off-by: Coly Li Signed-off-by: Jens Axboe commit cb329dec11822f84f9d7309766a1f3a35d3d182a Author: Coly Li Date: Thu Aug 9 15:48:46 2018 +0800 bcache: fix mistaken code comments in bcache.h This patch updates the code comment in struct cache with correct array names, to make the code to be more comprehensible. Signed-off-by: Coly Li Signed-off-by: Jens Axboe commit e57fd746848597e9c701751e26416d4b2e3b27ea Author: Coly Li Date: Thu Aug 9 15:48:45 2018 +0800 bcache: add a comment in super.c This patch adds a line of code comment in super.c:register_bdev(), to make code to be more comprehensible. Signed-off-by: Coly Li Signed-off-by: Jens Axboe commit c2e8dcf7fa43ed236cb341c33aa3a75687557c43 Author: Coly Li Date: Thu Aug 9 15:48:44 2018 +0800 bcache: avoid unncessary cache prefetch bch_btree_node_get() In bch_btree_node_get() the read-in btree node will be partially prefetched into L1 cache for following bset iteration (if there is). But if the btree node read is failed, the perfetch operations will waste L1 cache space. This patch checkes whether read operation and only does cache prefetch when read I/O succeeded. Signed-off-by: Coly Li Signed-off-by: Jens Axboe commit b4cb6efc1af7da2fa1e9ff0eaf90e2be02cfdf5f Author: Coly Li Date: Thu Aug 9 15:48:43 2018 +0800 bcache: display rate debug parameters to 0 when writeback is not running When writeback is not running, writeback rate should be 0, other value is misleading. And the following dyanmic writeback rate debug parameters should be 0 too, rate, proportional, integral, change otherwise they are misleading when writeback is not running. Signed-off-by: Coly Li Signed-off-by: Jens Axboe commit 78ac2107176baa0daf65b0fb8e561d2ed14c83ca Author: Coly Li Date: Thu Aug 9 15:48:42 2018 +0800 bcache: do not check return value of debugfs_create_dir() Greg KH suggests that normal code should not care about debugfs. Therefore no matter successful or failed of debugfs_create_dir() execution, it is unncessary to check its return value. There are two functions called debugfs_create_dir() and check the return value, which are bch_debug_init() and closure_debug_init(). This patch changes these two functions from int to void type, and ignore return values of debugfs_create_dir(). This patch does not fix exact bug, just makes things work as they should. Signed-off-by: Coly Li Suggested-by: Greg Kroah-Hartman Cc: stable@vger.kernel.org Cc: Kai Krakow Cc: Kent Overstreet Signed-off-by: Jens Axboe commit 4aa5db22d35588e1a5d2ee88472348ea73d9fb23 Merge: 6c0848398776 f2cf0ef7c0ce Author: Mark Brown Date: Thu Aug 9 14:47:05 2018 +0100 Merge branch 'asoc-4.19' into asoc-next commit 6c084839877666d987ff8bc4e0facd3c02d99d61 Merge: 1ffaddd029c8 0717edbdfed6 Author: Mark Brown Date: Thu Aug 9 14:46:56 2018 +0100 Merge branch 'asoc-4.18' into asoc-linus commit f2cf0ef7c0ce141bb38f315c34c56e6ef5667a27 Author: Gustavo A. R. Silva Date: Wed Aug 8 14:19:33 2018 -0500 ASoC: adav80x: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1056531 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Acked-by: Lars-Peter Clausen Signed-off-by: Mark Brown commit d6c6ab93e17f139c9b7f9b077307ebddc05a7990 Author: Masahiro Yamada Date: Thu Aug 9 14:19:31 2018 +0900 kbuild: remove deprecated host-progs variable The host-progs has been kept as an alias of hostprogs-y for a long time (at least since the beginning of Git era), with the clear prompt: Usage of host-progs is deprecated. Please replace with hostprogs-y! Enough time for the migration has passed. Signed-off-by: Masahiro Yamada Acked-by: Max Filippov commit 47f38ae08df0aebb0e43fca50bf380aefea1f4d1 Author: Rob Landley Date: Wed Aug 8 13:06:43 2018 +0900 init/Kconfig: Use short unix-style option instead of --longname Avoids warning messages with the latest release of toybox, which never bothered to implement the --longopts nothing was using. Signed-off-by: Rob Landley Signed-off-by: Masahiro Yamada commit 3fca1700c4c38aaec1cea0c143b0ff8da029fd9c Author: Masahiro Yamada Date: Wed Aug 8 11:14:14 2018 +0900 kbuild: make samples really depend on headers_install Kernel headers must be installed into $(objtree)/usr/include to avoid the build failure of samples. Commit ddea05fa148b ("kbuild: make samples depend on headers_install") addressed this, but "samples/" is only used for the single target build. "make samples/" properly installs kernel headers, but it does not work for general building because a phony target "sample" (no trailing slash) is used. Reported-by: David Howells Signed-off-by: Masahiro Yamada Tested-by: David Howells commit e64e84987de5486839afaccd191df71012ac1800 Author: Hans de Goede Date: Thu Aug 9 13:40:46 2018 +0200 platform/x86: Add ACPI i2c-multi-instantiate pseudo driver On systems with ACPI instantiated i2c-clients, normally there is 1 fw_node per i2c-device and that fw-node contains 1 I2cSerialBus resource for that 1 i2c-device. But in some rare cases the manufacturer has decided to describe multiple i2c-devices in a single ACPI fwnode with multiple I2cSerialBus resources. An earlier attempt to fix this in the i2c-core resulted in a lot of extra code to support this corner-case. This commit introduces a new i2c-multi-instantiate driver which fixes this in a different way. This new driver can be built as a module which will only loaded on affected systems. This driver will instantiate a new i2c-client per I2cSerialBus resource, using the driver_data from the acpi_device_id it is binding to to tell it which chip-type (and optional irq-resource) to use when instantiating. Note this driver depends on a platform device being instantiated for the ACPI fwnode, see the i2c_multi_instantiate_ids list of ACPI device-ids in drivers/acpi/scan.c: acpi_device_enumeration_by_parent(). Acked-by: Andy Shevchenko Acked-by: Wolfram Sang Signed-off-by: Hans de Goede Signed-off-by: Rafael J. Wysocki commit 669f3765b755fd8739ab46ce3a9c6292ce8b3d2a Author: Stefan Haberland Date: Wed Jul 25 14:00:47 2018 +0200 s390/dasd: fix hanging offline processing due to canceled worker During offline processing two worker threads are canceled without freeing the device reference which leads to a hanging offline process. Reviewed-by: Jan Hoeppner Signed-off-by: Stefan Haberland Signed-off-by: Martin Schwidefsky commit 7c6553d4db03350dad0110c3224194c19df76a8f Author: Stefan Haberland Date: Wed Jul 25 13:27:10 2018 +0200 s390/dasd: fix panic for failed online processing Fix a panic that occurs for a device that got an error in dasd_eckd_check_characteristics() during online processing. For example the read configuration data command may have failed. If this error occurs the device is not being set online and the earlier invoked steps during online processing are rolled back. Therefore dasd_eckd_uncheck_device() is called which needs a valid private structure. But this pointer is not valid if dasd_eckd_check_characteristics() has failed. Check for a valid device->private pointer to prevent a panic. Reviewed-by: Jan Hoeppner Signed-off-by: Stefan Haberland Signed-off-by: Martin Schwidefsky commit 1dce5d849f94b90e2ed52056e7eefab3c17277b8 Merge: 1ffaddd029c8 1cbddedbed79 Author: Mark Brown Date: Thu Aug 9 11:17:30 2018 +0100 Merge branch 'regmap-4.19' into regmap-next commit 1cbddedbed799be9906ab3f2e5f58e618e6eb475 Merge: 75eb3a67a29e 74fe7b551f33 Author: Mark Brown Date: Thu Aug 9 11:15:06 2018 +0100 Merge tag 'regmap-noinc-read' into regmap-4.19 regmap: Support non-incrementing registers Some devices have individual registers that don't autoincrement the register address during bulk reads but instead repeatedly read the same value, for example for monitoring GPIOs or ADCs. Add support for these. commit 21ba074cb47171a34f60e250e8f7ef3dc1529e43 Author: Hans de Goede Date: Thu Aug 9 11:15:57 2018 +0200 ACPI / x86: utils: Remove status workaround from acpi_device_always_present() Now that we init the status field to ACPI_STA_DEFAULT rather then to 0, the workaround for acpi_match_device_ids() always returning -ENOENT when status is 0 is no longer needed. Signed-off-by: Hans de Goede Reviewed-by: Andy Shevchenko Signed-off-by: Rafael J. Wysocki commit d0ed4c60abfb9a4ab6cd416d1dea9df6266f8fc7 Merge: 72a361a5b91c aba941392aee Author: Rafael J. Wysocki Date: Thu Aug 9 12:12:52 2018 +0200 Merge branch 'acpi-scan' to satisfy dependencies. commit aba941392aeef2d1bc064a1e4b09293473ef7b9b Author: Hans de Goede Date: Thu Aug 9 11:15:56 2018 +0200 ACPI / scan: Create platform device for fwnodes with multiple i2c devices Some devices have multiple I2cSerialBus resources and for things to work an i2c-client must be instantiated for each, each with its own i2c_device_id. Normally we only instantiate an i2c-client for the first resource, using the ACPI HID as id. This commit adds a list of HIDs of devices, which need multiple i2c-clients instantiated from a single fwnode, to acpi_device_enumeration_by_parent and makes acpi_device_enumeration_by_parent return false for these devices so that a platform device will be instantiated. This allows the drivers/platform/x86/i2c-multi-instantiate.c driver, which knows which i2c_device_id to use for each resource, to bind to the fwnode and initiate an i2c-client for each resource. Signed-off-by: Hans de Goede Reviewed-by: Andy Shevchenko Signed-off-by: Rafael J. Wysocki commit 74fe7b551f3385fa585d92616c85b3a575b2b2cb Author: Crestez Dan Leonard Date: Tue Aug 7 17:52:17 2018 +0300 regmap: Add regmap_noinc_read API The regmap API usually assumes that bulk read operations will read a range of registers but some I2C/SPI devices have certain registers for which a such a read operation will return data from an internal FIFO instead. Add an explicit API to support bulk read without range semantics. Some linux drivers use regmap_bulk_read or regmap_raw_read for such registers, for example mpu6050 or bmi150 from IIO. This only happens to work because when caching is disabled a single regmap read op will map to a single bus read op (as desired). This breaks if caching is enabled and reg+1 happens to be a cacheable register. Without regmap support refactoring a driver to enable regmap caching requires separate I2C and SPI paths. This is exactly what regmap is supposed to help avoid. Suggested-by: Jonathan Cameron Signed-off-by: Crestez Dan Leonard Signed-off-by: Stefan Popa Signed-off-by: Mark Brown commit 17c81d2f5a59929c73a2a19fd49fe0b068fda76f Author: Adam Thomson Date: Thu Aug 9 10:48:50 2018 +0100 ASoC: da7219: Add delays to capture path to remove DC offset noise On some platforms it has been noted that a pop noise can be witnessed when capturing audio, mainly for first time after a headset jack has been inserted. This is due to a DC offset in the Mic PGA and so to avoid this delays are required when powering up the capture path. This commit rectifies the problem by adding delays post Mic PGA and post Mixin PGA. The post Mic PGA delay is determined based on Mic Bias voltage, and is only applied the first time after a headset jack is inserted. Signed-off-by: Adam Thomson Signed-off-by: Mark Brown commit 5971b0c1594d6c34e257101ed5fdffec65205c50 Author: Hans de Goede Date: Wed Aug 8 10:30:03 2018 +0200 ACPI / scan: Initialize status to ACPI_STA_DEFAULT Since commit 63347db0affa "ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs" the status field of normal acpi_devices gets set to 0 by acpi_bus_type_and_status() and filled with its actual value later when acpi_add_single_object() calls acpi_bus_get_status(). This means that any acpi_match_device_ids() calls in between will always fail with -ENOENT. We already have a workaround for this, which temporary forces status to ACPI_STA_DEFAULT in drivers/acpi/x86/utils.c: acpi_device_always_present() and the next commit in this series adds another acpi_match_device_ids() call between status being initialized as 0 and the acpi_bus_get_status() call. Rather then adding another workaround, this commit makes acpi_bus_type_and_status() initialize status to ACPI_STA_DEFAULT, this is safe to do as the only code looking at status between the initialization and the acpi_bus_get_status() call is those acpi_match_device_ids() calls. Note this does mean that we need to (re)set status to 0 in case the acpi_bus_get_status() call fails. Signed-off-by: Hans de Goede Signed-off-by: Rafael J. Wysocki commit 4c3be61e41b4206878cd021afbdb85f5b76f2099 Author: Mika Westerberg Date: Wed Aug 8 12:50:37 2018 +0300 ACPI / EC: Add another entry for Thinkpad X1 Carbon 6th Commit 2c4d6baf1bc4 (ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems) changed the DMI table to match all systems where DMI product family is "Thinkpad X1 Carbon 6th". However, the system I have here has this string written differently (ThinkPad vs. Thinkpad) which makes the match fail. In addition to that, after BIOS upgrade Robin now has the same string than my system has (perhaps newer BIOS has changed the string). In any case add another DMI entry to acpi_ec_no_wakeup[] table hopefully covering all the X1 Carbon 6th systems out there. Fixes: 2c4d6baf1bc4 (ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems) Signed-off-by: Mika Westerberg [ rjw: Rebase and change the ident string to match the product familiy ] Signed-off-by: Rafael J. Wysocki commit 67fbd0a3a802bc80218f6c33d594f34f0ecb02f9 Author: Tom Todd Date: Wed Aug 8 01:52:02 2018 +0100 ACPI: bus: Fix a pointer coding style issue Fix white space in the argument list of acpi_device_remove(). Signed-off-by: Tom Todd Signed-off-by: Rafael J. Wysocki commit 1035a0783523d8c730c44944a71b254f3a649e25 Author: Dongjiu Geng Date: Tue Aug 7 12:26:15 2018 -0400 arm64 / ACPI: clean the additional checks before calling ghes_notify_sea() In order to remove the additional check before calling the ghes_notify_sea(), make stub definition when !CONFIG_ACPI_APEI_SEA. After this cleanup, we can simply call the ghes_notify_sea() to let APEI driver handle the SEA notification. Signed-off-by: Dongjiu Geng Acked-by: Will Deacon Signed-off-by: Rafael J. Wysocki commit a6f0729508df6a067c4a074ec187ecd9d2457a6b Author: John Garry Date: Tue Aug 7 21:15:05 2018 +0800 ACPI / scan: Add static attribute to indirect_io_hosts[] Array indirect_io_hosts[] is declared in acpi_is_indirect_io_slave() as a const array, which means that the array will be re-built for each call. Optimise by adding the static attribute, which means that the array is added to const-data pool and not re-built per function call. Reported-by: Hans de Goede Signed-off-by: John Garry Signed-off-by: Rafael J. Wysocki commit b41901a2cf06f33c030be96c075872201089d47a Author: Hans de Goede Date: Tue Aug 7 09:36:30 2018 +0200 ACPI / battery: Do not export energy_full[_design] on devices without full_charge_capacity On some devices (with a buggy _BIX implementation) full_charge_capacity always reports as 0. This means that our energy_full sysfs attribute will also always be 0, which is not useful to export. Worse we calculate our reported capacity on full_charge_capacity and if it is 0 we always report 0. This causes userspace to immediately shutdown or hibernate the laptop since it assumes that the battery is critically low. This commit makes us not report energy_full[_design] or capacity on such broken devices, avoiding the immediate shutdown / hibernate from userspace. Link: https://bugzilla.kernel.org/show_bug.cgi?id=83941 Signed-off-by: Hans de Goede Signed-off-by: Rafael J. Wysocki commit e24f14b0ff985f3e09e573ba1134bfdf42987e05 Author: David Woodhouse Date: Wed Aug 8 11:00:16 2018 +0100 tools headers: Synchronise x86 cpufeatures.h for L1TF additions Signed-off-by: David Woodhouse commit 91c6e15efc1756b068dc6e945c1626397e60a119 Author: Gustavo A. R. Silva Date: Wed Aug 8 17:23:44 2018 -0500 ALSA: usb-audio: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1357413 ("Missing break in switch") Addresses-Coverity-ID: 114917 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Takashi Iwai commit 725097323bbcbbca51ede20b542c6229a2869445 Author: Gustavo A. R. Silva Date: Wed Aug 8 17:11:48 2018 -0500 ALSA: mixart: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Notice that in this particular case, I replaced the code comment with a proper "fall through" annotation, which is what GCC is expecting to find. Addresses-Coverity-ID: 114889 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Takashi Iwai commit 37a366face294facb9c9d9fdd9f5b64a27456cbd Author: Gerald Schaefer Date: Tue Aug 7 18:57:11 2018 +0200 s390/mm: fix addressing exception after suspend/resume Commit c9b5ad546e7d "s390/mm: tag normal pages vs pages used in page tables" accidentally changed the logic in arch_set_page_states(), which is used by the suspend/resume code. set_page_stable(page, order) was changed to set_page_stable_dat(page, 0). After this, only the first page of higher order pages will be set to stable, and a write to one of the unstable pages will result in an addressing exception. Fix this by using "order" again, instead of "0". Fixes: c9b5ad546e7d ("s390/mm: tag normal pages vs pages used in page tables") Cc: stable@vger.kernel.org # 4.14+ Reviewed-by: Heiko Carstens Signed-off-by: Gerald Schaefer Signed-off-by: Martin Schwidefsky commit 4c14d1ce17bcc4c0c0f291ee162f9de73c4ee2eb Author: Vasily Gorbik Date: Mon Jul 9 17:07:48 2018 +0200 rseq/selftests: add s390 support Implement support for s390 in the rseq selftests, in order to sanity check the recently enabled rseq syscall. The Implementation covers both 64-bit and 31-bit mode. Acked-by: Heiko Carstens Signed-off-by: Vasily Gorbik Signed-off-by: Martin Schwidefsky commit 47e20577c24d206730bef085cb53d9812efca6f4 Author: Manivannan Sadhasivam Date: Thu Jul 26 10:36:57 2018 +0530 dmaengine: Add Actions Semi Owl family S900 DMA driver Add Actions Semi Owl family S900 DMA driver. Signed-off-by: Manivannan Sadhasivam Signed-off-by: Vinod Koul commit 50454acaac63c4dea03a765242eb0d662a4fc383 Author: Manivannan Sadhasivam Date: Thu Jul 26 10:36:55 2018 +0530 dt-bindings: dmaengine: Add binding for Actions Semi Owl SoCs Add devicetree binding for Actions Semi Owl SoCs DMA controller. Signed-off-by: Manivannan Sadhasivam Reviewed-by: Rob Herring Signed-off-by: Vinod Koul commit 82b94f5d6891a8e58efdb9b054bdadbbdddec9d9 Merge: 13403d6952a5 269d26f47f6f Author: David S. Miller Date: Wed Aug 8 19:34:55 2018 -0700 Merge branch 'mlx5-next' Saeed Mahameed says: ==================== Mellanox, mlx5 next updates 2018-08-09 This series includes mlx5 core driver updates and mostly simple cleanups. From Denis: Use max #EQs reported by firmware to request MSIX vectors. From Eli: Trivial cleanups, unused arguments/functions and reduce command polling interval when command interface is in polling mode. From Eran: Rename vport state enums, to better reflect their actual usage. ==================== Signed-off-by: David S. Miller commit 269d26f47f6f7d4275b0e225c9ee80cf4a31aa8c Author: Eli Cohen Date: Wed Aug 8 16:23:53 2018 -0700 net/mlx5: Reduce command polling interval Use cond_resched() instead of usleep_range() to decrease the time between polling attempts thus reducing overall driver load time. Below is a comparison before and after the change, of loading eight virtual functions. Before: real 0m8.785s user 0m0.093s sys 0m0.090s After: real 0m5.730s user 0m0.097s sys 0m0.087s Signed-off-by: Eli Cohen Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller commit d1fd79f34f2d56f969472d7285ea5239ab7b7bf0 Author: Eli Cohen Date: Wed Aug 8 16:23:52 2018 -0700 net/mlx5: Unexport functions that need not be exported mlx5_query_vport_state() and mlx5_modify_vport_admin_state() are used only from within mlx5_core - unexport them. Signed-off-by: Eli Cohen Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller commit 29d8ebd44de8999e292dbb4de76744d4a41039ec Author: Eli Cohen Date: Wed Aug 8 16:23:51 2018 -0700 net/mlx5: Remove unused mlx5_query_vport_admin_state mlx5_query_vport_admin_state() is not used anywhere. Remove it. Signed-off-by: Eli Cohen Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller commit 8e3debc08b9a1a4c049c4e3bd2cfe73614a9a6cb Author: Eli Cohen Date: Wed Aug 8 16:23:50 2018 -0700 net/mlx5: E-Switch, Remove unused argument when creating legacy FDB Remove unused nvports argument. Signed-off-by: Eli Cohen Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller commit cc9c82a8668cf98748bfbaa83c5c092d5115c25b Author: Eran Ben Elisha Date: Wed Aug 8 16:23:49 2018 -0700 net/mlx5: Rename modify/query_vport state related enums Modify and query vport state commands share the same admin_state and op_mod values, rename the enums to fit them both. In addition, remove the esw prefix from the admin state enum as this also applied for vnic. Signed-off-by: Eran Ben Elisha Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller commit 342ac8448f1fb213908656ae5581d0f37a5954e8 Author: Denis Drozdov Date: Wed Aug 8 16:23:48 2018 -0700 net/mlx5: Use max_num_eqs for calculation of required MSIX vectors New firmware has defined new HCA capability field called "max_num_eqs", that is the number of available EQs after subtracting reserved FW EQs. Before this capability the FW reported the EQ number in "log_max_eqs", the reported value also contained FW reserved EQs, but the driver might be failing to load on 320 cpus systems due to the fact that FW reserved EQs were not available to the driver. Now the driver has to obtain max_num_eqs value from new FW to get real number of EQs available. Signed-off-by: Denis Drozdov Reviewed-by: Alex Vesker Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller commit 51372570ac3c919b036e760f4ca449e81cf8e995 Author: Jianchao Wang Date: Wed Aug 8 14:24:59 2018 +0800 scsi: core: use blk_mq_run_hw_queues in scsi_kick_queue We don't use blk-mq start/stop hw queue any more, so no reason to use blk_mq_start_hw_queues which does clear_bit, replace it with blk_mq_run_hw_queues. Signed-off-by: Jianchao Wang Reviewed-by: Ming Lei Signed-off-by: Martin K. Petersen commit e7c3b37983c4ed038a3b982aa3dafc76dfa86249 Author: Ohad Sharabi Date: Sun Aug 5 16:26:23 2018 +0300 scsi: ufs: remove unnecessary query(DM) UPIU trace This patch removes redundant trace that occurs when sending Device Management(DM) request (fix behavior in commit 6667e6d91c88 ("scsi: ufs: add trace event for ufs upiu"). Since the function send_command is called also for DM request, UPIU trace for DM request is called twice- one identified as query_* the other as send/complete. Signed-off-by: Ohad Sharabi Fixes: 6667e6d91c88 ("scsi: ufs: add trace event for ufs upiu") Reviewed-by: Stanislav Nijnikov Reviewed-by: Avri Altman Signed-off-by: Martin K. Petersen commit e9f7be0c4316a0ea1c47b1e800baa58fb937096c Author: Quinn Tran Date: Tue Aug 7 20:39:52 2018 -0700 scsi: qla2xxx: Fix issue reported by static checker for qla2x00_els_dcmd2_sp_done() This patch fixes following Smatch complaint: drivers/scsi/qla2xxx/qla_iocb.c:2647 qla2x00_els_dcmd2_sp_done() error: we previously assumed 'e' could be null (see line 2631) Fixes: 8777e4314d39 ("scsi: qla2xxx: Migrate NVME N2N handling into state machine") Reported-by: Dan Carpenter Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 13403d6952a5adf80d3d5668c290490852b4def2 Author: Wei Yongjun Date: Wed Aug 8 03:10:39 2018 +0000 ieee802154: hwsim: fix missing unlock on error in hwsim_add_one() Add the missing unlock before return from function hwsim_add_one() in the error handling case. Fixes: f25da51fdc38 ("ieee802154: hwsim: add replacement for fakelb") Signed-off-by: Wei Yongjun Signed-off-by: Stefan Schmidt Signed-off-by: David S. Miller commit 470770bf841b49fe129876300dfcb74a8bbabe99 Author: Wei Yongjun Date: Wed Aug 8 02:43:46 2018 +0000 ieee802154: hwsim: fix copy-paste error in hwsim_set_edge_lqi() The return value from kzalloc() is not checked correctly. The test is done against a wrong variable. This patch fix it. Fixes: f25da51fdc38 ("ieee802154: hwsim: add replacement for fakelb") Signed-off-by: Wei Yongjun Signed-off-by: Stefan Schmidt Signed-off-by: David S. Miller commit 1c9f4a3fce770f194647dd1441502dd5b84ca883 Author: Alexander Aring Date: Tue Aug 7 19:32:49 2018 -0400 ieee802154: hwsim: fix rcu handling This patch adds missing rcu_assign_pointer()/rcu_dereference() to used rcu pointers. There was already a previous commit c5d99d2b35da ("ieee802154: hwsim: fix rcu address annotation"), but there was more which was pointed out on my side by using newest sparse version. Cc: Stefan Schmidt Fixes: f25da51fdc38 ("ieee802154: hwsim: add replacement for fakelb") Signed-off-by: Alexander Aring Signed-off-by: Stefan Schmidt Signed-off-by: David S. Miller commit d98e000cc79e740f0c9e2dee59cd4b12a2f11a52 Author: Dongliang Mu Date: Tue Aug 7 01:14:29 2018 -0400 scsi: aacraid: Spelling fix in comment requesed -> requested Signed-off-by: Dongliang Mu Signed-off-by: Martin K. Petersen commit e70183143cc472960bc60dfee1b7bbe1949feffb Author: Sreekanth Reddy Date: Thu Jul 12 12:53:29 2018 -0400 scsi: mpt3sas: Fix calltrace observed while running IO & reset Below kernel BUG was observed while running IOs with host reset (issued from application), mpt3sas_cm0: diag reset: SUCCESS ------------[ cut here ]------------ WARNING: CPU: 12 PID: 4336 at drivers/scsi/mpt3sas/mpt3sas_base.c:3282 mpt3sas_base_clear_st+0x3d/0x40 [mpt3sas] Modules linked in: macsec tcp_diag udp_diag inet_diag unix_diag af_packet_diag netlink_diag binfmt_misc fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun devlink ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter sunrpc vfat fat sb_edac intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd iTCO_wdt iTCO_vendor_support dcdbas pcspkr joydev ipmi_ssif ses enclosure sg ipmi_devintf acpi_pad ipmi_msghandler acpi_power_meter mei_me lpc_ich wmi mei shpchp ip_tables xfs libcrc32c sd_mod crc_t10dif crct10dif_generic ata_generic pata_acpi uas usb_storage mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm ata_piix mpt3sas libata crct10dif_pclmul crct10dif_common tg3 crc32c_intel i2c_core raid_class ptp scsi_transport_sas pps_core dm_mirror dm_region_hash dm_log dm_mod CPU: 12 PID: 4336 Comm: python Kdump: loaded Tainted: G W ------------ 3.10.0-875.el7.brdc.x86_64 #1 Hardware name: Dell Inc. PowerEdge R820/0YWR73, BIOS 1.5.0 03/08/2013 Call Trace: [] dump_stack+0x19/0x1b [] __warn+0xd8/0x100 [] warn_slowpath_null+0x1d/0x20 [] mpt3sas_base_clear_st+0x3d/0x40 [mpt3sas] [] _scsih_flush_running_cmds+0x92/0xe0 [mpt3sas] [] mpt3sas_scsih_reset_handler+0x43b/0xaf0 [mpt3sas] [] ? vprintk_default+0x29/0x40 [] ? printk+0x60/0x77 [] ? _base_diag_reset+0x238/0x340 [mpt3sas] [] mpt3sas_base_hard_reset_handler+0x1ad/0x420 [mpt3sas] [] _ctl_ioctl_main.isra.12+0x11b9/0x1200 [mpt3sas] [] ? xfs_file_aio_write+0x155/0x1b0 [xfs] [] ? do_sync_write+0x93/0xe0 [] _ctl_ioctl+0x1a/0x20 [mpt3sas] [] do_vfs_ioctl+0x350/0x560 [] ? __sb_end_write+0x31/0x60 [] SyS_ioctl+0xa1/0xc0 [] ? system_call_after_swapgs+0xa2/0x146 [] system_call_fastpath+0x1c/0x21 [] ? system_call_after_swapgs+0xae/0x146 ---[ end trace 5dac5b98d89aaa3c ]--- ------------[ cut here ]------------ kernel BUG at block/blk-core.c:1476! invalid opcode: 0000 [#1] SMP Modules linked in: macsec tcp_diag udp_diag inet_diag unix_diag af_packet_diag netlink_diag binfmt_misc fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun devlink ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter sunrpc vfat fat sb_edac intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd iTCO_wdt iTCO_vendor_support dcdbas pcspkr joydev ipmi_ssif ses enclosure sg ipmi_devintf acpi_pad ipmi_msghandler acpi_power_meter mei_me lpc_ich wmi mei shpchp ip_tables xfs libcrc32c sd_mod crc_t10dif crct10dif_generic ata_generic pata_acpi uas usb_storage mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm ata_piix mpt3sas libata crct10dif_pclmul crct10dif_common tg3 crc32c_intel i2c_core raid_class ptp scsi_transport_sas pps_core dm_mirror dm_region_hash dm_log dm_mod CPU: 12 PID: 4336 Comm: python Kdump: loaded Tainted: G W ------------ 3.10.0-875.el7.brdc.x86_64 #1 Hardware name: Dell Inc. PowerEdge R820/0YWR73, BIOS 1.5.0 03/08/2013 task: ffff903fc96e0fd0 ti: ffff903fb1eec000 task.ti: ffff903fb1eec000 RIP: 0010:[] [] blk_requeue_request+0x90/0xa0 RSP: 0018:ffff903c6b783dc0 EFLAGS: 00010087 RAX: ffff903bb67026d0 RBX: ffff903b7d6a6140 RCX: dead000000000200 RDX: ffff903bb67026d0 RSI: ffff903bb6702580 RDI: ffff903bb67026d0 RBP: ffff903c6b783dd8 R08: ffff903bb67026d0 R09: ffffd97e80000000 R10: ffff903c658bac00 R11: 0000000000000000 R12: ffff903bb6702580 R13: ffff903fa9a292f0 R14: 0000000000000246 R15: 0000000000001057 FS: 00007f7026f5b740(0000) GS:ffff903c6b780000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f298877c004 CR3: 00000000caf36000 CR4: 00000000000607e0 Call Trace: [] __scsi_queue_insert+0xbf/0x110 [] scsi_io_completion+0x5da/0x6a0 [] scsi_finish_command+0xdc/0x140 [] scsi_softirq_done+0x132/0x160 [] blk_done_softirq+0x96/0xc0 [] __do_softirq+0xf5/0x280 [] call_softirq+0x1c/0x30 [] do_softirq+0x65/0xa0 [] irq_exit+0x105/0x110 [] smp_apic_timer_interrupt+0x48/0x60 [] apic_timer_interrupt+0x162/0x170 [] ? scsi_done+0x21/0x60 [] ? delay_tsc+0x38/0x60 [] __const_udelay+0x2d/0x30 [] _base_handshake_req_reply_wait+0x8e/0x4a0 [mpt3sas] [] _base_get_ioc_facts+0x123/0x590 [mpt3sas] [] ? _base_diag_reset+0x238/0x340 [mpt3sas] [] mpt3sas_base_hard_reset_handler+0x1f3/0x420 [mpt3sas] [] _ctl_ioctl_main.isra.12+0x11b9/0x1200 [mpt3sas] [] ? xfs_file_aio_write+0x155/0x1b0 [xfs] [] ? do_sync_write+0x93/0xe0 [] _ctl_ioctl+0x1a/0x20 [mpt3sas] [] do_vfs_ioctl+0x350/0x560 [] ? __sb_end_write+0x31/0x60 [] SyS_ioctl+0xa1/0xc0 [] ? system_call_after_swapgs+0xa2/0x146 [] system_call_fastpath+0x1c/0x21 [] ? system_call_after_swapgs+0xae/0x146 Code: 83 c3 10 4c 89 e2 4c 89 ee e8 8d 21 04 00 48 8b 03 48 85 c0 75 e5 41 f6 44 24 4a 10 74 ad 4c 89 e6 4c 89 ef e8 b2 42 00 00 eb a0 <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 RIP [] blk_requeue_request+0x90/0xa0 RSP As a part of host reset operation, driver will flushout all IOs outstanding at driver level with "DID_RESET" result. To find which are all commands outstanding at the driver level, driver loops with smid starting from one to HBA queue depth and calls mpt3sas_scsih_scsi_lookup_get() to get scmd as shown below for (smid = 1; smid <= ioc->scsiio_depth; smid++) { scmd = mpt3sas_scsih_scsi_lookup_get(ioc, smid); if (!scmd) continue; But in mpt3sas_scsih_scsi_lookup_get() function, driver returns some scsi cmnds which are not outstanding at the driver level (possibly request is constructed at block layer since QUEUE_FLAG_QUIESCED is not set. Even if driver uses scsi_block_requests and scsi_unblock_requests, issue still persists as they will be just blocking further IO from scsi layer and not from block layer) and these commands are flushed with DID_RESET host bytes thus resulting into above kernel BUG. This issue got introduced by commit dbec4c9040ed ("scsi: mpt3sas: lockless command submission"). To fix this issue, we have modified the mpt3sas_scsih_scsi_lookup_get() to check for smid equals to zero (note: whenever any scsi cmnd is processing at the driver level then smid for that scsi cmnd will be non-zero, always it starts from one) before it returns the scmd pointer to the caller. If smid is zero then this function returns scmd pointer as NULL and driver won't flushout those scsi cmnds at driver level with DID_RESET host byte thus this issue will not be observed. [mkp: amended with updated fix from Sreekanth] Signed-off-by: Sreekanth Reddy Fixes: dbec4c9040ed ("scsi: mpt3sas: lockless command submission") Cc: stable@vger.kernel.org # v4.16+ Reviewed-by: Tomas Henzl Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 0756c57bce3d26da2592d834d8910b6887021701 Author: Dan Carpenter Date: Wed Aug 8 17:29:09 2018 +0300 scsi: aic94xx: fix an error code in aic94xx_init() We accidentally return success instead of -ENOMEM on this error path. Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver") Signed-off-by: Dan Carpenter Reviewed-by: Johannes Thumshirn Reviewed-by: John Garry Signed-off-by: Martin K. Petersen commit 990528171f0c31bd0dfe3da7f60b02664abbcf34 Author: Colin Ian King Date: Fri Aug 3 11:47:52 2018 +0100 scsi: st: remove redundant pointer STbuffer Pointer STbuffer is being assigned but is never used hence it is redundant and can be removed. Cleans up clang warning: warning: variable 'STbuffer' set but not used [-Wunused-but-set-variable] Signed-off-by: Colin Ian King Acked-by: Kai Mäkisara Signed-off-by: Martin K. Petersen commit c9a5e6a968bd328753b694d19b952068c65dc5e7 Author: Mike Snitzer Date: Wed Aug 8 20:50:58 2018 -0400 dm snapshot: remove stale FIXME in snapshot_map() Commit ae1093be ("dm snapshot: use mutex instead of rw_semaphore") eliminated the need to worry about read vs write locking. So remove a FIXME in snapshot_map() that is concerned about selectively taking a write lock. Signed-off-by: Mike Snitzer commit 1eb9fb52040fc6e5656c277b562229f09467c9f8 Author: Ronnie Sahlberg Date: Wed Aug 8 15:07:46 2018 +1000 cifs: create SMB2_open_init()/SMB2_open_free() helpers. Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French Reviewed-by: Paulo Alcantara Reviewed-by: Pavel Shilovsky commit 296ecbae7fdf209b1e0fb08b8bd82e5e9b637439 Author: Ronnie Sahlberg Date: Wed Aug 1 09:26:17 2018 +1000 cifs: add SMB2_query_info_[init|free]() Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky Reviewed-by: Paulo Alcantara commit bd96461249bdded1f6ee50b25e8cd4ce3faaf581 Author: Camelia Groza Date: Wed Jul 18 14:46:51 2018 +0300 powerpc/dts/fsl: t2080rdb: use the Cortina PHY driver compatible The Cortina PHY is not compatible with IEEE 802.3 clause 45. Signed-off-by: Camelia Groza [scottwood: made commit message about compatibility, not driver choice] Signed-off-by: Scott Wood commit 39e560a9182e72ad8b0fd2d922f0c516c663cc59 Author: Camelia Groza Date: Wed Jul 18 14:46:50 2018 +0300 powerpc/dts/fsl: t4240rdb: use the Cortina PHY driver compatible The Cortina PHY is not compatible with IEEE 802.3 clause 45. Signed-off-by: Camelia Groza [scottwood: made commit message about compatibility, not driver choice] Signed-off-by: Scott Wood commit 24f36ce6166059783436bdaba3f3b8f23a6d2ddd Author: Camelia Groza Date: Wed Jul 18 14:46:49 2018 +0300 powerpc/configs/dpaa: enable the Cortina PHY driver Cortina PHYs are present on T4240RDB and T2080RDB. Enable the driver by default. Signed-off-by: Camelia Groza Signed-off-by: Scott Wood commit 8eb4ecfab03d21146e144b0693ce96839d58202d Author: Ronnie Sahlberg Date: Wed Aug 1 09:26:16 2018 +1000 cifs: add SMB2_close_init()/SMB2_close_free() Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky Reviewed-by: Paulo Alcantara commit 2a39926c6aa9dda4fd26741f0f834a555f403d32 Author: Christophe Leroy Date: Mon Aug 6 15:09:11 2018 +0000 powerpc/cpm1: fix compilation error with CONFIG_PPC_EARLY_DEBUG_CPM commit e8cb7a55eb8dc ("powerpc: remove superflous inclusions of asm/fixmap.h") removed inclusion of asm/fixmap.h from files not including objects from that file. However, asm/mmu-8xx.h includes call to __fix_to_virt(). The proper way would be to include asm/fixmap.h in asm/mmu-8xx.h but it creates an inclusion loop. So we have to leave asm/fixmap.h in sysdep/cpm_common.c for CONFIG_PPC_EARLY_DEBUG_CPM CC arch/powerpc/sysdev/cpm_common.o In file included from ./arch/powerpc/include/asm/mmu.h:340:0, from ./arch/powerpc/include/asm/reg_8xx.h:8, from ./arch/powerpc/include/asm/reg.h:29, from ./arch/powerpc/include/asm/processor.h:13, from ./arch/powerpc/include/asm/thread_info.h:28, from ./include/linux/thread_info.h:38, from ./arch/powerpc/include/asm/ptrace.h:159, from ./arch/powerpc/include/asm/hw_irq.h:12, from ./arch/powerpc/include/asm/irqflags.h:12, from ./include/linux/irqflags.h:16, from ./include/asm-generic/cmpxchg-local.h:6, from ./arch/powerpc/include/asm/cmpxchg.h:537, from ./arch/powerpc/include/asm/atomic.h:11, from ./include/linux/atomic.h:5, from ./include/linux/mutex.h:18, from ./include/linux/kernfs.h:13, from ./include/linux/sysfs.h:16, from ./include/linux/kobject.h:20, from ./include/linux/device.h:16, from ./include/linux/node.h:18, from ./include/linux/cpu.h:17, from ./include/linux/of_device.h:5, from arch/powerpc/sysdev/cpm_common.c:21: arch/powerpc/sysdev/cpm_common.c: In function ‘udbg_init_cpm’: ./arch/powerpc/include/asm/mmu-8xx.h:218:25: error: implicit declaration of function ‘__fix_to_virt’ [-Werror=implicit-function-declaration] #define VIRT_IMMR_BASE (__fix_to_virt(FIX_IMMR_BASE)) ^ arch/powerpc/sysdev/cpm_common.c:75:7: note: in expansion of macro ‘VIRT_IMMR_BASE’ VIRT_IMMR_BASE); ^ ./arch/powerpc/include/asm/mmu-8xx.h:218:39: error: ‘FIX_IMMR_BASE’ undeclared (first use in this function) #define VIRT_IMMR_BASE (__fix_to_virt(FIX_IMMR_BASE)) ^ arch/powerpc/sysdev/cpm_common.c:75:7: note: in expansion of macro ‘VIRT_IMMR_BASE’ VIRT_IMMR_BASE); ^ ./arch/powerpc/include/asm/mmu-8xx.h:218:39: note: each undeclared identifier is reported only once for each function it appears in #define VIRT_IMMR_BASE (__fix_to_virt(FIX_IMMR_BASE)) ^ arch/powerpc/sysdev/cpm_common.c:75:7: note: in expansion of macro ‘VIRT_IMMR_BASE’ VIRT_IMMR_BASE); ^ cc1: all warnings being treated as errors make[1]: *** [arch/powerpc/sysdev/cpm_common.o] Error 1 Fixes: e8cb7a55eb8dc ("powerpc: remove superflous inclusions of asm/fixmap.h") Signed-off-by: Christophe Leroy Signed-off-by: Scott Wood commit 46483c2ea4664679130d6489112f180c2bfc801d Author: NeilBrown Date: Wed Aug 8 09:20:02 2018 +1000 NFS: Use an appropriate work queue for direct-write completion When a direct-write completes, a work_struct is schedule to handle the completion. When NFS is being used for swap, the direct write might be a swap-out, so memory allocation can block until the write completes. The work queue currently used is not WQ_MEM_RECLAIM, so tasks can block waiting for memory - this leads to deadlock. So use nfsiod_workqueue instead. This will always have a running thread, and work items should never block waiting for memory. Signed-off-by: Neil Brown Signed-off-by: Anna Schumaker commit 72bf75cfc00c02aa66ef6133048f37aa5d88825c Author: Wei Yongjun Date: Thu Aug 2 05:42:04 2018 +0000 NFSv4: Fix error handling in nfs4_sp4_select_mode() Error code is set in the error handling cases but never used. Fix it. Fixes: 937e3133cd0b ("NFSv4.1: Ensure we clear the SP4_MACH_CRED flags in nfs4_sp4_select_mode()") Signed-off-by: Wei Yongjun Signed-off-by: Anna Schumaker commit 10db5b7a2f44379f63c159a77456d4d22df53c51 Author: Gustavo A. R. Silva Date: Wed Aug 1 19:55:51 2018 -0500 pnfs: Use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This issue was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Anna Schumaker commit 2230ca0d284e6431ae7baf444f49f662bb490a58 Author: Trond Myklebust Date: Wed Aug 1 14:28:57 2018 -0400 pnfs: pnfs_find_lseg() should not check NFS_LSEG_LAYOUTRETURN Layout segment validity is determined only by the NFS_LSEG_VALID flag. If it is set, the layout segment is finable. As it is, when the flexfiles driver sets NFS_LSEG_LAYOUTRETURN to indicate that we cannot discard the layout segment, but that it must be returned, then this can result in an unnecessary layoutget storm. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 01e03bdc745bf2b86fadfc44e57512fd39f9d54f Author: Gustavo A. R. Silva Date: Tue Jul 31 21:18:44 2018 -0500 NFS: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Warning level 2 was used: -Wimplicit-fallthrough=2 Signed-off-by: Gustavo A. R. Silva Signed-off-by: Anna Schumaker commit c8d07159c93150c25c3319df3d53cfc6dd46d3ee Author: Trond Myklebust Date: Tue Jul 31 15:54:12 2018 -0400 NFSv4: Mark the inode change attribute up to date in update_changeattr() When we update the change attribute, we should also clear the flag that says it is out of date. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 5636ec4eb6b804cd7e67e3a896f1624609dfb427 Author: Trond Myklebust Date: Tue Jul 31 15:54:11 2018 -0400 NFSv4: Detect nlink changes on cross-directory renames too If the object being renamed from one directory to another is also a directory, then 'nlink' will change for both directories. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 3c591175d6432ca9b7d26a171715652d88902715 Author: Trond Myklebust Date: Tue Jul 31 15:54:10 2018 -0400 NFSv4: bump/drop the nlink count on the parent dir when we mkdir/rmdir Ensure that we always bump or drop the nlink count on the parent directory when we do a mkdir or a rmdir(). This needs to be done by hand as we don't have pre/post op attributes. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit c16467dc03db5e2532484026a25b0eef80012ea1 Author: Trond Myklebust Date: Sun Jul 29 22:39:15 2018 -0400 pnfs: Fix handling of NFS4ERR_OLD_STATEID replies to layoutreturn If the server tells us that out layoutreturn raced with another layout update, then we must ensure that the new layout segments are not in use before we resend with an updated layout stateid. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 8d4fb8ff427a23e573c9373b2bb3d1d6e8ea4399 Author: Chuck Lever Date: Sat Jul 28 10:46:47 2018 -0400 xprtrdma: Fix disconnect regression I found that injecting disconnects with v4.18-rc resulted in random failures of the multi-threaded git regression test. The root cause appears to be that, after a reconnect, the RPC/RDMA transport is waking pending RPCs before the transport has posted enough Receive buffers to receive the Replies. If a Reply arrives before enough Receive buffers are posted, the connection is dropped. A few connection drops happen in quick succession as the client and server struggle to regain credit synchronization. This regression was introduced with commit 7c8d9e7c8863 ("xprtrdma: Move Receive posting to Receive handler"). The client is supposed to post a single Receive when a connection is established because it's not supposed to send more than one RPC Call before it gets a fresh credit grant in the first RPC Reply [RFC 8166, Section 3.3.3]. Unfortunately there appears to be a longstanding bug in the Linux client's credit accounting mechanism. On connect, it simply dumps all pending RPC Calls onto the new connection. It's possible it has done this ever since the RPC/RDMA transport was added to the kernel ten years ago. Servers have so far been tolerant of this bad behavior. Currently no server implementation ever changes its credit grant over reconnects, and servers always repost enough Receives before connections are fully established. The Linux client implementation used to post a Receive before each of these Calls. This has covered up the flooding send behavior. I could try to correct this old bug so that the client sends exactly one RPC Call and waits for a Reply. Since we are so close to the next merge window, I'm going to instead provide a simple patch to post enough Receives before a reconnect completes (based on the number of credits granted to the previous connection). The spurious disconnects will be gone, but the client will still send multiple RPC Calls immediately after a reconnect. Addressing the latter problem will wait for a merge window because a) I expect it to be a large change requiring lots of testing, and b) obviously the Linux client has interoperated successfully since day zero while still being broken. Fixes: 7c8d9e7c8863 ("xprtrdma: Move Receive posting to ... ") Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit e3ea52b578be221d9d5564d17005d01a8d390b92 Author: Andy Shevchenko Date: Wed Jul 25 17:39:26 2018 +0300 i2c: designware: Convert to use struct i2c_timings Instead of using custom variables and parser, convert the driver to use the ones provided by I2C core. No functional change intended. Signed-off-by: Andy Shevchenko Reviewed-by: Alexandre Belloni Tested-by: Alexandre Belloni Signed-off-by: Wolfram Sang commit 4717be73c2843a3d6d8546872177a19358f6b7b5 Author: Andy Shevchenko Date: Wed Jul 25 17:39:25 2018 +0300 i2c: core: Parse SDA hold time from firmware There are two drivers already using the SDA hold time setting. It might be more in the future, thus, make I2C core to parse the setting for us if provided by firmware. Signed-off-by: Andy Shevchenko Tested-by: Alexandre Belloni Reviewed-by: Alexandre Belloni Acked-by: Ludovic Desroches Signed-off-by: Wolfram Sang commit 1c02cbf7de0dc778bbd3735089ce903c8a55517d Author: Gustavo A. R. Silva Date: Tue Jul 3 14:10:55 2018 -0500 i2c: designware-pcidrv: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Signed-off-by: Gustavo A. R. Silva Acked-by: Andy Shevchenko Signed-off-by: Wolfram Sang commit ee87a0ce2f91aa4f4906a5f515152aa5019200ad Author: Gustavo A. R. Silva Date: Tue Jul 3 14:07:51 2018 -0500 i2c: amd8111: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Wolfram Sang commit 1063711b57393c1999248cccb57bebfaf16739e7 Author: Andi Kleen Date: Tue Aug 7 15:09:38 2018 -0700 x86/mm/kmmio: Make the tracer robust against L1TF The mmio tracer sets io mapping PTEs and PMDs to non present when enabled without inverting the address bits, which makes the PTE entry vulnerable for L1TF. Make it use the right low level macros to actually invert the address bits to protect against L1TF. In principle this could be avoided because MMIO tracing is not likely to be enabled on production machines, but the fix is straigt forward and for consistency sake it's better to get rid of the open coded PTE manipulation. Signed-off-by: Andi Kleen Signed-off-by: Thomas Gleixner commit 0c93c5ce107659069d16fa34ddce465acdf9d996 Author: Gustavo A. R. Silva Date: Wed Aug 8 14:25:16 2018 -0500 ALSA: opl3: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114878 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Takashi Iwai commit 6a9405b56c274024564f9014bba97b92c91b34d6 Author: Konstantin Khlebnikov Date: Tue Aug 7 17:24:54 2018 +0300 perf map: Optimize maps__fixup_overlappings() This function splits and removes overlapping areas. Maps in tree are ordered by start address thus we could find first overlap and stop if next map does not overlap. Signed-off-by: Konstantin Khlebnikov Acked-by: Jiri Olsa Cc: Alexander Shishkin Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/153365189407.435244.7234821822450484712.stgit@buzz Signed-off-by: Arnaldo Carvalho de Melo commit e5adfc3e7e774ba86f7bb725c6eef5f32df8630e Author: Konstantin Khlebnikov Date: Tue Aug 7 12:09:01 2018 +0300 perf map: Synthesize maps only for thread group leader Threads share map_groups, all map events are merged into it. Thus we could send mmaps only for thread group leader. Otherwise it took ages to attach and record something from processes with many vmas and threads. Thread group leader could be already dead, but it seems perf cannot handle this case anyway. Testing dummy: #include #include #include #include #include void *thread(void *arg) { pause(); } int main(int argc, char **argv) { int threads = 10000; int vmas = 50000; pthread_t th; for (int i = 0; i < threads; i++) pthread_create(&th, NULL, thread, NULL); for (int i = 0; i < vmas; i++) mmap(NULL, 4096, (i & 1) ? PROT_READ : PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE, -1, 0); sleep(60); return 0; } Comment by Jiri Olsa: We actualy synthesize the group leader (if we found one) for the thread even if it's not present in the thread_map, so the process maps are always in data. Signed-off-by: Konstantin Khlebnikov Acked-by: Jiri Olsa Cc: Alexander Shishkin Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/153363294102.396323.6277944760215058174.stgit@buzz Signed-off-by: Arnaldo Carvalho de Melo commit 88cf7084f9b4b3744294b438884c2b7999b0200a Author: Arnaldo Carvalho de Melo Date: Tue Aug 7 16:26:35 2018 -0300 perf trace: Wire up the augmented syscalls with the syscalls:sys_enter_FOO beautifier We just check that the evsel is the one we associated with the bpf-output event associated with the "__augmented_syscalls__" eBPF map, to show that the formatting is done properly: # perf trace -e perf/tools/perf/examples/bpf/augmented_syscalls.c,openat cat /etc/passwd > /dev/null 0.000 ( ): __augmented_syscalls__:dfd: CWD, filename: 0x43e06da8, flags: CLOEXEC 0.006 ( ): syscalls:sys_enter_openat:dfd: CWD, filename: 0x43e06da8, flags: CLOEXEC 0.007 ( 0.004 ms): cat/11486 openat(dfd: CWD, filename: 0x43e06da8, flags: CLOEXEC ) = 3 0.029 ( ): __augmented_syscalls__:dfd: CWD, filename: 0x4400ece0, flags: CLOEXEC 0.030 ( ): syscalls:sys_enter_openat:dfd: CWD, filename: 0x4400ece0, flags: CLOEXEC 0.031 ( 0.004 ms): cat/11486 openat(dfd: CWD, filename: 0x4400ece0, flags: CLOEXEC ) = 3 0.249 ( ): __augmented_syscalls__:dfd: CWD, filename: 0xc3700d6 0.250 ( ): syscalls:sys_enter_openat:dfd: CWD, filename: 0xc3700d6 0.252 ( 0.003 ms): cat/11486 openat(dfd: CWD, filename: 0xc3700d6 ) = 3 # Now we just need to get the full blown enter/exit handlers to check if the evsel being processed is the augmented_syscalls one to go pick the pointer payloads from the end of the payload. We also need to state somehow what is the layout for multi pointer arg syscalls. Also handy would be to have a BTF file with the struct definitions used in syscalls, compact, generated at kernel built time and available for use in eBPF programs. Till we get there we can go on doing some manual coupling of the most relevant syscalls with some hand built beautifiers. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-r6ba5izrml82nwfmwcp7jpkm@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit d3d1c4bdf5a793ab10c448f9cf5aa5b19ce026d3 Author: Arnaldo Carvalho de Melo Date: Tue Aug 7 16:21:44 2018 -0300 perf trace: Setup the augmented syscalls bpf-output event fields The payload that is put in place by the eBPF script attached to syscalls:sys_enter_openat (and other syscalls with pointers, in the future) can be consumed by the existing sys_enter beautifiers if evsel->priv is setup with a struct syscall_tp with struct tp_fields for the 'syscall_id' and 'args' fields expected by the beautifiers, this patch does just that. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-xfjyog8oveg2fjys9r1yy1es@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 78e890ea8683f7d570f911637b23b23d27be4aed Author: Arnaldo Carvalho de Melo Date: Tue Aug 7 16:19:05 2018 -0300 perf bpf: Make bpf__setup_output_event() return the bpf-output event We're calling it to setup that event, and we'll need it later to decide if the bpf-output event we're handling is the one setup for a specific purpose, return it using ERR_PTR, etc. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-zhachv7il2n1lopt9aonwhu7@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit e0b6d2ef329098bd9780ec00a75db3b11922031a Author: Arnaldo Carvalho de Melo Date: Tue Aug 7 15:40:13 2018 -0300 perf trace: Handle "bpf-output" events associated with "__augmented_syscalls__" BPF map Add an example BPF script that writes syscalls:sys_enter_openat raw tracepoint payloads augmented with the first 64 bytes of the "filename" syscall pointer arg. Then catch it and print it just like with things written to the "__bpf_stdout__" map associated with a PERF_COUNT_SW_BPF_OUTPUT software event, by just letting the default tracepoint handler in 'perf trace', trace__event_handler(), to use bpf_output__fprintf(trace, sample), just like it does with all other PERF_COUNT_SW_BPF_OUTPUT events, i.e. just do a dump on the payload, so that we can check if what is being printed has at least the first 64 bytes of the "filename" arg: The augmented_syscalls.c eBPF script: # cat tools/perf/examples/bpf/augmented_syscalls.c // SPDX-License-Identifier: GPL-2.0 #include struct bpf_map SEC("maps") __augmented_syscalls__ = { .type = BPF_MAP_TYPE_PERF_EVENT_ARRAY, .key_size = sizeof(int), .value_size = sizeof(u32), .max_entries = __NR_CPUS__, }; struct syscall_enter_openat_args { unsigned long long common_tp_fields; long syscall_nr; long dfd; char *filename_ptr; long flags; long mode; }; struct augmented_enter_openat_args { struct syscall_enter_openat_args args; char filename[64]; }; int syscall_enter(openat)(struct syscall_enter_openat_args *args) { struct augmented_enter_openat_args augmented_args; probe_read(&augmented_args.args, sizeof(augmented_args.args), args); probe_read_str(&augmented_args.filename, sizeof(augmented_args.filename), args->filename_ptr); perf_event_output(args, &__augmented_syscalls__, BPF_F_CURRENT_CPU, &augmented_args, sizeof(augmented_args)); return 1; } license(GPL); # So it will just prepare a raw_syscalls:sys_enter payload for the "openat" syscall. This will eventually be done for all syscalls with pointer args, globally or just when the user asks, using some spec, which args of which syscalls it wants "expanded" this way, we'll probably start with just all the syscalls that have char * pointers with familiar names, the ones we already handle with the probe:vfs_getname kprobe if it is in place hooking the kernel getname_flags() function used to copy from user the paths. Running it we get: # perf trace -e perf/tools/perf/examples/bpf/augmented_syscalls.c,openat cat /etc/passwd > /dev/null 0.000 ( ): __augmented_syscalls__:X?.C......................`\..................../etc/ld.so.cache..#......,....ao.k...............k......1."......... 0.006 ( ): syscalls:sys_enter_openat:dfd: CWD, filename: 0x5c600da8, flags: CLOEXEC 0.008 ( 0.005 ms): cat/31292 openat(dfd: CWD, filename: 0x5c600da8, flags: CLOEXEC ) = 3 0.036 ( ): __augmented_syscalls__:X?.C.......................\..................../lib64/libc.so.6......... .\....#........?.......=.C..../."......... 0.037 ( ): syscalls:sys_enter_openat:dfd: CWD, filename: 0x5c808ce0, flags: CLOEXEC 0.039 ( 0.007 ms): cat/31292 openat(dfd: CWD, filename: 0x5c808ce0, flags: CLOEXEC ) = 3 0.323 ( ): __augmented_syscalls__:X?.C.....................P....................../etc/passwd......>.C....@................>.C.....,....ao.>.C........ 0.325 ( ): syscalls:sys_enter_openat:dfd: CWD, filename: 0xe8be50d6 0.327 ( 0.004 ms): cat/31292 openat(dfd: CWD, filename: 0xe8be50d6 ) = 3 # We need to go on optimizing this to avoid seding trash or zeroes in the pointer content payload, using the return from bpf_probe_read_str(), but to keep things simple at this stage and make incremental progress, lets leave it at that for now. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-g360n1zbj6bkbk6q0qo11c28@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 8fa25f303adfed6eab921db8e242e59dd0b3b004 Author: Arnaldo Carvalho de Melo Date: Tue Aug 7 15:10:19 2018 -0300 perf bpf: Add wrappers to BPF_FUNC_probe_read(_str) functions Will be used shortly in the augmented syscalls work together with a PERF_COUNT_SW_BPF_OUTPUT software event to insert syscalls + pointer contents in the perf ring buffer, to be consumed by 'perf trace' beautifiers. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-ajlkpz4cd688ulx1u30htkj3@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit aa31be3a4874d91fb40d872f1865805ab411035c Author: Arnaldo Carvalho de Melo Date: Mon Aug 6 11:35:37 2018 -0300 perf bpf: Add bpf__setup_output_event() strerror() counterpart That is just bpf__strerror_setup_stdout() renamed to the more general "setup_output_event" method, keep the existing stdout() as a wrapper. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-nwnveo428qn0b48axj50vkc7@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 92bbe8d834d293c4db7a70fd53884ec1c95d61dc Author: Arnaldo Carvalho de Melo Date: Mon Aug 6 09:53:35 2018 -0300 perf bpf: Generalize bpf__setup_stdout() We will use it to set up other bpf-output events, for instance to generate augmented syscall entry tracepoints with pointer contents. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-4r7kw0nsyi4vyz6xm1tzx6a3@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 5941d856a90435b32a3296c0b7df8f0075430b81 Author: Arnaldo Carvalho de Melo Date: Mon Aug 6 09:46:33 2018 -0300 perf bpf: Make bpf__for_each_stdout_map() generic By passing a 'name' arg, that will eventually be used to setup more "bpf-output" events, e.g. to create a event where to create raw_syscalls like events that in addition to the syscall arguments will also copy the pointer contents being passed from/to userspace. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-talrnxps9p3qozk3aeh91fgv@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 53a5d7b80032fcf48cdc5a6c96c8dc8a120b64ef Author: Arnaldo Carvalho de Melo Date: Mon Aug 6 09:15:18 2018 -0300 perf bpf: Add bpf/stdio.h wrapper to bpf_perf_event_output function That, together with the map __bpf_output__ that is already handled by 'perf trace' to print that event's contents as strings provides a debugging facility, to show it in use, print a simple string everytime the syscalls:sys_enter_openat() syscall tracepoint is hit: # cat tools/perf/examples/bpf/hello.c #include int syscall_enter(openat)(void *args) { puts("Hello, world\n"); return 0; } license(GPL); # # perf trace -e openat,tools/perf/examples/bpf/hello.c cat /etc/passwd > /dev/null 0.016 ( ): __bpf_stdout__:Hello, world 0.018 ( 0.010 ms): cat/9079 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC) = 3 0.057 ( ): __bpf_stdout__:Hello, world 0.059 ( 0.011 ms): cat/9079 openat(dfd: CWD, filename: /lib64/libc.so.6, flags: CLOEXEC) = 3 0.417 ( ): __bpf_stdout__:Hello, world 0.419 ( 0.009 ms): cat/9079 openat(dfd: CWD, filename: /etc/passwd) = 3 # This is part of an ongoing experimentation on making eBPF scripts as consumed by perf to be as concise as possible and using familiar concepts such as stdio.h functions, that end up just wrapping the existing BPF functions, trying to hide as much boilerplate as possible while using just conventions and C preprocessor tricks. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-4tiaqlx5crf0fwpe7a6j84x7@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 7402e543a74a08ae630234012356ff5cf947bd61 Author: Arnaldo Carvalho de Melo Date: Mon Aug 6 09:02:26 2018 -0300 perf bpf: Add struct bpf_map struct A helper structure used by eBPF C program to describe map attributes to elf_bpf loader, to be used initially by the special __bpf_stdout__ map used to print strings into the perf ring buffer in BPF scripts, e.g.: Using the upcoming stdio.h and puts() macros to use the __bpf_stdout__ map to add strings to the ring buffer: # cat tools/perf/examples/bpf/hello.c #include int syscall_enter(openat)(void *args) { puts("Hello, world\n"); return 0; } license(GPL); # # cat ~/.perfconfig [llvm] dump-obj = true # perf trace -e openat,tools/perf/examples/bpf/hello.c/call-graph=dwarf/ cat /etc/passwd > /dev/null LLVM: dumping tools/perf/examples/bpf/hello.o 0.016 ( ): __bpf_stdout__:Hello, world 0.018 ( 0.010 ms): cat/9079 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC ) = 3 0.057 ( ): __bpf_stdout__:Hello, world 0.059 ( 0.011 ms): cat/9079 openat(dfd: CWD, filename: /lib64/libc.so.6, flags: CLOEXEC ) = 3 0.417 ( ): __bpf_stdout__:Hello, world 0.419 ( 0.009 ms): cat/9079 openat(dfd: CWD, filename: /etc/passwd ) = 3 # # file tools/perf/examples/bpf/hello.o tools/perf/examples/bpf/hello.o: ELF 64-bit LSB relocatable, *unknown arch 0xf7* version 1 (SYSV), not stripped # readelf -SW tools/perf/examples/bpf/hello.o There are 10 section headers, starting at offset 0x208: Section Headers: [Nr] Name Type Address Off Size ES Flg Lk Inf Al [ 0] NULL 0000000000000000 000000 000000 00 0 0 0 [ 1] .strtab STRTAB 0000000000000000 000188 00007f 00 0 0 1 [ 2] .text PROGBITS 0000000000000000 000040 000000 00 AX 0 0 4 [ 3] syscalls:sys_enter_openat PROGBITS 0000000000000000 000040 000088 00 AX 0 0 8 [ 4] .relsyscalls:sys_enter_openat REL 0000000000000000 000178 000010 10 9 3 8 [ 5] maps PROGBITS 0000000000000000 0000c8 00001c 00 WA 0 0 4 [ 6] .rodata.str1.1 PROGBITS 0000000000000000 0000e4 00000e 01 AMS 0 0 1 [ 7] license PROGBITS 0000000000000000 0000f2 000004 00 WA 0 0 1 [ 8] version PROGBITS 0000000000000000 0000f8 000004 00 WA 0 0 4 [ 9] .symtab SYMTAB 0000000000000000 000100 000078 18 1 1 8 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings), I (info), L (link order), O (extra OS processing required), G (group), T (TLS), C (compressed), x (unknown), o (OS specific), E (exclude), p (processor specific) # readelf -s tools/perf/examples/bpf/hello.o Symbol table '.symtab' contains 5 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 5 __bpf_stdout__ 2: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 7 _license 3: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 8 _version 4: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 3 syscall_enter_openat # Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-81fg60om2ifnatsybzwmiga3@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit e6902d1b7326149952abf8e7f07513e254668e52 Author: Jiri Olsa Date: Sat Aug 4 15:05:21 2018 +0200 perf report: Add --percent-type option Set annotation percent type from following choices: global-period, local-period, global-hits, local-hits With following report option setup the percent type will be passed to annotation browser: $ perf report --percent-type period-local The local/global keywords set if the percentage is computed in the scope of the function (local) or the whole data (global). The period/hits keywords set the base the percentage is computed on - the samples period or the number of samples (hits). Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-21-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 88c211907720f9eb23308401305aefa25392417f Author: Jiri Olsa Date: Sat Aug 4 15:05:20 2018 +0200 perf annotate: Add --percent-type option Add --percent-type option to set annotation percent type from following choices: global-period, local-period, global-hits, local-hits Examples: $ perf annotate --percent-type period-local --stdio | head -1 Percent | Source code ... es, percent: local period) $ perf annotate --percent-type hits-local --stdio | head -1 Percent | Source code ... es, percent: local hits) $ perf annotate --percent-type hits-global --stdio | head -1 Percent | Source code ... es, percent: global hits) $ perf annotate --percent-type period-global --stdio | head -1 Percent | Source code ... es, percent: global period) The local/global keywords set if the percentage is computed in the scope of the function (local) or the whole data (global). The period/hits keywords set the base the percentage is computed on - the samples period or the number of samples (hits). Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-20-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 4c04868fbe931ec315ad34bb7e28e5cf725f88e4 Author: Jiri Olsa Date: Sat Aug 4 15:05:19 2018 +0200 perf annotate: Display percent type in stdio output In following patches we will allow to switch percent type even for stdio annotation outputs. Adding the percent type value into the annotation outputs title. $ perf annotate --stdio Percent | Sou ... instructions:u } (2805 samples, percent: local period) --------------------------- ... ------------------------------------------------------ ... $ perf annotate --stdio2 Samples: 2K of events 'anon ... count (approx.): 156525487, [percent: local period] safe_write.c() /usr/bin/yes Percent ... Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-19-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit addba8b66f9101b0e55a151fc543ff35990bc8ef Author: Jiri Olsa Date: Sat Aug 4 15:05:18 2018 +0200 perf annotate: Make local period the default percent type Currently we display the percentages in annotation output based on number of samples hits. Switching it to period based percentage by default, because it corresponds more to the time spent on the line. Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-18-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 3e0d79531984c731951d9a8a5be406df3a78ac97 Author: Jiri Olsa Date: Sat Aug 4 15:05:17 2018 +0200 perf annotate: Add support to toggle percent type Add new key bindings to toggle percent type/base in annotation UI browser: 'p' to switch between local and global percent type 'b' to switch between hits and perdio percent base Add the following help messages to the UI browser '?' window: ... p Toggle percent type [local/global] b Toggle percent base [period/hits] ... Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-17-jolsa@kernel.org [ Moved percent_type to be the last arg to sym_title(), its an arg to what is being formmated (buf, size) ] Signed-off-by: Arnaldo Carvalho de Melo commit d4265b1a1b9b58df9c3bc0a3a7aa5b72c079c77a Author: Jiri Olsa Date: Sat Aug 4 15:05:16 2018 +0200 perf annotate: Pass browser percent_type in annotate_browser__calc_percent() Pass browser percent_type in annotate_browser__calc_percent(). Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-16-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 4c650ddc2e9e8f1d8dc46f13b30b1b9a6017fb02 Author: Jiri Olsa Date: Sat Aug 4 15:05:15 2018 +0200 perf annotate: Pass 'struct annotation_options' to map_symbol__annotation_dump() Pass 'struct annotation_options' to map_symbol__annotation_dump(), to carry on and pass the percent_type value. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-15-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit c849c12cf344e4b99dbf98df642b622b6c91bbfd Author: Jiri Olsa Date: Sat Aug 4 15:05:14 2018 +0200 perf annotate: Pass struct annotation_options to symbol__calc_lines() Pass struct annotation_options to symbol__calc_lines(), to carry on and pass the percent_type value. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-14-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 796ca33d5ceb621f238021c34cff8cfaa1100623 Author: Jiri Olsa Date: Sat Aug 4 15:05:13 2018 +0200 perf annotate: Add percent_type to struct annotation_options It will be used to carry user selection of percent type for annotation output. Passing the percent_type to the annotation_line__print function as the first step and making it default to current percentage type (PERCENT_HITS_LOCAL) value. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-13-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit e58684df912906d944967e2ce0f3ed5d5140d1e5 Author: Jiri Olsa Date: Sat Aug 4 15:05:12 2018 +0200 perf annotate: Add PERCENT_PERIOD_GLOBAL percent value Adding and computing global period percent value for annotation line. Storing it in struct annotation_data percent array under new PERCENT_PERIOD_GLOBAL index. At the moment it's not displayed, it's coming in following patches. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-12-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit ab371169fb7db9587f09137e93a49c6afeab16f7 Author: Jiri Olsa Date: Sat Aug 4 15:05:11 2018 +0200 perf annotate: Add PERCENT_PERIOD_LOCAL percent value Adding and computing local period percent value for annotation line. Storing it in struct annotation_data percent array under new PERCENT_PERIOD_LOCAL index. At the moment it's not displayed, it's coming in following patches. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-11-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 75a8c1ff287b2a949b50c1c1e58a6492e21a3ac5 Author: Jiri Olsa Date: Sat Aug 4 15:05:10 2018 +0200 perf annotate: Add PERCENT_HITS_GLOBAL percent value Adding and computing global hits percent value for annotation line. Storing it in struct annotation_data percent array under new PERCENT_HITS_GLOBAL index. At the moment it's not displayed, it's coming in following patches. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-10-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 6d9f0c2d5ef7568c29fa5927748c4915a9c7760a Author: Jiri Olsa Date: Sat Aug 4 15:05:09 2018 +0200 perf annotate: Switch struct annotation_data::percent to array So we can hold multiple percent values for annotation line. The first member of this array is current local hits percent value (PERCENT_HITS_LOCAL index), so no functional change is expected. Adding annotation_data__percent function to return requested percent value from struct annotation_data. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-9-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 2bcf73069b0722c92a84c0fd57df542890a74904 Author: Jiri Olsa Date: Sat Aug 4 15:05:08 2018 +0200 perf annotate: Loop group events directly in annotation__calc_percent() We need to bring in 'struct hists' object and for that we need 'struct perf_evsel' object in the scope. Switching the group data loop with the evsel group loop. It does the same thing, but it brings evsel object, that we can use later get the 'struct hists' object. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-8-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 48a1e4f2381387a097ea9f7897c5c32e9aaa708d Author: Jiri Olsa Date: Sat Aug 4 15:05:07 2018 +0200 perf annotate: Rename hist to sym_hist in annotation__calc_percent We will need to bring in 'struct hists' variable in this scope, so it's better we do this rename first. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-7-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 0440af74dcd0f32b134b1c4d47dc25f0bb539ded Author: Jiri Olsa Date: Sat Aug 4 15:05:06 2018 +0200 perf annotate: Rename local sample variables to data Based on previous rename, changing also the local variable names to fit properly. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-6-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit c2f938ba5aa61ba60e9217848e666c783cbcce1c Author: Jiri Olsa Date: Sat Aug 4 15:05:05 2018 +0200 perf annotate: Rename struct annotation_line::samples* to data* The name 'samples*' is little confusing because we have nested 'struct sym_hist_entry' under annotation_line struct, which holds 'nr_samples' as well. Also the holding struct name is 'annotation_data' so the 'data' name fits better. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-5-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 0683d13c1afbf5cca147b6f578d1463be132b11b Author: Jiri Olsa Date: Sat Aug 4 15:05:04 2018 +0200 perf annotate: Get rid of annotation__scnprintf_samples_period() We have more current function tto get the title for annotation, which is hists__scnprintf_title. They both have same output as far as the annotation's header line goes. They differ in counting of the nr_samples, hists__scnprintf_title provides more accurate number based on the setup of the symbol_conf.filter_relative variable. Plus it also displays any uid/thread/dso/socket filters/zooms if there are set any, which annotation__scnprintf_samples_period does not. Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-4-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 5ecf7d30eb4f9c046f5284f20133d7b69729c315 Author: Jiri Olsa Date: Sat Aug 4 15:05:03 2018 +0200 perf annotate: Make annotation_line__max_percent static There's no outside user of it. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lkml.kernel.org/r/20180804130521.11408-3-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 7a3e71e0d806070071f53271705b0c511c0359fc Author: Jiri Olsa Date: Sat Aug 4 15:05:02 2018 +0200 perf annotate: Make symbol__annotate_fprintf2() local There's no outside user of it. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: https://lkml.kernel.org/r/20180804130521.11408-2-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit dda9ac966d39cec5a501b0b4d0210b3c2a167e6c Author: Arnaldo Carvalho de Melo Date: Fri Aug 3 16:28:35 2018 -0300 perf bpf: Add 'syscall_enter' probe helper for syscall enter tracepoints Allowing one to hook into the syscalls:sys_enter_NAME tracepoints, an example is provided that hooks into the 'openat' syscall. Using it with the probe:vfs_getname probe into getname_flags to get the filename args as it is copied from userspace: # perf probe -l probe:vfs_getname (on getname_flags:73@acme/git/linux/fs/namei.c with pathname) # perf trace -e probe:*getname,tools/perf/examples/bpf/sys_enter_openat.c cat /etc/passwd > /dev/null 0.000 probe:vfs_getname:(ffffffffbd2a8983) pathname="/etc/ld.so.preload" 0.022 syscalls:sys_enter_openat:dfd: CWD, filename: 0xafbe8da8, flags: CLOEXEC 0.027 probe:vfs_getname:(ffffffffbd2a8983) pathname="/etc/ld.so.cache" 0.054 syscalls:sys_enter_openat:dfd: CWD, filename: 0xafdf0ce0, flags: CLOEXEC 0.057 probe:vfs_getname:(ffffffffbd2a8983) pathname="/lib64/libc.so.6" 0.316 probe:vfs_getname:(ffffffffbd2a8983) pathname="/usr/lib/locale/locale-archive" 0.375 syscalls:sys_enter_openat:dfd: CWD, filename: 0xe2b2b0b4 0.379 probe:vfs_getname:(ffffffffbd2a8983) pathname="/etc/passwd" # Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-2po9jcqv1qgj0koxlg8kkg30@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 3c8b81864080b710bdce446fd8401923f26fc4d4 Author: Yury Norov Date: Sat Jun 23 10:35:01 2018 +0300 perf tools: Drop unneeded bitmap_zero() calls bitmap_zero() is called after bitmap_alloc() in perf code. But bitmap_alloc() internally uses calloc() which guarantees that allocated area is zeroed. So following bitmap_zero is unneeded. Drop it. This happened because of confusing name for bitmap allocator. It should has name bitmap_zalloc instead of bitmap_alloc. This series: https://lkml.org/lkml/2018/6/18/841 introduces a new API for bitmap allocations in kernel, and functions there are named correctly. Following patch propogates the API to tools, and fixes naming issue. Signed-off-by: Yury Norov Cc: Alexander Shishkin Cc: Andi Kleen Cc: Andrew Morton Cc: Andriy Shevchenko Cc: David Ahern Cc: David Carrillo-Cisneros Cc: Dmitry Torokhov Cc: Jin Yao Cc: Jiri Olsa Cc: Kate Stewart Cc: Matthew Wilcox Cc: Mike Snitzer Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Philippe Ombredanne Link: http://lkml.kernel.org/r/20180623073502.16321-1-ynorov@caviumnetworks.com Signed-off-by: Arnaldo Carvalho de Melo commit 704089e77acf74b17ed294683660937000ecb9ee Author: Sean V Kelley Date: Thu Aug 2 21:18:11 2018 -0700 perf vendor events arm64: Enable JSON events for eMAG This patch adds the Ampere Computing eMAG file. This platform follows the ARMv8 recommended IMPLEMENTATION DEFINED events, where applicable. Signed-off-by: Sean V Kelley Reviewed-by: John Garry Cc: Alexander Shishkin Cc: Ganapatrao Kulkarni Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Will Deacon Cc: William Cohen Cc: linux-arm-kernel@lists.infradead.org LPU-Reference: 20180803041811.17065-1-seanvk.dev@oregontracks.org Signed-off-by: Arnaldo Carvalho de Melo commit 33d9e1832e528ff61f481558882ee0f82e288440 Author: Thomas Richter Date: Thu Aug 2 09:46:22 2018 +0200 perf report: Add GUI report support for s390 auxiliary trace Add support for s390 auxiliary trace support. Use 'perf record -e rbd000 -- ls' to create the perf.data file. Use 'perf report' to display the auxiliary trace data. Output before: [root@s35lp76 perf]# ./perf report --stdio 0x128 [0x10]: failed to process type: 70 Error: failed to process sample [root@s35lp76 perf]# Output after: [root@s35lp76 perf]# ./perf report --stdio 18.21% 18.21% ls [kernel.kallsyms] [k] ftrace_likely_update 9.52% 9.52% ls [kernel.kallsyms] [k] lock_acquire 9.38% 9.38% ls [kernel.kallsyms] [k] lock_release 3.45% 3.45% ls [kernel.kallsyms] [k] lock_acquired 2.88% 2.88% ls [kernel.kallsyms] [k] link_path_walk 2.63% 2.63% ls [kernel.kallsyms] [k] __d_lookup 2.38% 2.38% ls [kernel.kallsyms] [k] __d_lookup_rcu 2.04% 2.04% ls [kernel.kallsyms] [k] ___might_sleep 1.83% 1.83% ls [kernel.kallsyms] [k] debug_lockdep_rcu_enabled 1.44% 1.44% ls [kernel.kallsyms] [k] dput .... Signed-off-by: Thomas Richter Reviewed-by: Hendrik Brueckner Cc: Heiko Carstens Cc: Martin Schwidefsky Link: http://lkml.kernel.org/r/20180802074622.13641-4-tmricht@linux.ibm.com [ Use PRI[xd]64 to fix the build on debian:experimental-x-mips (gcc 8.1.0) and others ] Signed-off-by: Arnaldo Carvalho de Melo commit 2f295f91b740f0055735a7528f8f4cf8b3111239 Author: Connor McAdams Date: Wed Aug 8 13:34:22 2018 -0400 ALSA: hda/ca0132 - Add exit commands for Recon3D This patch adds exit functions for the Recon3D, and cleans up the current exit function. Signed-off-by: Connor McAdams Signed-off-by: Takashi Iwai commit e25e3445049c353223752fd1bacead9d413b0a5a Author: Connor McAdams Date: Wed Aug 8 13:34:21 2018 -0400 ALSA: hda/ca0132 - Change mixer controls for Recon3D This patch adds changes to setup the Recon3D's mixer controls. Signed-off-by: Connor McAdams Signed-off-by: Takashi Iwai commit 42aa3a169062c48e5cbb1f3a6523f8b7c892b699 Author: Connor McAdams Date: Wed Aug 8 13:34:20 2018 -0400 ALSA: hda/ca0132 - Add Recon3D input and output select commands This patch adds commands to the alternative input and output select commands to support the Recon3D. Signed-off-by: Connor McAdams Signed-off-by: Takashi Iwai commit c986f50ca974397f8726bf6776ad8938d6808848 Author: Connor McAdams Date: Wed Aug 8 13:34:19 2018 -0400 ALSA: hda/ca0132 - Add DSP setup defaults for Recon3D The Recon3D can use many of the same functions as the Recon3Di, so many of the r3di prefix function remain the same, but change their names to the more generic r3d prefix. This patch does this, and adds quirk checks for things specific to the Recon3Di. Signed-off-by: Connor McAdams Signed-off-by: Takashi Iwai commit e42c7c7313e41f121d252711e35deae7964c95ad Author: Connor McAdams Date: Wed Aug 8 13:34:18 2018 -0400 ALSA: hda/ca0132 - Add Recon3D startup functions and setup This patch adds functions for Recon3D startup, and sets values for things such as use_pci_mmio. It also renames some functions and tables from the sbz prefix into ca0132, as the Recon3D uses them as well. Signed-off-by: Connor McAdams Signed-off-by: Takashi Iwai commit 08eca6b1f1468a4021bac7b3929fd3eb491e2629 Author: Connor McAdams Date: Wed Aug 8 13:34:17 2018 -0400 ALSA: hda/ca0132 - Add bool variable to enable/disable pci region2 mmio This patch adds the ability to choose whether or not to map the pci region2, which is used for things such as GPIO on the Recon3D and Sound Blaster Z. Signed-off-by: Connor McAdams Signed-off-by: Takashi Iwai commit 7f73df95401f7a2392ccf1880ba1e54cfed62779 Author: Connor McAdams Date: Wed Aug 8 13:34:16 2018 -0400 ALSA: hda/ca0132 - Add Recon3D pincfg This patch adds pin configs from the Recon3D, taken from the Window's driver. Signed-off-by: Connor McAdams Signed-off-by: Takashi Iwai commit 8f8c523c4604afe231196920bf08310141a4f0ba Author: Connor McAdams Date: Wed Aug 8 13:34:15 2018 -0400 ALSA: hda/ca0132 - Add quirk ID and enum for Recon3D This patch adds the PCI subsys ID for the Recon3D that has been tested, and adds the QUIRK_R3D enumeration. Signed-off-by: Connor McAdams Signed-off-by: Takashi Iwai commit a1b7f016a1ae5e51f0e11a70cf1a5875d3ccee73 Author: Connor McAdams Date: Wed Aug 8 13:34:14 2018 -0400 ALSA: hda/ca0132 - Add alt_functions unsolicited response This patch fixes a previous oversight where the microphone unsolicited response would use the wrong input selection function. Signed-off-by: Connor McAdams Signed-off-by: Takashi Iwai commit d97420d2b0379e498adc3fae5db8fa70945b5d56 Author: Connor McAdams Date: Wed Aug 8 13:34:13 2018 -0400 ALSA: hda/ca0132 - Clean up ca0132_init function. This patch cleans up ca0132_init by removing unnecessary commands and ordering things better. Signed-off-by: Connor McAdams Signed-off-by: Takashi Iwai commit a62e4739473a29646af4e37a5da289795cde6dc0 Author: Connor McAdams Date: Wed Aug 8 13:34:12 2018 -0400 ALSA: hda/ca0132 - Create mmio gpio function to make code clearer This patch adds a new function, ca0132_mmio_gpio_set, to clear up what is going on with writes to mmio region 0x320. Signed-off-by: Connor McAdams Signed-off-by: Takashi Iwai commit 2b1444f2e28be94b8f0b37376e1c619fd8cad63b Author: Thomas Richter Date: Thu Aug 2 09:46:21 2018 +0200 perf report: Add raw report support for s390 auxiliary trace Add support for s390 auxiliary trace support. Use 'perf record -e rbd000' to create the perf.data file. The event also has the symbolic name SF_CYCLES_BASIC_DIAG, using 'perf record -e SF_CYCLES_BASIC_DIAG' is equivalent. Use 'perf report -D' to display the auxiliary trace data. Output before: 0 0 0x25a66 [0x30]: PERF_RECORD_AUXTRACE size: 0x40000 offset: 0 ref: 0 idx: 4 tid: -1 cpu: 4 Nothing else Output after: 0 0 0x25a66 [0x30]: PERF_RECORD_AUXTRACE size: 0x40000 offset: 0 ref: 0 idx: 4 tid: -1 cpu: 4 . . ... s390 AUX data: size 262144 bytes [00000000] Basic Def:0001 Inst:0000 TW AS:3 ASN:0xffff IA:0x0000000000c2f1bc CL:1 HPP:0x8000000000000000 GPP:000000000000000000 [0x000020] Diag Def:8005 [0x0000bf] Basic Def:0001 Inst:0000 TW AS:3 ASN:0xffff IA:0x0000000000c2f1bc CL:1 HPP:0x8000000000000000 GPP:000000000000000000 [0x0000df] Diag Def:8005 [0x00017e] Basic Def:0001 Inst:0000 TW AS:3 ASN:0xffff IA:0x0000000000c2f1bc CL:1 HPP:0x8000000000000000 GPP:000000000000000000 .... [0x000fc0] Trailer F T bsdes:32 dsdes:159 Overflow:0 Time:0xd4ab59a8450fa108 C:1 TOD:0xd4ab4ec98ceb3832 1:0x8000000000000000 2:0xd4ab4ec98ceb3832 This output is shown for every sampled data block. The output contains the - basic-sampling data entry - diagnostic-sampling data entry - trailer entry The basic sampling entry and diagnostic sampling entry sizes can be extracted using the trailer entries in the SDB. On older hardware these values (bsdes and dsdes in the trailer entry) are reserved and zero. Older hardware use hard coded values based on the s390 machine type. Signed-off-by: Thomas Richter Reviewed-by: Hendrik Brueckner Cc: Heiko Carstens Cc: Martin Schwidefsky Cc: Michael Ellerman Link: http://lkml.kernel.org/r/20180802074622.13641-3-tmricht@linux.ibm.com Link: http://lkml.kernel.org/r/eda2632e-7919-5ffd-5f68-821e77d216fa@linux.ibm.com [ Merged a fix for a 'tipe puned' problem reported by Michael Ellerman see last Link tag. ] [ Removed __packed from two structs, they're already naturally packed and having that. ] [ attribute breaks the build in gcc 8.1.1 mips, 4.4.7 x86_64, 7.1.1 ARCompact ISA, etc) ] Signed-off-by: Arnaldo Carvalho de Melo commit ed9800100f1a70154c11cfa0ccc0b9ff51e3436a Author: Marcus Folkesson Date: Wed Aug 8 11:20:59 2018 -0700 MAINTAINERS: Add PhoenixRC Flight Controller Adapter Add MAINTAINERS entry for PhoenixRC Flight Controller Adapter Signed-off-by: Marcus Folkesson Signed-off-by: Dmitry Torokhov commit 100294cee9a98bfd4d6cb2d1c8a8aef0e959b0c4 Author: Dmitry Torokhov Date: Mon Aug 6 15:10:40 2018 -0700 Input: do not use WARN() in input_alloc_absinfo() Some of fuzzers set panic_on_warn=1 so that they can handle WARN()ings the same way they handle full-blown kernel crashes. We used WARN() in input_alloc_absinfo() to get a better idea where memory allocation failed, but since then kmalloc() and friends started dumping call stack on memory allocation failures anyway, so we are not getting anything extra from WARN(). Because of the above, let's replace WARN with dev_err(). We use dev_err() instead of simply removing message and relying on kcalloc() to give us stack dump so that we'd know the instance of hardware device to which we were trying to attach input device. Reported-by: Dmitry Vyukov Acked-by: Dmitry Vyukov Signed-off-by: Dmitry Torokhov commit 17a4ed5545c5599852a5d75c5fb2c8e597943f99 Author: Gustavo A. R. Silva Date: Mon Aug 6 15:31:02 2018 -0700 Input: mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Warning level 2 was used: -Wimplicit-fallthrough=2 Signed-off-by: Gustavo A. R. Silva Signed-off-by: Dmitry Torokhov commit 6cad4e269e25dddd7260a53e9d9d90ba3a3cc35a Author: Gustavo A. R. Silva Date: Mon Aug 6 15:20:19 2018 -0700 Input: raydium_i2c_ts - use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Dmitry Torokhov commit e7ea2a52ffaf60a211edc0df97dcf194d1257714 Author: Wei Yongjun Date: Wed Aug 8 03:23:44 2018 +0000 netfilter: nfnetlink_osf: fix using plain integer as NULL warning Fixes the following sparse warning: net/netfilter/nfnetlink_osf.c:274:24: warning: Using plain integer as NULL pointer Signed-off-by: Wei Yongjun Signed-off-by: Pablo Neira Ayuso commit da33a871ba178dbe81da7d755818d3c2088cae32 Author: Jeff Layton Date: Wed Aug 8 12:54:09 2018 -0400 locks: remove misleading obsolete comment The spinlock handling in this file has changed significantly since this comment was written, and the file_lock_lock is no more. In addition, this overall comment no longer applies. Deleting an entry now requires both locks. Signed-off-by: Jeff Layton commit 02eec6c9fc0cb13169cc97a6139771768791f92b Author: Paul Burton Date: Wed Aug 8 09:30:56 2018 -0700 MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send() In nlm_fmn_send() we have a loop which attempts to send a message multiple times in order to handle the transient failure condition of a lack of available credit. When examining the status register to detect the failure we check for a condition that can never be true, which falls foul of gcc 8's -Wtautological-compare: In file included from arch/mips/netlogic/common/irq.c:65: ./arch/mips/include/asm/netlogic/xlr/fmn.h: In function 'nlm_fmn_send': ./arch/mips/include/asm/netlogic/xlr/fmn.h:304:22: error: bitwise comparison always evaluates to false [-Werror=tautological-compare] if ((status & 0x2) == 1) ^~ If the path taken if this condition were true all we do is print a message to the kernel console. Since failures seem somewhat expected here (making the console message questionable anyway) and the condition has clearly never evaluated true we simply remove it, rather than attempting to fix it to check status correctly. Signed-off-by: Paul Burton Patchwork: https://patchwork.linux-mips.org/patch/20174/ Cc: Ganesan Ramalingam Cc: James Hogan Cc: Jayachandran C Cc: John Crispin Cc: Ralf Baechle Cc: linux-mips@linux-mips.org commit 9c2956d2ad9e0e7d5827290ba9a716ed3fb83bcd Author: Zhao Chen Date: Wed Aug 8 06:37:30 2018 +0000 net-next: hinic: fix a problem in free_tx_poll() This patch fixes the problem below. The problem can be reproduced by the following steps: 1) Connecting all HiNIC interfaces 2) On server side # sudo ifconfig eth0 192.168.100.1 up #Using MLX CX4 card # iperf -s 3) On client side # sudo ifconfig eth0 192.168.100.2 up #Using our HiNIC card # iperf -c 192.168.101.1 -P 10 -t 100000 after hours of testing, we will see errors: hinic 0000:05:00.0: No MGMT msg handler, mod = 0 hinic 0000:05:00.0: No MGMT msg handler, mod = 0 hinic 0000:05:00.0: No MGMT msg handler, mod = 0 hinic 0000:05:00.0: No MGMT msg handler, mod = 0 The errors are caused by the following problem. 1) The hinic_get_wqe() checks the "wq->delta" to allocate new WQEs: if (atomic_sub_return(num_wqebbs, &wq->delta) <= 0) { atomic_add(num_wqebbs, &wq->delta); return ERR_PTR(-EBUSY); } If the WQE occupies multiple pages, the shadow WQE will be used. Then the hinic_xmit_frame() fills the WQE. 2) While in parallel with 1), the free_tx_poll() checks the "wq->delta" to free old WQEs: if ((atomic_read(&wq->delta) + num_wqebbs) > wq->q_depth) return ERR_PTR(-EBUSY); There is a probability that the shadow WQE which hinic_xmit_frame() is using will be damaged by copy_wqe_to_shadow(): if (curr_pg != end_pg) { void *shadow_addr = &wq->shadow_wqe[curr_pg * wq->max_wqe_size]; copy_wqe_to_shadow(wq, shadow_addr, num_wqebbs, *cons_idx); return shadow_addr; } This can cause WQE data error and you will see the above error messages. This patch fixes the problem. Signed-off-by: Zhao Chen Signed-off-by: David S. Miller commit 5a0c6cee1767a551dacfa6e266ac4795bba0555e Author: zhong jiang Date: Tue Aug 7 19:20:09 2018 +0800 net:mod: remove unneeded variable 'ret' in init_p9 The ret is modified after initalization, so just remove it and return 0. Signed-off-by: zhong jiang Signed-off-by: David S. Miller commit fb3b467e067385748445c5295fdbde548b631cb2 Author: zhong jiang Date: Tue Aug 7 19:20:08 2018 +0800 net:af_iucv: get rid of the unneeded variable 'err' in afiucv_pm_freeze We will not use the variable 'err' after initalization, So remove it and return 0. Signed-off-by: zhong jiang Signed-off-by: David S. Miller commit 605391d0f4bfdff2f2c6c5477ce0ccf776d8d5c0 Author: Richard Fitzgerald Date: Wed Aug 8 17:13:39 2018 +0100 ASoC: wm_adsp: Make DSP name configurable by codec driver Instead of harcoding that a core must always be called "DSPn" add a name member to struct wm_adsp so that the owning codec driver can provide a custom name. This allows for re-use of the wm_adsp driver with parts where the processing cores are named differently. If no name is provided the default DSPn name is used. Signed-off-by: Richard Fitzgerald Signed-off-by: Mark Brown commit 35ef57a4190d4253b73720cf0402158eda0f1bc8 Merge: 0a047f07525f 0717edbdfed6 Author: Mark Brown Date: Wed Aug 8 17:32:10 2018 +0100 Merge branch 'asoc-4.18' into asoc-4.19 wmadsp dep commit 0a047f07525fecfa8f6fccc5d30afff7e816de8d Author: Richard Fitzgerald Date: Wed Aug 8 17:13:38 2018 +0100 ASoC: wm_adsp: Declare firmware controls from codec driver To allow for more flexibility in naming of DSP-type cores move the creation of the firmware controls to the codec drivers instead of having a hardcoded list in wm_adsp. Signed-off-by: Richard Fitzgerald Signed-off-by: Mark Brown commit 212dfd909ea8b630e5d6fa4d25aeec9c4b4b14a5 Author: Fernando Fernandez Mancera Date: Tue Aug 7 22:06:52 2018 +0200 netfilter: nfnetlink_osf: add missing enum in nfnetlink_osf uapi header xt_osf_window_size_options was originally part of include/uapi/linux/netfilter/xt_osf.h, restore it. Fixes: bfb15f2a95cb ("netfilter: extract Passive OS fingerprint infrastructure from xt_osf") Signed-off-by: Fernando Fernandez Mancera Signed-off-by: Pablo Neira Ayuso commit a12fc00b237c25519cc861b56dd4ca41bbec4ed3 Author: zhong jiang Date: Wed Aug 8 23:22:47 2018 +0800 drivers/block/drbd: remove the null check for kmem_cache_destroy kmem_cache_destroy has taken null pointer into account. So it is safe to drop the null check before calling the function. Signed-off-by: zhong jiang Signed-off-by: Jens Axboe commit 61b717d041b1976530f68f8b539b2e3a7dd8e39c Author: Bart Van Assche Date: Tue Jun 26 08:39:36 2018 -0700 RDMA/rxe: Set wqe->status correctly if an unexpected response is received Every function that returns COMPST_ERROR must set wqe->status to another value than IB_WC_SUCCESS before returning COMPST_ERROR. Fix the only code path for which this is not yet the case. Signed-off-by: Bart Van Assche Cc: Reviewed-by: Yuval Shaia Signed-off-by: Jason Gunthorpe commit 2e51e45cf613491a2bd9d757f04e36d8617be5ac Author: Potnuri Bharat Teja Date: Fri Aug 3 18:26:47 2018 +0530 iw_cxgb4: pass window scale in flowc work request This will allow FW to not send more data to TP (which would then need to be buffered). Pass the negotiated TCP window scale to FW in the FLOWC WR. Also refactor send_flowc() a bit to clean it up. Signed-off-by: Steve Wise Signed-off-by: Potnuri Bharat Teja Signed-off-by: Jason Gunthorpe commit 0dfe452241f4904de497aef01ad2f609ccb9be90 Author: Leon Romanovsky Date: Wed Aug 1 14:25:41 2018 -0700 RDMA/mlx5: Fix shift overflow in mlx5_ib_create_wq [ 61.182439] UBSAN: Undefined behaviour in drivers/infiniband/hw/mlx5/qp.c:5366:34 [ 61.183673] shift exponent 4294967288 is too large for 32-bit type 'unsigned int' [ 61.185530] CPU: 0 PID: 639 Comm: qp Not tainted 4.18.0-rc1-00037-g4aa1d69a9c60-dirty #96 [ 61.186981] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-2.fc27 04/01/2014 [ 61.188315] Call Trace: [ 61.188661] dump_stack+0xc7/0x13b [ 61.190427] ubsan_epilogue+0x9/0x49 [ 61.190899] __ubsan_handle_shift_out_of_bounds+0x1ea/0x22f [ 61.197040] mlx5_ib_create_wq+0x1c99/0x1d50 [ 61.206632] ib_uverbs_ex_create_wq+0x499/0x820 [ 61.213892] ib_uverbs_write+0x77e/0xae0 [ 61.248018] vfs_write+0x121/0x3b0 [ 61.249831] ksys_write+0xa1/0x120 [ 61.254024] do_syscall_64+0x7c/0x2a0 [ 61.256178] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.259211] RIP: 0033:0x7f54bab70e99 [ 61.262125] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 [ 61.268678] RSP: 002b:00007ffe1541c318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 61.271076] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f54bab70e99 [ 61.273795] RDX: 0000000000000070 RSI: 0000000020000240 RDI: 0000000000000003 [ 61.276982] RBP: 00007ffe1541c330 R08: 00000000200078e0 R09: 0000000000000002 [ 61.280035] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004005c0 [ 61.283279] R13: 00007ffe1541c420 R14: 0000000000000000 R15: 0000000000000000 Cc: # 4.7 Fixes: 79b20a6c3014 ("IB/mlx5: Add receive Work Queue verbs") Cc: syzkaller Reported-by: Noa Osherovich Signed-off-by: Leon Romanovsky Signed-off-by: Kees Cook Signed-off-by: Jason Gunthorpe commit d36b6ad27c7b95e3f6bfbf6ea33757c8e8accf01 Author: Kees Cook Date: Wed Aug 1 14:25:40 2018 -0700 test_overflow: Add shift overflow tests This adds overflow tests for the new check_shift_overflow() helper to validate overflow, signedness glitches, storage glitches, etc. Co-developed-by: Rasmus Villemoes Signed-off-by: Kees Cook Signed-off-by: Jason Gunthorpe commit 0c66847793d1982d1083dc6f7adad60fa265ce9c Author: Jason Gunthorpe Date: Wed Aug 1 14:25:39 2018 -0700 overflow.h: Add arithmetic shift helper Add shift_overflow() helper to assist driver authors in ensuring that shift operations don't cause overflows or other odd conditions. Signed-off-by: Jason Gunthorpe Signed-off-by: Leon Romanovsky [kees: tweaked comments and commit log, dropped unneeded assignment] Signed-off-by: Kees Cook commit f5580d0f8bf60993a5fbc73ee04678070ffbba57 Author: Bob Peterson Date: Wed Aug 8 09:53:30 2018 -0500 gfs2: eliminate update_rgrp_lvb_unlinked Function update_rgrp_lvb_unlinked used to do the same thing as be32_add_cpu. This patch removes it in favor of using be32_add_cpu directly. Signed-off-by: Bob Peterson Reviewed-by: Andrew Price commit 69daf897d75b31ff90031bb0a49a8d65cedfe3ca Author: zhong jiang Date: Wed Aug 8 23:00:35 2018 +0800 drivers/block/aoe/aoedev: NULL check is not needed for mempool_destroy mempool_destroy has taken the null pointer into account. So it is safe to remove the null check. Signed-off-by: zhong jiang Signed-off-by: Jens Axboe commit d5fcc4e46e5168e6a6ce1e350ad0714a9d880c8e Author: zhong jiang Date: Wed Aug 8 22:58:33 2018 +0800 drivers/block/mtip32xx: remove the null check for debugfs_remove_recursive debugfs_remove_recursive has taken null pointer into account. So it is safe to drop the null check before calling the function. Signed-off-by: zhong jiang Signed-off-by: Jens Axboe commit 3596924a233e45aa918c961a902170fc4916461b Author: Roger Pau Monne Date: Wed Aug 8 13:46:41 2018 +0200 xen/balloon: fix balloon initialization for PVH Dom0 The current balloon code tries to calculate a delta factor for the balloon target when running in HVM mode in order to account for memory used by the firmware. This workaround for memory accounting doesn't work properly on a PVH Dom0, that has a static-max value different from the target value even at startup. Note that this is not a problem for DomUs because guests are started with a static-max value that matches the amount of RAM in the memory map. Fix this by forcefully setting target_diff for Dom0, regardless of it's mode. Reported-by: Gabriel Bercarug Signed-off-by: Roger Pau Monné Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky commit f23d0d449c169d94cc958196a1d088705ef26ebc Author: Thomas Petazzoni Date: Fri Aug 3 16:38:48 2018 +0200 PCI: mvebu: Drop bogus comment above mvebu_pcie_map_registers() This comment has been there since the driver was introduced, but seems to be a leftover from previous iterations of the driver. Indeed, we do not lookup in a list to find the register ranges that matches the given port/lane, as the "reg" property is in each sub-node representing a PCI port. There is no lookup involved at all. Signed-off-by: Thomas Petazzoni Signed-off-by: Lorenzo Pieralisi commit 42342073e38b50113354944cd51dcfed28d857a1 Author: Thomas Petazzoni Date: Fri Aug 3 16:38:47 2018 +0200 PCI: mvebu: Convert to use pci_host_bridge directly Rather than using the ARM-specific pci_common_init_dev() API, use the pci_host_bridge logic directly. Unfortunately, we can't use devm_of_pci_get_host_bridge_resources(), because the DT binding for describing PCIe apertures for this PCI controller is a bit special, and we cannot retrieve them from the 'ranges' property. Therefore, we still have some special code to handle this. Signed-off-by: Thomas Petazzoni Signed-off-by: Lorenzo Pieralisi commit 8179de98cd35242446f4c7a6ecdd73c6c41f0cfb Author: Mauro Carvalho Chehab Date: Wed Aug 8 09:54:49 2018 -0400 siano: get rid of an unused return code for debugfs register The siano's debugfs register logic is optional: it should be ok if it fails. So, no need to check if debufs register succeeded. Signed-off-by: Mauro Carvalho Chehab commit 6c33d826b5c468033c21d8653d148dd758bbab28 Author: Mauro Carvalho Chehab Date: Tue Aug 7 09:48:36 2018 -0400 media: isp: fix a warning about a wrong struct initializer As sparse complains: drivers/media/platform/omap3isp/isp.c:303:39: warning: Using plain integer as NULL pointer when a struct is initialized with { 0 }, actually the first element of the struct is initialized with zeros, initializing the other elements recursively. That can even generate gcc warnings on nested structs. So, instead, use the gcc-specific syntax for that (with is used broadly inside the Kernel), initializing it with {}; Signed-off-by: Mauro Carvalho Chehab commit dcefa533bd97922a3cac37f395247082be44600b Author: Mauro Carvalho Chehab Date: Tue Aug 7 09:25:37 2018 -0400 media: radio-wl1273: fix return code for the polling routine All poll handlers should return a poll flag, and not error codes. So, instead of returning an error, do the right thing here, e. g. to return EPOLERR on errors, just like the V4L2 VB2 code. Solves the following sparse warning: drivers/media/radio/radio-wl1273.c:1099:24: warning: incorrect type in return expression (different base types) drivers/media/radio/radio-wl1273.c:1099:24: expected restricted __poll_t drivers/media/radio/radio-wl1273.c:1099:24: got int Signed-off-by: Mauro Carvalho Chehab commit c46aa8491dd40d4ede5c9196c20d78e1e8c27786 Author: Mauro Carvalho Chehab Date: Tue Aug 7 09:23:33 2018 -0400 media: s3c-camif: fix return code for the polling routine All poll handlers should return a poll flag, and not error codes. So, instead of returning an error, do the right thing here, e. g. to return EPOLERR on errors, just like the V4L2 VB2 code. Solves the following sparse warning: drivers/media/platform/s3c-camif/camif-capture.c:604:21: warning: incorrect type in assignment (different base types) drivers/media/platform/s3c-camif/camif-capture.c:604:21: expected restricted __poll_t [usertype] ret drivers/media/platform/s3c-camif/camif-capture.c:604:21: got int Signed-off-by: Mauro Carvalho Chehab commit 9de1be6ec05a635079fbcf75c5d47f656b61fe4a Author: Mauro Carvalho Chehab Date: Tue Aug 7 09:18:26 2018 -0400 media: saa7164: fix return codes for the polling routine All poll handlers should return a poll flag, and not error codes. So, instead of returning an error, do the right thing at saa7164, e. g. to return EPOLERR on errors, just like the V4L2 VB2 code. Solves the following sparse warnings: drivers/media/pci/saa7164/saa7164-vbi.c:632:24: warning: incorrect type in return expression (different base types) drivers/media/pci/saa7164/saa7164-vbi.c:632:24: expected restricted __poll_t drivers/media/pci/saa7164/saa7164-vbi.c:632:24: got int drivers/media/pci/saa7164/saa7164-vbi.c:637:40: warning: incorrect type in return expression (different base types) drivers/media/pci/saa7164/saa7164-vbi.c:637:40: expected restricted __poll_t drivers/media/pci/saa7164/saa7164-vbi.c:637:40: got int drivers/media/pci/saa7164/saa7164-vbi.c:647:40: warning: incorrect type in return expression (different base types) drivers/media/pci/saa7164/saa7164-vbi.c:647:40: expected restricted __poll_t drivers/media/pci/saa7164/saa7164-vbi.c:647:40: got int Signed-off-by: Mauro Carvalho Chehab commit 541b647a34d36827bf06aa64c3a5e5936cffa10f Author: Mauro Carvalho Chehab Date: Tue Aug 7 09:15:27 2018 -0400 media: exynos-gsc: fix return code if mutex was interrupted All poll routines expect a poll flag, and not error codes. So, instead of returning -ERESTARTSYS if the mutex got interrupted, return EPOLERR, just like the V4L2 VB2 code. Solves this sparce warning: drivers/media/platform/exynos-gsc/gsc-m2m.c:716:24: warning: incorrect type in return expression (different base types) drivers/media/platform/exynos-gsc/gsc-m2m.c:716:24: expected restricted __poll_t drivers/media/platform/exynos-gsc/gsc-m2m.c:716:24: got int Signed-off-by: Mauro Carvalho Chehab commit 484f9b372dd8da6a4a9867ebcd10e5c2b21ab478 Author: Jacopo Mondi Date: Tue Aug 7 11:38:14 2018 -0400 media: mt9v111: Fix build error with no VIDEO_V4L2_SUBDEV_API The v4l2_subdev_get_try_format() function is only defined if the VIDEO_V4L2_SUBDEV_API Kconfig option is enabled. Builds configured without that symbol fails with: drivers/media/i2c/mt9v111.c:801:10: error: implicit declaration of function 'v4l2_subdev_get_try_format'; Fix this by protecting the function call by testing for the right symbol. media: mt9v111: fix random build errors Fix the internal check for it to do the right thing if the subdev API is not built. Fixes: aab7ed1c ("media: i2c: Add driver for Aptina MT9V111") Reported-by: Randy Dunlap Reported-by: kbuild test robot Signed-off-by: Jacopo Mondi Signed-off-by: Mauro Carvalho Chehab commit 8218840f76a525f014f404b5e97d9523e327f4b0 Author: Mauro Carvalho Chehab Date: Tue Aug 7 08:16:09 2018 -0400 media: xc4000: get rid of uneeded casts Instead of doing casts, use %zd to print sizes, in order to make smatch happier: drivers/media/tuners/xc4000.c:818 xc4000_fwupload() warn: argument 4 to %d specifier is cast from pointer Signed-off-by: Mauro Carvalho Chehab commit c4f047969fa1707e1312e6600b630aef516e13c6 Author: Mauro Carvalho Chehab Date: Tue Aug 7 08:14:43 2018 -0400 media: drxj: get rid of uneeded casts Instead of doing casts, use %zd to print sizes, in order to make smatch happier: drivers/media/dvb-frontends/drx39xyj/drxj.c:11814 drx_ctrl_u_code() warn: argument 4 to %u specifier is cast from pointer drivers/media/dvb-frontends/drx39xyj/drxj.c:11845 drx_ctrl_u_code() warn: argument 3 to %u specifier is cast from pointer drivers/media/dvb-frontends/drx39xyj/drxj.c:11869 drx_ctrl_u_code() warn: argument 3 to %u specifier is cast from pointer drivers/media/dvb-frontends/drx39xyj/drxj.c:11878 drx_ctrl_u_code() warn: argument 3 to %u specifier is cast from pointer Signed-off-by: Mauro Carvalho Chehab commit 3fcb3c836ef413d3fc848288b308eb655e08d853 Author: Mauro Carvalho Chehab Date: Tue Aug 7 08:10:34 2018 -0400 media: tuner-xc2028: don't use casts for printing sizes Makes smatch happier by using %zd instead of casting sizes: drivers/media/tuners/tuner-xc2028.c:378 load_all_firmwares() warn: argument 4 to %d specifier is cast from pointer drivers/media/tuners/tuner-xc2028.c:619 load_firmware() warn: argument 6 to %d specifier is cast from pointer Signed-off-by: Mauro Carvalho Chehab commit 40e431112c63296a6130810ab62a5fe73953f074 Author: Mauro Carvalho Chehab Date: Tue Aug 7 07:59:20 2018 -0400 media: cleanup fall-through comments As Ian pointed out, adding a '-' to the fallthrough seems to meet the regex requirements at level 3 of the warning, at least when the comment fits into a single line. So, replace by a single line the comments that were broken into multiple lines just to make gcc -Wimplicit-fallthrough=3 happy. Suggested-by: Ian Arkver Signed-off-by: Mauro Carvalho Chehab commit 3354b54f9f7037a1122d3b6009aa9d39829d6843 Author: Mauro Carvalho Chehab Date: Tue Aug 7 07:29:12 2018 -0400 media: vivid: shut up warnings due to a non-trivial logic The vivid driver uses a complex logic to save one kalloc/kfree allocation. That non-trivial way of allocating data causes smatch to warn: drivers/media/platform/vivid/vivid-core.c:869 vivid_create_instance() warn: potentially one past the end of array 'dev->query_dv_timings_qmenu[dev->query_dv_timings_size]' drivers/media/platform/vivid/vivid-core.c:869 vivid_create_instance() warn: potentially one past the end of array 'dev->query_dv_timings_qmenu[dev->query_dv_timings_size]' I also needed to read the code several times in order to understand what it was desired there. It turns that the logic was right, although confusing to read. As it is doing allocations on a non-standard way, let's add some documentation while shutting up the false positive. Signed-off-by: Mauro Carvalho Chehab commit 845b978a871bff3707eee611b32e4be0b9a94dd2 Author: Mauro Carvalho Chehab Date: Tue Aug 7 06:49:26 2018 -0400 media: rtl28xxu: be sure that it won't go past the array size smatch warns that the RC query code could go past the array size: drivers/media/usb/dvb-usb-v2/rtl28xxu.c:1757 rtl2832u_rc_query() error: buffer overflow 'buf' 128 <= 130 drivers/media/usb/dvb-usb-v2/rtl28xxu.c:1758 rtl2832u_rc_query() error: buffer overflow 'buf' 128 <= 130 The driver logic gets the length of the IR RX buffer with: ret = rtl28xxu_rd_reg(d, IR_RX_BC, &buf[0]); ... len = buf[0]; In thesis, this could range between 0 and 255 [1]. While this should never happen in practice, due to hardware limits, smatch is right when it complains about that, as there's nothing at the logic that would prevent it. So, if for whatever reason, buf[0] gets filled by rtl28xx read functions with a value bigger than 128, it will go past the array. So, add an explicit check. [1] I've no idea why smatch thinks that the maximum value is 130. I double-checked the code several times. Was unable to find any reason for assuming 130. Perhaps smatch is not properly parsing u8 here? Fixes: b5cbaa43a676 ("[media] rtl28xx: initial support for rtl2832u") Signed-off-by: Mauro Carvalho Chehab commit d9a71866944967b8622c493ef1b570ccb74e45ae Author: Mauro Carvalho Chehab Date: Tue Aug 7 06:36:31 2018 -0400 media: mt9v111: avoid going past the buffer As warned by smatch: drivers/media/i2c/mt9v111.c:854 mt9v111_enum_frame_size() error: buffer overflow 'mt9v111_frame_sizes' 5 <= 5 drivers/media/i2c/mt9v111.c:855 mt9v111_enum_frame_size() error: buffer overflow 'mt9v111_frame_sizes' 5 <= 5 drivers/media/i2c/mt9v111.c:856 mt9v111_enum_frame_size() error: buffer overflow 'mt9v111_frame_sizes' 5 <= 5 drivers/media/i2c/mt9v111.c:857 mt9v111_enum_frame_size() error: buffer overflow 'mt9v111_frame_sizes' 5 <= 5 Signed-off-by: Mauro Carvalho Chehab commit 75070c6a3311e320508427bbc779c4de6942872e Author: Mauro Carvalho Chehab Date: Tue Aug 7 06:17:00 2018 -0400 media: vsp1_dl: add a description for cmdpool field Gets rid of this build warning: drivers/media/platform/vsp1/vsp1_dl.c:229: warning: Function parameter or member 'cmdpool' not described in 'vsp1_dl_manager' Fixes: f3b98e3c4d2e ("media: vsp1: Provide support for extended command pools") Reviewed-by: Kieran Bingham Signed-off-by: Mauro Carvalho Chehab commit 5a553d6ba103e28247f4e2d10bcc25545cd4d9cb Author: Thomas Petazzoni Date: Fri Aug 3 16:38:46 2018 +0200 PCI: mvebu: Use resource_size() to remap I/O space Instead of hardcoding the remapping of IO_SPACE_LIMIT - SZ_64K, use resource_size(). However, we cannot use just IO_SPACE_LIMIT, because pci_ioremap_io() has a bug and doesn't allow remapping the last 64 KB before IO_SPACE_LIMIT, so we ensure that we do not exceed this limit. When the pci_ioremap_io() issue is fixed, this work around can be dropped. Note that this workaround already existed, since we were mapping only up to IO_SPACE_LIMIT - SZ_64K. Suggested-by: Lorenzo Pieralisi Signed-off-by: Thomas Petazzoni [lorenzo.pieralisi@arm.com: tweaked the commit log] Signed-off-by: Lorenzo Pieralisi commit ee1604381a371b3ea6aec7d5e43b6e3f5e153854 Author: Thomas Petazzoni Date: Fri Aug 3 16:38:45 2018 +0200 PCI: mvebu: Only remap I/O space if configured If there is no PCI I/O aperture configured in the Device Tree, it does not make sense to create the virtual mapping for the PCI I/O space, since we will anyway not create the MBus window that will allow to access it. Therefore, do the pci_ioremap_io() only if necessary. Signed-off-by: Thomas Petazzoni Signed-off-by: Lorenzo Pieralisi commit dfd0309fd7b30a5baffaf47b2fccb88b46d64d69 Author: Thomas Petazzoni Date: Fri Aug 3 16:38:44 2018 +0200 PCI: mvebu: Fix I/O space end address calculation pcie->realio.end should be the address of last byte of the area, therefore using resource_size() of another resource is not correct, we must substract 1 to get the address of the last byte. Fixes: 11be65472a427 ("PCI: mvebu: Adapt to the new device tree layout") Signed-off-by: Thomas Petazzoni Signed-off-by: Lorenzo Pieralisi commit 6554f9501915101ba89aab6e40c83139d23f853a Author: Thomas Petazzoni Date: Fri Aug 3 16:38:43 2018 +0200 PCI: mvebu: Remove redundant platform_set_drvdata() call This is already done earlier in mvebu_pcie_probe(). Signed-off-by: Thomas Petazzoni Signed-off-by: Lorenzo Pieralisi commit 3db2776d9fca45305e6c2065905d9a0e7b2c8212 Author: David Jeffery Date: Tue Aug 7 16:56:00 2018 -0400 dm snapshot: improve performance by switching out_of_order_list to rbtree copy_complete()'s processing of out_of_order_list can result in quadratic complexity in the worst case. As such it was the source of consuming too much cpu and the source of significant loss in performance. Fix this by converting out_of_order_list to an rbtree. This improved a dm-snapshot test copy workload from 32 seconds to 4 seconds. Signed-off-by: David Jeffery Signed-off-by: Mikulas Patocka Tested-by: Brett Hull Signed-off-by: Mike Snitzer commit 784c9a29e99eb40b842c29ecf1cc3a79e00fb629 Author: John Pittman Date: Mon Aug 6 15:53:12 2018 -0400 dm kcopyd: avoid softlockup in run_complete_job It was reported that softlockups occur when using dm-snapshot ontop of slow (rbd) storage. E.g.: [ 4047.990647] watchdog: BUG: soft lockup - CPU#10 stuck for 22s! [kworker/10:23:26177] ... [ 4048.034151] Workqueue: kcopyd do_work [dm_mod] [ 4048.034156] RIP: 0010:copy_callback+0x41/0x160 [dm_snapshot] ... [ 4048.034190] Call Trace: [ 4048.034196] ? __chunk_is_tracked+0x70/0x70 [dm_snapshot] [ 4048.034200] run_complete_job+0x5f/0xb0 [dm_mod] [ 4048.034205] process_jobs+0x91/0x220 [dm_mod] [ 4048.034210] ? kcopyd_put_pages+0x40/0x40 [dm_mod] [ 4048.034214] do_work+0x46/0xa0 [dm_mod] [ 4048.034219] process_one_work+0x171/0x370 [ 4048.034221] worker_thread+0x1fc/0x3f0 [ 4048.034224] kthread+0xf8/0x130 [ 4048.034226] ? max_active_store+0x80/0x80 [ 4048.034227] ? kthread_bind+0x10/0x10 [ 4048.034231] ret_from_fork+0x35/0x40 [ 4048.034233] Kernel panic - not syncing: softlockup: hung tasks Fix this by calling cond_resched() after run_complete_job()'s callout to the dm_kcopyd_notify_fn (which is dm-snap.c:copy_callback in the above trace). Signed-off-by: John Pittman Signed-off-by: Mike Snitzer commit e4f6a44c4aeca9eda153302abb0c14d053914f72 Author: John Whitmore Date: Tue Aug 7 22:12:41 2018 +0100 staging:rtl8192u: Remove unused macro definitions - Style Removed unused macro definitions as they add nothing to the code. This is a coding style change which should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 6a2e1905bfb9c826bcc0c866a8abfb8802a02ab7 Author: John Whitmore Date: Tue Aug 7 22:12:40 2018 +0100 staging:rtl8192u: Add spaces around '+' operator - Style Add spaces around '+' operator as required by the coding standard. This clears the checkpatch issue. This change is purely coding style in nature and should have not effect on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 976418c5771992948753e875340f5b07505d3a28 Author: John Whitmore Date: Tue Aug 7 22:12:39 2018 +0100 staging:rtl8192u: Remove stale comment - Style Remove a comment which appears to be from a previous version of code. This is a coding style change which should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit a621f75cb8dde0ea57ff14e001766da1f1347431 Author: Michael Straube Date: Wed Aug 8 13:06:21 2018 +0200 staging: rtl8188eu: remove unused mp_custom_oid.h The header mp_custom_oid.h is not used, so remove it. 'git grep mp_custom_oid.h drivers/staging/rtl8188eu/' returns nothing. Signed-off-by: Michael Straube Signed-off-by: Greg Kroah-Hartman commit 1b989094bae2d73ea65994cc388bb00585005556 Author: Leonardo Brás Date: Tue Aug 7 21:29:49 2018 -0300 staging: fbtft: Add spaces around / - Style Puts spaces around the /. Signed-off-by: Leonardo Brás Signed-off-by: Greg Kroah-Hartman commit 1315e8bad80c02a630e4f20e1518b21c3adef4d6 Author: Leonardo Brás Date: Tue Aug 7 21:29:18 2018 -0300 staging: fbtft: Erases some repetitive usage of function name - Style Changes this functions to avoid using "blank" on debug twice. Improves log readability. Signed-off-by: Leonardo Brás Signed-off-by: Greg Kroah-Hartman commit c21cbb5ee3b2c21907915fd365ad1ad85579d603 Author: Leonardo Brás Date: Tue Aug 7 21:29:10 2018 -0300 staging: fbtft: Adjust some empty-line problems - Style Erases some blank lines. Signed-off-by: Leonardo Brás Signed-off-by: Greg Kroah-Hartman commit 5bfac06f3e21669a1109fe05bb457adac711312a Author: Leonardo Brás Date: Tue Aug 7 21:29:04 2018 -0300 staging: fbtft: Removes one nesting level to help readability - Style This nesting level was removed to improve readability. Signed-off-by: Leonardo Brás Signed-off-by: Greg Kroah-Hartman commit d9932c8be094b2891c50348513bfeae578cd5e1e Author: Leonardo Brás Date: Tue Aug 7 21:28:57 2018 -0300 staging: fbtft: Changes gamma table to define. Most of other "Gamma Tables" were already boxed on a define, just did the same to PIOLED. Signed-off-by: Leonardo Brás Signed-off-by: Greg Kroah-Hartman commit e66f30ee1369af24366ce947a29d1362b8cd882c Author: Leonardo Brás Date: Tue Aug 7 21:28:50 2018 -0300 staging: fbtft: A bit more information on dev_err. Adds a bit more information on debug. The line break was to avoid obfuscating the parameters on the end of a large line. Signed-off-by: Leonardo Brás Signed-off-by: Greg Kroah-Hartman commit 333c7b940526be12b8a831b08f948a07e0955271 Author: Leonardo Brás Date: Tue Aug 7 21:28:29 2018 -0300 staging: fbtft: Fixes some alignment issues - Style Fixes (most) alignment issues pointed by checkpatch.pl. Signed-off-by: Leonardo Brás Signed-off-by: Greg Kroah-Hartman commit 0b1533c6c6f63bca9807fd6f295d769b6f4b5a11 Author: Leonardo Brás Date: Tue Aug 7 21:28:16 2018 -0300 staging: fbtft: Puts macro arguments in parenthesis to avoid precedence issues - Style Puts macro arguments in parenthesis to avoid precedence issues. Some large lines were broken to fit the 80-char limit. Signed-off-by: Leonardo Brás Signed-off-by: Greg Kroah-Hartman commit 243638bc1c76a34d709432a59453f31123408742 Author: Colin Ian King Date: Mon Aug 6 14:31:02 2018 +0100 staging: rtl8188eu: remove unused array dB_Invert_Table Array dB_Invert_Table is declared but not used, hence it is redundant and can be removed. Cleans up clang warning: warning: ‘dB_Invert_Table’ defined but not used [-Wunused-const-variable=] Signed-off-by: Colin Ian King Signed-off-by: Greg Kroah-Hartman commit 705030a151cd2700415ba0eed98bd20459bac8b0 Author: Michael Straube Date: Sun Aug 5 21:05:16 2018 +0200 staging: rtl8188eu: remove whitespace, add missing blank line Replace tabs with spaces and/or remove spaces where appropriate. Add a missing blank line after declarations. Also clears checkpatch warnings. WARNING: Statements should start on a tabstop WARNING: suspect code indent for conditional statements (8, 17) Signed-off-by: Michael Straube Signed-off-by: Greg Kroah-Hartman commit 5c3bd8481c38a94b5442de556a88edfe5848e9a8 Author: Michael Straube Date: Sun Aug 5 21:05:15 2018 +0200 staging: rtl8188eu: use is_multicast_ether_addr in rtw_sta_mgt.c Use is_multicast_ether_addr instead of custom IS_MCAST in core/rtw_sta_mgt.c. Signed-off-by: Michael Straube Signed-off-by: Greg Kroah-Hartman commit e18676cc6e208e4b6cb7bd07faeac4a3e6aed9fa Author: Michael Straube Date: Sun Aug 5 21:05:14 2018 +0200 staging: rtl8188eu: remove whitespace - style Replace tabs with spaces and/or remove spaces where appropriate. Signed-off-by: Michael Straube Signed-off-by: Greg Kroah-Hartman commit 353c6774bd8ebaab76f01efd3ed5551073b1be4c Author: Michael Straube Date: Sun Aug 5 21:05:13 2018 +0200 staging: rtl8188eu: cleanup block comment - style Cleanup a block comment to conform with kernel coding style. Also cleans 'line over 80 characters' checkpatch warnings. Signed-off-by: Michael Straube Signed-off-by: Greg Kroah-Hartman commit d39e86cbd8ae75e6761b14ce34e689a13605629e Author: Michael Straube Date: Sun Aug 5 21:05:12 2018 +0200 staging: rtl8188eu: use is_multicast_ether_addr in rtl8188eu_xmit.c Use is_multicast_ether_addr instead of custom IS_MCAST in hal/rtl8188eu_xmit.c. There is only one use, so remove the extra variable for the result of IS_MCAST. Signed-off-by: Michael Straube Signed-off-by: Greg Kroah-Hartman commit 247e415fbc3e4728a3d2ea3334f19e1d3556f4c1 Author: Michael Straube Date: Sun Aug 5 21:05:11 2018 +0200 staging: rtl8188eu: use is_multicast_ether_addr in recv_linux.c Use is_multicast_ether_addr instead of custom IS_MCAST in os_dep/recv_linux.c. Signed-off-by: Michael Straube Signed-off-by: Greg Kroah-Hartman commit f7992a043f5cf9a3249c9168e828166c2ce2674d Author: Luke Triantafyllidis Date: Fri Aug 3 14:37:13 2018 +1000 staging: rtlwifi: refactor rtl_get_tcb_desc Refactored rtl_get_tcb_desc slightly to stay within the 80 character line limit. Signed-off-by: Luke Triantafyllidis Signed-off-by: Greg Kroah-Hartman commit e083926b3e269d4064825dcf2ad50c636fddf8cf Author: Ian Abbott Date: Mon Aug 6 11:05:13 2018 +0100 staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice The PFI subdevice flags indicate that the subdevice is readable and writeable, but that is only true for the supported "M-series" boards, not the older "E-series" boards. Only set the SDF_READABLE and SDF_WRITABLE subdevice flags for the M-series boards. These two flags are mainly for informational purposes. Signed-off-by: Ian Abbott Signed-off-by: Greg Kroah-Hartman commit 532f14d973949948bf1a3f33e17a8548a30b33d5 Author: Sergio Paracuellos Date: Fri Aug 3 10:27:08 2018 +0200 staging: mt7621-dts: add pcie controller port registers The pcie node of the device tree only contains registers for the host-bridge and pcie port 0. Add the pcie port 1 and pcie port 2 also. Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit 4cafd03a916e2f7c15520fed0b7894cf25f4ecc5 Author: Sergio Paracuellos Date: Fri Aug 3 10:27:07 2018 +0200 staging: mt7621-pci: remove remaining pci_legacy dependant code pcibios_* remaining code is not neccessary at all. We can use map_irq set to of_irq_parse_and_map_pci driver 'probe' function. Remove this code. Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit 8594351af0f9e065885a6bbcb5248736e8a5612a Author: Sergio Paracuellos Date: Fri Aug 3 10:27:06 2018 +0200 staging: mt7621-pci: rename RALINK_PCI_CONFIG_DATA_VIRTUAL_REG definition RALINK_PCI_CONFIG_DATA_VIRTUAL_REG is a very long name. Make it a bit shorter renaming it to RALINK_PCI_CONFIG_DATA. Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit 88e8fa0c26ba400ac15fad9cf6461f746ddb3aca Author: Sergio Paracuellos Date: Fri Aug 3 10:27:05 2018 +0200 staging: mt7621-pci: use BIT macro in preprocessor definitions Some preprocessor definitions are using a custom implementation of BIT macro. Just use linux kernel BIT macro instead. Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit c00f0352bed0ff03d193a56387eb421e04d9415b Author: Sergio Paracuellos Date: Fri Aug 3 10:27:04 2018 +0200 staging: mt7621-pci: remove RALINK_PCI_BASE from remaining definitions RALINK_PCI_BASE has no sense and this driver has base address readed and mapped from device tree. Remove remaining uses of it and change code to use pcie_read and pcie_write functions in places where this was being used. Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit 152f3893f4bdcbf2202c08d376b837b62f54a7e4 Author: Sergio Paracuellos Date: Fri Aug 3 10:27:03 2018 +0200 staging: mt7621-pci: use pcie_[read|write] in RALINK_PCI_PCICFG_ADDR and RALINK_PCI_PCIMSK_ADDR RALINK_PCI_PCICFG_ADDR and RALINK_PCI_PCIMSK_ADDR are defined to be directly referenced for read and write. Use pcie_read and pcie_write instead changing its definition to a simple relative offset to pcie base address. Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit cd7d07db8b83cfc88d4ee3a1d5f751cf6af58f13 Author: Sergio Paracuellos Date: Fri Aug 3 10:27:02 2018 +0200 staging: mt7621-pci: review includes putting them in alphabethic order There are some includes that are being used that are not really needed to correct driver compilation. Remove them and reorder the rest alphabetically. Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit e38bb1754003d9a0fba5b59f23c850615664cbe6 Author: Sergio Paracuellos Date: Fri Aug 3 10:27:01 2018 +0200 staging: mt7621-pci: avoid register duplication per controller using pcie_[read|write] Use pcie_[read|write] fucntions to read and write controller registers. Define those only by offset and pass controller offset + register offset relative to base address to functions. Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit edec14020e3fcfb0a86bfa9f1d512b922697890f Author: Sergio Paracuellos Date: Fri Aug 3 10:27:00 2018 +0200 staging: mt7621-pci: remove unused macros There some macros that are not being used. Remove them. Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit f8427fae570988deb5a78514ae6d70be1af0d358 Author: Sergio Paracuellos Date: Fri Aug 3 10:26:59 2018 +0200 staging: mt7621-pci: simplify write_config function write_config function is always called with bus and func being 0. Avoid those params and just use 0 inside the function. Review parameter types changing for more proper ones. Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit c0431f4f4aef9a52875d19af3c220e6c8f60d427 Author: Sergio Paracuellos Date: Fri Aug 3 10:26:58 2018 +0200 staging: mt7621-pci: simplify read_config function read_config function is always called with bus and func being 0. Avoid those params and just use 0 inside the function. Return readed value instead pass a reference parameter. Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit 9f999b41502714e7a33f3723f4a3aba85bd0324c Author: Sergio Paracuellos Date: Fri Aug 3 10:26:57 2018 +0200 staging: mt7621-pci: use pcie_[read|write] in [write|read]_config Instead of custom macros use pcie_read and pcie_write functions. Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit 52ed727ca031ca7a6fcfde55a2902ac4845d736c Author: Sergio Paracuellos Date: Fri Aug 3 10:26:56 2018 +0200 staging: mt7621-pci: add pcie_write and pcie_read helpers Introdice this functions to make easier to write/read to/from an offset relative to base address Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit e9d03d17dd94399bbc658394501d41a10ea1ef70 Author: Sergio Paracuellos Date: Fri Aug 3 10:26:55 2018 +0200 staging: mt7621-pci: remove dead code derived to not use custom reads and writes Driver is using now pci subsystem generics reads and writes and requesting bus resources without using legacy code functions. Because of this there is a lot of dead code that can be removed. Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit 8571c62d45cb7e9fdff87fe5132002d17fbce7a3 Author: Sergio Paracuellos Date: Fri Aug 3 10:26:54 2018 +0200 staging: mt7621-pci: use generic kernel pci subsystem read and write map_bus callback is called before every .read/.write operation. Implement it and change custom read write operations for the pci subsystem generics. Make the probe function to don't use legacy stuff and request bus resources directly. Get pci register base and ranges from device tree. The driver is not using PCI_LEGACY code anymore and shall use the PCI_DRIVERS_GENERIC option to correct compile it. Add also new Kconfig file for this controller setting there its correct dependencies. Signed-off-by: Sergio Paracuellos Tested-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit 3c4d9137eefecf273a520d392071ffc9df0a9a7a Author: Gustavo A. R. Silva Date: Tue Aug 7 18:59:57 2018 -0500 arm64: alternative: Use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Will Deacon commit 6488a7f35eeab463f6c9c2ea34d30ca856f0bc8e Merge: 7efe25a70c37 5c5c87411488 379521462e4a d81dc82e0f19 04c532a1cdc7 f1a066fcc972 d9737953d851 d88e61faad52 Author: Joerg Roedel Date: Wed Aug 8 12:02:27 2018 +0200 Merge branches 'arm/shmobile', 'arm/renesas', 'arm/msm', 'arm/smmu', 'arm/omap', 'x86/amd', 'x86/vt-d' and 'core' into next commit 66414e80245e1e73222f67ee711951c7f4bdedab Author: Tal Shorer Date: Tue Aug 7 23:42:39 2018 +0300 nvme-fabrics: fix ctrl_loss_tmo < 0 to reconnect forever When the user supplies a ctrl_loss_tmo < 0, we warn them that this will cause the fabrics layer to attempt reconnection forever. However, in reality the fabrics layer never attempts to reconnect because the condition to test whether we should reconnect is backwards in this case. Signed-off-by: Tal Shorer Reviewed-by: Chaitanya Kulkarni Signed-off-by: Christoph Hellwig commit dedf0be544614b6d9d395e78d72cc8c30d03e440 Author: Chaitanya Kulkarni Date: Tue Aug 7 23:01:07 2018 -0700 nvmet: add ns write protect support This patch implements the Namespace Write Protect feature described in "NVMe TP 4005a Namespace Write Protect". In this version, we implement No Write Protect and Write Protect states for target ns which can be toggled by set-features commands from the host side. For write-protect state transition, we need to flush the ns specified as a part of command so we also add helpers for carrying out synchronous flush operations. Signed-off-by: Chaitanya Kulkarni [hch: fixed an incorrect endianess conversion, minor cleanups] Signed-off-by: Christoph Hellwig commit 1293477f4f324f9cf23a36f6cc0adc6801f1baac Author: Chaitanya Kulkarni Date: Tue Aug 7 23:01:06 2018 -0700 nvme: set gendisk read only based on nsattr NVMe 1.3 TP 4005 introduces new filed (NSATTR). This field indicates whether given namespace is write protected or not. This patch sets the gendisk associated with the namespace to read only based on the identify namespace nsattr field. Signed-off-by: Chaitanya Kulkarni Signed-off-by: Christoph Hellwig commit 93045d5942da60801e71764597d448cf37a798c1 Author: Chaitanya Kulkarni Date: Tue Aug 7 23:01:05 2018 -0700 nvme.h: add support for ns write protect definitions Add various definitions from NVMe 1.3 TP 4005. Signed-off-by: Chaitanya Kulkarni Signed-off-by: Christoph Hellwig commit 8b92d0e3d400390660a26ef7f475524700fb86cf Author: Hannes Reinecke Date: Wed Aug 8 08:35:29 2018 +0200 nvme.h: fixup ANA group descriptor format ANA Phase 3 draft had the 'reserved' field in the group descriptor format set to '23:17' (so that the first namespace identifier started at byte 24), but that got move with the approved TP to '31:17' (so that the first namespace identifier started at byte 32). Signed-off-by: Hannes Reinecke Signed-off-by: Christoph Hellwig commit 0717edbdfed61b4c1e8291140f78882d3a481042 Author: Ryan Lee Date: Tue Aug 7 20:06:38 2018 -0700 ASoC: max98373: Added software reset register to readable registers Signed-off-by: Ryan Lee Signed-off-by: Mark Brown commit b1470d4ce77c2d60661c7d5325d4fb8063e15ff8 Author: Ajit Pandey Date: Tue Aug 7 18:30:42 2018 +0100 ASoC: wm_adsp: Correct DSP pointer for preloader control The offset of the DSP core needs to be taken into account for the DSP preloader control get and put. Currently the dsp->preloaded variable will only ever be read/updated on the first DSP, whilst this doesn't affect the operation of the control the readback will be incorrect. Signed-off-by: Ajit Pandey Signed-off-by: Charles Keepax Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit 4f3fb287358337d739bd2186769a8c74aae19ac6 Author: Krzysztof Kozlowski Date: Tue Aug 7 18:18:26 2018 +0200 regulator: samsung: Add SPDX license identifiers Replace GPL v2.0+ license statements with SPDX license identifiers. Signed-off-by: Krzysztof Kozlowski Signed-off-by: Mark Brown commit 5e9384c705fcfa6bf6d3937967df3ab1f5e414cb Author: Krzysztof Kozlowski Date: Tue Aug 7 18:18:25 2018 +0200 regulator: maxim: Add SPDX license identifiers Replace GPL v2.0 and v2.0+ license statements with SPDX license identifiers. Signed-off-by: Krzysztof Kozlowski Signed-off-by: Mark Brown commit f861e3e28a3016a2064d9f600eaa92a530b732b4 Author: Matthias Kaehlcke Date: Tue Aug 7 10:19:40 2018 -0700 ASoC: rt5677: Fix initialization of rt5677_of_match.data The driver expects to find the device id in rt5677_of_match.data, however it is currently assigned to rt5677_of_match.type. Fix this. The problem was found with the help of clang: sound/soc/codecs/rt5677.c:5010:36: warning: expression which evaluates to zero treated as a null pointer constant of type 'const void *' [-Wnon-literal-null-conversion] { .compatible = "realtek,rt5677", RT5677 }, ^~~~~~ Fixes: ddc9e69b9dc2 ("ASoC: rt5677: Hide platform data in the module sources") Signed-off-by: Matthias Kaehlcke Reviewed-by: Guenter Roeck Acked-by: Andy Shevchenko Signed-off-by: Mark Brown commit c5fe50aaa20c87cd863fdc56ec7c8e504986f31d Author: Michael Straube Date: Sun Aug 5 22:43:06 2018 +0200 Revert "staging:r8188eu: Use lib80211 to encrypt (CCMP) tx frames" On a Raven Ridge system with a r8188eu usb wifi device commit 515ce733e86e ("staging:r8188eu: Use lib80211 to encrypt (CCMP) tx frames") is causing two bugs and a warning in dmesg: [ 22.618465] BUG: scheduling while atomic: NetworkManager/489/0x00000202 [ 22.618466] Modules linked in: amdkfd amd_iommu_v2 amdgpu nls_iso8859_1 nls_cp437 vfat fat r8188eu(C) edac_mce_amd chash kvm_amd gpu_sched i2c_algo_bit ccp ttm rng_core lib80211 kvm snd_hda_codec_realtek snd_hda_codec_generic cfg80211 snd_hda_codec_hdmi snd_hda_intel input_leds drm_kms_helper irqbypass snd_hda_codec crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc rfkill led_class mousedev joydev wmi_bmof snd_hda_core drm aesni_intel snd_hwdep aes_x86_64 crypto_simd cryptd glue_helper snd_pcm pcspkr sp5100_tco snd_timer r8169 k10temp agpgart i2c_piix4 snd mii syscopyarea sysfillrect sysimgblt fb_sys_fops soundcore rtc_cmos evdev gpio_amdpt pinctrl_amd mac_hid wmi pcc_cpufreq acpi_cpufreq crypto_user ip_tables x_tables ext4 crc32c_generic crc16 mbcache jbd2 fscrypto hid_generic usbhid hid sd_mod [ 22.618549] ahci xhci_pci libahci xhci_hcd crc32c_intel libata usbcore scsi_mod usb_common [ 22.618554] Preemption disabled at: [ 22.618558] [] __dev_queue_xmit+0x74/0x910 [ 22.618561] CPU: 3 PID: 489 Comm: NetworkManager Tainted: G C 4.18.0-rc7-staging+ #14 [ 22.618562] Hardware name: Gigabyte Technology Co., Ltd. A320M-S2H/A320M-S2H-CF, BIOS F23d 04/17/2018 [ 22.618563] Call Trace: [ 22.618569] dump_stack+0x5c/0x80 [ 22.618571] ? __dev_queue_xmit+0x74/0x910 [ 22.618574] __schedule_bug.cold.14+0x82/0x9b [ 22.618576] __schedule+0x6fd/0x8b0 [ 22.618578] ? enqueue_task_fair+0xc3/0x730 [ 22.618580] schedule+0x32/0x90 [ 22.618581] schedule_timeout+0x311/0x4a0 [ 22.618583] ? _raw_spin_unlock_irqrestore+0x20/0x40 [ 22.618585] ? try_to_wake_up+0x231/0x480 [ 22.618586] wait_for_common+0x15f/0x190 [ 22.618588] ? wake_up_q+0x70/0x70 [ 22.618597] ? rtw_aes_encrypt+0x26f/0x290 [r8188eu] [ 22.618598] wait_for_completion_killable+0x19/0x30 [ 22.618601] call_usermodehelper_exec+0x115/0x160 [ 22.618603] __request_module+0x1ac/0x3e2 [ 22.618606] ? netlink_broadcast_filtered+0x142/0x400 [ 22.618607] ? netlink_broadcast+0xf/0x20 [ 22.618615] rtw_aes_encrypt+0x26f/0x290 [r8188eu] [ 22.618622] ? rtw_get_stainfo+0xe6/0x130 [r8188eu] [ 22.618629] rtw_xmitframe_coalesce+0x950/0xb00 [r8188eu] [ 22.618631] ? _raw_spin_lock_irqsave+0x25/0x50 [ 22.618638] rtw_hal_xmit+0x83/0x130 [r8188eu] [ 22.618645] rtw_xmit+0x258/0x5d0 [r8188eu] [ 22.618652] rtw_xmit_entry+0xe8/0x2e7 [r8188eu] [ 22.618654] dev_hard_start_xmit+0xa5/0x240 [ 22.618657] sch_direct_xmit+0x150/0x340 [ 22.618658] __dev_queue_xmit+0x2f6/0x910 [ 22.618661] packet_sendmsg+0x948/0x15a7 [ 22.618663] ? attach_to_pi_owner+0x38/0x180 [ 22.618666] sock_sendmsg+0x33/0x40 [ 22.618668] __sys_sendto+0xee/0x160 [ 22.618670] ? memzero_explicit+0xa/0x10 [ 22.618672] ? urandom_read+0x120/0x270 [ 22.618675] __x64_sys_sendto+0x24/0x30 [ 22.618677] do_syscall_64+0x5b/0x170 [ 22.618678] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.618680] RIP: 0033:0x7f0942790c12 [ 22.618680] Code: 48 83 ec 18 44 89 4c 24 08 e8 9a f5 ff ff 44 8b 4c 24 08 4d 89 f8 45 89 f2 89 c5 4c 89 ea 4c 89 e6 89 df b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3a 89 ef 48 89 44 24 08 e8 ca f5 ff ff 48 8b [ 22.618700] RSP: 002b:00007ffe2051be30 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 22.618701] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 00007f0942790c12 [ 22.618702] RDX: 0000000000000148 RSI: 0000559278761700 RDI: 0000000000000011 [ 22.618703] RBP: 0000000000000000 R08: 00005592787aa860 R09: 0000000000000014 [ 22.618703] R10: 0000000000000000 R11: 0000000000000293 R12: 0000559278761700 [ 22.618704] R13: 0000000000000148 R14: 0000000000000000 R15: 00005592787aa860 [ 22.620488] lib80211_crypt: registered algorithm 'CCMP' [ 22.620735] ------------[ cut here ]------------ [ 22.620738] DEBUG_LOCKS_WARN_ON(val > preempt_count()) [ 22.620744] WARNING: CPU: 3 PID: 489 at kernel/sched/core.c:3246 preempt_count_sub+0x5a/0x90 [ 22.620749] Modules linked in: lib80211_crypt_ccmp amdkfd amd_iommu_v2 amdgpu nls_iso8859_1 nls_cp437 vfat fat r8188eu(C) edac_mce_amd chash kvm_amd gpu_sched i2c_algo_bit ccp ttm rng_core lib80211 kvm snd_hda_codec_realtek snd_hda_codec_generic cfg80211 snd_hda_codec_hdmi snd_hda_intel input_leds drm_kms_helper irqbypass snd_hda_codec crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc rfkill led_class mousedev joydev wmi_bmof snd_hda_core drm aesni_intel snd_hwdep aes_x86_64 crypto_simd cryptd glue_helper snd_pcm pcspkr sp5100_tco snd_timer r8169 k10temp agpgart i2c_piix4 snd mii syscopyarea sysfillrect sysimgblt fb_sys_fops soundcore rtc_cmos evdev gpio_amdpt pinctrl_amd mac_hid wmi pcc_cpufreq acpi_cpufreq crypto_user ip_tables x_tables ext4 crc32c_generic crc16 mbcache jbd2 fscrypto hid_generic [ 22.620792] usbhid hid sd_mod ahci xhci_pci libahci xhci_hcd crc32c_intel libata usbcore scsi_mod usb_common [ 22.620803] CPU: 3 PID: 489 Comm: NetworkManager Tainted: G WC 4.18.0-rc7-staging+ #14 [ 22.620804] Hardware name: Gigabyte Technology Co., Ltd. A320M-S2H/A320M-S2H-CF, BIOS F23d 04/17/2018 [ 22.620808] RIP: 0010:preempt_count_sub+0x5a/0x90 [ 22.620809] Code: 14 f7 6b c3 e8 57 89 2d 00 85 c0 74 f6 8b 15 55 6a 5a 01 85 d2 75 ec 48 c7 c6 2e 01 e7 94 48 c7 c7 db b2 e5 94 e8 90 77 fd ff <0f> 0b c3 84 d2 75 c9 e8 2a 89 2d 00 85 c0 74 c9 8b 05 28 6a 5a 01 [ 22.620842] RSP: 0018:ffffa1904133bc48 EFLAGS: 00010286 [ 22.620844] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001 [ 22.620846] RDX: 0000000080000001 RSI: ffffffff94e82606 RDI: 00000000ffffffff [ 22.620847] RBP: ffff8eb4449eac00 R08: 0000001af4246984 R09: 00000000000003f1 [ 22.620849] R10: ffffffff955f7700 R11: 0000000000000000 R12: ffff8eb4449eacac [ 22.620850] R13: ffff8eb4565da800 R14: ffff8eb453ca2000 R15: 0000000000000003 [ 22.620852] FS: 00007f0944d69000(0000) GS:ffff8eb45ecc0000(0000) knlGS:0000000000000000 [ 22.620853] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.620854] CR2: 00007ffe20518fa8 CR3: 0000000207844000 CR4: 00000000003406e0 [ 22.620855] Call Trace: [ 22.620859] _raw_spin_unlock+0x16/0x30 [ 22.620862] sch_direct_xmit+0x178/0x340 [ 22.620866] __dev_queue_xmit+0x2f6/0x910 [ 22.620870] packet_sendmsg+0x948/0x15a7 [ 22.620873] ? attach_to_pi_owner+0x38/0x180 [ 22.620877] sock_sendmsg+0x33/0x40 [ 22.620880] __sys_sendto+0xee/0x160 [ 22.620885] ? memzero_explicit+0xa/0x10 [ 22.620887] ? urandom_read+0x120/0x270 [ 22.620891] __x64_sys_sendto+0x24/0x30 [ 22.620893] do_syscall_64+0x5b/0x170 [ 22.620896] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.620898] RIP: 0033:0x7f0942790c12 [ 22.620899] Code: 48 83 ec 18 44 89 4c 24 08 e8 9a f5 ff ff 44 8b 4c 24 08 4d 89 f8 45 89 f2 89 c5 4c 89 ea 4c 89 e6 89 df b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3a 89 ef 48 89 44 24 08 e8 ca f5 ff ff 48 8b [ 22.620925] RSP: 002b:00007ffe2051be30 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 22.620928] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 00007f0942790c12 [ 22.620929] RDX: 0000000000000148 RSI: 0000559278761700 RDI: 0000000000000011 [ 22.620930] RBP: 0000000000000000 R08: 00005592787aa860 R09: 0000000000000014 [ 22.620931] R10: 0000000000000000 R11: 0000000000000293 R12: 0000559278761700 [ 22.620933] R13: 0000000000000148 R14: 0000000000000000 R15: 00005592787aa860 [ 22.620936] ---[ end trace ecf9299fa6cc3176 ]--- [ 22.620940] BUG: using __this_cpu_read() in preemptible [00000000] code: NetworkManager/489 [ 22.620942] caller is __local_bh_enable_ip+0x50/0x80 [ 22.620945] CPU: 3 PID: 489 Comm: NetworkManager Tainted: G WC 4.18.0-rc7-staging+ #14 [ 22.620946] Hardware name: Gigabyte Technology Co., Ltd. A320M-S2H/A320M-S2H-CF, BIOS F23d 04/17/2018 [ 22.620947] Call Trace: [ 22.620950] dump_stack+0x5c/0x80 [ 22.620955] check_preemption_disabled.cold.0+0x46/0x51 [ 22.620958] __local_bh_enable_ip+0x50/0x80 [ 22.620961] __dev_queue_xmit+0x450/0x910 [ 22.620964] packet_sendmsg+0x948/0x15a7 [ 22.620967] ? attach_to_pi_owner+0x38/0x180 [ 22.620971] sock_sendmsg+0x33/0x40 [ 22.620973] __sys_sendto+0xee/0x160 [ 22.620976] ? memzero_explicit+0xa/0x10 [ 22.620978] ? urandom_read+0x120/0x270 [ 22.620982] __x64_sys_sendto+0x24/0x30 [ 22.620984] do_syscall_64+0x5b/0x170 [ 22.620986] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.620990] RIP: 0033:0x7f0942790c12 [ 22.620991] Code: 48 83 ec 18 44 89 4c 24 08 e8 9a f5 ff ff 44 8b 4c 24 08 4d 89 f8 45 89 f2 89 c5 4c 89 ea 4c 89 e6 89 df b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3a 89 ef 48 89 44 24 08 e8 ca f5 ff ff 48 8b [ 22.621017] RSP: 002b:00007ffe2051be30 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 22.621020] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 00007f0942790c12 [ 22.621021] RDX: 0000000000000148 RSI: 0000559278761700 RDI: 0000000000000011 [ 22.621024] RBP: 0000000000000000 R08: 00005592787aa860 R09: 0000000000000014 [ 22.621025] R10: 0000000000000000 R11: 0000000000000293 R12: 0000559278761700 [ 22.621026] R13: 0000000000000148 R14: 0000000000000000 R15: 00005592787aa860 Revert the commit fixes the issues and dmesg looks good again. Fixes: 515ce733e86e ("staging:r8188eu: Use lib80211 to encrypt (CCMP) tx frames") Signed-off-by: Michael Straube Signed-off-by: Greg Kroah-Hartman commit 3978c8e3237c9d09364501bcefdb8c40368421d9 Author: Gao Xiang Date: Mon Aug 6 11:27:53 2018 +0800 staging: erofs: remove an extra semicolon in z_erofs_vle_unzip_all There is an extra semicolon in z_erofs_vle_unzip_all, remove it. Reported-by: Julia Lawall Signed-off-by: zhong jiang Reviewed-by: Chao Yu Signed-off-by: Gao Xiang Signed-off-by: Greg Kroah-Hartman commit ec6e6925fc2adb98ef351d7c25a7e41caa4d5b77 Author: zhong jiang Date: Mon Aug 6 11:10:19 2018 +0800 staging: gasket: remove some extra semicolon That semicolons are unneeded, Just remove them. Signed-off-by: zhong jiang Signed-off-by: Greg Kroah-Hartman commit 8d84a9c1d29dbad517228e7e64d07b4d86dc7f59 Author: Sumit Pundir Date: Tue Aug 7 16:14:28 2018 +0530 staging: gasket: fix code indent for conditional statement Fixed a coding style issue related to indentation. Reported by checkpatch.pl Signed-off-by: Sumit Pundir Signed-off-by: Greg Kroah-Hartman commit d37d2dd41f7ad0bc0996e600727480ffaaad6fd3 Author: Todd Poynor Date: Sun Aug 5 13:07:49 2018 -0700 staging: gasket: core: remove incorrect extraneous comment A copy-and-pasted comment from another code sequence is removed from gasket core init sequence. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit 4801fc6f7f72447efc7c2f6e886c887ff5bf5f4c Author: Todd Poynor Date: Sun Aug 5 13:07:48 2018 -0700 staging: gasket: apex: place in low power reset until opened The apex device is left out of reset mode at the end of device probe/initialize processing. Add a call to enter reset at the end of the sequence, triggering power gating and other low power features. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit 95a2c279b2c7c2e59977d5b0773a15ba26b7ce4b Author: Todd Poynor Date: Sun Aug 5 13:07:47 2018 -0700 staging: gasket: core: protect against races during unregister Keep mutex held across the unregistration operation, until the driver_desc field of the global table is removed, to prevent a concurrent accessor from looking up the driver_desc while gasket_unregister_device() is in the processing of removing it. Reported-by: Guenter Roeck Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit 71934948b0a18c227de088a40c7660b5ed8cce2c Author: Todd Poynor Date: Sun Aug 5 13:07:46 2018 -0700 staging: gasket: apex: move sysfs setup code to probe function The gasket framework no longer provides callbacks to the device driver for sysfs setup and teardown. Move the sysfs setup code to the device probe function. Apex does not implement sysfs cleanup code. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit 565eeedaa0c1b2b0d8abd3845e349de29065a5d2 Author: Todd Poynor Date: Sun Aug 5 13:07:45 2018 -0700 staging: gasket: core: remove sysfs setup and cleanup callbacks Gasket device drivers now call into the gasket framework to initialize and de-initialize, rather than the other way around. The calling code can perform sysfs setup and cleanup actions without callbacks from the framework. Remove the sysfs setup and cleanup callbacks. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit c169d876bfbfedd9ed3d3968924c24455bb4cb2f Author: Todd Poynor Date: Sun Aug 5 13:07:44 2018 -0700 staging: gasket: apex: fold device add/remove logic inline Gasket device drivers are now in charge of the device add and remove sequences; the framework callbacks for these are deleted. Move the apex device add callback code to the probe function. Apex did not implement the removal callback. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit 4420ea9366a5df61cbb0bb2ad827ff6391904f56 Author: Todd Poynor Date: Sun Aug 5 13:07:43 2018 -0700 staging: gasket: core: delete device add and remove callbacks Gasket device drivers are now in charge of orchestrating the device add and removal sequences, so the callbacks from the framework to the device drivers for these events are no longer needed. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit 38da89d5cc958d2b0cf03c237cd155ab08973b1a Author: Todd Poynor Date: Sun Aug 5 13:07:42 2018 -0700 staging: gasket: apex: enable/disable gasket device from apex Gasket framework now places device drivers in charge of calling APIs to enable and disable gasket device operations. Make the appropriate calls from the apex driver. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit 39091410d0d8eeb07f3b08ff4e44400ccd434762 Author: Todd Poynor Date: Sun Aug 5 13:07:41 2018 -0700 staging: gasket: core: let device driver enable/disable gasket device Move gasket device enable/disable functions from internal calls to external calls from the gasket device drivers. The device driver will call these functions at appropriate times in its processing, placing the device driver in control of this sequence and reducing the need for callbacks from framework back to the device drivers during the enable/disable sequences. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit 2f649036fa66b1494da6ecf8bd4d53167e10e36f Author: Todd Poynor Date: Sun Aug 5 13:07:40 2018 -0700 staging: gasket: apex: remove device enable and disable callbacks These are not implemented for apex, and are now being removed from the gasket framework. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit 1b25e6e81aab048107ed20c218c2b04261fd94ec Author: Todd Poynor Date: Sun Aug 5 13:07:39 2018 -0700 staging: gasket: core: remove device enable and disable callbacks Device enable/disable operations are moving from being initiated through the gasket framework to being initiated by the gasket device driver. The driver can perform any processing needed for these operations before or after the calls into the framework. Neither of these callbacks are implemented for the only gasket driver upstream today, apex. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit c75e2bb32fd04ebcdeaa907144027c0b9c416f05 Author: Todd Poynor Date: Sun Aug 5 13:07:38 2018 -0700 staging: gasket: core: convert remaining info logs to debug Remaining info-level logs in gasket core converted to debug-level; the information is not needed during normal system operation. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit 1453e90cc40e0b6660b872a573755f8f28c17593 Author: Todd Poynor Date: Sun Aug 5 13:07:37 2018 -0700 staging: gasket: apex: move PCI core calls to apex driver Apex driver moves PCI core calls like probe, enable, and remove from gasket to apex. Call new functions in gasket to register apex as a PCI device to the gasket framework. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit b7072b24fa61f42c356ffdfaa0544065d6f1c23b Author: Todd Poynor Date: Sun Aug 5 13:07:36 2018 -0700 staging: gasket: core: move core PCI calls to device drivers Remove gasket wrapping of PCI probe, enable, disable, and remove functions. Replace with calls to add and remove PCI gasket devices, to be called by the gasket device drivers. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit a81d678949471d5b7f399cfcf2e48e0382427805 Author: Todd Poynor Date: Sun Aug 5 13:07:35 2018 -0700 staging: gasket: sysfs: clean up state if ENOMEM removing mapping If kcalloc() returns NULL in put_mapping(), continue to clean up state, including dropping the reference on the struct device and free attribute memory. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit 04c532a1cdc7e423656c07937aa4b5c1c2b064f9 Author: Ralf Goebel Date: Mon Aug 6 17:00:36 2018 +0200 iommu/omap: Fix cache flushes on L2 table entries The base address used for DMA operations on the second-level table did incorrectly include the offset for the table entry. The offset was then added again which lead to incorrect behavior. Operations on the L1 table are not affected. The calculation of the base address is changed to point to the beginning of the L2 table. Fixes: bfee0cf0ee1d ("iommu/omap: Use DMA-API for performing cache flushes") Acked-by: Suman Anna Signed-off-by: Ralf Goebel Signed-off-by: Joerg Roedel commit d88e61faad526a5850e9330c846641b91cf971e7 Author: Christoph Hellwig Date: Mon Jul 30 09:36:26 2018 +0200 iommu: Remove the ->map_sg indirection All iommu drivers use the default_iommu_map_sg implementation, and there is no good reason to ever override it. Just expose it as iommu_map_sg directly and remove the indirection, specially in our post-spectre world where indirect calls are horribly expensive. Signed-off-by: Christoph Hellwig Signed-off-by: Joerg Roedel commit 128f38041035001276e964cda1cf951f218d965d Author: Sherry Yang Date: Tue Aug 7 12:57:13 2018 -0700 android: binder: Rate-limit debug and userspace triggered err msgs Use rate-limited debug messages where userspace can trigger excessive log spams. Acked-by: Arve Hjønnevåg Signed-off-by: Sherry Yang Signed-off-by: Greg Kroah-Hartman commit 7c27a26e1ed5a7dd709aa19685d2c98f64e1cf0c Author: Breno Leitao Date: Tue Aug 7 11:15:39 2018 -0300 selftests/powerpc: Kill child processes on SIGINT There are some powerpc selftests, as tm/tm-unavailable, that run for a long period (>120 seconds), and if it is interrupted, as pressing CRTL-C (SIGINT), the foreground process (harness) dies but the child process and threads continue to execute (with PPID = 1 now) in background. In this case, you'd think the whole test exited, but there are remaining threads and processes being executed in background. Sometimes these zombies processes are doing annoying things, as consuming the whole CPU or dumping things to STDOUT. This patch fixes this problem by attaching an empty signal handler to SIGINT in the harness process. This handler will interrupt (EINTR) the parent process waitpid() call, letting the code to follow through the normal flow, which will kill all the processes in the child process group. This patch also fixes a typo. Signed-off-by: Breno Leitao Signed-off-by: Gustavo Romero Signed-off-by: Michael Ellerman commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b Author: Andi Kleen Date: Tue Aug 7 15:09:39 2018 -0700 x86/mm/pat: Make set_memory_np() L1TF safe set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have the L1TF protection of inverting the address bits. Replace the open coded PTE manipulation with the L1TF protecting low level PTE routines. Passes the CPA self test. Signed-off-by: Andi Kleen Signed-off-by: Thomas Gleixner commit 0768f91530ff46683e0b372df14fd79fe8d156e5 Author: Andi Kleen Date: Tue Aug 7 15:09:37 2018 -0700 x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert Some cases in THP like: - MADV_FREE - mprotect - split mark the PMD non present for temporarily to prevent races. The window for an L1TF attack in these contexts is very small, but it wants to be fixed for correctness sake. Use the proper low level functions for pmd/pud_mknotpresent() to address this. Signed-off-by: Andi Kleen Signed-off-by: Thomas Gleixner commit f22cc87f6c1f771b57c407555cfefd811cdd9507 Author: Andi Kleen Date: Tue Aug 7 15:09:36 2018 -0700 x86/speculation/l1tf: Invert all not present mappings For kernel mappings PAGE_PROTNONE is not necessarily set for a non present mapping, but the inversion logic explicitely checks for !PRESENT and PROT_NONE. Remove the PROT_NONE check and make the inversion unconditional for all not present mappings. Signed-off-by: Andi Kleen Signed-off-by: Thomas Gleixner commit 6d33b3069ed84be9b8430ccc7705d0e747542a4f Merge: a39284ae9d2a 15e2a7218c27 Author: Greg Kroah-Hartman Date: Wed Aug 8 08:37:53 2018 +0200 Merge tag 'fsi-updates-2018-08-08' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/linux-fsi into char-misc-next Ben writes: FSI Updates for 4.19 This adds two FSI fixes: - Fix a NULL dereference in the scom driver - Fix a command buffer size issue in the sbefifo driver that breaks some operations with POWER system debugger (cronus) commit ee3d212d7c86703e765473a4b444d347aa2984af Merge: 854457d21485 640332d1a089 Author: Stephen Boyd Date: Tue Aug 7 22:53:37 2018 -0700 Merge tag 'v4.19-rockchip-clk2' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip into clk-rockchip Pull one final rockchip update from Heiko Stuebner: pclk_rkpwm_pmu as critical clock, due to it supplying the pwm used to drive the logic supply of the rk3399 core. * tag 'v4.19-rockchip-clk2' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip: clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 commit 15e2a7218c2788d79c5633336d17cb9428c221e7 Author: Benjamin Herrenschmidt Date: Tue Aug 7 11:51:52 2018 +1000 fsi: sbefifo: Bump max command length Otherwise cronus putmem fails istep and BML fails to upload skiboot To do that, we still use our one-page command buffer for small commands for speed, and for anything bigger, with a limit of 1MB plus a page, we vmalloc a temporary buffer. The limit was chosen because Cronus will break up any data transfer into 1M chunks (the extra page is for the command header). Signed-off-by: Benjamin Herrenschmidt Reviewed-by: Andrew Jeffery commit e93dd8a1ac3141290936f174b81f4a9ba0c1c8a6 Author: Moritz Fischer Date: Tue Aug 7 16:35:20 2018 -0700 net: nixge: Get rid of unused struct member 'last_link' Get rid of unused struct member 'last_link' Signed-off-by: Moritz Fischer Signed-off-by: David S. Miller commit 3517c5b75df128087edb8281472f7dc52434631c Merge: 541ad323db3a e38c2e11ebcc Author: David S. Miller Date: Tue Aug 7 17:54:21 2018 -0700 Merge branch 'net-ethernet-Mark-expected-switch-fall-throughs' Gustavo A. R. Silva says: ==================== net: ethernet: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, this patchset aims to add some annotations in order to mark switch cases where we are expecting to fall through. ==================== Signed-off-by: David S. Miller commit e38c2e11ebcc2bd13aa8220bc4ccce5228030526 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:32:19 2018 -0500 net: ethernet: ti: cpts: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114813 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 681685a1ce060c4fd69b0a1124ef40baadb330a4 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:31:46 2018 -0500 net: tlan: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 141440 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 5683a7a6972059611ea164be0529fdb8db28938c Author: Gustavo A. R. Silva Date: Tue Aug 7 18:31:16 2018 -0500 net: sfc: falcon: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1384500 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 4e50ffcf1fb65375bed0cdb44ee369f33ee3729d Author: Gustavo A. R. Silva Date: Tue Aug 7 18:30:22 2018 -0500 net: ethernet: sxgbe: mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1357414 ("Missing break in switch") Addresses-Coverity-ID: 1357415 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 201e894570b182ab6e49097ed3b3fcc1a7e3cf3c Author: Gustavo A. R. Silva Date: Tue Aug 7 18:29:12 2018 -0500 qlge: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114811 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit d19911ca0521623bcc306738f7a1298f9f56d3c9 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:28:20 2018 -0500 qlcnic: Mark expected switch fall-througs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1410181 ("Missing break in switch") Addresses-Coverity-ID: 1410184 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit b84ad65a75f36abfe20b3c9386e8377982ca8eaa Author: Gustavo A. R. Silva Date: Tue Aug 7 18:27:36 2018 -0500 qede: qede_fp: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1384501 ("Missing break in switch") Addresses-Coverity-ID: 1398869 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit fd3da12dba0d91d817adc4a6037513906bb4e8e9 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:26:49 2018 -0500 netxen_nic: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1410182 ("Missing break in switch") Addresses-Coverity-ID: 1410183 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 53a42286f29f88663d7b40922eca978c88e69709 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:25:57 2018 -0500 qed: qed_dev: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Notice that in this particular case, I replaced the code comments with a proper "fall through" annotation, which is what GCC is expecting to find. Addresses-Coverity-ID: 114809 ("Missing break in switch") Addresses-Coverity-ID: 114810 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit e77f02b812ccb10396d9e5a9a23db14983a344a9 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:25:26 2018 -0500 net/mlx5e: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114808 ("Missing break in switch") Addresses-Coverity-ID: 114802 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 9d81e6a3f64315fa3af3e8f880bbfda35be04188 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:24:38 2018 -0500 vxge: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114796 ("Missing break in switch") Addresses-Coverity-ID: 114804 ("Missing break in switch") Addresses-Coverity-ID: 114806 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 76df93b1779563cda9d38237e5b6422df9ebd2e5 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:24:04 2018 -0500 igbvf: netdev: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114801 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit eed05a094a0dd03f181d3fd65e4be375d88a582c Author: Gustavo A. R. Silva Date: Tue Aug 7 18:23:31 2018 -0500 igb: e1000_phy: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114800 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit b9e0e23f918bafddaaf3b91b099f027679a77467 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:22:57 2018 -0500 igb: e1000_82575: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114799 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 7e9660ff6ff1c154f2590ade0ac3ad563f1522ab Author: Gustavo A. R. Silva Date: Tue Aug 7 18:22:22 2018 -0500 igb_main: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 200521 ("Missing break in switch") Addresses-Coverity-ID: 114797 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit c8581f2bb5dd02d14be61ed9faa052a693a3960e Author: Gustavo A. R. Silva Date: Tue Aug 7 18:21:40 2018 -0500 net/mlx4/en_rx: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114794 ("Missing break in switch") Addresses-Coverity-ID: 114795 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 49a9776fe5d62fd4ff87406efa390a5de9f5f07d Author: Gustavo A. R. Silva Date: Tue Aug 7 18:21:05 2018 -0500 net/mlx4/mcg: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114792 ("Missing break in switch") Addresses-Coverity-ID: 114793 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit f7c3ca2da4640143f04fc50dba74804be02c16ac Author: Gustavo A. R. Silva Date: Tue Aug 7 18:20:27 2018 -0500 i40e_txrx: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114791 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 1e84374f1c3c233c64be6122742c85446c774689 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:19:42 2018 -0500 i40e_main: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114790 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit be44b3afa98205607a7930b155557ccda9efd1e2 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:18:30 2018 -0500 net: hns3: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114789 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 1e14ef19fb49ed6f822129ce7bc819a462b88e11 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:17:50 2018 -0500 net: hns: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114788 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 40f99eda21bd14c7bbc62caee42c9b604ea24f6e Author: Gustavo A. R. Silva Date: Tue Aug 7 18:17:08 2018 -0500 be2net: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114787 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 8fc85c25c1f3f05ccc147af4c470c911afc54998 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:16:07 2018 -0500 net: tulip: de4x5: mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114784 ("Missing break in switch") Addresses-Coverity-ID: 114785 ("Missing break in switch") Addresses-Coverity-ID: 114786 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 10c7666e70d979d78bf6b8c1b6ab6dd68cd0d96b Author: Gustavo A. R. Silva Date: Tue Aug 7 18:15:35 2018 -0500 net: tulip_core: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114782 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 6da5ae5f00e84b469ba52e734c856b707eac90a6 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:15:32 2018 -0500 net: thunderx: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114781 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 92072679a8036215b9ef8fd68d7ef9eef786a9e9 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:14:18 2018 -0500 cxgb3/l2t: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114780 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit d135955f550df5d61bf973a71b758384b32fe638 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:13:44 2018 -0500 cxgb4/t4_hw: mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114777 ("Missing break in switch") Addresses-Coverity-ID: 114778 ("Missing break in switch") Addresses-Coverity-ID: 114779 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 20e4fb12b146cab4ca9c4f1e10c04fcd67823f43 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:13:12 2018 -0500 cxgb4/l2t: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114910 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 19aa45d447002798ec006faddd4f491a5839bebe Author: Gustavo A. R. Silva Date: Tue Aug 7 18:13:05 2018 -0500 liquidio: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 143135 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit b4bc39a3f666c3e93590aefbc00d94b95f80567f Author: Gustavo A. R. Silva Date: Tue Aug 7 18:11:26 2018 -0500 net: macb: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit bc171e87a7e29a41b119fdfccd378f7179b39c23 Author: Gustavo A. R. Silva Date: Tue Aug 7 18:11:14 2018 -0500 bnx2x: Mark expected switch fall-thoughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114878 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 8ea34505060486010f27e323c741eeca5af7980e Author: Gustavo A. R. Silva Date: Tue Aug 7 18:09:19 2018 -0500 alteon: acenic: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114891 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 497e0049b6c8b1923ba6ccb58f3ccf840a32be7e Author: Gustavo A. R. Silva Date: Tue Aug 7 18:09:09 2018 -0500 8390: axnet_cs: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 114889 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit f7ecb1b109da1006a08d5675debe60990e824432 Author: Bart Van Assche Date: Tue Aug 7 16:17:29 2018 -0700 cfq: Suppress compiler warnings about comparisons This patch does not change any functionality but avoids that gcc reports the following warnings when building with W=1: block/cfq-iosched.c: In function ?cfq_back_seek_max_store?: block/cfq-iosched.c:4741:13: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] if (__data < (MIN)) \ ^ block/cfq-iosched.c:4756:1: note: in expansion of macro ?STORE_FUNCTION? STORE_FUNCTION(cfq_back_seek_max_store, &cfqd->cfq_back_max, 0, UINT_MAX, 0); ^~~~~~~~~~~~~~ block/cfq-iosched.c: In function ?cfq_slice_idle_store?: block/cfq-iosched.c:4741:13: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] if (__data < (MIN)) \ ^ block/cfq-iosched.c:4759:1: note: in expansion of macro ?STORE_FUNCTION? STORE_FUNCTION(cfq_slice_idle_store, &cfqd->cfq_slice_idle, 0, UINT_MAX, 1); ^~~~~~~~~~~~~~ block/cfq-iosched.c: In function ?cfq_group_idle_store?: block/cfq-iosched.c:4741:13: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] if (__data < (MIN)) \ ^ block/cfq-iosched.c:4760:1: note: in expansion of macro ?STORE_FUNCTION? STORE_FUNCTION(cfq_group_idle_store, &cfqd->cfq_group_idle, 0, UINT_MAX, 1); ^~~~~~~~~~~~~~ block/cfq-iosched.c: In function ?cfq_low_latency_store?: block/cfq-iosched.c:4741:13: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] if (__data < (MIN)) \ ^ block/cfq-iosched.c:4765:1: note: in expansion of macro ?STORE_FUNCTION? STORE_FUNCTION(cfq_low_latency_store, &cfqd->cfq_latency, 0, 1, 0); ^~~~~~~~~~~~~~ block/cfq-iosched.c: In function ?cfq_slice_idle_us_store?: block/cfq-iosched.c:4775:13: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] if (__data < (MIN)) \ ^ block/cfq-iosched.c:4782:1: note: in expansion of macro ?USEC_STORE_FUNCTION? USEC_STORE_FUNCTION(cfq_slice_idle_us_store, &cfqd->cfq_slice_idle, 0, UINT_MAX); ^~~~~~~~~~~~~~~~~~~ block/cfq-iosched.c: In function ?cfq_group_idle_us_store?: block/cfq-iosched.c:4775:13: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] if (__data < (MIN)) \ ^ block/cfq-iosched.c:4783:1: note: in expansion of macro ?USEC_STORE_FUNCTION? USEC_STORE_FUNCTION(cfq_group_idle_us_store, &cfqd->cfq_group_idle, 0, UINT_MAX); ^~~~~~~~~~~~~~~~~~~ Signed-off-by: Bart Van Assche Signed-off-by: Jens Axboe commit 9b4f43460dd0ee461f5dd65ee1efa152f2e52559 Author: Bart Van Assche Date: Tue Aug 7 16:17:28 2018 -0700 cfq: Annotate fall-through in a switch statement This patch avoids that gcc complains about fall-through when building with W=1. Signed-off-by: Bart Van Assche Signed-off-by: Jens Axboe commit 2f0025675fe51a353e308c38fc7ee0ad75151ef2 Author: Paul Burton Date: Tue Aug 7 16:09:56 2018 -0700 MIPS: VDSO: Force link endianness When building the VDSO with clang it appears to invoke ld without specifying endianness, even though clang itself was provided with a -EB or -EL flag. This results in the build failing due to a mismatch between the objects that are the input to ld, and the output it is attempting to create: VDSO arch/mips/vdso/vdso.so.dbg.raw mips-linux-ld: arch/mips/vdso/elf.o: compiled for a big endian system and target is little endian mips-linux-ld: arch/mips/vdso/elf.o: endianness incompatible with that of the selected emulation mips-linux-ld: failed to merge target specific data of file arch/mips/vdso/elf.o ... Work around this problem by explicitly specifying the link endianness using -Wl,-EB or -Wl,-EL when -EB or -EL are part of KBUILD_CFLAGS. This resolves the build failure when using clang, and doesn't have any negative effect on gcc. Signed-off-by: Paul Burton commit c6d6f4c55f5cda5a7fa5a08eede0eb289937c328 Author: Paul Burton Date: Tue Aug 7 16:06:41 2018 -0700 MIPS: Always specify -EB or -EL when using clang When building using clang, always specify -EB or -EL in order to ensure we target the desired endianness. Since clang cross compiles using a single compiler build with multiple targets, our -dumpmachine tests which don't specify clang's --target argument check output based upon the build machine rather than the machine our build will target. This means our detection of whether to specify -EB fails miserably & we never do. Providing the endianness flag unconditionally for clang resolves this issue & simplifies the clang path somewhat. Signed-off-by: Paul Burton commit 541ad323db3a692a80c276785a15790ba52da24b Author: Nir Dotan Date: Tue Aug 7 19:41:55 2018 +0300 selftests: forwarding: gre_multipath: Update next-hop statistics match criteria gre_multipath test was using egress vlan_id matching on flows, for the purpose of collecting next-hops statistics, later to be compared against configured weights. As matching on vlan_id on egress direction is not supported on all HW devices, change the match criteria to use destination IP. Signed-off-by: Nir Dotan Acked-by: Petr Machata Signed-off-by: David S. Miller commit 736ac8146404560215e7aaf4e28fc2d8746a72d1 Author: Keara Leibovitz Date: Tue Aug 7 15:18:43 2018 -0400 tc-tests: initial version of nat action unit tests Initial set of nat action unit tests. Signed-off-by: Keara Leibovitz Signed-off-by: David S. Miller commit 4df9085b012d40db92a9e08e9ed891ddeed78af1 Merge: 7116983174ff 6fdecfe32f90 Author: David S. Miller Date: Tue Aug 7 15:48:38 2018 -0700 Merge branch 'brcm-omega' Arun Parameswaran says: ==================== Add Broadcom Omega SoC internal switch and phy The patchset is based on David Miller's "net-next" repo. The patches add support for the Broadcom Omega SoC's internal ethernet switch and the internal gphy. The internal ethernet switch in the Omega is a b53 srab based switch. The support for the switch is added to the b53 driver in the dsa framework. The gphy support is added to the bcm7xxx driver. ==================== Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 6fdecfe32f903d9f5f35ee4464fd32ede470dcad Author: Arun Parameswaran Date: Tue Aug 7 10:02:44 2018 -0700 net: phy: Add support for Broadcom Omega internal Combo GPHY Add support for the Broadcom Omega SoC internal Combo Ethernet GPHY to the bcm7xxx phy driver. Signed-off-by: Arun Parameswaran Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit ae7a03bbcf08737957c66c0e75238c97cc221e44 Author: Arun Parameswaran Date: Tue Aug 7 10:02:43 2018 -0700 net: dsa: b53: Add support for Broadcom Omega SoC internal switch Add support for the Broadcom Omega SoC internal ethernet switch to the b53 srab driver in the DSA framework. Signed-off-by: Arun Parameswaran Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit b0a0962519e3bf03bfc5e14c1dc4c21f00f69861 Author: Arun Parameswaran Date: Tue Aug 7 10:02:42 2018 -0700 dt-bindings: net: dsa: Add compatibility strings for Broadcom Omega Add compatibility strings for the internal switch in the Broadcom Omega SoC family (BCM5831X/BCM1140X) to B53. Signed-off-by: Arun Parameswaran Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 7116983174ff8cfa2342c201f70e676c4fac93c8 Merge: ee3444e42f5c 333e2f2cea6c Author: David S. Miller Date: Tue Aug 7 15:43:12 2018 -0700 Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue Jeff Kirsher says: ==================== 40GbE Intel Wired LAN Driver Updates 2018-08-07 This series contains updates to i40e and i40evf only. Sergey cleans up a duplicate call to i40e_prep_for_reset() during shutdown. YueHaibing cleans up i40evf by removing code that was never being used or called within the driver. Jake updates the ethtool statistics to use a helper function since many of the statistics use the same basic logic for copying strings into the supplied buffer. Cleaned up the use of a local variable that is no longer needed or used. Fixed additional stats issues, including the failure to update the data pointer which was causing stats to be reported incorrectly. Mariusz fixes a bug where there was an oversight in configuring FEC when link settings were forced which was causing 25G link to be configured incorrectly. Piotr adds a missing return code for when the firmware returns a busy state. Also added the process to command firmware to start rearrangement when switching between old NVM structure to the new flat NVM. ==================== Signed-off-by: David S. Miller commit 16a3fe634f6a568c6234b8747e5d50487fed3526 Author: Joerg Roedel Date: Tue Aug 7 12:24:31 2018 +0200 x86/mm/pti: Clone kernel-image on PTE level for 32 bit On 32 bit the kernel sections are not huge-page aligned. When we clone them on PMD-level we unevitably map some areas that are normal kernel memory and may contain secrets to user-space. To prevent that we need to clone the kernel-image on PTE-level for 32 bit. Also make the page-table cloning code more general so that it can handle PMD and PTE level cloning. This can be generalized further in the future to also handle clones on the P4D-level. Signed-off-by: Joerg Roedel Signed-off-by: Thomas Gleixner Cc: "H . Peter Anvin" Cc: linux-mm@kvack.org Cc: Linus Torvalds Cc: Andy Lutomirski Cc: Dave Hansen Cc: Josh Poimboeuf Cc: Juergen Gross Cc: Peter Zijlstra Cc: Borislav Petkov Cc: Jiri Kosina Cc: Boris Ostrovsky Cc: Brian Gerst Cc: David Laight Cc: Denys Vlasenko Cc: Eduardo Valentin Cc: Greg KH Cc: Will Deacon Cc: aliguori@amazon.com Cc: daniel.gruss@iaik.tugraz.at Cc: hughd@google.com Cc: keescook@google.com Cc: Andrea Arcangeli Cc: Waiman Long Cc: Pavel Machek Cc: "David H . Gutteridge" Cc: joro@8bytes.org Link: https://lkml.kernel.org/r/1533637471-30953-4-git-send-email-joro@8bytes.org commit 30514effc9206d4e084ec32239ae221db157d43a Author: Joerg Roedel Date: Tue Aug 7 12:24:30 2018 +0200 x86/mm/pti: Don't clear permissions in pti_clone_pmd() The function sets the global-bit on cloned PMD entries, which only makes sense when the permissions are identical between the user and the kernel page-table. Further, only write-permissions are cleared for entry-text and kernel-text sections, which are not writeable at the end of the boot process. The reason why this RW clearing exists is that in the early PTI implementations the cloned kernel areas were set up during early boot before the kernel text is set to read only and not touched afterwards. This is not longer true. The cloned areas are still set up early to get the entry code working for interrupts and other things, but after the kernel text has been set RO the clone is repeated which copies the RO PMD/PTEs over to the user visible clone. That means the initial clearing of the writable bit can be avoided. [ tglx: Amended changelog ] Signed-off-by: Joerg Roedel Signed-off-by: Thomas Gleixner Acked-by: Dave Hansen Cc: "H . Peter Anvin" Cc: linux-mm@kvack.org Cc: Linus Torvalds Cc: Andy Lutomirski Cc: Josh Poimboeuf Cc: Juergen Gross Cc: Peter Zijlstra Cc: Borislav Petkov Cc: Jiri Kosina Cc: Boris Ostrovsky Cc: Brian Gerst Cc: David Laight Cc: Denys Vlasenko Cc: Eduardo Valentin Cc: Greg KH Cc: Will Deacon Cc: aliguori@amazon.com Cc: daniel.gruss@iaik.tugraz.at Cc: hughd@google.com Cc: keescook@google.com Cc: Andrea Arcangeli Cc: Waiman Long Cc: Pavel Machek Cc: "David H . Gutteridge" Cc: joro@8bytes.org Link: https://lkml.kernel.org/r/1533637471-30953-3-git-send-email-joro@8bytes.org commit 7e4237faa7213c1cc1d0aa65a44c67ba4729ce9f Author: nixiaoming Date: Sun Aug 5 17:10:36 2018 +0800 selinux: cleanup dentry and inodes on error in selinuxfs If the resource requested by d_alloc_name is not added to the linked list through d_add, then dput needs to be called to release the subsequent abnormal branch to avoid resource leakage. Add missing dput to selinuxfs.c Signed-off-by: nixiaoming [PM: tweak the subject line] Signed-off-by: Paul Moore commit 2887e41b910bb14fd847cf01ab7a5993db989d88 Author: Anchal Agarwal Date: Tue Aug 7 14:40:49 2018 -0600 blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait I am currently running a large bare metal instance (i3.metal) on EC2 with 72 cores, 512GB of RAM and NVME drives, with a 4.18 kernel. I have a workload that simulates a database workload and I am running into lockup issues when writeback throttling is enabled,with the hung task detector also kicking in. Crash dumps show that most CPUs (up to 50 of them) are all trying to get the wbt wait queue lock while trying to add themselves to it in __wbt_wait (see stack traces below). [ 0.948118] CPU: 45 PID: 0 Comm: swapper/45 Not tainted 4.14.51-62.38.amzn1.x86_64 #1 [ 0.948119] Hardware name: Amazon EC2 i3.metal/Not Specified, BIOS 1.0 10/16/2017 [ 0.948120] task: ffff883f7878c000 task.stack: ffffc9000c69c000 [ 0.948124] RIP: 0010:native_queued_spin_lock_slowpath+0xf8/0x1a0 [ 0.948125] RSP: 0018:ffff883f7fcc3dc8 EFLAGS: 00000046 [ 0.948126] RAX: 0000000000000000 RBX: ffff887f7709ca68 RCX: ffff883f7fce2a00 [ 0.948128] RDX: 000000000000001c RSI: 0000000000740001 RDI: ffff887f7709ca68 [ 0.948129] RBP: 0000000000000002 R08: 0000000000b80000 R09: 0000000000000000 [ 0.948130] R10: ffff883f7fcc3d78 R11: 000000000de27121 R12: 0000000000000002 [ 0.948131] R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 [ 0.948132] FS: 0000000000000000(0000) GS:ffff883f7fcc0000(0000) knlGS:0000000000000000 [ 0.948134] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 0.948135] CR2: 000000c424c77000 CR3: 0000000002010005 CR4: 00000000003606e0 [ 0.948136] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 0.948137] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 0.948138] Call Trace: [ 0.948139] [ 0.948142] do_raw_spin_lock+0xad/0xc0 [ 0.948145] _raw_spin_lock_irqsave+0x44/0x4b [ 0.948149] ? __wake_up_common_lock+0x53/0x90 [ 0.948150] __wake_up_common_lock+0x53/0x90 [ 0.948155] wbt_done+0x7b/0xa0 [ 0.948158] blk_mq_free_request+0xb7/0x110 [ 0.948161] __blk_mq_complete_request+0xcb/0x140 [ 0.948166] nvme_process_cq+0xce/0x1a0 [nvme] [ 0.948169] nvme_irq+0x23/0x50 [nvme] [ 0.948173] __handle_irq_event_percpu+0x46/0x300 [ 0.948176] handle_irq_event_percpu+0x20/0x50 [ 0.948179] handle_irq_event+0x34/0x60 [ 0.948181] handle_edge_irq+0x77/0x190 [ 0.948185] handle_irq+0xaf/0x120 [ 0.948188] do_IRQ+0x53/0x110 [ 0.948191] common_interrupt+0x87/0x87 [ 0.948192] .... [ 0.311136] CPU: 4 PID: 9737 Comm: run_linux_amd64 Not tainted 4.14.51-62.38.amzn1.x86_64 #1 [ 0.311137] Hardware name: Amazon EC2 i3.metal/Not Specified, BIOS 1.0 10/16/2017 [ 0.311138] task: ffff883f6e6a8000 task.stack: ffffc9000f1ec000 [ 0.311141] RIP: 0010:native_queued_spin_lock_slowpath+0xf5/0x1a0 [ 0.311142] RSP: 0018:ffffc9000f1efa28 EFLAGS: 00000046 [ 0.311144] RAX: 0000000000000000 RBX: ffff887f7709ca68 RCX: ffff883f7f722a00 [ 0.311145] RDX: 0000000000000035 RSI: 0000000000d80001 RDI: ffff887f7709ca68 [ 0.311146] RBP: 0000000000000202 R08: 0000000000140000 R09: 0000000000000000 [ 0.311147] R10: ffffc9000f1ef9d8 R11: 000000001a249fa0 R12: ffff887f7709ca68 [ 0.311148] R13: ffffc9000f1efad0 R14: 0000000000000000 R15: ffff887f7709ca00 [ 0.311149] FS: 000000c423f30090(0000) GS:ffff883f7f700000(0000) knlGS:0000000000000000 [ 0.311150] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 0.311151] CR2: 00007feefcea4000 CR3: 0000007f7016e001 CR4: 00000000003606e0 [ 0.311152] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 0.311153] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 0.311154] Call Trace: [ 0.311157] do_raw_spin_lock+0xad/0xc0 [ 0.311160] _raw_spin_lock_irqsave+0x44/0x4b [ 0.311162] ? prepare_to_wait_exclusive+0x28/0xb0 [ 0.311164] prepare_to_wait_exclusive+0x28/0xb0 [ 0.311167] wbt_wait+0x127/0x330 [ 0.311169] ? finish_wait+0x80/0x80 [ 0.311172] ? generic_make_request+0xda/0x3b0 [ 0.311174] blk_mq_make_request+0xd6/0x7b0 [ 0.311176] ? blk_queue_enter+0x24/0x260 [ 0.311178] ? generic_make_request+0xda/0x3b0 [ 0.311181] generic_make_request+0x10c/0x3b0 [ 0.311183] ? submit_bio+0x5c/0x110 [ 0.311185] submit_bio+0x5c/0x110 [ 0.311197] ? __ext4_journal_stop+0x36/0xa0 [ext4] [ 0.311210] ext4_io_submit+0x48/0x60 [ext4] [ 0.311222] ext4_writepages+0x810/0x11f0 [ext4] [ 0.311229] ? do_writepages+0x3c/0xd0 [ 0.311239] ? ext4_mark_inode_dirty+0x260/0x260 [ext4] [ 0.311240] do_writepages+0x3c/0xd0 [ 0.311243] ? _raw_spin_unlock+0x24/0x30 [ 0.311245] ? wbc_attach_and_unlock_inode+0x165/0x280 [ 0.311248] ? __filemap_fdatawrite_range+0xa3/0xe0 [ 0.311250] __filemap_fdatawrite_range+0xa3/0xe0 [ 0.311253] file_write_and_wait_range+0x34/0x90 [ 0.311264] ext4_sync_file+0x151/0x500 [ext4] [ 0.311267] do_fsync+0x38/0x60 [ 0.311270] SyS_fsync+0xc/0x10 [ 0.311272] do_syscall_64+0x6f/0x170 [ 0.311274] entry_SYSCALL_64_after_hwframe+0x42/0xb7 In the original patch, wbt_done is waking up all the exclusive processes in the wait queue, which can cause a thundering herd if there is a large number of writer threads in the queue. The original intention of the code seems to be to wake up one thread only however, it uses wake_up_all() in __wbt_done(), and then uses the following check in __wbt_wait to have only one thread actually get out of the wait loop: if (waitqueue_active(&rqw->wait) && rqw->wait.head.next != &wait->entry) return false; The problem with this is that the wait entry in wbt_wait is define with DEFINE_WAIT, which uses the autoremove wakeup function. That means that the above check is invalid - the wait entry will have been removed from the queue already by the time we hit the check in the loop. Secondly, auto-removing the wait entries also means that the wait queue essentially gets reordered "randomly" (e.g. threads re-add themselves in the order they got to run after being woken up). Additionally, new requests entering wbt_wait might overtake requests that were queued earlier, because the wait queue will be (temporarily) empty after the wake_up_all, so the waitqueue_active check will not stop them. This can cause certain threads to starve under high load. The fix is to leave the woken up requests in the queue and remove them in finish_wait() once the current thread breaks out of the wait loop in __wbt_wait. This will ensure new requests always end up at the back of the queue, and they won't overtake requests that are already in the wait queue. With that change, the loop in wbt_wait is also in line with many other wait loops in the kernel. Waking up just one thread drastically reduces lock contention, as does moving the wait queue add/remove out of the loop. A significant drop in lockdep's lock contention numbers is seen when running the test application on the patched kernel. Signed-off-by: Anchal Agarwal Signed-off-by: Frank van der Linden Signed-off-by: Jens Axboe commit 824da016fde1de98ab92c5b9df1b52433edd1594 Merge: 8dd931f46eea 3237c0dbe21f Author: Dave Airlie Date: Wed Aug 8 06:26:09 2018 +1000 Merge tag 'drm-intel-next-fixes-2018-08-06' of git://anongit.freedesktop.org/drm/drm-intel into drm-next - Fix gvt compilation broken on a silent conflict on fixes vs next merge - Fix runtime PM for LPE audio - Revert on ICL workaround - Interactive RPS mode - Fix for PSR sink status report Signed-off-by: Dave Airlie From: Rodrigo Vivi Link: https://patchwork.freedesktop.org/patch/msgid/20180806233034.GA20655@intel.com commit 8dd931f46eea1a7971a700ec9eb99b879871a059 Merge: 940fbcb73fd2 2ead1be54b22 Author: Dave Airlie Date: Wed Aug 8 06:22:56 2018 +1000 Merge tag 'drm-misc-next-fixes-2018-08-02' of git://anongit.freedesktop.org/drm/drm-misc into drm-next Fixes an oops on the DP CEC code and a memory leak on the vkms driver. Signed-off-by: Dave Airlie From: Gustavo Padovan Link: https://patchwork.freedesktop.org/patch/msgid/20180802111728.GA27945@juma commit 940fbcb73fd25b517fa10c5a9cc96ca0ce1a2fc4 Merge: 569f0a8694d0 df36b2fb8390 Author: Dave Airlie Date: Wed Aug 8 06:09:08 2018 +1000 Merge branch 'drm-next-4.19' of git://people.freedesktop.org/~agd5f/linux into drm-next Fixes for 4.19: - Fix UVD 7.2 instance handling - Fix UVD 7.2 harvesting - GPU scheduler fix for when a process is killed - TTM cleanups - amdgpu CS bo_list fixes - Powerplay fixes for polaris12 and CZ/ST - DC fixes for link training certain HMDs - DC fix for vega10 blank screen in certain cases From: Alex Deucher Signed-off-by: Dave Airlie Link: https://patchwork.freedesktop.org/patch/msgid/20180801222906.1016-1-alexander.deucher@amd.com commit ee3444e42f5ccb6875936f9a577bb62ca102ac5a Merge: 5941923da29e 61be82b087e2 Author: David S. Miller Date: Tue Aug 7 13:22:11 2018 -0700 Merge branch 'qed-Add-Multi-TC-RoCE-support' Denis Bolotin says: ==================== qed: Add Multi-TC RoCE support This patch series adds support for multiple concurrent traffic classes for RoCE. The first three patches enable the required parts of the driver to learn the TC configuration, and the last one makes use of it to enable the feature. Please consider applying this to net-next. V1->V2: ------- Avoid allocation in qed_dcbx_get_priority_tc(). Move qed_dcbx_get_priority_tc() out of CONFIG_DCB section since it doesn't call qed_dcbx_query_params() anymore. v2->V3: ------- patch 1/3: qed_dcbx_get_priority_tc() always returns a valid TC by value. In error cases, it returns QED_DCBX_DEFAULT_TC (currently defined 0). patch 3/3: Cosmetic changes in qed_dev.c. ==================== Signed-off-by: David S. Miller commit 61be82b087e201511bc53cf614f733dee1f47344 Author: Denis Bolotin Date: Tue Aug 7 15:48:10 2018 +0300 qed: Add Multi-TC RoCE support RoCE qps use a pair of physical queues (pq) received from the Queue Manager (QM) - an offload queue (OFLD) and a low latency queue (LLT). The QM block creates a pq for each TC, and allows RoCE qps to ask for a pq with a specific TC. As a result, qps with different VLAN priorities can be mapped to different TCs, and employ features such as PFC and ETS. Signed-off-by: Michal Kalderon Signed-off-by: Ariel Elior Signed-off-by: Denis Bolotin Signed-off-by: David S. Miller commit c4259dda171920bf25f92756aa5a5fd17bf7e19e Author: Denis Bolotin Date: Tue Aug 7 15:48:09 2018 +0300 qed: Add a flag which indicates if offload TC is set Distinguish not set offload_tc from offload_tc 0 and add getters and setters. Signed-off-by: Michal Kalderon Signed-off-by: Ariel Elior Signed-off-by: Denis Bolotin Signed-off-by: David S. Miller commit 2a1cb1bf439f6703f82f61d0424b41f42544e3ff Author: Denis Bolotin Date: Tue Aug 7 15:48:08 2018 +0300 qed: Add DCBX API - qed_dcbx_get_priority_tc() The API receives a priority and looks for the TC it is mapped to in the operational DCBX configuration. The API returns QED_DCBX_DEFAULT_TC (0) when DCBX is disabled. Signed-off-by: Michal Kalderon Signed-off-by: Ariel Elior Signed-off-by: Denis Bolotin Signed-off-by: David S. Miller commit 5941923da29e84bc9e2a1abb2c14fffaf8d71e2f Author: YueHaibing Date: Tue Aug 7 19:34:16 2018 +0800 RDS: IB: fix 'passing zero to ERR_PTR()' warning Fix a static code checker warning: net/rds/ib_frmr.c:82 rds_ib_alloc_frmr() warn: passing zero to 'ERR_PTR' The error path for ib_alloc_mr failure should set err to PTR_ERR. Fixes: 1659185fb4d0 ("RDS: IB: Support Fastreg MR (FRMR) memory registration mode") Signed-off-by: YueHaibing Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller commit 6f705733b7d0d55e854e05d5883b89f19b381a95 Merge: 334b126fc944 653e92a9175e Author: David S. Miller Date: Tue Aug 7 13:18:50 2018 -0700 Merge branch 'macb-add-pad-and-fcs-support' Claudiu Beznea says: ==================== net: macb: add pad and fcs support In [1] it was reported that UDP checksum is offloaded to hardware no mather it was previously computed in software or not. The proposal on [1] was to disable TX checksum offload. This series (mostly patch 3/3) address the issue described at [1] by setting NOCRC bit to TX buffer descriptor for SKBs that arrived from networking stack with checksum computed. For these packets padding and FCS need to be added (hardware doesn't compute them if NOCRC bit is set). The minimum packet size that hardware expects is 64 bytes (including FCS). This feature could not be used in case of GSO, so, it was used only for no GSO SKBs. For SKBs wich requires padding and FCS computation macb_pad_and_fcs() checks if there is enough headroom and tailroom in SKB to avoid copying SKB structure. Since macb_pad_and_fcs() may change SKB the macb_pad_and_fcs() was places in macb_start_xmit() b/w macb_csum_clear() and skb_headlen() calls. This patch was tested with pktgen in kernel tool in a script like this: (pktgen_sample01_simple.sh is at [2]): minSize=1 maxSize=1500 for i in `seq $minSize $maxSize` ; do copy="$(shuf -i 1-2000 -n 1)" ./pktgen_sample01_simple.sh -i eth0 \ -m -d -x -s $i -c $copy done minStep=1 maxStep=200 for i in `seq $minStep $maxStep` ; do copy="$(shuf -i 1-2000 -n 1)" size="$(shuf -i 1-1500 -n 1)" ./pktgen_sample01_simple.sh -i eth0 \ -m -d -x -s $size -c $copy done Changes since RFC: - in patch 3/3 order local variables by their lenght (reverse christmas tree format) [1] https://www.spinics.net/lists/netdev/msg505065.html [2] https://github.com/netoptimizer/network-testing/blob/master/pktgen/pktgen_sample01_simple.sh ==================== Signed-off-by: David S. Miller commit 653e92a9175ea7ed67efe209c725222051a3713d Author: Claudiu Beznea Date: Tue Aug 7 12:25:14 2018 +0300 net: macb: add support for padding and fcs computation For packets with computed IP/TCP/UDP checksum there is no need to tell hardware to recompute it. For such kind of packets hardware expects the packet to be at least 64 bytes and FCS to be computed. Signed-off-by: Claudiu Beznea Signed-off-by: David S. Miller commit 33729f25a31e84e665b5441181bf98a514740fcf Author: Claudiu Beznea Date: Tue Aug 7 12:25:13 2018 +0300 net: macb: move checksum clearing outside of spinlock Move checksum clearing outside of spinlock. The SKB is protected by networking lock (HARD_TX_LOCK()). Signed-off-by: Claudiu Beznea Signed-off-by: David S. Miller commit d1c38957aaf3defe029f11761f3a4ae4c83ad690 Author: Claudiu Beznea Date: Tue Aug 7 12:25:12 2018 +0300 net: macb: use netdev_tx_t return type for ndo_start_xmit functions Use netdev_tx_t return type for ndo_start_xmit function of macb driver. Signed-off-by: Claudiu Beznea Signed-off-by: David S. Miller commit 5800dc5c19f34e6e03b5adab1282535cb102fafd Author: Peter Zijlstra Date: Fri Aug 3 16:41:39 2018 +0200 x86/paravirt: Fix spectre-v2 mitigations for paravirt guests Nadav reported that on guests we're failing to rewrite the indirect calls to CALLEE_SAVE paravirt functions. In particular the pv_queued_spin_unlock() call is left unpatched and that is all over the place. This obviously wrecks Spectre-v2 mitigation (for paravirt guests) which relies on not actually having indirect calls around. The reason is an incorrect clobber test in paravirt_patch_call(); this function rewrites an indirect call with a direct call to the _SAME_ function, there is no possible way the clobbers can be different because of this. Therefore remove this clobber check. Also put WARNs on the other patch failure case (not enough room for the instruction) which I've not seen trigger in my (limited) testing. Three live kernel image disassemblies for lock_sock_nested (as a small function that illustrates the problem nicely). PRE is the current situation for guests, POST is with this patch applied and NATIVE is with or without the patch for !guests. PRE: (gdb) disassemble lock_sock_nested Dump of assembler code for function lock_sock_nested: 0xffffffff817be970 <+0>: push %rbp 0xffffffff817be971 <+1>: mov %rdi,%rbp 0xffffffff817be974 <+4>: push %rbx 0xffffffff817be975 <+5>: lea 0x88(%rbp),%rbx 0xffffffff817be97c <+12>: callq 0xffffffff819f7160 <_cond_resched> 0xffffffff817be981 <+17>: mov %rbx,%rdi 0xffffffff817be984 <+20>: callq 0xffffffff819fbb00 <_raw_spin_lock_bh> 0xffffffff817be989 <+25>: mov 0x8c(%rbp),%eax 0xffffffff817be98f <+31>: test %eax,%eax 0xffffffff817be991 <+33>: jne 0xffffffff817be9ba 0xffffffff817be993 <+35>: movl $0x1,0x8c(%rbp) 0xffffffff817be99d <+45>: mov %rbx,%rdi 0xffffffff817be9a0 <+48>: callq *0xffffffff822299e8 0xffffffff817be9a7 <+55>: pop %rbx 0xffffffff817be9a8 <+56>: pop %rbp 0xffffffff817be9a9 <+57>: mov $0x200,%esi 0xffffffff817be9ae <+62>: mov $0xffffffff817be993,%rdi 0xffffffff817be9b5 <+69>: jmpq 0xffffffff81063ae0 <__local_bh_enable_ip> 0xffffffff817be9ba <+74>: mov %rbp,%rdi 0xffffffff817be9bd <+77>: callq 0xffffffff817be8c0 <__lock_sock> 0xffffffff817be9c2 <+82>: jmp 0xffffffff817be993 End of assembler dump. POST: (gdb) disassemble lock_sock_nested Dump of assembler code for function lock_sock_nested: 0xffffffff817be970 <+0>: push %rbp 0xffffffff817be971 <+1>: mov %rdi,%rbp 0xffffffff817be974 <+4>: push %rbx 0xffffffff817be975 <+5>: lea 0x88(%rbp),%rbx 0xffffffff817be97c <+12>: callq 0xffffffff819f7160 <_cond_resched> 0xffffffff817be981 <+17>: mov %rbx,%rdi 0xffffffff817be984 <+20>: callq 0xffffffff819fbb00 <_raw_spin_lock_bh> 0xffffffff817be989 <+25>: mov 0x8c(%rbp),%eax 0xffffffff817be98f <+31>: test %eax,%eax 0xffffffff817be991 <+33>: jne 0xffffffff817be9ba 0xffffffff817be993 <+35>: movl $0x1,0x8c(%rbp) 0xffffffff817be99d <+45>: mov %rbx,%rdi 0xffffffff817be9a0 <+48>: callq 0xffffffff810a0c20 <__raw_callee_save___pv_queued_spin_unlock> 0xffffffff817be9a5 <+53>: xchg %ax,%ax 0xffffffff817be9a7 <+55>: pop %rbx 0xffffffff817be9a8 <+56>: pop %rbp 0xffffffff817be9a9 <+57>: mov $0x200,%esi 0xffffffff817be9ae <+62>: mov $0xffffffff817be993,%rdi 0xffffffff817be9b5 <+69>: jmpq 0xffffffff81063aa0 <__local_bh_enable_ip> 0xffffffff817be9ba <+74>: mov %rbp,%rdi 0xffffffff817be9bd <+77>: callq 0xffffffff817be8c0 <__lock_sock> 0xffffffff817be9c2 <+82>: jmp 0xffffffff817be993 End of assembler dump. NATIVE: (gdb) disassemble lock_sock_nested Dump of assembler code for function lock_sock_nested: 0xffffffff817be970 <+0>: push %rbp 0xffffffff817be971 <+1>: mov %rdi,%rbp 0xffffffff817be974 <+4>: push %rbx 0xffffffff817be975 <+5>: lea 0x88(%rbp),%rbx 0xffffffff817be97c <+12>: callq 0xffffffff819f7160 <_cond_resched> 0xffffffff817be981 <+17>: mov %rbx,%rdi 0xffffffff817be984 <+20>: callq 0xffffffff819fbb00 <_raw_spin_lock_bh> 0xffffffff817be989 <+25>: mov 0x8c(%rbp),%eax 0xffffffff817be98f <+31>: test %eax,%eax 0xffffffff817be991 <+33>: jne 0xffffffff817be9ba 0xffffffff817be993 <+35>: movl $0x1,0x8c(%rbp) 0xffffffff817be99d <+45>: mov %rbx,%rdi 0xffffffff817be9a0 <+48>: movb $0x0,(%rdi) 0xffffffff817be9a3 <+51>: nopl 0x0(%rax) 0xffffffff817be9a7 <+55>: pop %rbx 0xffffffff817be9a8 <+56>: pop %rbp 0xffffffff817be9a9 <+57>: mov $0x200,%esi 0xffffffff817be9ae <+62>: mov $0xffffffff817be993,%rdi 0xffffffff817be9b5 <+69>: jmpq 0xffffffff81063ae0 <__local_bh_enable_ip> 0xffffffff817be9ba <+74>: mov %rbp,%rdi 0xffffffff817be9bd <+77>: callq 0xffffffff817be8c0 <__lock_sock> 0xffffffff817be9c2 <+82>: jmp 0xffffffff817be993 End of assembler dump. Fixes: 63f70270ccd9 ("[PATCH] i386: PARAVIRT: add common patching machinery") Fixes: 3010a0663fd9 ("x86/paravirt, objtool: Annotate indirect calls") Reported-by: Nadav Amit Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Reviewed-by: Juergen Gross Cc: Konrad Rzeszutek Wilk Cc: Boris Ostrovsky Cc: David Woodhouse Cc: stable@vger.kernel.org commit 569f0a8694d0ff13c5d296a594c7d8cec8d6f35f Merge: a7ccc5a43b82 5b1474655323 Author: Dave Airlie Date: Wed Aug 8 06:07:06 2018 +1000 Merge branch 'etnaviv/next' of https://git.pengutronix.de/git/lst/linux into drm-next From: Lucas Stach "not much to de-stage this time. Changes from Philipp and Souptick to use memset32 more and switch the fault handler to the new vm_fault_t and two small fixes for issues that can be hit in rare corner cases from me." Signed-off-by: Dave Airlie Link: https://patchwork.freedesktop.org/patch/msgid/1533563808.2809.7.camel@pengutronix.de commit a7ccc5a43b829a96b4c62c0de71fc8c6fbd17b8a Merge: 253265902121 926a299c42e3 Author: Dave Airlie Date: Wed Aug 8 05:52:15 2018 +1000 Merge branch 'drm-tda998x-devel' of git://git.armlinux.org.uk/~rmk/linux-arm into drm-next From: Russell King As per the patches posted, discussed and tested by Peter Rosin, this converts TDA998x to a bridge driver, while still allowing Armada and TI LCDC to continue using it as they always have done. It also gets rid of the private .fill_modes function, and tweaks the TMDS divider calculation to be more correct to the available information. [airlied: fixed two conflicts] Signed-off-by: Dave Airlie Link: https://patchwork.freedesktop.org/patch/msgid/20180802093421.GA29670@rmk-PC.armlinux.org.uk commit 2532659021213f3604615add95c095a2f3bde748 Merge: 15da09500a70 d664b851eb2b Author: Dave Airlie Date: Wed Aug 8 05:51:16 2018 +1000 Merge branch 'for-upstream/hdlcd' of git://linux-arm.org/linux-ld into drm-next From: Liviu Dudau "I managed to loose track of a few patches for HDLCD while focusing on Mali DP and found them again when investigating an issue with the way HDLCD behaves on teardown. They can go into drm-next for one of the v4.19-rcX if you're not going to do another pull request before the merge window." Signed-off-by: Dave Airlie Link: https://patchwork.freedesktop.org/patch/msgid/20180731170831.GF17455@e110455-lin.cambridge.arm.com commit 334b126fc9441a2ceb1e905aa4db5d462d35c0d2 Merge: 7395a8845588 c9008d339bc4 Author: David S. Miller Date: Tue Aug 7 12:46:28 2018 -0700 Merge branch 'ibmvnic-next' Thomas Falcon says: ==================== ibmvnic: Update firmware error reporting This patch set cleans out a lot of dead code from the ibmvnic driver and adds some more. The error ID field of the descriptor is not filled in by firmware, so do not print it and do not use it to query for more detailed information. Remove the unused code written for this. Finally, update the message to print a string explainng the error cause instead of just the error code. ==================== Signed-off-by: David S. Miller commit c9008d339bc40301a486ea62f36f106c4b2aad0e Author: Thomas Falcon Date: Mon Aug 6 21:39:59 2018 -0500 ibmvnic: Update firmware error reporting with cause string Print a string instead of the error code. Since there is a possibility that the driver can recover, classify it as a warning instead of an error. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller commit 79dabbb7161f43ed29ca888a2488f59e47171aee Author: Thomas Falcon Date: Mon Aug 6 21:39:58 2018 -0500 ibmvnic: Remove code to request error information When backing device firmware reports an error, it provides an error ID, which is meant to be queried for more detailed error information. Currently, however, an error ID is not provided by the Virtual I/O server and there are not any plans to do so. For now, it is always unfilled or zero, so request_error_information will never be called. Remove it. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller commit 7395a8845588ebdf170f4d3796d44142458741be Author: Intiyaz Basha Date: Mon Aug 6 13:09:40 2018 -0700 liquidio: avoided acquiring post_lock for data only queues All control commands (soft commands) goes through only Queue 0 (control and data queue). So only queue-0 needs post_lock, other queues are only data queues and does not need post_lock Added a flag to indicate the queue can be used for soft commands. If this flag is set, post_lock must be acquired before posting a command to the queue. If this flag is clear, post_lock is invalid for the queue. Signed-off-by: Intiyaz Basha Signed-off-by: Felix Manlunas Signed-off-by: David S. Miller commit 3789cabaab1a939eb56edd76bbde2c2e49f081da Author: Shmulik Ladkani Date: Mon Aug 6 15:00:59 2018 +0300 ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address When using an ip6tnl device in collect_md mode, the xmit methods ignore the ipv6.src field present in skb_tunnel_info's key, both for route calculation purposes (flowi6 construction) and for assigning the packet's final ipv6h->saddr. This makes it impossible specifying a desired ipv6 local address in the encapsulating header (for example, when using tc action tunnel_key). This is also not aligned with behavior of ipip (ipv4) in collect_md mode, where the key->u.ipv4.src gets used. Fix, by assigning fl6.saddr with given key->u.ipv6.src. In case ipv6.src is not specified, ip6_tnl_xmit uses existing saddr selection code. Fixes: 8d79266bc48c ("ip6_tunnel: add collect_md mode to IPv6 tunnels") Signed-off-by: Shmulik Ladkani Reviewed-by: Eyal Birger Signed-off-by: David S. Miller commit 7d2eb6de6e6315ad5b93b848ba14360b2370ac4d Author: Sean Wang Date: Wed Aug 8 01:52:49 2018 +0800 MAINTAINERS: add an entry for MediaTek Bluetooth driver Add an entry for the MediaTek Bluetooth driver. Signed-off-by: Sean Wang Signed-off-by: Marcel Holtmann commit 9ca6163005e6abdf2a39eb581abc6060f677a2d7 Author: Vlad Buslov Date: Mon Aug 6 11:27:10 2018 +0300 net: sched: cls_flower: set correct offload data in fl_reoffload fl_reoffload implementation sets following members of struct tc_cls_flower_offload incorrectly: - masked key instead of mask - key instead of masked key Fix fl_reoffload to provide correct data to offload callback. Fixes: 31533cba4327 ("net: sched: cls_flower: implement offload tcf_proto_op") Signed-off-by: Vlad Buslov Acked-by: Jiri Pirko Signed-off-by: David S. Miller commit 7237c4c9ec92e1a4f6ef1f712bf9105d7b392c6a Author: Sean Wang Date: Wed Aug 8 01:52:48 2018 +0800 Bluetooth: mediatek: Add protocol support for MediaTek serial devices This adds a driver based on serdev driver for the MediaTek serial protocol based on running H:4, which can enable the built-in Bluetooth device inside MT7622 SoC. Signed-off-by: Sean Wang Signed-off-by: Marcel Holtmann commit 819731596aec45012ebc1185b4276a4a0bbc95ac Author: Sean Wang Date: Wed Aug 8 01:52:47 2018 +0800 dt-bindings: net: bluetooth: Add mediatek-bluetooth Add binding document for a SoC built-in device using MediaTek protocol. Which could be found on MT7622 SoC or other similar MediaTek SoCs. Signed-off-by: Sean Wang Reviewed-by: Rob Herring Signed-off-by: Marcel Holtmann commit 468d677954c0d94fec59275d91222257fe8b4416 Author: Steve French Date: Sat Aug 4 05:24:34 2018 -0500 smb3: display stats counters for number of slow commands When CONFIG_CIFS_STATS2 is enabled keep counters for slow commands (ie server took longer than 1 second to respond) by SMB2/SMB3 command code. This can help in diagnosing whether performance problems are on server (instead of client) and which commands are causing the problem. Sample output (the new lines contain words "slow responses ...") $ cat /proc/fs/cifs/Stats Resources in use CIFS Session: 1 Share (unique mount targets): 2 SMB Request/Response Buffer: 1 Pool size: 5 SMB Small Req/Resp Buffer: 1 Pool size: 30 Total Large 10 Small 490 Allocations Operations (MIDs): 0 0 session 0 share reconnects Total vfs operations: 67 maximum at one time: 2 4 slow responses from localhost for command 5 1 slow responses from localhost for command 6 1 slow responses from localhost for command 14 1 slow responses from localhost for command 16 1) \\localhost\test SMBs: 243 Bytes read: 1024000 Bytes written: 104857600 TreeConnects: 1 total 0 failed TreeDisconnects: 0 total 0 failed Creates: 40 total 0 failed Closes: 39 total 0 failed ... Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky Reviewed-by: Aurelien Aptel commit a5c62f4833c2c8e6e0f35367b99b717b78f5c029 Author: Aurelien Aptel Date: Thu Aug 2 16:39:52 2018 +0200 CIFS: fix uninitialized ptr deref in smb2 signing server->secmech.sdeschmacsha256 is not properly initialized before smb2_shash_allocate(), set shash after that call. also fix typo in error message Fixes: 8de8c4608fe9 ("cifs: Fix validation of signed data in smb2") Signed-off-by: Aurelien Aptel Reviewed-by: Paulo Alcantara Reported-by: Xiaoli Feng Signed-off-by: Steve French CC: Stable commit fd09b7d3b352105f08b8e02f7afecf7e816380ef Author: Steve French Date: Thu Aug 2 20:28:18 2018 -0500 smb3: Do not send SMB3 SET_INFO if nothing changed An earlier commit had a typo which prevented the optimization from working: commit 18dd8e1a65dd ("Do not send SMB3 SET_INFO request if nothing is changing") Thank you to Metze for noticing this. Also clear a reserved field in the FILE_BASIC_INFO struct we send that should be zero (all the other fields in that struct were set or cleared explicitly already in cifs_set_file_info). Reviewed-by: Pavel Shilovsky CC: Stable # 4.9.x+ Reported-by: Stefan Metzmacher Signed-off-by: Steve French commit d258650004617fbd5dfe97d77d26fb37187d06e9 Author: Steve French Date: Wed Aug 1 22:34:04 2018 -0500 smb3: fix minor debug output for CONFIG_CIFS_STATS CONFIG_CIFS_STATS is now always enabled (to simplify the code and since the STATS are important for some common customer use cases and also debugging), but needed one minor change so that STATS shows as enabled in the debug output in /proc/fs/cifs/DebugData, otherwise it could get confusing with STATS no longer showing up in the "Features" list in /proc/fs/cifs/DebugData when basic stats were in fact available. Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg commit 020eec5f712ffb4254233490076cc21600b810db Author: Steve French Date: Wed Aug 1 16:38:07 2018 -0500 smb3: add tracepoint for slow responses If responses take longer than one second from the server, we can optionally log them to dmesg in current cifs.ko code (CONFIG_CIFS_STATS2 must be configured and a /proc/fs/cifs/cifsFYI flag must be set), but can be more useful to log these via ftrace (tracepoint is smb3_slow_rsp) which is easier and more granular (still requires CONFIG_CIFS_STATS2 to be configured in the build though). Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky commit e0bba0b8548179b696e86c158ea8f45f2ef6ad14 Author: Ronnie Sahlberg Date: Wed Aug 1 09:26:13 2018 +1000 cifs: add compound_send_recv() Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky commit 1f3a8f5f7ac3de4abae9d2c118ffaeed1676fe1c Author: Ronnie Sahlberg Date: Wed Aug 1 09:26:12 2018 +1000 cifs: make smb_send_rqst take an array of requests Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky commit d5082b27edf4cc653529c38ac531cf7a7d261a6f Merge: 50ee42b9ccb3 0a22b17a6b1d Author: David S. Miller Date: Tue Aug 7 12:22:15 2018 -0700 Merge branch 'nfp-ttl-tos-geneve' Simon Horman says: ==================== nfp: flower: tunnel TTL & TOS, and Geneve options set & match support this series contains updates for the TC Flower classifier and the offload facility for it in the NFP driver. * Patches 1 & 2: update the NFP driver to allow offload of matching and setting tunnel ToS/TTL of flows using the TC Flower classifier and tun_key action * Patches 3 & 4: enhance the flow dissector and TC Flower classifier to allow match on Geneve options * Patch 5 & 6: update the NFP driver to allow offload of matching and setting Geneve options of flows using the TC Flower classifier and tun_key action ==================== Signed-off-by: David S. Miller commit 0a22b17a6b1ddb161fae7452faa892ba4d77ebe9 Author: Pieter Jansen van Vuuren Date: Tue Aug 7 17:36:03 2018 +0200 nfp: flower: add geneve option match offload Introduce a new layer for matching on geneve options. This allows offloading filters configured to match geneve with options. Signed-off-by: Pieter Jansen van Vuuren Signed-off-by: Simon Horman Signed-off-by: David S. Miller commit 9e7c32fe44248b5101173b1184707bc5506e00f3 Author: Pieter Jansen van Vuuren Date: Tue Aug 7 17:36:02 2018 +0200 nfp: flower: add geneve option push action offload Introduce new push geneve option action. This allows offloading filters configured to entunnel geneve with options. Signed-off-by: Pieter Jansen van Vuuren Reviewed-by: Jakub Kicinski Signed-off-by: Simon Horman Signed-off-by: David S. Miller commit 0a6e77784f490912d81b92cfd48424541c04691e Author: Pieter Jansen van Vuuren Date: Tue Aug 7 17:36:01 2018 +0200 net/sched: allow flower to match tunnel options Allow matching on options in Geneve tunnel headers. This makes use of existing tunnel metadata support. The options can be described in the form CLASS:TYPE:DATA/CLASS_MASK:TYPE_MASK:DATA_MASK, where CLASS is represented as a 16bit hexadecimal value, TYPE as an 8bit hexadecimal value and DATA as a variable length hexadecimal value. e.g. # ip link add name geneve0 type geneve dstport 0 external # tc qdisc add dev geneve0 ingress # tc filter add dev geneve0 protocol ip parent ffff: \ flower \ enc_src_ip 10.0.99.192 \ enc_dst_ip 10.0.99.193 \ enc_key_id 11 \ geneve_opts 0102:80:1122334421314151/ffff:ff:ffffffffffffffff \ ip_proto udp \ action mirred egress redirect dev eth1 This patch adds support for matching Geneve options in the order supplied by the user. This leads to an efficient implementation in the software datapath (and in our opinion hardware datapaths that offload this feature). It is also compatible with Geneve options matching provided by the Open vSwitch kernel datapath which is relevant here as the Flower classifier may be used as a mechanism to program flows into hardware as a form of Open vSwitch datapath offload (sometimes referred to as OVS-TC). The netlink Kernel/Userspace API may be extended, for example by adding a flag, if other matching options are desired, for example matching given options in any order. This would require an implementation in the TC software datapath. And be done in a way that drivers that facilitate offload of the Flower classifier can reject or accept such flows based on hardware datapath capabilities. This approach was discussed and agreed on at Netconf 2017 in Seoul. Signed-off-by: Simon Horman Signed-off-by: Pieter Jansen van Vuuren Acked-by: Jakub Kicinski Signed-off-by: David S. Miller commit 92e2c4053623f21d61a683f7ef7bd61c8300ac7d Author: Simon Horman Date: Tue Aug 7 17:36:00 2018 +0200 flow_dissector: allow dissection of tunnel options from metadata Allow the existing 'dissection' of tunnel metadata to 'dissect' options already present in tunnel metadata. This dissection is controlled by a new dissector key, FLOW_DISSECTOR_KEY_ENC_OPTS. This dissection only occurs when skb_flow_dissect_tunnel_info() is called, currently only the Flower classifier makes that call. So there should be no impact on other users of the flow dissector. This is in preparation for allowing the flower classifier to match on Geneve options. Signed-off-by: Simon Horman Signed-off-by: Pieter Jansen van Vuuren Reviewed-by: Jakub Kicinski Signed-off-by: David S. Miller commit d7ff7ec573860dc654fa4c8641684ba3db03004e Author: John Hurley Date: Tue Aug 7 17:35:59 2018 +0200 nfp: flower: allow matching on ipv4 UDP tunnel tos and ttl The addition of FLOW_DISSECTOR_KEY_ENC_IP to TC flower means that the ToS and TTL of the tunnel header can now be matched on. Extend the NFP tunnel match function to include these new fields. Signed-off-by: John Hurley Reviewed-by: Jakub Kicinski Signed-off-by: Simon Horman Signed-off-by: David S. Miller commit 2a43747147699c6187d8508b40a28a50f42b0ee5 Author: John Hurley Date: Tue Aug 7 17:35:58 2018 +0200 nfp: flower: set ip tunnel ttl from encap action The TTL for encapsulating headers in IPv4 UDP tunnels is taken from a route lookup. Modify this to first check if a user has specified a TTL to be used in the TC action. Signed-off-by: John Hurley Reviewed-by: Jakub Kicinski Signed-off-by: Simon Horman Signed-off-by: David S. Miller commit b2c96de7fe3cd306df039c89727cb137b89d82ef Author: Ronnie Sahlberg Date: Wed Aug 1 09:26:11 2018 +1000 cifs: update init_sg, crypt_message to take an array of rqst These are used for SMB3 encryption and compounded requests. Update these functions and the other functions related to SMB3 encryption to take an array of requests. Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky commit 333e2f2cea6cbffd75aa4969afad7409d7fad74c Author: Jacob Keller Date: Tue Jul 31 03:41:48 2018 -0700 i40e: fix i40e_add_queue_stats data pointer update This function accidentally failed to update the data pointer, which caused the reported stats to be incorrect. Additionally, statistics which follow queue stats in the output would potentially read non-zeroed garbage data from the ethtool buffer. This occurred because the data double pointer was not dereferenced before incrementing the size. Additionally, make sure this issue is more visible by adding a WARN_ONCE to the i40e_get_ethtool_stats function. This warning will trigger whenever the data pointer is not at the expected address, similar to the check that we make in the i40e_get_stat_strings() function. Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit f05798b4ff82d919e94e5060d1e9993a3e025361 Author: Piotr Azarewicz Date: Tue Jul 31 03:41:47 2018 -0700 i40e: Add AQ command for rearrange NVM structure During switching between old NVM structure approach (called structured NVM) to new one (called flat NVM) or backward flash needs to be rearranged to required NVM structure. This is a part of transition from one NVM structure to another. The function is introduced to command firmware to start rearrangement process. Signed-off-by: Piotr Azarewicz Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit b2b57b29588c36920fe1364f3f24bebfbe8bf321 Author: Piotr Azarewicz Date: Tue Jul 31 03:41:46 2018 -0700 i40e: Add additional return code to i40e_asq_send_command Firmware can return a busy state, so the function return I40E_ERR_NOT_READY. Signed-off-by: Piotr Azarewicz Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit 3de5e974ba65fd1629fb6ea0cb5222c78b1580ec Author: Steve French Date: Wed Aug 1 01:13:55 2018 -0500 smb3: update readme to correct information about /proc/fs/cifs/Stats Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit c281bc0c7412308c7ec0888904f7c99353da4796 Author: Steve French Date: Wed Aug 1 00:56:12 2018 -0500 smb3: fix reset of bytes read and written stats echo 0 > /proc/fs/cifs/Stats is supposed to reset the stats but there were four (see example below) that were not reset (bytes read and witten, total vfs ops and max ops at one time). ... 0 session 0 share reconnects Total vfs operations: 100 maximum at one time: 2 1) \\localhost\test SMBs: 0 Bytes read: 502092 Bytes written: 31457286 TreeConnects: 0 total 0 failed TreeDisconnects: 0 total 0 failed ... This patch fixes cifs_stats_proc_write to properly reset those four. Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit 52ce1ac4298309d76859307967c58835c0b2ce3e Author: Steve French Date: Tue Jul 31 01:46:47 2018 -0500 smb3: display bytes_read and bytes_written in smb3 stats We were only displaying bytes_read and bytes_written in cifs stats, fix smb3 stats to also display them. Sample output with this patch: cat /proc/fs/cifs/Stats: CIFS Session: 1 Share (unique mount targets): 2 SMB Request/Response Buffer: 1 Pool size: 5 SMB Small Req/Resp Buffer: 1 Pool size: 30 Operations (MIDs): 0 0 session 0 share reconnects Total vfs operations: 94 maximum at one time: 2 1) \\localhost\test SMBs: 214 Bytes read: 502092 Bytes written: 31457286 TreeConnects: 1 total 0 failed TreeDisconnects: 0 total 0 failed Creates: 52 total 3 failed Closes: 48 total 0 failed Flushes: 0 total 0 failed Reads: 17 total 0 failed Writes: 31 total 0 failed ... Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg commit fcabb89299d79010eb923afdd26de04afcc0527f Author: Steve French Date: Tue Jul 31 01:21:37 2018 -0500 cifs: simple stats should always be enabled CONFIG_CIFS_STATS should always be enabled as Pavel recently noted. Simple statistics are not a significant performance hit, and removing the ifdef simplifies the code slightly. Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg Reviewed-by: Pavel Shilovsky commit 9da6ec7775d2cd76df53fbf4f1f35f6d490204f5 Author: Ronnie Sahlberg Date: Tue Jul 31 08:48:22 2018 +1000 cifs: use a refcount to protect open/closing the cached file handle Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky Cc: commit bf1fdeb7899a86adfbe0b521bee5cf78bb870a14 Author: Steve French Date: Mon Jul 30 19:23:09 2018 -0500 smb3: add reconnect tracepoints Add tracepoints for reconnecting an smb3 session Example output (from trace-cmd) with the patch (showing the session marked for reconnect, the stat failing, and then the subsequent SMB3 commands after the server comes back up). The "smb3_reconnect" event is the new one. cifsd-25993 [000] .... 29635.368265: smb3_reconnect: server=localhost current_mid=0x1e stat-26200 [001] .... 29638.516403: smb3_enter: cifs_revalidate_dentry_attr: xid=22 stat-26200 [001] .... 29648.723296: smb3_exit_err: cifs_revalidate_dentry_attr: xid=22 rc=-112 kworker/0:1-22830 [000] .... 29653.850947: smb3_cmd_done: sid=0x0 tid=0x0 cmd=0 mid=0 kworker/0:1-22830 [000] .... 29653.851191: smb3_cmd_err: sid=0x8ae4683c tid=0x0 cmd=1 mid=1 status=0xc0000016 rc=-5 kworker/0:1-22830 [000] .... 29653.855254: smb3_cmd_done: sid=0x8ae4683c tid=0x0 cmd=1 mid=2 kworker/0:1-22830 [000] .... 29653.855482: smb3_cmd_done: sid=0x8ae4683c tid=0x8084f30d cmd=3 mid=3 Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg Reviewed-by: Aurelien Aptel commit 6e2feaa344e651bc1a1ec224018827e36192c039 Author: Jacob Keller Date: Tue Jul 31 03:41:45 2018 -0700 i40e: fix warning about shadowed ring parameter In commit 147e81ec7568 ("i40e: Test memory before ethtool alloc succeeds") code was added to handle ring allocation on systems with low memory. It shadowed the ring parameter pointer by introducing a local ring pointer inside the for loop. Most of the code in the loop already just accessed the ring via &rx_rings[i]. Since most of the code already does this, just remove the local variable. If someone considers it worth keeping a local around, they should use it for the whole section instead of just a couple of accesses. This fixes a warning when -Wshadow is enabled Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit 4d9768237c19d7bcea8b284ec98c04a5846977be Author: Jacob Keller Date: Tue Jul 31 03:41:44 2018 -0700 i40e: remove unnecessary i variable causing -Wshadow warning Commit c61c8fe1d592 ("i40e: Implement an ethtool private flag to stop LLDP in FW") added an extra for-loop which added a shadowing 'i' variable as the index. However, the local variable i already exists, and we already use it as a loop index. Additionally, at this point, there is no further use of the variable, so it's safe to simply overwrite the variable contents. This fixes a -Wshadow warning which has started being enabled on some distributions Signed-off-by: Jacob Keller Reviewed-by: Patryk Malek Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit e68a932b0b8e38eaa2111fc3aab31ff66988f1c4 Author: Steve French Date: Mon Jul 30 14:23:58 2018 -0500 smb3: add tracepoint for session expired or deleted In debugging reconnection problems, want to be able to more easily trace cases in which the server has marked the SMB3 session expired or deleted (to distinguish from timeout cases). Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg commit 06188fcf9c068a2a8e82ad1e2510a008373150e2 Author: Steve French Date: Sun Jul 29 17:13:39 2018 -0500 cifs: remove unused stats These timers were a good idea but weren't used in current code, and the idea was cifs specific. Future patch will add similar timers for SMB2/SMB3, but no sense using memory for cifs timers that aren't used in current code. Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg commit 22783155f4bf956c346a81624ec9258930a6fe06 Author: Steve French Date: Fri Jul 27 22:01:49 2018 -0500 smb3: don't request leases in symlink creation and query Fixes problem pointed out by Pavel in discussions about commit 729c0c9dd55204f0c9a823ac8a7bfa83d36c7e78 Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg CC: Stable # 3.18.x+ commit 1995d28f84b3d2a8f586fcd271207f798b80ccd8 Author: Steve French Date: Fri Jul 27 15:14:04 2018 -0500 smb3: remove per-session operations from per-tree connection stats Remove counters from the per-tree connection /proc/fs/cifs/Stats output that will always be zero (since they are not per-tcon ops) ie SMB3 Negotiate, SessionSetup, Logoff, Echo, Cancel. Also clarify "sent" to be "total" per-Pavel's suggestion (since this "total" includes total for all operations that we try to send whether or not succesffully sent). Sample output below: Resources in use CIFS Session: 1 Share (unique mount targets): 2 SMB Request/Response Buffer: 1 Pool size: 5 SMB Small Req/Resp Buffer: 1 Pool size: 30 Operations (MIDs): 0 1 session 2 share reconnects Total vfs operations: 23 maximum at one time: 2 1) \\localhost\test SMBs: 45 TreeConnects: 2 total 0 failed TreeDisconnects: 0 total 0 failed Creates: 13 total 2 failed Closes: 9 total 0 failed Flushes: 0 total 0 failed Reads: 0 total 0 failed Writes: 1 total 0 failed Locks: 0 total 0 failed IOCTLs: 3 total 1 failed QueryDirectories: 4 total 2 failed ChangeNotifies: 0 total 0 failed QueryInfos: 10 total 0 failed SetInfos: 3 total 0 failed OplockBreaks: 0 sent 0 failed Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky commit 289131e1f1e6ad8c661ec05e176b8f0915672059 Author: Steve French Date: Mon Jul 23 09:15:18 2018 -0500 SMB3: Number of requests sent should be displayed for SMB3 not just CIFS For SMB2/SMB3 the number of requests sent was not displayed in /proc/fs/cifs/Stats unless CONFIG_CIFS_STATS2 was enabled (only number of failed requests displayed). As with earlier dialects, we should be displaying these counters if CONFIG_CIFS_STATS is enabled. They are important for debugging. e.g. when you cat /proc/fs/cifs/Stats (before the patch) Resources in use CIFS Session: 1 Share (unique mount targets): 2 SMB Request/Response Buffer: 1 Pool size: 5 SMB Small Req/Resp Buffer: 1 Pool size: 30 Operations (MIDs): 0 0 session 0 share reconnects Total vfs operations: 690 maximum at one time: 2 1) \\localhost\test SMBs: 975 Negotiates: 0 sent 0 failed SessionSetups: 0 sent 0 failed Logoffs: 0 sent 0 failed TreeConnects: 0 sent 0 failed TreeDisconnects: 0 sent 0 failed Creates: 0 sent 2 failed Closes: 0 sent 0 failed Flushes: 0 sent 0 failed Reads: 0 sent 0 failed Writes: 0 sent 0 failed Locks: 0 sent 0 failed IOCTLs: 0 sent 1 failed Cancels: 0 sent 0 failed Echos: 0 sent 0 failed QueryDirectories: 0 sent 63 failed Signed-off-by: Steve French Reviewed-by: Aurelien Aptel Reviewed-by: Pavel Shilovsky commit 8a69e96e610b3ec8a55f6fd4e44363452838caa7 Author: Steve French Date: Fri Jun 29 16:06:15 2018 -0500 smb3: snapshot mounts are read-only and make sure info is displayable about the mount snapshot mounts were not marked as read-only and did not display the snapshot time (in /proc/mounts) specified on mount With this patch - note that can not write to the snapshot mount (see "ro" in /proc/mounts line) and also the missing snapshot timewarp token time is dumped. Sample line from /proc/mounts with the patch: //127.0.0.1/scratch /mnt2 smb3 ro,relatime,vers=default,cache=strict,username=testuser,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=127.0.0.1,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,noperm,rsize=1048576,wsize=1048576,echo_interval=60,snapshot=1234567,actimeo=1 0 0 Signed-off-by: Steve French Reviewed-by: Paulo Alcantara commit c3ed44026cd07fda5976ecb79225759901a160b4 Author: Steve French Date: Thu Jun 28 22:53:39 2018 -0500 smb3: remove noisy warning message on mount Some servers, like Samba, don't support the fsctl for query_network_interface_info so don't log a noisy warning message on mount for this by default unless the error is more serious. Lower the error to an FYI level so it does not get logged by default. Reviewed-by: Ronnie Sahlberg Reviewed-by: Aurelien Aptel Signed-off-by: Steve French commit 0fdfef9aa7ee68ddd508aef7c98630cfc054f8d6 Author: Steve French Date: Thu Jun 28 19:30:23 2018 -0500 smb3: simplify code by removing CONFIG_CIFS_SMB311 We really, really want to be encouraging use of secure dialects, and SMB3.1.1 offers useful security features, and will soon be the recommended dialect for many use cases. Simplify the code by removing the CONFIG_CIFS_SMB311 ifdef so users don't disable it in the build, and create compatibility and/or security issues with modern servers - many of which have been supporting this dialect for multiple years. Also clarify some of the Kconfig text for cifs.ko about SMB3.1.1 and current supported features in the module. Signed-off-by: Steve French Acked-by: Aurelien Aptel Reviewed-by: Ronnie Sahlberg commit 950132afd59385caf6e2b84e5235d069fa10681d Author: Steve French Date: Thu Jun 28 18:46:40 2018 -0500 cifs: add missing debug entries for kconfig options /proc/fs/cifs/DebugData displays the features (Kconfig options) used to build cifs.ko but it was missing some, and needed comma separator. These can be useful in debugging certain problems so we know which optional features were enabled in the user's build. Also clarify them, by making them more closely match the corresponding CONFIG_CIFS_* parm. Old format: Features: dfs fscache posix spnego xattr acl New format: Features: DFS,FSCACHE,SMB_DIRECT,STATS,DEBUG2,ALLOW_INSECURE_LEGACY,CIFS_POSIX,UPCALL(SPNEGO),XATTR,ACL Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg Reviewed-by: Pavel Shilovsky Reviewed-by: Paulo Alcantara CC: Stable commit 876fe8870dcebdfa7dbd03075f111065f47aef38 Author: Steve French Date: Thu Jun 28 17:52:03 2018 -0500 documentation update - remove old out of date feature info Following up on a suggestion by Matthew Wilcox ... The cifs CHANGES documentation file is out of date, and more current information is in the wiki. Delete the old version information that is of little use to make this documentation file more readable. CC: Matthew Wilcox Reviewed-by: Ronnie Sahlberg Reviewed-by: Aurelien Aptel Signed-off-by: Steve French commit 2d304217832ea720337e7a6aa012aa828a77f9d4 Author: Steve French Date: Sun Jun 24 23:28:12 2018 -0500 smb3: add support for statfs for smb3.1.1 posix extensions Output now matches expected stat -f output for all fields except for Namelen and ID which were addressed in a companion patch (which retrieves them from existing SMB3 mechanisms and works whether POSIX enabled or not) Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit 21ba3845b59c733a79ed4fe1c4f3732e7ece9df7 Author: Steve French Date: Sun Jun 24 23:18:52 2018 -0500 smb3: fill in statfs fsid and correct namelen Fil in the correct namelen (typically 255 not 4096) in the statfs response and also fill in a reasonably unique fsid (in this case taken from the volume id, and the creation time of the volume). In the case of the POSIX statfs all fields are now filled in, and in the case of non-POSIX mounts, all fields are filled in which can be. Signed-off-by: Steve French CC: Stable Reviewed-by: Aurelien Aptel commit a12d0c590cc7ae01892f06c5ad6d19580ecdd0de Author: Paulo Alcantara Date: Sat Jun 23 14:52:25 2018 -0300 cifs: Make sure all data pages are signed correctly Check if every data page is signed correctly in sigining helper. Signed-off-by: Paulo Alcantara Reviewed-by: Ronnie Sahlberg Signed-off-by: Steve French commit 256b4c3f03d77d8c0dc69e3a6ceb3afd0d1810bd Author: Aurelien Aptel Date: Tue Jun 19 15:18:48 2018 -0700 CIFS: fix memory leak and remove dead code also fixes error code in smb311_posix_mkdir() (where the error assignment needs to go before the goto) a typo that Dan Carpenter and Paulo and Gustavo pointed out. Signed-off-by: Aurelien Aptel Signed-off-by: Dan Carpenter Signed-off-by: Gustavo A. R. Silva Reviewed-by: Paulo Alcantara Signed-off-by: Steve French commit 7420451f6a109f7f8f1bf283f34d08eba3259fb3 Author: Steve French Date: Tue Jun 19 14:34:08 2018 -0500 cifs: allow disabling insecure dialects in the config allow disabling cifs (SMB1 ie vers=1.0) and vers=2.0 in the config for the build of cifs.ko if want to always prevent mounting with these less secure dialects. Signed-off-by: Steve French Reviewed-by: Aurelien Aptel Reviewed-by: Jeremy Allison commit 8505c8bfd85a260c9dc5c47e15bd8c5357fcbcd2 Author: Steve French Date: Mon Jun 18 14:01:59 2018 -0500 smb3: if server does not support posix do not allow posix mount option If user specifies "posix" on an SMB3.11 mount, then fail the mount if server does not return the POSIX negotiate context indicating support for posix. Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit cbedeadf9c44a1a135293717d501882f2933a534 Author: Arnd Bergmann Date: Tue Jun 19 17:27:59 2018 +0200 cifs: use 64-bit timestamps for fscache In the fscache, we just need the timestamps as cookies to check for changes, so we don't really care about the overflow, but it's better to stop using the deprecated timespec so we don't have to go through explicit conversion functions. To avoid comparing uninitialized padding values that are copied while assigning the timespec values, this rearranges the members of cifs_fscache_inode_auxdata to avoid padding, and assigns them individually. Signed-off-by: Arnd Bergmann Reviewed-by: Paulo Alcantara Signed-off-by: Steve French commit 95390201e7d8dd1eb764a3cbd50ae538a17fcd02 Author: Arnd Bergmann Date: Tue Jun 19 17:27:58 2018 +0200 cifs: use timespec64 internally In cifs, the timestamps are stored in memory in the cifs_fattr structure, which uses the deprecated 'timespec' structure. Now that the VFS code has moved on to 'timespec64', the next step is to change over the fattr as well. This also makes 32-bit and 64-bit systems behave the same way, and no longer overflow the 32-bit time_t in year 2038. Signed-off-by: Arnd Bergmann Reviewed-by: Paulo Alcantara Signed-off-by: Steve French commit ff361fda55fda55031252aca1f8afef735fe057c Author: Dan Carpenter Date: Tue Jun 19 15:25:30 2018 +0300 cifs: Silence uninitialized variable warning This is not really a runtime issue but Smatch complains that: fs/cifs/smb2ops.c:1740 smb2_query_symlink() error: uninitialized symbol 'resp_buftype'. The warning is right that it can be uninitialized... Also "err_buf" would be NULL at this point and we're not supposed to pass NULLs to free_rsp_buf() or it might trigger some extra output if we turn on debugging. Signed-off-by: Dan Carpenter Reviewed-by: Paulo Alcantara Signed-off-by: Steve French commit 50ee42b9ccb39c7a5c41eaae3199675a6ced9d49 Merge: 1ba982806ce5 bb9051a2b230 Author: David S. Miller Date: Tue Aug 7 12:15:03 2018 -0700 Merge branch 'WoL-filters' Florian Fainelli says: ==================== net: Support Wake-on-LAN using filters This is technically a v2, but this patch series builds on your feedback and defines the following: - a new WAKE_* bit: WAKE_FILTER which can be enabled alongside other type of Wake-on-LAN to support waking up on a programmed filter (match + action) - a new RX_CLS_FLOW_WAKE flow action which can be specified by an user when inserting a flow using ethtool::rxnfc, similar to the existing RX_CLS_FLOW_DISC The bcm_sf2 and bcmsysport drivers are updated accordingly to work in concert to allow matching packets at the switch level, identified by their filter location to be used as a match by the SYSTEM PORT (CPU/management controller) during Wake-on-LAN. Let me know if this looks better than the previous incarnation of the patch series. Attached is also the ethtool patch that I would be submitting once the uapi changes are committed. Thank you! Changes in v2: - bail out earlier in bcm_sf2_cfp's get_rxnfc if an error is encountered (Andrew) ==================== Signed-off-by: David S. Miller commit bb9051a2b23005a18826a2c33c98e5d977332352 Author: Florian Fainelli Date: Tue Aug 7 10:50:23 2018 -0700 net: systemport: Add support for WAKE_FILTER The SYSTEMPORT MAC allows up to 8 filters to be programmed to wake-up from LAN. Verify that we have up to 8 filters and program them to the appropriate RXCHK entries to be matched (along with their masks). We need to update the entry and exit to Wake-on-LAN mode to keep the RXCHK engine running to match during suspend, but this is otherwise fairly similar to Magic Packet detection. Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit 8a75f4f2acd78adfaf4b96939322d8a1de97d378 Author: Florian Fainelli Date: Tue Aug 7 10:50:22 2018 -0700 net: dsa: bcm_sf2: Propagate ethtool::rxnfc to CPU port Allow propagating ethtool::rxnfc programming to the CPU/management port such that it is possible for such a CPU to perform e.g: Wake-on-LAN using filters configured by the switch. We need a tiny bit of cooperation between the switch drivers which is able to do the full flow matching, whereas the CPU/management port might not. The CPU/management driver needs to return -EOPNOTSUPP to indicate an non critical error, any other error code otherwise. Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit 6cfef793b558eee47bac720574aff0d36b89d20a Author: Florian Fainelli Date: Tue Aug 7 10:50:20 2018 -0700 ethtool: Add WAKE_FILTER and RX_CLS_FLOW_WAKE Add the ability to specify through ethtool::rxnfc that a rule location is special and will be used to participate in Wake-on-LAN, by e.g: having a specific pattern be matched. When this is the case, fs->ring_cookie must be set to the special value RX_CLS_FLOW_WAKE. We also define an additional ethtool::wolinfo flag: WAKE_FILTER which can be used to configure an Ethernet adapter to allow Wake-on-LAN using previously programmed filters. Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit 58796e67d5d529e2010f6985fae7a5cef02f19a8 Author: Parav Pandit Date: Mon Aug 6 07:45:51 2018 +0300 IB/ucm: Initialize sgid request GID attribute pointer sgid_attr is uninitialized on the stack, initialize it to NULL. Fixes: 398391071f25 ("IB/cm: Replace members of sa_path_rec with 'struct sgid_attr *'") Signed-off-by: Parav Pandit Reviewed-by: Yossi Itigin Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit fd2fa95416188a767a63979296fa3e169a9ef5ec Author: Mike Snitzer Date: Thu Aug 2 16:08:52 2018 -0400 dm cache metadata: save in-core policy_hint_size to on-disk superblock policy_hint_size starts as 0 during __write_initial_superblock(). It isn't until the policy is loaded that policy_hint_size is set in-core (cmd->policy_hint_size). But it never got recorded in the on-disk superblock because __commit_transaction() didn't deal with transfering the in-core cmd->policy_hint_size to the on-disk superblock. The in-core cmd->policy_hint_size gets initialized by metadata_open()'s __begin_transaction_flags() which re-reads all superblock fields. Because the superblock's policy_hint_size was never properly stored, when the cache was created, hints_array_available() would always return false when re-activating a previously created cache. This means __load_mappings() always considered the hints invalid and never made use of the hints (these hints served to optimize). Another detremental side-effect of this oversight is the cache_check utility would fail with: "invalid hint width: 0" Cc: stable@vger.kernel.org Signed-off-by: Mike Snitzer commit 75294442d896f2767be34f75aca7cc2b0d01301f Author: Hou Tao Date: Thu Aug 2 16:18:24 2018 +0800 dm thin: stop no_space_timeout worker when switching to write-mode Now both check_for_space() and do_no_space_timeout() will read & write pool->pf.error_if_no_space. If these functions run concurrently, as shown in the following case, the default setting of "queue_if_no_space" can get lost. precondition: * error_if_no_space = false (aka "queue_if_no_space") * pool is in Out-of-Data-Space (OODS) mode * no_space_timeout worker has been queued CPU 0: CPU 1: // delete a thin device process_delete_mesg() // check_for_space() invoked by commit() set_pool_mode(pool, PM_WRITE) pool->pf.error_if_no_space = \ pt->requested_pf.error_if_no_space // timeout, pool is still in OODS mode do_no_space_timeout // "queue_if_no_space" config is lost pool->pf.error_if_no_space = true pool->pf.mode = new_mode Fix it by stopping no_space_timeout worker when switching to write mode. Fixes: bcc696fac11f ("dm thin: stay in out-of-data-space mode once no_space_timeout expires") Cc: stable@vger.kernel.org Signed-off-by: Hou Tao Signed-off-by: Mike Snitzer commit a3cfcecdb38b2f562fd6608ad4b1f8c1115cddd0 Author: Michal Vokáč Date: Fri Jul 27 14:15:15 2018 +0200 dt-bindings: Add Y Soft Corporation vendor prefix Y Soft is headquartered in the Czech Republic and it is a worldwide provider of enterprise office solutions for print management. Signed-off-by: Michal Vokáč Signed-off-by: Rob Herring commit da653130a9faaf5df18c5f84e7bf5cb5f5d256e4 Author: Michael Ellerman Date: Fri Jul 27 15:35:55 2018 +1000 of/fdt: Remove PPC32 longtrail hack in memory scan When the OF code was originally made common by Grant in commit 51975db0b733 ("of/flattree: merge early_init_dt_scan_memory() common code") (Feb 2010), the common code inherited a hack to handle PPC "longtrail" machines, which had a "memory@0" node with no device_type. That check was then made to only apply to PPC32 in b44aa25d20e2 ("of: Handle memory@0 node on PPC32 only") (May 2014). But according to Paul Mackerras the "longtrail" machines are long dead, if they were ever seen in the wild at all. If someone does still have one, we can handle this firmware wart in powerpc platform code. So remove the hack once and for all. Signed-off-by: Michael Ellerman Signed-off-by: Rob Herring commit 1ba982806ce58baac44c52e6c7812245afad27c8 Merge: c5d99d2b35da 85fc4b16aaf0 Author: David S. Miller Date: Tue Aug 7 11:02:05 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next Daniel Borkmann says: ==================== pull-request: bpf-next 2018-08-07 The following pull-request contains BPF updates for your *net-next* tree. The main changes are: 1) Add cgroup local storage for BPF programs, which provides a fast accessible memory for storing various per-cgroup data like number of transmitted packets, etc, from Roman. 2) Support bpf_get_socket_cookie() BPF helper in several more program types that have a full socket available, from Andrey. 3) Significantly improve the performance of perf events which are reported from BPF offload. Also convert a couple of BPF AF_XDP samples overto use libbpf, both from Jakub. 4) seg6local LWT provides the End.DT6 action, which allows to decapsulate an outer IPv6 header containing a Segment Routing Header. Adds this action now to the seg6local BPF interface, from Mathieu. 5) Do not mark dst register as unbounded in MOV64 instruction when both src and dst register are the same, from Arthur. 6) Define u_smp_rmb() and u_smp_wmb() to their respective barrier instructions on arm64 for the AF_XDP sample code, from Brian. 7) Convert the tcp_client.py and tcp_server.py BPF selftest scripts over from Python 2 to Python 3, from Jeremy. 8) Enable BTF build flags to the BPF sample code Makefile, from Taeung. 9) Remove an unnecessary rcu_read_lock() in run_lwt_bpf(), from Taehee. 10) Several improvements to the README.rst from the BPF documentation to make it more consistent with RST format, from Tobin. 11) Replace all occurrences of strerror() by calls to strerror_r() in libbpf and fix a FORTIFY_SOURCE build error along with it, from Thomas. 12) Fix a bug in bpftool's get_btf() function to correctly propagate an error via PTR_ERR(), from Yue. ==================== Signed-off-by: David S. Miller commit 73971b172a435079340007bee12b4944cc599a8a Author: Brian Foster Date: Tue Aug 7 10:57:13 2018 -0700 xfs: remove dead error handling code in xfs_dquot_disk_alloc() Colin Ian King reports that commit 82ff27bc52 ("xfs: automatic dfops buffer relogging") leaves around some dead error handling code in xfs_dquot_disk_alloc(). This was discovered via Coverity scan. Since the associated commit eliminates the act of joining a buffer to a dfops, this intermediate error state is no longer possible and the error handling code can be removed. Since the caller cancels the transaction on error, which cancels the dfops, eliminate the unnecessary xfs_defer_cancel() call and error handling labels. Fixes: 82ff27bc52 ("xfs: automatic dfops buffer relogging") Reported-by: Colin Ian King Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit 2ba090d521c5e09f32316c179d25bb6f699d3568 Author: Christoph Hellwig Date: Tue Aug 7 10:57:12 2018 -0700 xfs: use WRITE_ONCE to update if_seq This adds ordering of the updates and makes sure we always see the if_seq update before the extent tree is modified. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit 36dc5b20e31db5cd470eb1934815320e7a0434c3 Author: Paul Burton Date: Tue Aug 7 10:15:04 2018 -0700 MIPS: Use dins to simplify __write_64bit_c0_split() The code in __write_64bit_c0_split() is used by MIPS32 kernels running on MIPS64 CPUs to write a 64-bit value to a 64-bit coprocessor 0 register using a single 64-bit dmtc0 instruction. It does this by combining the 2x 32-bit registers used to hold the 64-bit value into a single register, which in the existing code involves three steps: 1) Zero extend register A which holds bits 31:0 of our data, since it may have previously held a sign-extended value. 2) Shift register B which holds bits 63:32 of our data in bits 31:0 left by 32 bits, such that the bits forming our data are in the position they'll be in the final 64-bit value & bits 31:0 of the register are zero. 3) Or the two registers together to form the 64-bit value in one 64-bit register. From MIPS r2 onwards we have a dins instruction which can effectively perform all 3 of those steps using a single instruction. Add a path for MIPS r2 & beyond which uses dins to take bits 31:0 from register B & insert them into bits 63:32 of register A, giving us our full 64-bit value in register A with one instruction. Since we know that MIPS r2 & above support the sel field for the dmtc0 instruction, we don't bother special casing sel==0. Omiting the sel field would assemble to exactly the same instruction as when we explicitly specify that it equals zero. Signed-off-by: Paul Burton commit 08eeb44b2466feb1cf98fb0e8e6a1cf932ece6df Author: Paul Burton Date: Mon Aug 6 18:29:51 2018 -0700 MIPS: Use read-write output operand in __write_64bit_c0_split() Commit c22c80431055 ("MIPS: Fix input modify in __write_64bit_c0_split()") modified __write_64bit_c0_split() constraints such that we have both an input & an output which we hope to assign to the same registers, and modify the output rather than incorrectly clobbering an input. The way in which we use both an output & an input parameter with the input constrained to share the output registers is a little convoluted & also problematic for clang, which complains if the input & output values have different widths. For example: In file included from kernel/fork.c:98: ./arch/mips/include/asm/mmu_context.h:149:19: error: unsupported inline asm: input with type 'unsigned long' matching output with type 'unsigned long long' write_c0_entryhi(cpu_asid(cpu, next)); ~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~ ./arch/mips/include/asm/mmu_context.h:93:2: note: expanded from macro 'cpu_asid' (cpu_context((cpu), (mm)) & cpu_asid_mask(&cpu_data[cpu])) ^ ./arch/mips/include/asm/mipsregs.h:1617:65: note: expanded from macro 'write_c0_entryhi' #define write_c0_entryhi(val) __write_ulong_c0_register($10, 0, val) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~ ./arch/mips/include/asm/mipsregs.h:1430:39: note: expanded from macro '__write_ulong_c0_register' __write_64bit_c0_register(reg, sel, val); \ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~ ./arch/mips/include/asm/mipsregs.h:1400:41: note: expanded from macro '__write_64bit_c0_register' __write_64bit_c0_split(register, sel, value); \ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~ ./arch/mips/include/asm/mipsregs.h:1498:13: note: expanded from macro '__write_64bit_c0_split' : "r,0" (val)); \ ^~~ We can both fix this build failure & simplify the code somewhat by assigning the __tmp variable with the input value in C prior to our inline assembly, and then using a single read-write output operand (ie. a constraint beginning with +) to provide this value to our assembly. Signed-off-by: Paul Burton commit 88c6f8a3977cc35997b47e2f99f080a15559c1eb Author: Joerg Roedel Date: Tue Aug 7 12:24:29 2018 +0200 x86/mm/pti: Fix 32 bit PCID check The check uses the wrong operator and causes false positive warnings in the kernel log on some systems. Fixes: 5e8105950a8b3 ('x86/mm/pti: Add Warning when booting on a PCID capable CPU') Signed-off-by: Joerg Roedel Signed-off-by: Thomas Gleixner Cc: "H . Peter Anvin" Cc: linux-mm@kvack.org Cc: Linus Torvalds Cc: Andy Lutomirski Cc: Dave Hansen Cc: Josh Poimboeuf Cc: Juergen Gross Cc: Peter Zijlstra Cc: Borislav Petkov Cc: Jiri Kosina Cc: Boris Ostrovsky Cc: Brian Gerst Cc: David Laight Cc: Denys Vlasenko Cc: Eduardo Valentin Cc: Greg KH Cc: Will Deacon Cc: aliguori@amazon.com Cc: daniel.gruss@iaik.tugraz.at Cc: hughd@google.com Cc: keescook@google.com Cc: Andrea Arcangeli Cc: Waiman Long Cc: Pavel Machek Cc: "David H . Gutteridge" Cc: joro@8bytes.org Link: https://lkml.kernel.org/r/1533637471-30953-2-git-send-email-joro@8bytes.org commit 484a84f25ca7817c3662001316ba7d1e06b74ae2 Author: Michael Larabel Date: Tue Aug 7 09:54:54 2018 -0400 hwmon: (k10temp) 27C Offset needed for Threadripper2 For at least the Threadripper 2950X and Threadripper 2990WX, it's confirmed a 27 degree offset is needed. Signed-off-by: Michael Larabel Cc: stable@vger.kernel.org Signed-off-by: Guenter Roeck commit c5d99d2b35dadebab2408bb10dcd50364eaaf9f4 Author: Alexander Aring Date: Tue Aug 7 10:34:44 2018 -0400 ieee802154: hwsim: fix rcu address annotation This patch fixes the following sparse warning about mismatch rcu attribute for address space annotation: ... error: incompatible types in comparison expression (different modifiers) error: incompatible types in comparison expression (different address spaces) ... Some __rcu annotation was at non-pointers list head structures and one was missing in edge information which is used by rcu_assign_pointer() to update edge setting information. Cc: Stefan Schmidt Fixes: f25da51fdc38 ("ieee802154: hwsim: add replacement for fakelb") Signed-off-by: Alexander Aring Signed-off-by: Stefan Schmidt Signed-off-by: David S. Miller commit cd9139220b87f40ea83858de1d6436c639376ce7 Author: Juergen Gross Date: Wed Jun 13 11:58:06 2018 +0200 xen: don't use privcmd_call() from xen_mc_flush() Using privcmd_call() for a singleton multicall seems to be wrong, as privcmd_call() is using stac()/clac() to enable hypervisor access to Linux user space. Even if currently not a problem (pv domains can't use SMAP while HVM and PVH domains can't use multicalls) things might change when PVH dom0 support is added to the kernel. Reported-by: Jan Beulich Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich Signed-off-by: Boris Ostrovsky commit f25848d4cdf2c5db5c506ca6553c79f97db19975 Author: Jacob Keller Date: Tue Jul 31 03:41:42 2018 -0700 i40e: convert priority flow control stats to use helpers The priority flow control statistics are laid out in the stats structure using arrays. This made it unwieldy to use as part of an i40e_stats array. Add a new structure type, i40e_pfc_stats, and a helper function i40e_get_pfc_stats which can return the stats for a given priority value as an i40e_pfc_stats structure. Use this to create an i40e_stats array, which we'll use to format and copy the strings and stats into the supplied buffers. This reduces even more boiler plate code in i40e_get_ethtool_stats and i40e_get_stat_strings. An alternative would be to modify the structure definition for the pfc stats, but this is more invasive to the rest of the code base. Note that a macro was used to setup the copy of stats from the pf->stats, as this reduces the chance of typos in the code names. It will produce a checkpatch.pl warning due to re-use of a macro argument. In this case, it should be safe, as the macro will fail to compile in cases where the argument is not a simple structure member name, and thus arguments with side effects should not be an issue. Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit 1510ae0be2a4d4630823752235c41f8a0e06f37a Author: Jacob Keller Date: Tue Jul 31 03:41:41 2018 -0700 i40e: convert VEB TC stats to use an i40e_stats array The VEB TC stats are currently implemented with separate parsing, instead of using the i40e_stats array and associated helper functions. This is likely because the stats rely on embedding the TC number into the stat name. Update i40e_add_stat_strings to take variadic arguments, and use these to vsnprintf the i40e_stats string as a string containing format specifiers. Create a stats array for the VEB TC related stats, i40e_gstrings_veb_tc_stats, and use this along with the helper functions to remove the specialized boiler plate code. Always call i40e_add_ethtool_stats for both this array and the general VEB stats array. This ensures that we zero out any memory in case it was not zero-allocated for us. This ultimately results in less boiler plate code for the i40e_get_stat_strings and i40e_get_ethtool_stats. Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit 1ac2ee231f922d46cc7bb4c9f02eeb841b3e4b47 Author: Mariusz Stachura Date: Tue Jul 31 03:41:40 2018 -0700 i40e: Set fec_config when forcing link state This patch configures FEC setting in i40e_force_link_state(). For some reason setting this field was overlooked thus causing 25G link to be configured incorrectly. Signed-off-by: Mariusz Stachura Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit f303048067a78d95947c1748ce1e55940ab2100b Author: Jacob Keller Date: Tue Jul 31 03:41:39 2018 -0700 i40e: add helper to copy statistic values into ethtool buffer Similar to the helper function to copy the ethtool stats strings, add and use a helper function for copying the ethtool stats into the supplied buffer. Just like before, we use a macro to avoid having to pass ARRAY_SIZE manually, so as to reduce chance of bugs. Some of the stats, especially queue stats, are a bit trickier, and will be handled in future patches. Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit 91f0654461f615247fb6cef6fc9de57f6607a677 Author: Jacob Keller Date: Tue Jul 31 03:41:38 2018 -0700 i40e: add helper function for copying strings from stat arrays Many of the ethtool statistics use the same basic logic for copying strings into the supplied buffer. A set of stats are stored in a const array of i40e_stats structures, and we apply these all together. Simplify the stats code by introducing a helper function which can take a stats array and copy the strings into the buffer, updating the buffer pointer as we go. We use a macro to implement i40e_add_stat_strings so that ARRAY_SIZE can be used on the array passed in. This ensures that we always use the matching size in __i40e_add_stat_strings. More complex stats currently do not use i40e_stats arrays, usually due to custom formatted strings, or because the stats are not laid out in the expected way. These stats will be updated to use the helper function in separate future patches. Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit 1b4b6f3a2a653cb9131664deed3f1e44f60a6e14 Author: YueHaibing Date: Thu Jul 26 14:37:36 2018 +0800 i40e/i40evf: remove redundant functions i40evf_aq_{set/get}_phy_register There are no in-tree callers. Signed-off-by: YueHaibing Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit e661414c98dfbdcf8666a058a6278cd7a2f20c95 Author: Sergey Nemov Date: Thu Jul 19 13:25:22 2018 +0200 i40e: Remove duplicated prepare call in i40e_shutdown Function call to i40e_prep_for_reset() is duplicated in i40e_shutdown routine and gets called before i40e_enable_mc_magic_wake() which blocks it from being executed correctly on system reboot or shutdown because adminq is already disabled by first i40e_prep_for_reset() call. Two register write calls are also duplicated. Signed-off-by: Sergey Nemov Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit f699edb12a25a3dc8ecf72fe0a9b2fa42bd6a5da Author: Pablo Neira Ayuso Date: Tue Aug 7 17:14:27 2018 +0200 netfilter: nft_ct: enable conntrack for helpers Enable conntrack if the user defines a helper to be used from the ruleset policy. Fixes: 1a64edf54f55 ("netfilter: nft_ct: add helper set support") Signed-off-by: Pablo Neira Ayuso commit 7e0b2b57f01d183e1c84114f1f2287737358d748 Author: Harsha Sharma Date: Tue Aug 7 17:14:23 2018 +0200 netfilter: nft_ct: add ct timeout support This patch allows to add, list and delete connection tracking timeout policies via nft objref infrastructure and assigning these timeout via nft rule. %./libnftnl/examples/nft-ct-timeout-add ip raw cttime tcp Ruleset: table ip raw { ct timeout cttime { protocol tcp; policy = {established: 111, close: 13 } } chain output { type filter hook output priority -300; policy accept; ct timeout set "cttime" } } %./libnftnl/examples/nft-rule-ct-timeout-add ip raw output cttime %conntrack -E [NEW] tcp 6 111 ESTABLISHED src=172.16.19.128 dst=172.16.19.1 sport=22 dport=41360 [UNREPLIED] src=172.16.19.1 dst=172.16.19.128 sport=41360 dport=22 %nft delete rule ip raw output handle %./libnftnl/examples/nft-ct-timeout-del ip raw cttime Joint work with Pablo Neira. Signed-off-by: Harsha Sharma Signed-off-by: Pablo Neira Ayuso commit ad83f2a9ce37a264202f48f4fd8889ee9056b703 Author: Pablo Neira Ayuso Date: Tue Aug 7 17:14:19 2018 +0200 netfilter: remove ifdef around cttimeout in struct nf_conntrack_l4proto Simplify this, include it inconditionally in this structure layout as we do with ctnetlink. Signed-off-by: Pablo Neira Ayuso commit 6c1fd7dc489d9bf64196f5b0fa33e059f64460c8 Author: Pablo Neira Ayuso Date: Tue Aug 7 17:14:15 2018 +0200 netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object The timeout policy is currently embedded into the nfnetlink_cttimeout object, move the policy into an independent object. This allows us to reuse part of the existing conntrack timeout extension from nf_tables without adding dependencies with the nfnetlink_cttimeout object layout. Signed-off-by: Pablo Neira Ayuso commit 4e665afbd7bee29b44b5d22821b56207f8459e39 Author: Harsha Sharma Date: Tue Aug 7 17:14:10 2018 +0200 netfilter: cttimeout: move ctnl_untimeout to nf_conntrack As, ctnl_untimeout is required by nft_ct, so move ctnl_timeout from nfnetlink_cttimeout to nf_conntrack_timeout and rename as nf_ct_timeout. Signed-off-by: Harsha Sharma Signed-off-by: Pablo Neira Ayuso commit 35a8a3bd1c2e29bb6baec501c6f56abaaa10a48a Author: Fernando Fernandez Mancera Date: Tue Aug 7 11:43:02 2018 +0200 netfilter: nft_osf: use NFT_OSF_MAXGENRELEN instead of IFNAMSIZ As no "genre" on pf.os exceed 16 bytes of length, we reduce NFT_OSF_MAXGENRELEN parameter to 16 bytes and use it instead of IFNAMSIZ. Signed-off-by: Fernando Fernandez Mancera Signed-off-by: Pablo Neira Ayuso commit dffe12a82826082d2129ef91b17b257254cb60fc Author: Bob Peterson Date: Tue Aug 7 10:07:00 2018 -0500 gfs2: Fix gfs2_testbit to use clone bitmaps Function gfs2_testbit is called in three places. Two of those places, gfs2_alloc_extent and gfs2_unaligned_extlen, should be using the clone bitmaps, not the "real" bitmaps. Function gfs2_unaligned_extlen is used by the block reservations scheme to determine the length of an extent of free blocks. Before this patch, it wasn't using the clone bitmap, which means recently-freed blocks were treated as free blocks for the purposes of an allocation. This patch adds a new parameter to gfs2_testbit to indicate whether or not the clone bitmaps should be used (if available). Signed-off-by: Bob Peterson Reviewed-by: Andreas Gruenbacher commit 77b5f703dcc859915f0f20d92bc538e4a99ef149 Author: Benjamin Herrenschmidt Date: Tue Apr 10 17:16:10 2018 +1000 powerpc/powernv/opal: Use standard interrupts property when available For (bad) historical reasons, OPAL used to create a non-standard pair of properties "opal-interrupts" and "opal-interrupts-names" for representing the list of interrupts it wants Linux to request on its behalf. Among other issues, the opal-interrupts doesn't have a way to carry the type of interrupts, and they were assumed to be all level sensitive. This is wrong on some recent systems where some of them are edge sensitive causing warnings in the XIVE code and possible misbehaviours if they need to be retriggered (typically the NPU2 TCE error interrupts). This makes Linux switch to using the standard "interrupts" and "interrupt-names" properties instead when they are available, using standard of_irq helpers, which can carry all the desired type information. Newer versions of OPAL will generate those properties in addition to the legacy ones. Signed-off-by: Benjamin Herrenschmidt [mpe: Fixup prefix logic to check strlen(r->name). Reinstate setting of start = 0 in opal_event_shutdown() to avoid double free warnings] Signed-off-by: Michael Ellerman commit d6690b1a9b0dd95a6fbd166d9657e0cc80afbf99 Author: Christophe Leroy Date: Thu Jun 7 10:10:22 2018 +0000 powerpc: Allow CPU selection of e300core variants GCC supports -mcpu=e300c2 and -mcpu=e300c3 This patch gives the opportunity to tune kernel to one of those two types. Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman commit 0e00a8c9fd92409afa107aaa05f8465a76856080 Author: Christophe Leroy Date: Thu Jun 7 10:10:20 2018 +0000 powerpc: Allow CPU selection also on PPC32 This patch extends to PPC32 the capability to select the exact CPU type. Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman commit cc62d20ce4ca4fe73a09d571144b29d43478cb9c Author: Christophe Leroy Date: Thu Jun 7 10:10:18 2018 +0000 powerpc: Make CPU selection logic generic in Makefile At the time being, when adding a new CPU for selection, both Kconfig.cputype and Makefile have to be modified. This patch moves into Kconfig.cputype the name of the CPU to me passed to the -mcpu= argument. Signed-off-by: Christophe Leroy Reviewed-by: Nicholas Piggin [mpe: Rename the option to TARGET_CPU to echo the gcc documentation] Signed-off-by: Michael Ellerman commit badf436f6fa5dc864d579d73fe75386b743470c0 Author: Rodrigo R. Galvao Date: Mon Aug 6 13:42:03 2018 -0300 powerpc/Makefiles: Convert ifeq to ifdef where possible In Makefiles if we're testing a CONFIG_FOO symbol for equality with 'y' we can instead just use ifdef. The latter reads easily, so convert to it where possible. Signed-off-by: Rodrigo R. Galvao Reviewed-by: Mauro S. M. Rodrigues Signed-off-by: Michael Ellerman commit f8db2007ff5838aff696bd4297eefcc77af2cf46 Author: Paul Mackerras Date: Fri Aug 3 20:13:06 2018 +1000 powerpc/64: Copy as much as possible in __copy_tofrom_user In __copy_tofrom_user, if we encounter an exception on a store, we stop copying and return the number of bytes not copied. However, if the store is wider than one byte and is to an unaligned address, it is possible that the store operand overlaps a page boundary and the exception occurred on the latter part of the store operand, meaning that it would be possible to copy a few more bytes. Since copy_to_user is generally expected to copy as much as possible, it would be better to copy those extra few bytes. This adds code to do that. Since this edge case is not performance-critical, the code has been written to be compact rather than as fast as possible. Signed-off-by: Paul Mackerras Signed-off-by: Michael Ellerman commit 2679f63fe5e4bb1459a0c20859a99c70c15d5ea1 Author: Michael Ellerman Date: Fri Aug 3 20:13:05 2018 +1000 selftests/powerpc/64: Test exception cases in copy_tofrom_user This adds a set of test cases to test the behaviour of copy_tofrom_user when exceptions are encountered accessing the source or destination. Currently, copy_tofrom_user does not always copy as many bytes as possible when an exception occurs on a store to the destination, and that is reflected in failures in these tests. Based on a test program from Anton Blanchard. [paulus@ozlabs.org - test all three paths, wrote commit description, made EX_TABLE create an exception table.] Signed-off-by: Paul Mackerras Signed-off-by: Michael Ellerman commit 98c45f51f767bfdd71d773cceaceb403352e51ae Author: Paul Mackerras Date: Fri Aug 3 20:13:04 2018 +1000 selftests/powerpc/64: Test all paths through copy routines The hand-coded assembler 64-bit copy routines include feature sections that select one code path or another depending on which CPU we are executing on. The self-tests for these copy routines end up testing just one path. This adds a mechanism for selecting any desired code path at compile time, and makes 2 or 3 versions of each test, each using a different code path, so as to cover all the possible paths. Signed-off-by: Paul Mackerras [mpe: Add -mcpu=power4 to CFLAGS for older compilers] Signed-off-by: Michael Ellerman commit a7c81ce398e2ad304f61d6167155f3ef65a96524 Author: Paul Mackerras Date: Fri Aug 3 20:13:03 2018 +1000 powerpc/64: Make exception table clearer in __copy_tofrom_user_base This aims to make the generation of exception table entries for the loads and stores in __copy_tofrom_user_base clearer and easier to verify. Instead of having a series of local labels on the loads and stores, with a series of corresponding labels later for the exception handlers, we now use macros to generate exception table entries at the point of each load and store that could potentially trap. We do this with the macros lex (load exception) and stex (store exception). These macros are used right before the load or store to which they apply. Some complexity is introduced by the fact that we have some more work to do after hitting an exception, because we need to calculate and return the number of bytes not copied. The code uses r3 as the current pointer into the destination buffer, that is, the address of the first byte of the destination that has not been modified. However, at various points in the copy loops, r3 can be 4, 8, 16 or 24 bytes behind that point. To express this offset in an understandable way, we define a symbol r3_offset which is updated at various points so that it equal to the difference between the address of the first unmodified byte of the destination and the value in r3. (In fact it only needs to be accurate at the point of each lex or stex macro invocation.) The rules for updating r3_offset are as follows: * It starts out at 0 * An addi r3,r3,N instruction decreases r3_offset by N * A store instruction (stb, sth, stw, std) to N(r3) increases r3_offset by the width of the store (1, 2, 4, 8) * A store with update instruction (stbu, sthu, stwu, stdu) to N(r3) sets r3_offset to the width of the store. There is some trickiness to the way that the lex and stex macros and the associated exception handlers work. I would have liked to use the current value of r3_offset in the name of the symbol used as the exception handler, as in ".Lld_exc_$(r3_offset)" and then have symbols .Lld_exc_0, .Lld_exc_8, .Lld_exc_16 etc. corresponding to the offsets that needed to be added to r3. However, I couldn't see a way to do that with gas. Instead, the exception handler address is .Lld_exc - r3_offset or .Lst_exc - r3_offset, that is, the distance ahead of .Lld_exc/.Lst_exc that we start executing is equal to the amount that we need to add to r3. This works because r3_offset is always a small multiple of 4, and our instructions are 4 bytes long. This means that before .Lld_exc and .Lst_exc, we have a sequence of instructions that increments r3 by 4, 8, 16 or 24 depending on where we start. The sequence increments r3 by 4 per instruction (on average). We also replace the exception table for the 4k copy loop by a macro per load or store. These loads and stores all use exactly the same exception handler, which simply resets the argument registers r3, r4 and r5 to there original values and re-does the whole copy using the slower loop. Signed-off-by: Paul Mackerras Signed-off-by: Michael Ellerman commit 81d7b08b3cec79a43411e7175401b369090dba29 Author: zhong jiang Date: Sat Aug 4 22:25:00 2018 +0800 powerpc/powermac: of_node_put() is not needed after iterator for_each_node_by_name() iterators only exit normally when the loop cursor is NULL, So there is no need to call of_node_put(). Signed-off-by: zhong jiang Reviewed-by: Tyrel Datwyler Signed-off-by: Michael Ellerman commit 656ecc16e8fc2ab44b3d70e3fcc197a7020d0ca5 Author: Haren Myneni Date: Wed Jun 13 00:32:40 2018 -0700 crypto/nx: Initialize 842 high and normal RxFIFO control registers NX increments readOffset by FIFO size in receive FIFO control register when CRB is read. But the index in RxFIFO has to match with the corresponding entry in FIFO maintained by VAS in kernel. Otherwise NX may be processing incorrect CRBs and can cause CRB timeout. VAS FIFO offset is 0 when the receive window is opened during initialization. When the module is reloaded or in kexec boot, readOffset in FIFO control register may not match with VAS entry. This patch adds nx_coproc_init OPAL call to reset readOffset and queued entries in FIFO control register for both high and normal FIFOs. Signed-off-by: Haren Myneni [mpe: Fixup uninitialized variable warning] Signed-off-by: Michael Ellerman commit 6e708000ec2c93c2bde6a46aa2d6c3e80d4eaeb9 Author: Haren Myneni Date: Wed Jun 13 00:28:57 2018 -0700 powerpc/powernv: Export opal_check_token symbol Export opal_check_token symbol for modules to check the availability of OPAL calls before using them. Signed-off-by: Haren Myneni Signed-off-by: Michael Ellerman commit f5daf77a55ef0e695cc90c440ed6503073ac5e07 Author: Randy Dunlap Date: Sun Jul 15 10:34:46 2018 -0700 powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning Fix build errors and warnings in t1042rdb_diu.c by adding header files and MODULE_LICENSE(). ../arch/powerpc/platforms/85xx/t1042rdb_diu.c:152:1: warning: data definition has no type or storage class early_initcall(t1042rdb_diu_init); ../arch/powerpc/platforms/85xx/t1042rdb_diu.c:152:1: error: type defaults to 'int' in declaration of 'early_initcall' [-Werror=implicit-int] ../arch/powerpc/platforms/85xx/t1042rdb_diu.c:152:1: warning: parameter names (without types) in function declaration and WARNING: modpost: missing MODULE_LICENSE() in arch/powerpc/platforms/85xx/t1042rdb_diu.o Signed-off-by: Randy Dunlap Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: Scott Wood Cc: Kumar Gala Cc: linuxppc-dev@lists.ozlabs.org Signed-off-by: Michael Ellerman commit 7ccc4fe5ff9e3a134e863beed0dba18a5e511659 Author: Anju T Sudhakar Date: Fri May 18 13:05:25 2018 +0530 powerpc/perf: Remove sched_task function defined for thread-imc Call trace observed while running perf-fuzzer: CPU: 43 PID: 9088 Comm: perf_fuzzer Not tainted 4.13.0-32-generic #35~lp1746225 task: c000003f776ac900 task.stack: c000003f77728000 NIP: c000000000299b70 LR: c0000000002a4534 CTR: c00000000029bb80 REGS: c000003f7772b760 TRAP: 0700 Not tainted (4.13.0-32-generic) MSR: 900000000282b033 CR: 24008822 XER: 00000000 CFAR: c000000000299a70 SOFTE: 0 GPR00: c0000000002a4534 c000003f7772b9e0 c000000001606200 c000003fef858908 GPR04: c000003f776ac900 0000000000000001 ffffffffffffffff 0000003fee730000 GPR08: 0000000000000000 0000000000000000 c0000000011220d8 0000000000000002 GPR12: c00000000029bb80 c000000007a3d900 0000000000000000 0000000000000000 GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20: 0000000000000000 0000000000000000 c000003f776ad090 c000000000c71354 GPR24: c000003fef716780 0000003fee730000 c000003fe69d4200 c000003f776ad330 GPR28: c0000000011220d8 0000000000000001 c0000000014c6108 c000003fef858900 NIP [c000000000299b70] perf_pmu_sched_task+0x170/0x180 LR [c0000000002a4534] __perf_event_task_sched_in+0xc4/0x230 Call Trace: perf_iterate_sb+0x158/0x2a0 (unreliable) __perf_event_task_sched_in+0xc4/0x230 finish_task_switch+0x21c/0x310 __schedule+0x304/0xb80 schedule+0x40/0xc0 do_wait+0x254/0x2e0 kernel_wait4+0xa0/0x1a0 SyS_wait4+0x64/0xc0 system_call+0x58/0x6c Instruction dump: 3beafea0 7faa4800 409eff18 e8010060 eb610028 ebc10040 7c0803a6 38210050 eb81ffe0 eba1ffe8 ebe1fff8 4e800020 <0fe00000> 4bffffbc 60000000 60420000 ---[ end trace 8c46856d314c1811 ]--- The context switch call-backs for thread-imc are defined in sched_task function. So when thread-imc events are grouped with software pmu events, perf_pmu_sched_task hits the WARN_ON_ONCE condition, since software PMUs are assumed not to have a sched_task defined. Patch to move the thread_imc enable/disable opal call back from sched_task to event_[add/del] function Fixes: f74c89bd80fb ("powerpc/perf: Add thread IMC PMU support") Signed-off-by: Anju T Sudhakar Reviewed-by: Madhavan Srinivasan Tested-by: Joel Stanley Signed-off-by: Michael Ellerman commit 4231aba000f5a4583dd9f67057aadb68c3eca99d Author: Nicholas Piggin Date: Fri Jul 27 21:48:17 2018 +1000 powerpc/64s: Fix page table fragment refcount race vs speculative references The page table fragment allocator uses the main page refcount racily with respect to speculative references. A customer observed a BUG due to page table page refcount underflow in the fragment allocator. This can be caused by the fragment allocator set_page_count stomping on a speculative reference, and then the speculative failure handler decrements the new reference, and the underflow eventually pops when the page tables are freed. Fix this by using a dedicated field in the struct page for the page table fragment allocator. Fixes: 5c1f6ee9a31c ("powerpc: Reduce PTE table memory wastage") Cc: stable@vger.kernel.org # v3.10+ Reviewed-by: Aneesh Kumar K.V Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman commit a0ac3687fb404d59296ecba4642071424d153569 Author: Parth Y Shah Date: Fri Aug 3 15:50:38 2018 +0530 misc: cxl: changed asterisk position Resolved <"foo* bar" should be "foo *bar"> error Signed-off-by: Parth Y Shah Signed-off-by: Michael Ellerman commit e13606d7321c0c08d4ac2d74a1102680a40cfdee Author: Darren Stevens Date: Fri Aug 3 21:15:10 2018 +1000 powerpc/pasemi: Use pr_err/pr_warn... for kernel messages Pasemi code still uses printk(KERN_ERR/KERN_WARN ... change these to pr_err(, pr_warn(... to match other powerpc arch code. No functional changes. Signed-off-by: Darren Stevens [mpe: Unsplit some strings while we're at it] Signed-off-by: Michael Ellerman commit a99b9c5ed43ecfff5c47c558cc0fcbf8c6503f4c Author: Murilo Opsfelder Araujo Date: Wed Aug 1 18:33:20 2018 -0300 powerpc/traps: Show instructions on exceptions Call show_user_instructions() in arch/powerpc/kernel/traps.c to dump instructions at faulty location, useful to debugging. Before this patch, an unhandled signal message looked like: pandafault[10524]: segfault (11) at 100007d0 nip 1000061c lr 7fffbd295100 code 2 in pandafault[10000000+10000] After this patch, it looks like: pandafault[10524]: segfault (11) at 100007d0 nip 1000061c lr 7fffbd295100 code 2 in pandafault[10000000+10000] pandafault[10524]: code: 4bfffeec 4bfffee8 3c401002 38427f00 fbe1fff8 f821ffc1 7c3f0b78 3d22fffe pandafault[10524]: code: 392988d0 f93f0020 e93f0020 39400048 <99490000> 39200000 7d234b78 383f0040 Signed-off-by: Murilo Opsfelder Araujo Signed-off-by: Michael Ellerman commit 88b0fe17573592a8e3196bf143f865da460178e7 Author: Murilo Opsfelder Araujo Date: Wed Aug 1 18:33:19 2018 -0300 powerpc: Add show_user_instructions() show_user_instructions() is a slightly modified version of show_instructions() that allows userspace instruction dump. This will be useful within show_signal_msg() to dump userspace instructions of the faulty location. Here is a sample of what show_user_instructions() outputs: pandafault[10850]: code: 4bfffeec 4bfffee8 3c401002 38427f00 fbe1fff8 f821ffc1 7c3f0b78 3d22fffe pandafault[10850]: code: 392988d0 f93f0020 e93f0020 39400048 <99490000> 39200000 7d234b78 383f0040 The current->comm and current->pid printed can serve as a glue that links the instructions dump to its originator, allowing messages to be interleaved in the logs. Signed-off-by: Murilo Opsfelder Araujo Signed-off-by: Michael Ellerman commit 0f642d616b8b15647ca34786877b298ff2970713 Author: Murilo Opsfelder Araujo Date: Wed Aug 1 18:33:18 2018 -0300 powerpc/traps: Print VMA for unhandled signals This adds VMA address in the message printed for unhandled signals, similarly to what other architectures, like x86, print. Before this patch, a page fault looked like: pandafault[61470]: unhandled signal 11 at 100007d0 nip 1000061c lr 7fff8d185100 code 2 After this patch, a page fault looks like: pandafault[6303]: segfault 11 at 100007d0 nip 1000061c lr 7fff93c55100 code 2 in pandafault[10000000+10000] Signed-off-by: Murilo Opsfelder Araujo Signed-off-by: Michael Ellerman commit 49d8f2011dddac642a20491a698ad07059ed6096 Author: Murilo Opsfelder Araujo Date: Wed Aug 1 18:33:17 2018 -0300 powerpc/traps: Use %lx format in show_signal_msg() Use %lx format to print registers. This avoids having two different formats and avoids checking for MSR_64BIT, improving readability of the function. Even though we could have used %px, which is functionally equivalent to %lx as per Documentation/core-api/printk-formats.rst, it is not semantically correct because the data printed are not pointers. And using %px requires casting data to (void *). Besides that, %lx matches the format used in show_regs(). Before this patch: pandafault[4808]: unhandled signal 11 at 0000000010000718 nip 0000000010000574 lr 00007fff935e7a6c code 2 After this patch: pandafault[4732]: unhandled signal 11 at 10000718 nip 10000574 lr 7fff86697a6c code 2 Signed-off-by: Murilo Opsfelder Araujo Signed-off-by: Michael Ellerman commit 35a52a10c3ac5b425ff85c12913458b4741ab866 Author: Murilo Opsfelder Araujo Date: Wed Aug 1 18:33:16 2018 -0300 powerpc/traps: Use an explicit ratelimit state for show_signal_msg() Replace printk_ratelimited() by printk() and a default rate limit burst to limit displaying unhandled signals messages. This will allow us to call print_vma_addr() in a future patch, which does not work with printk_ratelimited(). Signed-off-by: Murilo Opsfelder Araujo Signed-off-by: Michael Ellerman commit 658b0f92bc7003bc734471f61bf7cd56339eb8c3 Author: Murilo Opsfelder Araujo Date: Wed Aug 1 18:33:15 2018 -0300 powerpc/traps: Print unhandled signals in a separate function Isolate the logic of printing unhandled signals out of _exception_pkey(). No functional change, only code rearrangement. Signed-off-by: Murilo Opsfelder Araujo Signed-off-by: Michael Ellerman commit 8e4bdc699bf32c58bfff7b2bfac204a6bf5efb69 Author: Michael Ellerman Date: Tue Jul 31 22:08:42 2018 +1000 selftests/powerpc: Add more version checks to alignment_handler test The alignment_handler is documented to only work on Power8/Power9, but we can make it run on older CPUs by guarding more of the tests with feature checks. Signed-off-by: Michael Ellerman Reviewed-by: Andrew Donnellan commit edba42cd14dbb0cc8b48cf786b006ac5da4cd9a7 Author: Michael Ellerman Date: Tue Jul 31 22:08:41 2018 +1000 selftests/powerpc: Skip earlier in alignment_handler test Currently the alignment_handler test prints "Can't open /dev/fb0" about 80 times per run, which is a little annoying. Refactor it to check earlier if it can open /dev/fb0 and skip if not, this results in each test printing something like: test: test_alignment_handler_vsx_206 tags: git_version:v4.18-rc3-134-gfb21a48904aa [SKIP] Test skipped on line 291 skip: test_alignment_handler_vsx_206 Signed-off-by: Michael Ellerman Acked-by: Andrew Donnellan commit 78ee9946371f5848ddfc88ab1a43867df8f17d83 Author: Michael Ellerman Date: Thu Jul 26 22:42:44 2018 +1000 powerpc/64s: Make rfi_flush_fallback a little more robust Because rfi_flush_fallback runs immediately before the return to userspace it currently runs with the user r1 (stack pointer). This means if we oops in there we will report a bad kernel stack pointer in the exception entry path, eg: Bad kernel stack pointer 7ffff7150e40 at c0000000000023b4 Oops: Bad kernel stack pointer, sig: 6 [#1] LE SMP NR_CPUS=32 NUMA PowerNV Modules linked in: CPU: 0 PID: 1246 Comm: klogd Not tainted 4.18.0-rc2-gcc-7.3.1-00175-g0443f8a69ba3 #7 NIP: c0000000000023b4 LR: 0000000010053e00 CTR: 0000000000000040 REGS: c0000000fffe7d40 TRAP: 4100 Not tainted (4.18.0-rc2-gcc-7.3.1-00175-g0443f8a69ba3) MSR: 9000000002803031 CR: 44000442 XER: 20000000 CFAR: c00000000000bac8 IRQMASK: c0000000f1e66a80 GPR00: 0000000002000000 00007ffff7150e40 00007fff93a99900 0000000000000020 ... NIP [c0000000000023b4] rfi_flush_fallback+0x34/0x80 LR [0000000010053e00] 0x10053e00 Although the NIP tells us where we were, and the TRAP number tells us what happened, it would still be nicer if we could report the actual exception rather than barfing about the stack pointer. We an do that fairly simply by loading the kernel stack pointer on entry and restoring the user value before returning. That way we see a regular oops such as: Unrecoverable exception 4100 at c00000000000239c Oops: Unrecoverable exception, sig: 6 [#1] LE SMP NR_CPUS=32 NUMA PowerNV Modules linked in: CPU: 0 PID: 1251 Comm: klogd Not tainted 4.18.0-rc3-gcc-7.3.1-00097-g4ebfcac65acd-dirty #40 NIP: c00000000000239c LR: 0000000010053e00 CTR: 0000000000000040 REGS: c0000000f1e17bb0 TRAP: 4100 Not tainted (4.18.0-rc3-gcc-7.3.1-00097-g4ebfcac65acd-dirty) MSR: 9000000002803031 CR: 44000442 XER: 20000000 CFAR: c00000000000bac8 IRQMASK: 0 ... NIP [c00000000000239c] rfi_flush_fallback+0x3c/0x80 LR [0000000010053e00] 0x10053e00 Call Trace: [c0000000f1e17e30] [c00000000000b9e4] system_call+0x5c/0x70 (unreliable) Note this shouldn't make the kernel stack pointer vulnerable to a meltdown attack, because it should be flushed from the cache before we return to userspace. The user r1 value will be in the cache, because we load it in the return path, but that is harmless. Signed-off-by: Michael Ellerman Reviewed-by: Nicholas Piggin commit 99d54754d3d5f896a8f616b0b6520662bc99d66b Author: Michael Ellerman Date: Tue Jul 24 01:07:56 2018 +1000 powerpc/powernv: Query firmware for count cache flush settings Look for fw-features properties to determine the appropriate settings for the count cache flush, and then call the generic powerpc code to set it up based on the security feature flags. Signed-off-by: Michael Ellerman commit ba72dc171954b782a79d25e0f4b3ed91090c3b1e Author: Michael Ellerman Date: Tue Jul 24 01:07:55 2018 +1000 powerpc/pseries: Query hypervisor for count cache flush settings Use the existing hypercall to determine the appropriate settings for the count cache flush, and then call the generic powerpc code to set it up based on the security feature flags. Signed-off-by: Michael Ellerman commit ee13cb249fabdff8b90aaff61add347749280087 Author: Michael Ellerman Date: Tue Jul 24 01:07:54 2018 +1000 powerpc/64s: Add support for software count cache flush Some CPU revisions support a mode where the count cache needs to be flushed by software on context switch. Additionally some revisions may have a hardware accelerated flush, in which case the software flush sequence can be shortened. If we detect the appropriate flag from firmware we patch a branch into _switch() which takes us to a count cache flush sequence. That sequence in turn may be patched to return early if we detect that the CPU supports accelerating the flush sequence in hardware. Add debugfs support for reporting the state of the flush, as well as runtime disabling it. And modify the spectre_v2 sysfs file to report the state of the software flush. Signed-off-by: Michael Ellerman commit dc8c6cce9a26a51fc19961accb978217a3ba8c75 Author: Michael Ellerman Date: Tue Jul 24 01:07:53 2018 +1000 powerpc/64s: Add new security feature flags for count cache flush Add security feature flags to indicate the need for software to flush the count cache on context switch, and for the presence of a hardware assisted count cache flush. Signed-off-by: Michael Ellerman commit 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 Author: Michael Ellerman Date: Tue Jul 24 01:07:52 2018 +1000 powerpc/asm: Add a patch_site macro & helpers for patching instructions Add a macro and some helper C functions for patching single asm instructions. The gas macro means we can do something like: 1: nop patch_site 1b, patch__foo Which is less visually distracting than defining a GLOBAL symbol at 1, and also doesn't pollute the symbol table which can confuse eg. perf. These are obviously similar to our existing feature sections, but are not automatically patched based on CPU/MMU features, rather they are designed to be manually patched by C code at some arbitrary point. Signed-off-by: Michael Ellerman commit 26cb1f36c43ee6e89d2a9f48a5a7500d5248f836 Author: Diana Craciun Date: Sat Jul 28 09:06:39 2018 +1000 Documentation: Add nospectre_v1 parameter Currently only supported on powerpc. Signed-off-by: Diana Craciun Signed-off-by: Michael Ellerman commit c28218d4abbf4f2035495334d8bfcba64bda4787 Author: Diana Craciun Date: Sat Jul 28 09:06:38 2018 +1000 powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms Used barrier_nospec to sanitize the syscall table. Signed-off-by: Diana Craciun Signed-off-by: Michael Ellerman commit ebcd1bfc33c7a90df941df68a6e5d4018c022fba Author: Diana Craciun Date: Sat Jul 28 09:06:37 2018 +1000 powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E Implement the barrier_nospec as a isync;sync instruction sequence. The implementation uses the infrastructure built for BOOK3S 64. Signed-off-by: Diana Craciun [mpe: Split out of larger patch] Signed-off-by: Michael Ellerman commit 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b Author: Diana Craciun Date: Sat Jul 28 09:06:36 2018 +1000 powerpc/64: Make meltdown reporting Book3S 64 specific In a subsequent patch we will enable building security.c for Book3E. However the NXP platforms are not vulnerable to Meltdown, so make the Meltdown vulnerability reporting PPC_BOOK3S_64 specific. Signed-off-by: Diana Craciun [mpe: Split out of larger patch] Signed-off-by: Michael Ellerman commit af375eefbfb27cbb5b831984e66d724a40d26b5c Author: Michael Ellerman Date: Sat Jul 28 09:06:35 2018 +1000 powerpc/64: Call setup_barrier_nospec() from setup_arch() Currently we require platform code to call setup_barrier_nospec(). But if we add an empty definition for the !CONFIG_PPC_BARRIER_NOSPEC case then we can call it in setup_arch(). Signed-off-by: Diana Craciun Signed-off-by: Michael Ellerman commit 179ab1cbf883575c3a585bcfc0f2160f1d22a149 Author: Michael Ellerman Date: Sat Jul 28 09:06:34 2018 +1000 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC Add a config symbol to encode which platforms support the barrier_nospec speculation barrier. Currently this is just Book3S 64 but we will add Book3E in a future patch. Signed-off-by: Diana Craciun Signed-off-by: Michael Ellerman commit 6453b532f2c8856a80381e6b9a1f5ea2f12294df Author: Diana Craciun Date: Sat Jul 28 09:06:33 2018 +1000 powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. NXP Book3E platforms are not vulnerable to speculative store bypass, so make the mitigations PPC_BOOK3S_64 specific. Signed-off-by: Diana Craciun Signed-off-by: Michael Ellerman commit e33e5c85763e8ac1899ec382c1ebc4603d8c52ae Author: Christoph Hellwig Date: Tue Aug 7 09:42:22 2018 +0200 target/loop: depend on SCSI The target loopback driver is a low-level driver for the SCSI subsystem, and as such needs to depend on it. Fixes: 8a39a047 ("target: don't depend on SCSI") Signed-off-by: Christoph Hellwig Reported-by: Randy Dunlap Signed-off-by: Jens Axboe commit 0b0722e191757ca6851382d78c15277ca9c5c211 Author: Srinivas Kandagatla Date: Fri Aug 3 13:30:03 2018 +0100 ASoC: compress: make BE and FE order inline with dpcm For some reason order of startup/hw_params/prepare are reversed in dynamic compress usecase when compared to dpcm usecase. This is a issue with platforms like QCOM where it expects the BE to be initialized before FE. Interestingly the compress trigger callback order is inline with dpcm. Am not 100% sure why the compress audio case has been reversed. This patch is making the order inline with dpcm. If the reverse ordering is just co-incendental then this change makes sense and will avoid inventing some new mechanism to cope with ordering. Signed-off-by: Srinivas Kandagatla Signed-off-by: Mark Brown commit 8f220c418d070a097f7d292cf6b37f88d67845ad Author: Hannes Reinecke Date: Tue Aug 7 12:43:42 2018 +0200 nvme: fixup crash on failed discovery When the initial discovery fails the subsystem hasn't been setup yet in nvme_mpath_stop, and we can't dereference ctrl->subsys. Fixes: 0d0b660f ("nvme: add ANA support") Signed-off-by: Hannes Reinecke Signed-off-by: Christoph Hellwig commit 0004438a165b18d4a611745f12e328e65f46c8f2 Author: Masahiro Yamada Date: Sat Aug 4 13:47:03 2018 +0900 um: clean up archheaders recipe Now that '%asm-generic' is added to no-dot-config-targets, 'make asm-generic' does not include the kernel configuration. You can simply do 'make asm-generic' in the recursed top Makefile without bothering syncconfig. Signed-off-by: Masahiro Yamada Tested-by: Randy Dunlap Acked-by: Richard Weinberger commit 63e31a67f12855129740943a4f826f05ddd0a2d0 Author: Masahiro Yamada Date: Sat Aug 4 13:47:02 2018 +0900 kbuild: add %asm-generic to no-dot-config-targets asm-generic and uapi-asm-generic do not depend on the kernel configuration. In fact, uapi-asm-generic is the prerequisite of headers_{install,check}, hence it should not require the .config file. Signed-off-by: Masahiro Yamada Tested-by: Randy Dunlap Acked-by: Richard Weinberger commit 13d3d01e26b942ada7cfced68ccb6db49597874a Author: Masahiro Yamada Date: Sat Aug 4 13:47:01 2018 +0900 um: fix parallel building with O= option Randy Dunlap reports UML occasionally fails to build with -j and O= options. make[1]: Entering directory '/home/rdunlap/mmotm-2018-0802-1529/UM64' UPD include/generated/uapi/linux/version.h WRAP arch/x86/include/generated/asm/dma-contiguous.h WRAP arch/x86/include/generated/asm/export.h WRAP arch/x86/include/generated/asm/early_ioremap.h WRAP arch/x86/include/generated/asm/mcs_spinlock.h WRAP arch/x86/include/generated/asm/mm-arch-hooks.h WRAP arch/x86/include/generated/uapi/asm/bpf_perf_event.h WRAP arch/x86/include/generated/uapi/asm/poll.h GEN ./Makefile make[2]: *** No rule to make target 'archheaders'. Stop. arch/um/Makefile:119: recipe for target 'archheaders' failed make[1]: *** [archheaders] Error 2 make[1]: *** Waiting for unfinished jobs.... UPD include/config/kernel.release make[1]: *** wait: No child processes. Stop. Makefile:146: recipe for target 'sub-make' failed make: *** [sub-make] Error 2 The cause of the problem is the use of '$(MAKE) KBUILD_SRC=', which recurses to the top Makefile via the $(objtree)/Makefile generated by scripts/mkmakefile. When you run "make -j O= ARCH=um", Make can execute 'archheaders' and 'outputmakefile' targets simultaneously because there is no dependency between them. If it happens, $(Q)$(MAKE) KBUILD_SRC= ARCH=$(HEADER_ARCH) archheaders ... tries to run $(objtree)/Makefile that is being updated. The correct way for the recursion is $(Q)$(MAKE) -f $(srctree)/Makefile ARCH=$(HEADER_ARCH) archheaders ..., which does not rely on the generated Makefile. Reported-by: Randy Dunlap Signed-off-by: Masahiro Yamada Tested-by: Randy Dunlap Acked-by: Richard Weinberger commit 85fc4b16aaf05fc8978d242c556a1711dce15cf8 Author: Roman Gushchin Date: Mon Aug 6 14:27:28 2018 -0700 bpf: introduce update_effective_progs() __cgroup_bpf_attach() and __cgroup_bpf_detach() functions have a good amount of duplicated code, which is possible to eliminate by introducing the update_effective_progs() helper function. The update_effective_progs() calls compute_effective_progs() and then in case of success it calls activate_effective_progs() for each descendant cgroup. In case of failure (OOM), it releases allocated prog arrays and return the error code. Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Song Liu Signed-off-by: Daniel Borkmann commit cf175dc315f90185128fb061dc05b6fbb211aa2f Author: Diana Craciun Date: Sat Jul 28 09:06:32 2018 +1000 powerpc/64: Disable the speculation barrier from the command line The speculation barrier can be disabled from the command line with the parameter: "nospectre_v1". Signed-off-by: Diana Craciun Signed-off-by: Michael Ellerman commit 0b924de4f650c9544cd3d0a8228145a622a37630 Author: Michael Ellerman Date: Thu Jul 26 23:07:17 2018 +1000 powerpc/64s: Don't use __MASKABLE_EXCEPTION unnecessarily We only need to use __MASKABLE_EXCEPTION in one of the four cases for hardware interrupt, so use the helper macros in the other cases. Signed-off-by: Michael Ellerman commit b536da7c2d7dfa015ea36e78185ad74e6d775c96 Author: Michael Ellerman Date: Thu Jul 26 23:07:16 2018 +1000 powerpc/64s: Drop unused loc parameter to MASKABLE_EXCEPTION macros We pass the "loc" (location) parameter to MASKABLE_EXCEPTION and friends, but it's not used, so drop it. Signed-off-by: Michael Ellerman commit 0a55c2418500ba82a3a371b04471e3694e3ee168 Author: Michael Ellerman Date: Thu Jul 26 23:07:15 2018 +1000 powerpc/64s: Remove PSERIES naming from the MASKABLE macros Signed-off-by: Michael Ellerman commit 6adc6e9c0730d87953e1a0f15d7c23bce1e5d874 Author: Michael Ellerman Date: Thu Jul 26 23:07:14 2018 +1000 powerpc/64s: Drop _MASKABLE_RELON_EXCEPTION_PSERIES() _MASKABLE_RELON_EXCEPTION_PSERIES() does nothing useful, update all callers to use __MASKABLE_RELON_EXCEPTION_PSERIES() directly. Signed-off-by: Michael Ellerman commit 9bf2877ac128631f80cc9e85bfdf4dbd08abb225 Author: Michael Ellerman Date: Thu Jul 26 23:07:13 2018 +1000 powerpc/64s: Drop _MASKABLE_EXCEPTION_PSERIES() _MASKABLE_EXCEPTION_PSERIES() does nothing useful, update all callers to use __MASKABLE_EXCEPTION_PSERIES() directly. Signed-off-by: Michael Ellerman commit bdf08e1da0590f16eb255cda20db2a77bfdb349b Author: Michael Ellerman Date: Thu Jul 26 23:07:12 2018 +1000 powerpc/64s: Rename EXCEPTION_PROLOG_PSERIES to EXCEPTION_PROLOG Signed-off-by: Michael Ellerman commit 270373f14f0fc55c3326eeab10e5468184a27ff1 Author: Michael Ellerman Date: Thu Jul 26 23:07:11 2018 +1000 powerpc/64s: Rename EXCEPTION_RELON_PROLOG_PSERIES To just EXCEPTION_RELON_PROLOG(). Signed-off-by: Michael Ellerman commit 6ebb939740d5141358a42a98de516d179df0ad9e Author: Michael Ellerman Date: Thu Jul 26 23:07:10 2018 +1000 powerpc/64s: Rename EXCEPTION_RELON_PROLOG_PSERIES_1 The EXCEPTION_RELON_PROLOG_PSERIES_1() macro does the same job as EXCEPTION_PROLOG_2 (which we just recently created), except for "RELON" (relocation on) exceptions. So rename it as such. Signed-off-by: Michael Ellerman commit 94f3cc8e361c3e4a4689a7e5d4fe06bdb2c0961f Author: Michael Ellerman Date: Thu Jul 26 23:07:09 2018 +1000 powerpc/64s: Remove PSERIES from the NORI macros Signed-off-by: Michael Ellerman commit cb58a4a4b370b6e92e3f2654b2468a565fee9d87 Author: Michael Ellerman Date: Thu Jul 26 23:07:08 2018 +1000 powerpc/64s: Rename EXCEPTION_PROLOG_PSERIES_1 to EXCEPTION_PROLOG_2 As with the other patches in this series, we are removing the "PSERIES" from the name as it's no longer meaningful. In this case it's not simply a case of removing the "PSERIES" as that would result in a clash with the existing EXCEPTION_PROLOG_1. Instead we name this one EXCEPTION_PROLOG_2, as it's usually used in sequence after 0 and 1. Signed-off-by: Michael Ellerman commit b706f42362c3601271dd0fcd4fd9acb45fe7cd86 Author: Michael Ellerman Date: Thu Jul 26 23:07:07 2018 +1000 powerpc/64s: Rename STD_RELON_EXCEPTION_PSERIES_OOL to STD_RELON_EXCEPTION_OOL Signed-off-by: Michael Ellerman commit e42389c5f19fed0a7c578769b00edc2cf23ee319 Author: Michael Ellerman Date: Thu Jul 26 23:07:06 2018 +1000 powerpc/64s: Rename STD_RELON_EXCEPTION_PSERIES to STD_RELON_EXCEPTION Signed-off-by: Michael Ellerman commit 75e8bef3d6b5c8d25d56f0c0b804ec97e9736645 Author: Michael Ellerman Date: Thu Jul 26 23:07:05 2018 +1000 powerpc/64s: Rename STD_EXCEPTION_PSERIES_OOL to STD_EXCEPTION_OOL Signed-off-by: Michael Ellerman commit e899fce509f527e7e8efd5dd8fff22fcc0c05013 Author: Michael Ellerman Date: Thu Jul 26 23:07:04 2018 +1000 powerpc/64s: Rename STD_EXCEPTION_PSERIES to STD_EXCEPTION The "PSERIES" in STD_EXCEPTION_PSERIES is to differentiate the macros from the legacy iSeries versions, which are called STD_EXCEPTION_ISERIES. It is not anything to do with pseries vs powernv or powermac etc. We removed the legacy iSeries code in 2012, in commit 8ee3e0d69623x ("powerpc: Remove the main legacy iSerie platform code"). So remove "PSERIES" from the macros. Signed-off-by: Michael Ellerman commit 92b6d65c079450b7eb6a59ceb4d9855640914007 Author: Michael Ellerman Date: Thu Jul 26 23:07:03 2018 +1000 powerpc/64s: Move SET_SCRATCH0() into EXCEPTION_RELON_PROLOG_PSERIES() EXCEPTION_RELON_PROLOG_PSERIES() only has two users, STD_RELON_EXCEPTION_PSERIES() and STD_RELON_EXCEPTION_HV() both of which "call" SET_SCRATCH0(), so just move SET_SCRATCH0() into EXCEPTION_RELON_PROLOG_PSERIES(). Signed-off-by: Michael Ellerman commit 4a7a0a8444ba4cebb3a6744e9c14fc6391d7f266 Author: Michael Ellerman Date: Thu Jul 26 23:07:02 2018 +1000 powerpc/64s: Move SET_SCRATCH0() into EXCEPTION_PROLOG_PSERIES() EXCEPTION_PROLOG_PSERIES() only has two users, STD_EXCEPTION_PSERIES() and STD_EXCEPTION_HV() both of which "call" SET_SCRATCH0(), so just move SET_SCRATCH0() into EXCEPTION_PROLOG_PSERIES(). Signed-off-by: Michael Ellerman commit 250a93501d6265bbb9ddf06af25ac9ae64782297 Author: Darren Stevens Date: Wed Jul 25 21:55:18 2018 +0100 powerpc/pasemi: Search for PCI root bus by compatible property Pasemi arch code finds the root of the PCI-e bus by searching the device-tree for a node called 'pxp'. But the root bus has a compatible property of 'pasemi,rootbus' so search for that instead. Signed-off-by: Darren Stevens Acked-by: Olof Johansson Signed-off-by: Michael Ellerman commit 396ab6ab284a9fff4154e9bd491372f43de8284c Author: Christophe Leroy Date: Wed Aug 1 09:01:16 2018 +0000 selftests/powerpc: Update strlen() test to test the new assembly function for PPC32 This patch adds a test for testing the new assembly strlen() for PPC32 Signed-off-by: Christophe Leroy [mpe: Fix 64-bit build] Signed-off-by: Michael Ellerman commit 9412b234501eef1d273cc759387a232f0027c574 Author: Christophe Leroy Date: Wed Aug 1 09:01:14 2018 +0000 powerpc/lib: Implement strlen() in assembly for PPC32 The generic implementation of strlen() reads strings byte per byte. This patch implements strlen() in assembly based on a read of entire words, in the same spirit as what some other arches and glibc do. On a 8xx the time spent in strlen is reduced by 3/4 for long strings. strlen() selftest on an 8xx provides the following values: Before the patch (ie with the generic strlen() in lib/string.c): len 256 : time = 1.195055 len 016 : time = 0.083745 len 008 : time = 0.046828 len 004 : time = 0.028390 After the patch: len 256 : time = 0.272185 ==> 78% improvment len 016 : time = 0.040632 ==> 51% improvment len 008 : time = 0.033060 ==> 29% improvment len 004 : time = 0.029149 ==> 2% degradation On a 832x: Before the patch: len 256 : time = 0.236125 len 016 : time = 0.018136 len 008 : time = 0.011000 len 004 : time = 0.007229 After the patch: len 256 : time = 0.094950 ==> 60% improvment len 016 : time = 0.013357 ==> 26% improvment len 008 : time = 0.010586 ==> 4% improvment len 004 : time = 0.008784 Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman commit f0abbfd89fed4abd8301b35fbf65a26d85b16e7f Author: Christophe Leroy Date: Wed Aug 1 09:01:12 2018 +0000 selftests/powerpc: Add test for strlen() This patch adds a test for strlen() string.c contains a copy of strlen() from lib/string.c The test first tests the correctness of strlen() by comparing the result with libc strlen(). It tests all cases of alignment. It them tests the duration of an aligned strlen() on a 4 bytes string, on a 16 bytes string and on a 256 bytes string. Signed-off-by: Christophe Leroy [mpe: Drop change log from copy of string.c] Signed-off-by: Michael Ellerman commit 1bb07b593adc1934a526eb04acfe8bf786decfd2 Author: Christophe Leroy Date: Wed Aug 1 09:01:10 2018 +0000 selftests/powerpc: Add test for 32 bits memcmp This patch renames memcmp test to memcmp_64 and adds a memcmp_32 test for testing the 32 bits version of memcmp() Signed-off-by: Christophe Leroy [mpe: Fix 64-bit build by adding build_32bit test] Signed-off-by: Michael Ellerman commit 94675cceacaec27a30eefb142c4c59a9d3131742 Author: Mahesh Salgaonkar Date: Wed Jul 4 23:27:21 2018 +0530 powerpc/pseries: Defer the logging of rtas error to irq work queue. rtas_log_buf is a buffer to hold RTAS event data that are communicated to kernel by hypervisor. This buffer is then used to pass RTAS event data to user through proc fs. This buffer is allocated from vmalloc (non-linear mapping) area. On Machine check interrupt, register r3 points to RTAS extended event log passed by hypervisor that contains the MCE event. The pseries machine check handler then logs this error into rtas_log_buf. The rtas_log_buf is a vmalloc-ed (non-linear) buffer we end up taking up a page fault (vector 0x300) while accessing it. Since machine check interrupt handler runs in NMI context we can not afford to take any page fault. Page faults are not honored in NMI context and causes kernel panic. Apart from that, as Nick pointed out, pSeries_log_error() also takes a spin_lock while logging error which is not safe in NMI context. It may endup in deadlock if we get another MCE before releasing the lock. Fix this by deferring the logging of rtas error to irq work queue. Current implementation uses two different buffers to hold rtas error log depending on whether extended log is provided or not. This makes bit difficult to identify which buffer has valid data that needs to logged later in irq work. Simplify this using single buffer, one per paca, and copy rtas log to it irrespective of whether extended log is provided or not. Allocate this buffer below RMA region so that it can be accessed in real mode mce handler. Fixes: b96672dd840f ("powerpc: Machine check interrupt is a non-maskable interrupt") Cc: stable@vger.kernel.org # v4.14+ Reviewed-by: Nicholas Piggin Signed-off-by: Mahesh Salgaonkar Signed-off-by: Michael Ellerman commit 74e96bf44f430cf7a01de19ba6cf49b361cdfd6e Author: Mahesh Salgaonkar Date: Wed Jul 4 23:27:02 2018 +0530 powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. The global mce data buffer that used to copy rtas error log is of 2048 (RTAS_ERROR_LOG_MAX) bytes in size. Before the copy we read extended_log_length from rtas error log header, then use max of extended_log_length and RTAS_ERROR_LOG_MAX as a size of data to be copied. Ideally the platform (phyp) will never send extended error log with size > 2048. But if that happens, then we have a risk of buffer overrun and corruption. Fix this by using min_t instead. Fixes: d368514c3097 ("powerpc: Fix corruption when grabbing FWNMI data") Reported-by: Michal Suchanek Signed-off-by: Mahesh Salgaonkar Signed-off-by: Michael Ellerman commit e27e0a94651e30912443e88642e698240e01cd57 Author: Benjamin Herrenschmidt Date: Wed Apr 11 15:18:01 2018 +1000 powerpc/xive: Remove xive_kexec_teardown_cpu() It's identical to xive_teardown_cpu() so just use the latter Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Michael Ellerman commit dbc5740247961d6b060737620520dc5435926ffe Author: Benjamin Herrenschmidt Date: Wed Apr 11 15:18:00 2018 +1000 powerpc/xive: Remove now useless pr_debug statements Those overly verbose statement in the setup of the pool VP aren't particularly useful (esp. considering we don't actually use the pool, we configure it bcs HW requires it only). So remove them which improves the code readability. Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Michael Ellerman commit 34c604d27590fdc9a2c944be8c50ae1fc80f5f25 Author: Nicholas Piggin Date: Wed Jul 25 19:54:28 2018 +1000 powerpc/64s: free page table caches at exit_mmap time The kernel page table caches are tied to init_mm, so there is no more need for them after userspace is finished. destroy_context() gets called when we drop the last reference for an mm, which can be much later than the task exit due to other lazy mm references to it. We can free the page table cache pages on task exit because they only cache the userspace page tables and kernel threads should not access user space addresses. The mapping for kernel threads itself is maintained in init_mm and page table cache for that is attached to init_mm. Signed-off-by: Nicholas Piggin Reviewed-by: Aneesh Kumar K.V [mpe: Merge change log additions from Aneesh] Signed-off-by: Michael Ellerman commit 5a6099346c41792f1ba23aea6f74ad816e7fecd4 Author: Nicholas Piggin Date: Wed Jul 25 23:58:06 2018 +1000 powerpc/64s/radix: tlb do not flush on page size when fullmm When the mm is being torn down there will be a full PID flush so there is no need to flush the TLB on page size changes. Signed-off-by: Nicholas Piggin Reviewed-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman commit d97e7f198b10ea9d17ea64606f18102260870782 Author: Michael Ellerman Date: Thu Jul 26 22:24:59 2018 +1000 selftests/powerpc: Give some tests longer to run Some of these long running tests can time out on heavily loaded systems, give them longer to run. Signed-off-by: Michael Ellerman commit 1cdc6c14b0ddef699c947babd93992a8c0e874ed Author: Michael Ellerman Date: Thu Jul 26 22:24:58 2018 +1000 selftests/powerpc: Only run some tests on ppc64le These tests are currently failing on (some) big endian systems. Until we can fix that, skip them unless we're on ppc64le. Signed-off-by: Michael Ellerman commit 95f9b3af401f5b4daeb908a2c658e820e969f4e3 Author: Michael Ellerman Date: Thu Jul 26 22:24:57 2018 +1000 selftests/powerpc: Add a helper for checking if we're on ppc64le Some of our selftests have only been tested on ppc64le and crash or behave weirdly on ppc64/ppc32. So add a helper for checking the UTS machine. Signed-off-by: Michael Ellerman commit 7cd129b4b5370030a5c0b8031a54b2d1d92fa546 Author: Michael Ellerman Date: Wed Jul 25 00:03:46 2018 +1000 powerpc: Add a checkpatch wrapper with our preferred settings This makes it easy to run checkpatch with settings that I like. Usage is eg: $ ./arch/powerpc/tools/checkpatch.sh -g origin/master.. To check all commits since origin/master. Signed-off-by: Michael Ellerman Reviewed-by: Russell Currey commit 4da1f79227ad42550e3e70e7b4812ec019be3b6e Author: Michael Ellerman Date: Mon Aug 6 20:30:49 2018 +1000 powerpc/64: Disable irq restore warning for now We recently added a warning in arch_local_irq_restore() to check that the soft masking state matches reality. Unfortunately it trips in a few places, which are not entirely trivial to fix. The key problem is if we're doing function_graph tracing of restore_math(), the warning pops and then seems to recurse. It's not entirely clear because the system continuously oopses on all CPUs, with the output interleaved and unreadable. It's also been observed on a G5 coming out of idle. Until we can fix those cases disable the warning for now. Signed-off-by: Michael Ellerman commit 26f843848bae973817b3587780ce6b7b0200d3e4 Author: Martin Schwidefsky Date: Mon Aug 6 14:26:39 2018 +0200 s390: fix br_r1_trampoline for machines without exrl For machines without the exrl instruction the BFP jit generates code that uses an "br %r1" instruction located in the lowcore page. Unfortunately there is a cut & paste error that puts an additional "larl %r1,.+14" instruction in the code that clobbers the branch target address in %r1. Remove the larl instruction. Cc: # v4.17+ Fixes: de5cb6eb51 ("s390: use expoline thunks in the BPF JIT") Signed-off-by: Martin Schwidefsky commit 5eda25b10297684c1f46a14199ec00210f3c346e Author: Martin Schwidefsky Date: Mon Aug 6 13:49:47 2018 +0200 s390/lib: use expoline for all bcr instructions The memove, memset, memcpy, __memset16, __memset32 and __memset64 function have an additional indirect return branch in form of a "bzr" instruction. These need to use expolines as well. Cc: # v4.17+ Fixes: 97489e0663 ("s390/lib: use expoline for indirect branches") Reviewed-by: Heiko Carstens Signed-off-by: Martin Schwidefsky commit bc2d8d262cba5736332cbc866acb11b1c5748aa9 Author: Thomas Gleixner Date: Tue Aug 7 08:19:57 2018 +0200 cpu/hotplug: Fix SMT supported evaluation Josh reported that the late SMT evaluation in cpu_smt_state_init() sets cpu_smt_control to CPU_SMT_NOT_SUPPORTED in case that 'nosmt' was supplied on the kernel command line as it cannot differentiate between SMT disabled by BIOS and SMT soft disable via 'nosmt'. That wreckages the state and makes the sysfs interface unusable. Rework this so that during bringup of the non boot CPUs the availability of SMT is determined in cpu_smt_allowed(). If a newly booted CPU is not a 'primary' thread then set the local cpu_smt_available marker and evaluate this explicitely right after the initial SMP bringup has finished. SMT evaulation on x86 is a trainwreck as the firmware has all the information _before_ booting the kernel, but there is no interface to query it. Fixes: 73d5e2b47264 ("cpu/hotplug: detect SMT disabled by BIOS") Reported-by: Josh Poimboeuf Signed-off-by: Thomas Gleixner commit 51be5a2b43f86af40b3fb78d7e4a22b5357fbc0d Author: Mauro Carvalho Chehab Date: Tue Aug 7 06:13:36 2018 -0400 media: sta2x11: add a missing parameter description Fixes this warning: drivers/media/pci/sta2x11/sta2x11_vip.c:156: warning: Function parameter or member 'v4l_lock' not described in 'sta2x11_vip' Fixes: cd63c0288fd7 ("media: sta2x11: Add video_device and vb2_queue locks") Signed-off-by: Mauro Carvalho Chehab commit b07b684930fe0b8032bddba5aa60686011932019 Author: Mauro Carvalho Chehab Date: Tue Aug 7 06:06:17 2018 -0400 media: v4l2-mem2mem: add descriptions to MC fields drivers/media/v4l2-core/v4l2-mem2mem.c:90: warning: Function parameter or member 'source_pad' not described in 'v4l2_m2m_dev' drivers/media/v4l2-core/v4l2-mem2mem.c:90: warning: Function parameter or member 'sink' not described in 'v4l2_m2m_dev' drivers/media/v4l2-core/v4l2-mem2mem.c:90: warning: Function parameter or member 'sink_pad' not described in 'v4l2_m2m_dev' drivers/media/v4l2-core/v4l2-mem2mem.c:90: warning: Function parameter or member 'proc' not described in 'v4l2_m2m_dev' drivers/media/v4l2-core/v4l2-mem2mem.c:90: warning: Function parameter or member 'proc_pads' not described in 'v4l2_m2m_dev' drivers/media/v4l2-core/v4l2-mem2mem.c:90: warning: Function parameter or member 'intf_devnode' not described in 'v4l2_m2m_dev' Fixes: be2fff656322 ("media: add helpers for memory-to-memory media controller") Signed-off-by: Mauro Carvalho Chehab commit 4effa8bfe4f6bacd041f98775f49cdc550502dc2 Author: Jasmin Jessich Date: Sat Jul 28 09:54:49 2018 -0400 media: i2c: fix warning in Aptina MT9V111 This fixes the "'idx' may be used uninitialized in this function" warning: drivers/media/i2c/mt9v111.c: In function 'mt9v111_set_format': drivers/media/i2c/mt9v111.c:887:15: warning: 'idx' may be used uninitialized in this function [-Wmaybe-uninitialized] unsigned int idx; ^~~ Signed-off-by: Jasmin Jessich Acked-by: Jacopo Mondi Signed-off-by: Mauro Carvalho Chehab commit 132f3c7bb98673f713be9511de16b7622803df36 Author: Mauro Carvalho Chehab Date: Tue Aug 7 05:52:36 2018 -0400 media: imx: shut up a false positive warning With imx, gcc produces a false positive warning: drivers/staging/media/imx/imx-media-csi.c: In function 'csi_idmac_setup_channel': drivers/staging/media/imx/imx-media-csi.c:457:6: warning: this statement may fall through [-Wimplicit-fallthrough=] if (passthrough) { ^ drivers/staging/media/imx/imx-media-csi.c:464:2: note: here default: ^~~~~~~ That's because the regex it uses for fall trough is not good enough. So, rearrange the fall through comment in a way that gcc will recognize. Signed-off-by: Mauro Carvalho Chehab commit 22240df7ac6d76a271197571a7be45addef2ba15 Author: Ard Biesheuvel Date: Sat Aug 4 20:46:25 2018 +0200 crypto: arm64/ghash-ce - implement 4-way aggregation Enhance the GHASH implementation that uses 64-bit polynomial multiplication by adding support for 4-way aggregation. This more than doubles the performance, from 2.4 cycles per byte to 1.1 cpb on Cortex-A53. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu commit 8e492eff7de955e6ed1dc2989b17c41cd862aa28 Author: Ard Biesheuvel Date: Sat Aug 4 20:46:24 2018 +0200 crypto: arm64/ghash-ce - replace NEON yield check with block limit Checking the TIF_NEED_RESCHED flag is disproportionately costly on cores with fast crypto instructions and comparatively slow memory accesses. On algorithms such as GHASH, which executes at ~1 cycle per byte on cores that implement support for 64 bit polynomial multiplication, there is really no need to check the TIF_NEED_RESCHED particularly often, and so we can remove the NEON yield check from the assembler routines. However, unlike the AEAD or skcipher APIs, the shash/ahash APIs take arbitrary input lengths, and so there needs to be some sanity check to ensure that we don't hog the CPU for excessive amounts of time. So let's simply cap the maximum input size that is processed in one go to 64 KB. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu commit 8418cf54df0c22332e0cd855b9e1e7aac3fab20e Author: kbuild test robot Date: Sat Aug 4 06:21:01 2018 +0800 crypto: hisilicon - sec_send_request() can be static Fixes: 915e4e8413da ("crypto: hisilicon - SEC security accelerator driver") Signed-off-by: kbuild test robot Signed-off-by: Herbert Xu commit 6122bbbdc65630d202e5494d5b9678676f2883f8 Author: Colin Ian King Date: Mon Jul 30 09:59:36 2018 +0100 lib/mpi: remove redundant variable esign Variable esign is being assigned but is never used hence it is redundant and can be removed. Cleans up clang warning: warning: variable 'esign' set but not used [-Wunused-but-set-variable] Signed-off-by: Colin Ian King Signed-off-by: Herbert Xu commit 30f1a9f53e77e4c9ddf55ebfda8a9d7666e46964 Author: Ard Biesheuvel Date: Mon Jul 30 23:06:42 2018 +0200 crypto: arm64/aes-ce-gcm - don't reload key schedule if avoidable Squeeze out another 5% of performance by minimizing the number of invocations of kernel_neon_begin()/kernel_neon_end() on the common path, which also allows some reloads of the key schedule to be optimized away. The resulting code runs at 2.3 cycles per byte on a Cortex-A53. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu commit e0bd888dc487e0c444ee5f3bf55020862d16a225 Author: Ard Biesheuvel Date: Mon Jul 30 23:06:41 2018 +0200 crypto: arm64/aes-ce-gcm - implement 2-way aggregation Implement a faster version of the GHASH transform which amortizes the reduction modulo the characteristic polynomial across two input blocks at a time. On a Cortex-A53, the gcm(aes) performance increases 24%, from 3.0 cycles per byte to 2.4 cpb for large input sizes. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu commit 71e52c278c54db10e368c54687234390357b08d6 Author: Ard Biesheuvel Date: Mon Jul 30 23:06:40 2018 +0200 crypto: arm64/aes-ce-gcm - operate on two input blocks at a time Update the core AES/GCM transform and the associated plumbing to operate on 2 AES/GHASH blocks at a time. By itself, this is not expected to result in a noticeable speedup, but it paves the way for reimplementing the GHASH component using 2-way aggregation. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu commit 3465893d274e21c18bfffdf758403d5c7b5af515 Merge: d6e43798b3d9 f10dc56c64bb Author: Herbert Xu Date: Tue Aug 7 17:37:10 2018 +0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Merge crypto-2.6 to pick up NEON yield revert. commit 926a299c42e38bbe8bb909eae0146e676b66afe4 Author: Russell King Date: Thu Aug 2 10:27:15 2018 +0100 drm/i2c: tda998x: correct PLL divider calculation The serializer PLL divider is a power-of-two divider, so our calculation which assumes that it's a numerical divider is incorrect. Replace it with one that results in a power-of-two divider value instead. Tested with all supported modes with a Samsung S24C750. Tested-by: Peter Rosin Signed-off-by: Russell King commit a3d335f5de7cdd714737a9f8bdcc7b205b0f8d5e Author: Russell King Date: Thu Aug 2 10:27:15 2018 +0100 drm/i2c: tda998x: get rid of private fill_modes function We can achieve the same effect via the get_modes() method, rather than wrapping the fill_modes helper. Tested-by: Peter Rosin Signed-off-by: Russell King commit b073a70ecd37bc6e7c25a47315cd8d65e7b313fd Author: Russell King Date: Thu Aug 2 10:27:15 2018 +0100 drm/i2c: tda998x: move mode_valid() to bridge Move the mode_valid() implementation to the bridge instead of the connector, as we're checking the bridge's capabilities. Tested-by: Peter Rosin Signed-off-by: Russell King commit 5a03f5346fedc8b5f1a8601aa46a0930ba56a7ae Author: Russell King Date: Thu Aug 2 10:25:19 2018 +0100 drm/i2c: tda998x: register bridge outside of component helper Register the bridge outside of the component helper as we have drivers that wish to use the tda998x without its encoder. Tested-by: Peter Rosin Signed-off-by: Russell King commit 76767fdabadbea7dec2cdd741c0177e4fab3c75a Author: Russell King Date: Thu Aug 2 10:25:19 2018 +0100 drm/i2c: tda998x: cleanup from previous changes Cleanup the code a little from the effects of the previous changes: - Move tda998x_destroy() to be above tda998x_create() - Use 'dev' directly in tda998x_create() where appropriate. Tested-by: Peter Rosin Signed-off-by: Russell King commit 2143adb04b357e192a9717a42554b1fd65c60fd2 Author: Russell King Date: Thu Aug 2 10:25:19 2018 +0100 drm/i2c: tda998x: allocate tda998x_priv inside tda998x_create() Move the tda998x_priv allocation inside tda998x_create() and simplify the tda998x_create()'s arguments. Pass the same to tda998x_destroy(). Tested-by: Peter Rosin Signed-off-by: Russell King commit 30bd8b862f5466fe5aee9a9fcdaea5a4fad83f91 Author: Russell King Date: Thu Aug 2 10:25:19 2018 +0100 drm/i2c: tda998x: convert to bridge driver Convert tda998x to a bridge driver with built-in encoder support for compatibility with existing component drivers. Tested-by: Peter Rosin Signed-off-by: Russell King commit 554ec508653688c21d9b8024af73a1ffaa0164b9 Author: Bart Van Assche Date: Mon Aug 6 15:34:21 2018 -0700 lib/vsprintf: Do not handle %pO[^F] as %px This patch avoids that gcc reports the following when building with W=1: lib/vsprintf.c:1941:3: warning: this statement may fall through [-Wimplicit-fallthrough=] switch (fmt[1]) { ^~~~~~ Fixes: 7b1924a1d930eb2 ("vsprintf: add printk specifier %px") Link: http://lkml.kernel.org/r/20180806223421.11995-1-bart.vanassche@wdc.com Cc: linux-kernel@vger.kernel.org Cc: Bart Van Assche Cc: Pantelis Antoniou Cc: Joe Perches Cc: Rob Herring Cc: v4.15+ Signed-off-by: Bart Van Assche Signed-off-by: Petr Mladek commit 13bdff337e4ea467a547df771a825dd9b4ed6dd9 Author: Dan Carpenter Date: Thu Jul 19 11:19:21 2018 +0300 drm/i915/kvmgt: fix an error code in gvt_dma_map_page() The dma_mapping_error() returns true on error but we want to return -ENOMEM here. Fixes: 79e542f5af79 ("drm/i915/kvmgt: Support setting dma map for huge pages") Signed-off-by: Dan Carpenter Signed-off-by: Zhenyu Wang commit da5b3ebb4527733299661229a8d035d64a4f0b1a Author: Joel Fernandes (Google) Date: Sun Aug 5 20:40:49 2018 -0700 tracing: irqsoff: Account for additional preempt_disable Recently we tried to make the preemptirqsoff tracer to use irqsoff tracepoint probes. However this causes issues as reported by Masami: [2.271078] Testing tracer preemptirqsoff: .. no entries found ..FAILED! [2.381015] WARNING: CPU: 0 PID: 1 at /home/mhiramat/ksrc/linux/kernel/ trace/trace.c:1512 run_tracer_selftest+0xf3/0x154 This is due to the tracepoint code increasing the preempt nesting count by calling an additional preempt_disable before calling into the preemptoff tracer which messes up the preempt_count() check in tracer_hardirqs_off. To fix this, make the irqsoff tracer probes balance the additional outer preempt_disable with a preempt_enable_notrace. The other way to fix this is to just use SRCU for all tracepoints. However we can't do that because we can't use NMIs from RCU context. Link: http://lkml.kernel.org/r/20180806034049.67949-1-joel@joelfernandes.org Fixes: c3bc8fd637a9 ("tracing: Centralize preemptirq tracepoints and unify their usage") Fixes: e6753f23d961 ("tracepoint: Make rcuidle tracepoint callers use SRCU") Reported-by: Masami Hiramatsu Tested-by: Masami Hiramatsu Signed-off-by: Joel Fernandes (Google) Signed-off-by: Steven Rostedt (VMware) commit b023a9396062df289399c6c4eab1f78c73199751 Author: Paul Burton Date: Mon Aug 6 18:18:52 2018 -0700 MIPS: Avoid using array as parameter to write_c0_kpgd() Passing an array (swapper_pg_dir) as the argument to write_c0_kpgd() in setup_pw() will become problematic if we modify __write_64bit_c0_split() to cast its val argument to unsigned long long, because for 32-bit kernel builds the size of a pointer will differ from the size of an unsigned long long. This would fall foul of gcc's pointer-to-int-cast diagnostic. Cast the value to a long, which should be the same width as the pointer that we ultimately want & will be sign extended if required to the unsigned long long that __write_64bit_c0_split() ultimately needs. Signed-off-by: Paul Burton commit ee67855ecd9d02da348af11ec8474698b886a0e6 Author: Paul Burton Date: Mon Aug 6 15:24:27 2018 -0700 MIPS: vdso: Allow clang's --target flag in VDSO cflags The MIPS VDSO code filters out a subset of known-good flags from KBUILD_CFLAGS to use when building VDSO libraries. When we build using clang we need to allow the --target flag through, otherwise we'll generally attempt to build the VDSO for the architecture of the build machine rather than for MIPS. Signed-off-by: Paul Burton Patchwork: https://patchwork.linux-mips.org/patch/20154/ Cc: James Hogan Cc: Ralf Baechle Cc: linux-mips@linux-mips.org commit 4467f7ad7dbb0af5136fadb32dba37bc0388194f Author: Paul Burton Date: Mon Aug 6 15:24:25 2018 -0700 MIPS: genvdso: Remove GOT checks Our genvdso tool performs some rather paranoid checking that the VDSO library isn't attempting to make use of a GOT by constraining the number of entries that the GOT is allowed to contain to the minimum 2 entries that are always generated by binutils. Unfortunately lld prior to revision 334390 generates a third entry, which is unused & thus harmless but falls foul of genvdso's checks & causes the build to fail. Since we already check that the VDSO contains no relocations it seems reasonable to presume that it also doesn't contain use of a GOT, which would involve relocations. Thus rather than attempting to work around this issue by allowing 3 GOT entries when using lld, simply remove the GOT checks which seem overly paranoid. Signed-off-by: Paul Burton Patchwork: https://patchwork.linux-mips.org/patch/20152/ Cc: James Hogan Cc: Ralf Baechle Cc: linux-mips@linux-mips.org commit f8ad8aa551af812adf2ba49a554c73cc9daa8d36 Author: Andy Shevchenko Date: Mon Jul 30 15:38:37 2018 +0300 gpio: vr41xx: Bail out on gpiochip_lock_as_irq() error gpiochip_lock_as_irq() may return a few error codes, bail out if it fails with corresponding returned code. Signed-off-by: Andy Shevchenko Signed-off-by: Linus Walleij commit d124339da78d1f3b97d1dfa01dc4b52fca2f28e0 Author: Andy Shevchenko Date: Mon Jul 30 15:38:36 2018 +0300 gpio: uniphier: Bail out on gpiochip_lock_as_irq() error gpiochip_lock_as_irq() may return a few error codes, bail out if it fails with corresponding returned code. Signed-off-by: Andy Shevchenko Acked-by: Masahiro Yamada Signed-off-by: Linus Walleij commit 6d7a2b8b559e5682167187d4413d5f11251fcb01 Author: Andy Shevchenko Date: Mon Jul 30 15:38:35 2018 +0300 gpio: xgene-sb: Don't shadow error code of gpiochip_lock_as_irq() gpiochip_lock_as_irq() may return a few error codes, do not shadow them by -ENOSPC and let caller to decide. No functional change intended. Signed-off-by: Andy Shevchenko Signed-off-by: Linus Walleij commit 41d69087fd75f7288378082ee45c850109d9d289 Author: Andy Shevchenko Date: Mon Jul 30 15:38:34 2018 +0300 gpio: em: Don't shadow error code of gpiochip_lock_as_irq() gpiochip_lock_as_irq() may return a few error codes, do not shadow them by -EINVAL and let caller to decide. No functional change intended. Signed-off-by: Andy Shevchenko Signed-off-by: Linus Walleij commit 10ed35399ab0a46c2ff07b35977e0d423bde48f2 Author: Andy Shevchenko Date: Mon Jul 30 15:38:33 2018 +0300 gpio: dwapb: Don't shadow error code of gpiochip_lock_as_irq() gpiochip_lock_as_irq() may return a few error codes, do not shadow them by -EINVAL and let caller to decide. No functional change intended. Cc: Hoan Tran Signed-off-by: Andy Shevchenko Signed-off-by: Linus Walleij commit 9b073332dd12553751951b08f78d7d1416f5bee2 Author: Andy Shevchenko Date: Mon Jul 30 15:38:32 2018 +0300 gpio: bcm-kona: Don't shadow error code of gpiochip_lock_as_irq() gpiochip_lock_as_irq() may return a few error codes, do not shadow them by -EINVAL and let caller to decide. No functional change intended. Cc: Ray Jui Cc: Scott Branden Signed-off-by: Andy Shevchenko Reviewed-by: Florian Fainelli Signed-off-by: Linus Walleij commit 3a2f335c418fed18fc3e4b3d0ee0955e8b2c5f21 Author: Andy Shevchenko Date: Mon Jul 30 15:38:31 2018 +0300 gpiolib: Don't shadow error code of gpiochip_lock_as_irq() gpiochip_lock_as_irq() may return a few error codes, do not shadow them by -EINVAL and let caller to decide. No functional change intended. Signed-off-by: Andy Shevchenko Signed-off-by: Linus Walleij commit cf2ff877a4eea5f5ad959050284eb93d5d2f803a Author: Levin Du Date: Tue Jul 31 13:59:19 2018 +0800 gpio: syscon: rockchip: add GRF GPIO support for rk3328 In Rockchip RK3328, the output only GPIO_MUTE pin, originally for codec mute control, can also be used for general purpose. It is manipulated by the GRF_SOC_CON10 register in GRF. Aside from the GPIO_MUTE pin, the HDMI pins can also be set in the same way. Currently this GRF GPIO controller only supports the mute pin. If needed in the future, the HDMI pins support can also be added. Signed-off-by: Levin Du Reviewed-by: Rob Herring Reviewed-by: Heiko Stuebner Signed-off-by: Linus Walleij commit 442af1403a2886f8f6d43f2f67f8a8b001e048d8 Author: Janusz Krzysztofik Date: Thu Jul 19 01:57:08 2018 +0200 gpio: omap: Add get/set_multiple() callbacks This should make applications utilizing whole banks work faster. Signed-off-by: Janusz Krzysztofik Acked-by: Grygorii Strashko Signed-off-by: Linus Walleij commit 640332d1a089909df08bc9f3e42888a2019c66e2 Author: Levin Du Date: Sat Aug 4 15:31:02 2018 +0800 clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 PWM2 is commonly used to control voltage of PWM regulator of VDD_LOG in RK3399. On the Firefly-RK3399 board, PWM2 outputs 40 KHz square wave from power on and the VDD_LOG is about 0.9V. When the kernel boots normally into the system, the PWM2 keeps outputing PWM signal. But the kernel hangs randomly after "Starting kernel ..." line on that board. When it happens, PWM2 outputs high level which causes VDD_LOG drops to 0.4V below the normal operating voltage. By adding "pclk_rkpwm_pmu" to the rk3399_pmucru_critical_clocks array, PWM clock is ensured to be prepared at startup and the PWM2 output is normal. After repeated tests, the early boot hang is gone. This patch works on both Firefly-RK3399 and ROC-RK3399-PC boards. Signed-off-by: Levin Du Signed-off-by: Heiko Stuebner commit 2224f2ff9670b899983ff1b42d85530e889cfea1 Author: Kitone Elvis Peter Date: Mon Aug 6 20:27:59 2018 +0300 leds: ns2: Change unsigned to unsigned int Use unsigned int, because it's preferred to unsigned. Signed-off-by: Kitone Elvis Peter Acked-by: Pavel Machek Signed-off-by: Jacek Anaszewski commit 4823e5da2ea9061011242db81334d6ebbd2ed0a5 Author: Lucas Stach Date: Mon Aug 6 15:12:48 2018 +0200 drm/scheduler: fix timeout worker setup for out of order job completions drm_sched_job_finish() is a work item scheduled for each finished job on a unbound system workqueue. This means the workers can execute out of order with regard to the real hardware job completions. If this happens queueing a timeout worker for the first job on the ring mirror list is wrong, as this may be a job which has already finished executing. Fix this by reorganizing the code to always queue the worker for the next job on the list, if this job hasn't finished yet. This is robust against a potential reordering of the finish workers. Also move out the timeout worker cancelling, so that we don't need to take the job list lock twice. As a small optimization list_del is used to remove the job from the ring mirror list, as there is no need to reinit the list head in the job we are about to free. Signed-off-by: Lucas Stach Reviewed-by: Christian König Signed-off-by: Alex Deucher commit 1e1dbd6fd10031bf46d9e44b6ad423e2ee39e2a7 Author: Hersen Wu Date: Fri Jul 27 14:52:37 2018 -0400 drm/amd/display: display connected to dp-1 does not light up [why] for vega, dp set_panel_mode is handled by psp firmware. dal should not program the register again. [how] dal does not program panel mode. Signed-off-by: Hersen Wu Reviewed-by: Charlene Liu Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher commit 81aca8e75c1b046865fb2badef95a0dcff6f73de Author: Mikita Lipski Date: Fri Jul 13 09:07:35 2018 -0400 drm/amd/display: update clk for various HDMI color depths [why] When programming tonga's connector's backend we didn't take in account that HDMI's colour depth might be more than 8bpc therefore we need to add a switch statement that would adjust the pixel clock accordingly. [how] Add a switch statement updating clock by its appropriate coefficient. Signed-off-by: Mikita Lipski Reviewed-by: Charlene Liu Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 99326ee3624b90d176a8f7e2aa3d15dfaa59c8f1 Author: Dmytro Laktyushkin Date: Thu Jul 26 12:17:58 2018 -0400 drm/amd/display: program display clock on cache match [Why] We seem to have an issue where high enough display clock will not get set properly during S3 resume if we only call vbios once [How] Expand condition of display clock programming to happen even when cached display clock matches requested display clock Signed-off-by: Dmytro Laktyushkin Reviewed-by: Tony Cheng Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher commit fb7b11e1633e50b9a6b3fffe5cd151474aee9802 Author: Nicholas Kazlauskas Date: Mon Jul 30 12:27:23 2018 -0400 drm/amd/display: Add NULL check for enabling dp ss [Why] The pointer for integrated_info can be NULL which causes the system to do a null pointer deference and hang on boot. [How] Add a check to ensure that integrated_info is not null before enabling DP ss. Signed-off-by: Nicholas Kazlauskas Reviewed-by: Sun peng Li Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher commit ad830e7ab1847f4a014c04496b2581a7497b204f Author: Dmytro Laktyushkin Date: Wed Jul 18 15:25:34 2018 -0400 drm/amd/display: add vbios table check for enabling dp ss Signed-off-by: Dmytro Laktyushkin Reviewed-by: Eric Bernstein Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher commit 405c018a25fe464dc68057bbc8014a58f2bd4422 Author: M. Vefa Bicakci Date: Tue Jul 24 08:45:47 2018 -0400 xen/pv: Call get_cpu_address_sizes to set x86_virt/phys_bits Commit d94a155c59c9 ("x86/cpu: Prevent cpuinfo_x86::x86_phys_bits adjustment corruption") has moved the query and calculation of the x86_virt_bits and x86_phys_bits fields of the cpuinfo_x86 struct from the get_cpu_cap function to a new function named get_cpu_address_sizes. One of the call sites related to Xen PV VMs was unfortunately missed in the aforementioned commit. This prevents successful boot-up of kernel versions 4.17 and up in Xen PV VMs if CONFIG_DEBUG_VIRTUAL is enabled, due to the following code path: enlighten_pv.c::xen_start_kernel mmu_pv.c::xen_reserve_special_pages page.h::__pa physaddr.c::__phys_addr physaddr.h::phys_addr_valid phys_addr_valid uses boot_cpu_data.x86_phys_bits to validate physical addresses. boot_cpu_data.x86_phys_bits is no longer populated before the call to xen_reserve_special_pages due to the aforementioned commit though, so the validation performed by phys_addr_valid fails, which causes __phys_addr to trigger a BUG, preventing boot-up. Signed-off-by: M. Vefa Bicakci Reviewed-by: Thomas Gleixner Reviewed-by: Boris Ostrovsky Cc: "Kirill A. Shutemov" Cc: Andy Lutomirski Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Thomas Gleixner Cc: Boris Ostrovsky Cc: Juergen Gross Cc: xen-devel@lists.xenproject.org Cc: x86@kernel.org Cc: stable@vger.kernel.org # for v4.17 and up Fixes: d94a155c59c9 ("x86/cpu: Prevent cpuinfo_x86::x86_phys_bits adjustment corruption") Signed-off-by: Boris Ostrovsky commit de7de576eca204de9a38e2f6dafe6b7c1ddc85c1 Merge: 70837ffe3085 be10d5d1c2d1 Author: David S. Miller Date: Mon Aug 6 13:17:48 2018 -0700 Merge branch 'ieee802154-for-davem-2018-08-06' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan-next Stefan Schmidt says: ==================== pull-request: ieee802154-next 2018-08-06 An update from ieee802154 for *net-next* Romuald added a socket option to get the LQI value of the received datagram. Alexander added a new hardware simulation driver modelled after hwsim of the wireless people. It allows runtime configuration for new nodes and edges over a netlink interface (a config utlity is making its way into wpan-tools). We also have three fixes in here. One from Colin which is more of a cleanup and two from Alex fixing tailroom and single frame space problems. I would normally put the last two into my fixes tree, but given we are already in -rc8 I simply put them here and added a cc: stable to them. ==================== Signed-off-by: David S. Miller commit 70837ffe3085c9a91488b52ca13ac84424da1042 Author: Dan Carpenter Date: Mon Aug 6 22:17:35 2018 +0300 ipv4: frags: precedence bug in ip_expire() We accidentally removed the parentheses here, but they are required because '!' has higher precedence than '&'. Fixes: fa0f527358bd ("ip: use rb trees for IP frag queue.") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller commit 673bb2dfc36488abfdbbfc2ce2631204eaf682f2 Author: Ben Hutchings Date: Sun Aug 5 17:41:09 2018 +0100 scripts/kernel-doc: Escape all literal braces in regexes Commit 701b3a3c0ac4 ("PATCH scripts/kernel-doc") fixed the two instances of literal braces that Perl 5.28 warns about, but there are still more than it doesn't warn about. Escape all left braces that are treated as literal characters. Also escape literal right braces, for consistency and to avoid confusing bracket-matching in text editors. Signed-off-by: Ben Hutchings Signed-off-by: Jonathan Corbet commit d2f884612c42850db0b3521b74a05636a5fc035f Author: Colin Ian King Date: Wed Aug 1 11:47:42 2018 +0100 ALSA: intel_hdmi: remove redundant variable cfg_val Variable cfg_val is being assigned but is never used hence it is redundant and can be removed. Cleans up clang warning: warning: variable 'cfg_val' set but not used [-Wunused-but-set-variable] [ Background info about val_bit field from alsa-devel ML thread: tiwai: Actually this made me wonder what is the definition of val_bit. It seems always 1 in the current code after the commit 964ca8083c02. Pierre? pbossart: This val_bit is only there for debug/test, it should be set to one by default and has nothing to do with the lpcm_id. This variable was set even in patches before upstream submission and was never needed, I guess it must be a 9-yr old issue. Good catch! ] Signed-off-by: Colin Ian King Acked-by: Pierre-Louis Bossart Signed-off-by: Takashi Iwai commit 3e27e10e2ecee0d3a0083f8ae76354ac9c6ad15c Author: Mikita Lipski Date: Thu Jul 12 16:44:05 2018 -0400 drm/amd/display: Don't share clk source between DP and HDMI [why] Prevent clock source sharing between HDMI and DP connectors. DP shouldn't be sharing its ref clock with phy clock, which caused an issue of older ASICS booting up with multiple diplays plugged in. [how] Add an extra check that would prevent HDMI and DP sharing clk. Signed-off-by: Mikita Lipski Reviewed-by: Hersen Wu Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 9315e2399a2cdc236e8d42c1a21fb1071cdad03d Author: Hersen Wu Date: Mon Jul 16 11:21:12 2018 -0400 drm/amd/display: Fix DP HBR2 Eye Diagram Pattern on Carrizo [why] dp hbr2 eye diagram pattern for raven asic is not stabled. workaround is to use tp4 pattern. But this should not be applied to asic before raven. [how] add new bool varilable in asic caps. for raven asic, use the workaround. for carrizo, vega, do not use workaround. Signed-off-by: Hersen Wu Reviewed-by: Harry Wentland Acked-by: Leo Li Signed-off-by: Alex Deucher commit 5ae6fe572929587a304471bf4a641361a45152b5 Author: Nicholas Kazlauskas Date: Mon Jul 23 14:13:23 2018 -0400 drm/amd/display: Use calculated disp_clk_khz value for dce110 [Why] The calculated values for actual disp_clk_khz were ignored when notifying pplib of the new display requirements. In order to honor DFS bypass clocks from the hardware, the calculated value should be used. [How] The return value for set_dispclk is now assigned back into new_clocks and correctly carried through into dccg->clks.phyclk_khz. When notifying pplib of new display requirements dccg->clks.phyclk_khz is used instead of dce.dispclk_khz. The value of dce.dispclk_khz was never explicitly set to anything before. A 15% higher display clock value than calculated is no longer requested for dce110 since it now makes use of the calculated value. Since dce112 makes use of dce110's set_bandwidth but not its update_clocks it needs to have the value correctly carried through. Signed-off-by: Nicholas Kazlauskas Reviewed-by: Harry Wentland Reviewed-by: Dmytro Laktyushkin Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher commit 78e4405cec6cb0780b27b222685dde33934b38e4 Author: David Francis Date: Thu Jul 12 15:46:41 2018 -0400 drm/amd/display: Implement custom degamma lut on dcn [Why] Custom degamma lut functions are a feature we would like to support on compatible hardware [How] In atomic check, convert from array of drm_color_lut to dc_transfer_func. On hardware commit, allow for possibility of custom degamma. Both are based on the equivalent regamma pipeline. Signed-off-by: David Francis Reviewed-by: Krunoslav Kovac Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher commit d90e9a3bf5e747f0e3b0c8bec96d8699493f63ab Author: David Francis Date: Thu Jul 19 15:48:24 2018 -0400 drm/amd/display: Destroy aux_engines only once [Why] In the dce112 function to destroy the resource pool, engines (the aux engines) is destroyed twice. This has no ill effects but is a tad redundant. [How] Remove the redundant call Signed-off-by: David Francis Reviewed-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher commit 53a53f8687faf492df2644d8c18ff0217fc18730 Author: David Francis Date: Wed Jul 18 16:03:30 2018 -0400 drm/amd/display: Read back max backlight value at boot [Why] If there is no program explicitly setting the backlight brightness (for example, during a minimal install of linux), the hardware defaults to maximum brightness but the backlight_device defaults to 0 value. Thus, settings displays the wrong brightness value. [How] When creating the backlight device, set brightness to max Signed-off-by: David Francis Reviewed-by: Harry Wentland Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher commit 620a0d27b211aa03d3f99accfdd58b88e6e0504c Author: David Francis Date: Thu Jul 19 11:25:05 2018 -0400 drm/amd/display: Implement backlight_ops.get_brightness [Why] This hook that is supposed to read the actual backlight value is used in a few places throughout the kernel to setup or force update on backlight [How] Create a dc function that calls the existing abm function, and call that function from amdgpu Signed-off-by: David Francis Reviewed-by: Harry Wentland Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher commit 0301ccbaf67d3d9aea97156c5eb85233bb5a5178 Author: abdoulaye berthe Date: Thu Jul 19 15:39:55 2018 -0400 drm/amd/display: DP Compliance 400.1.1 failure [Why] 400.1.1 is failing because we are not performing link training when we get an HPD pulse for the same display. This is breaking DP compliance [How] Always perform link training after HPD pulse if the detection reason is not DETECT_REASON_HPDRX. Signed-off-by: abdoulaye berthe Reviewed-by: Wenjing Liu Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher commit e11d41472a50742c16d53c968e143fb498fa482f Author: Leo (Sunpeng) Li Date: Thu Jul 19 08:22:16 2018 -0400 drm/amd/display: Use requested HDMI aspect ratio [Why] The DRM mode's HDMI picture aspect ratio field was never saved in dc_stream's timing struct. This causes us to mistake a new stream to have the same timings as the old, even though the user has requested a different aspect ratio. [How] Save DRM's aspect ratio field within dc_stream's timing struct. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107153 Signed-off-by: Leo (Sunpeng) Li Reviewed-by: Mikita Lipski Acked-by: Bhawanpreet Lakha Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit ce29af2a505627cc8f1deddb84bcbaf186b0bfd5 Author: Bjorn Helgaas Date: Wed Jul 25 14:53:42 2018 -0500 PCI: Remove unnecessary include of Several PCI core files include pci-aspm.h even though they don't need anything provided by that file. Remove the unnecessary includes of it. Signed-off-by: Bjorn Helgaas Reviewed-by: Sinan Kaya commit 2b2654b8922a46aeabc9bf13e0361a96110317e7 Author: Bjorn Helgaas Date: Wed Jul 25 14:53:41 2018 -0500 iwlwifi: Remove unnecessary include of This part of the iwlwifi driver doesn't need anything provided by pci-aspm.h, so remove the unnecessary include of it. Signed-off-by: Bjorn Helgaas Reviewed-by: Sinan Kaya Acked-by: Luca Coelho commit a78613c08267107e3ffaa40290a269be79386fce Author: Bjorn Helgaas Date: Wed Jul 25 14:53:40 2018 -0500 ath9k: Remove unnecessary include of The ath9k driver doesn't need anything provided by pci-aspm.h, so remove the unnecessary include of it. Signed-off-by: Bjorn Helgaas Reviewed-by: Sinan Kaya Acked-by: Kalle Valo commit f5ddcf71e66eac681500ab94df0f9e33c4f2b4a7 Author: Bjorn Helgaas Date: Wed Jul 25 14:53:40 2018 -0500 igb: Remove unnecessary include of The igb driver doesn't need anything provided by pci-aspm.h, so remove the unnecessary include of it. Signed-off-by: Bjorn Helgaas Reviewed-by: Sinan Kaya Acked-by: Alexander Duyck Acked-by: Jeff Kirsher commit 36131ce9a0b23ed6feb04f8a3ffaa44b804abd5e Author: Andy Shevchenko Date: Mon Aug 6 14:30:34 2018 -0500 PCI/ASPM: Convert to use sysfs_match_string() helper The sysfs_match_string() helper returns index of the matching string in an array. Use it in pcie_aspm_set_policy() to simplify the code. Signed-off-by: Andy Shevchenko [bhelgaas: squash sysfs_match_string() fix into original patch for issue Reported-by: Heiner Kallweit ] Signed-off-by: Bjorn Helgaas commit 315706049c343794ad0d3e5b6f6b60b900457b11 Merge: 706d51681d63 c40a56a7818c Author: Thomas Gleixner Date: Mon Aug 6 20:56:34 2018 +0200 Merge branch 'x86/pti-urgent' into x86/pti Integrate the PTI Global bit fixes which conflict with the 32bit PTI support. Signed-off-by: Thomas Gleixner commit c40a56a7818cfe735fc93a69e1875f8bba834483 Author: Dave Hansen Date: Thu Aug 2 15:58:31 2018 -0700 x86/mm/init: Remove freed kernel image areas from alias mapping The kernel image is mapped into two places in the virtual address space (addresses without KASLR, of course): 1. The kernel direct map (0xffff880000000000) 2. The "high kernel map" (0xffffffff81000000) We actually execute out of #2. If we get the address of a kernel symbol, it points to #2, but almost all physical-to-virtual translations point to Parts of the "high kernel map" alias are mapped in the userspace page tables with the Global bit for performance reasons. The parts that we map to userspace do not (er, should not) have secrets. When PTI is enabled then the global bit is usually not set in the high mapping and just used to compensate for poor performance on systems which lack PCID. This is fine, except that some areas in the kernel image that are adjacent to the non-secret-containing areas are unused holes. We free these holes back into the normal page allocator and reuse them as normal kernel memory. The memory will, of course, get *used* via the normal map, but the alias mapping is kept. This otherwise unused alias mapping of the holes will, by default keep the Global bit, be mapped out to userspace, and be vulnerable to Meltdown. Remove the alias mapping of these pages entirely. This is likely to fracture the 2M page mapping the kernel image near these areas, but this should affect a minority of the area. The pageattr code changes *all* aliases mapping the physical pages that it operates on (by default). We only want to modify a single alias, so we need to tweak its behavior. This unmapping behavior is currently dependent on PTI being in place. Going forward, we should at least consider doing this for all configurations. Having an extra read-write alias for memory is not exactly ideal for debugging things like random memory corruption and this does undercut features like DEBUG_PAGEALLOC or future work like eXclusive Page Frame Ownership (XPFO). Before this patch: current_kernel:---[ High Kernel Mapping ]--- current_kernel-0xffffffff80000000-0xffffffff81000000 16M pmd current_kernel-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_kernel-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_kernel-0xffffffff81e11000-0xffffffff82000000 1980K RW NX pte current_kernel-0xffffffff82000000-0xffffffff82600000 6M ro PSE GLB NX pmd current_kernel-0xffffffff82600000-0xffffffff82c00000 6M RW PSE NX pmd current_kernel-0xffffffff82c00000-0xffffffff82e00000 2M RW NX pte current_kernel-0xffffffff82e00000-0xffffffff83200000 4M RW PSE NX pmd current_kernel-0xffffffff83200000-0xffffffffa0000000 462M pmd current_user:---[ High Kernel Mapping ]--- current_user-0xffffffff80000000-0xffffffff81000000 16M pmd current_user-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_user-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_user-0xffffffff81e11000-0xffffffff82000000 1980K RW NX pte current_user-0xffffffff82000000-0xffffffff82600000 6M ro PSE GLB NX pmd current_user-0xffffffff82600000-0xffffffffa0000000 474M pmd After this patch: current_kernel:---[ High Kernel Mapping ]--- current_kernel-0xffffffff80000000-0xffffffff81000000 16M pmd current_kernel-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_kernel-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_kernel-0xffffffff81e11000-0xffffffff82000000 1980K pte current_kernel-0xffffffff82000000-0xffffffff82400000 4M ro PSE GLB NX pmd current_kernel-0xffffffff82400000-0xffffffff82488000 544K ro NX pte current_kernel-0xffffffff82488000-0xffffffff82600000 1504K pte current_kernel-0xffffffff82600000-0xffffffff82c00000 6M RW PSE NX pmd current_kernel-0xffffffff82c00000-0xffffffff82c0d000 52K RW NX pte current_kernel-0xffffffff82c0d000-0xffffffff82dc0000 1740K pte current_user:---[ High Kernel Mapping ]--- current_user-0xffffffff80000000-0xffffffff81000000 16M pmd current_user-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_user-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_user-0xffffffff81e11000-0xffffffff82000000 1980K pte current_user-0xffffffff82000000-0xffffffff82400000 4M ro PSE GLB NX pmd current_user-0xffffffff82400000-0xffffffff82488000 544K ro NX pte current_user-0xffffffff82488000-0xffffffff82600000 1504K pte current_user-0xffffffff82600000-0xffffffffa0000000 474M pmd [ tglx: Do not unmap on 32bit as there is only one mapping ] Fixes: 0f561fce4d69 ("x86/pti: Enable global pages for shared areas") Signed-off-by: Dave Hansen Signed-off-by: Thomas Gleixner Cc: Kees Cook Cc: Andrea Arcangeli Cc: Juergen Gross Cc: Josh Poimboeuf Cc: Greg Kroah-Hartman Cc: Peter Zijlstra Cc: Hugh Dickins Cc: Linus Torvalds Cc: Borislav Petkov Cc: Andy Lutomirski Cc: Andi Kleen Cc: Joerg Roedel Link: https://lkml.kernel.org/r/20180802225831.5F6A2BFC@viggo.jf.intel.com commit 3237c0dbe21f8d2ca2feaa3891aff3619873cd30 Author: Michał Winiarski Date: Thu Jul 12 17:53:30 2018 +0200 drm/i915/kvmgt: Fix compilation error gvt_pin_guest_page extracted some of the gvt_dma_map_page functionality: commit 79e542f5af79 ("drm/i915/kvmgt: Support setting dma map for huge pages") And yet, part of it was reintroduced in: commit 39b4cbadb9a9 ("drm/i915/kvmgt: Check the pfn got from vfio_pin_pages") Causing kvmgt part to no longer build. Let's remove it. Reported-by: Tomasz Lis Signed-off-by: Michał Winiarski Cc: Changbin Du Cc: Zhenyu Wang Acked-by: Zhenyu Wang Signed-off-by: Rodrigo Vivi Link: https://patchwork.freedesktop.org/patch/msgid/20180712155330.32055-1-michal.winiarski@intel.com (cherry picked from commit 4eaf317a60fbea0555b936035002ca9bd9b9105d) Signed-off-by: Rodrigo Vivi commit e4cc5a1873ac1297615962185f94adbbfaf6456b Author: Marcel Holtmann Date: Mon Aug 6 17:58:40 2018 +0200 Bluetooth: btqca: Introduce HCI_EV_VENDOR and use it Using HCI_VENDOR_PKT for vendor specific events does work since it has also the value 0xff, but it is actually the packet type indicator constant and not the event constant. So introduce HCI_EV_VENDOR and use it. Signed-off-by: Marcel Holtmann Signed-off-by: Johan Hedberg commit 0dd0e297f0ec780b6b3484ba38b27d18c8ca7af9 Author: Alex Williamson Date: Thu Jul 12 16:33:04 2018 -0600 vfio-pci: Disable binding to PFs with SR-IOV enabled We expect to receive PFs with SR-IOV disabled, however some host drivers leave SR-IOV enabled at unbind. This puts us in a state where we can potentially assign both the PF and the VF, leading to both functionality as well as security concerns due to lack of managing the SR-IOV state as well as vendor dependent isolation from the PF to VF. If we were to attempt to actively disable SR-IOV on driver probe, we risk VF bound drivers blocking, potentially risking live lock scenarios. Therefore simply refuse to bind to PFs with SR-IOV enabled with a warning message indicating the issue. Users can resolve this by re-binding to the host driver and disabling SR-IOV before attempting to use the device with vfio-pci. Reviewed-by: David Gibson Reviewed-by: Peter Xu Signed-off-by: Alex Williamson commit 544c05a60aef7de34ef60eebaf46582ca2bf05f9 Author: Gustavo A. R. Silva Date: Mon Jul 9 17:53:09 2018 -0500 vfio: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Alex Williamson commit a69508c2847d26869e85daadc9f74abaf1253a52 Author: Wolfram Sang Date: Wed Jul 25 21:16:55 2018 +0200 ata: sata_rcar: Add r8a77965 support Update the binding docs for Renesas R-Car M3-N. No driver changes are needed. Signed-off-by: Wolfram Sang Reviewed-by: Geert Uytterhoeven Signed-off-by: Tejun Heo commit 75eef0f1ed478284911b8723a5bdb659499a7aac Author: Chris Wilson Date: Thu Aug 2 15:04:16 2018 +0100 drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" The LPE audio is a child device of i915, it is powered up and down alongside the igfx and presents no independent runtime interface. This aptly fulfils the description of a "No-Callback" Device, so mark it thus. Fixes: 183c00350ccd ("drm/i915: Fix runtime PM for LPE audio") Testcase: igt/pm_rpm/basic-pci-d3-state Testcase: igt/pm_rpm/basic-rte Signed-off-by: Chris Wilson Cc: Takashi Iwai Cc: Pierre-Louis Bossart Cc: Ville Syrjälä Cc: stable@vger.kernel.org Reviewed-by: Joonas Lahtinen Link: https://patchwork.freedesktop.org/patch/msgid/20180802140416.6062-1-chris@chris-wilson.co.uk (cherry picked from commit 46e831abe864a6b59fa3de253a681c0f2ee1bf2f) Signed-off-by: Rodrigo Vivi commit 497bfb706844892d07495f2ed5dff977fede5e25 Author: Mika Kuoppala Date: Mon Jul 30 15:06:36 2018 +0300 Revert "drm/i915/icl: WaEnableFloatBlendOptimization" The register for 0xe420 is unable to hold any value, including this bit. The documentation is also mixed between having a register bit for toggle and having a state command setup for it. Apparently the register toggle is deprecated. Remove the register toggle as evidence shows it's futile. The thing remaining is an apology and humble request for Mesa folks to resurrect their state setup for this as they were on right track from start. This reverts commit 0bf059f3532bb39c52d917142206a8554fc2f1c5. Fixes: 0bf059f3532b ("drm/i915/icl: WaEnableFloatBlendOptimization") References: HSDES#1406393558 Cc: Oscar Mateo Cc: Anuj Phogat Cc: Chris Wilson Cc: Lionel Landwerlin Signed-off-by: Mika Kuoppala Acked-by: Chris Wilson Link: https://patchwork.freedesktop.org/patch/msgid/20180730120636.26958-1-mika.kuoppala@linux.intel.com (cherry picked from commit c358514ba8da9e235876db1628cedd19a35803c6) Signed-off-by: Rodrigo Vivi commit 027063b1606fea6df15c270e5f2a072d1dfa8fef Author: Chris Wilson Date: Tue Jul 31 14:26:29 2018 +0100 drm/i915: Interactive RPS mode RPS provides a feedback loop where we use the load during the previous evaluation interval to decide whether to up or down clock the GPU frequency. Our responsiveness is split into 3 regimes, a high and low plateau with the intent to keep the gpu clocked high to cover occasional stalls under high load, and low despite occasional glitches under steady low load, and inbetween. However, we run into situations like kodi where we want to stay at low power (video decoding is done efficiently inside the fixed function HW and doesn't need high clocks even for high bitrate streams), but just occasionally the pipeline is more complex than a video decode and we need a smidgen of extra GPU power to present on time. In the high power regime, we sample at sub frame intervals with a bias to upclocking, and conversely at low power we sample over a few frames worth to provide what we consider to be the right levels of responsiveness respectively. At low power, we more or less expect to be kicked out to high power at the start of a busy sequence by waitboosting. Prior to commit e9af4ea2b9e7 ("drm/i915: Avoid waitboosting on the active request") whenever we missed the frame or stalled, we would immediate go full throttle and upclock the GPU to max. But in commit e9af4ea2b9e7, we relaxed the waitboosting to only apply if the pipeline was deep to avoid over-committing resources for a near miss. Sadly though, a near miss is still a miss, and perceptible as jitter in the frame delivery. To try and prevent the near miss before having to resort to boosting after the fact, we use the pageflip queue as an indication that we are in an "interactive" regime and so should sample the load more frequently to provide power before the frame misses it vblank. This will make us more favorable to providing a small power increase (one or two bins) as required rather than going all the way to maximum and then having to work back down again. (We still keep the waitboosting mechanism around just in case a dramatic change in system load requires urgent uplocking, faster than we can provide in a few evaluation intervals.) v2: Reduce rps_set_interactive to a boolean parameter to avoid the confusion of what if they wanted a new power mode after pinning to a different mode (which to choose?) v3: Only reprogram RPS while the GT is awake, it will be set when we wake the GT, and while off warns about being used outside of rpm. v4: Fix deferred application of interactive mode v5: s/state/interactive/ v6: Group the mutex with its principle in a substruct Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107111 Fixes: e9af4ea2b9e7 ("drm/i915: Avoid waitboosting on the active request") Signed-off-by: Chris Wilson Cc: Joonas Lahtinen Cc: Tvrtko Ursulin Cc: Radoslaw Szwichtenberg Cc: Ville Syrjälä Reviewed-by: Joonas Lahtinen Link: https://patchwork.freedesktop.org/patch/msgid/20180731132629.3381-1-chris@chris-wilson.co.uk (cherry picked from commit 60548c554be2830d29d2533dad0ac8133347ee51) Signed-off-by: Rodrigo Vivi commit 656921a51244b72cd1105df61b0af15825bddb72 Author: Rodrigo Vivi Date: Thu Jul 19 17:31:55 2018 -0700 drm/i915: Fix psr sink status report. First of all don't try to read dpcd if PSR is not even supported. But also, if read failed return -EIO instead of reporting via a backchannel. v2: fix dev_priv: At this level m->private is the connector. (CI/DK) don't convert dpcd read errors to EIO. (DK) Fixes: 5b7b30864d1d ("drm/i915/psr: Split sink status into a separate debugfs node") Cc: Chris Wilson Cc: Dhinakaran Pandiyan Cc: José Roberto de Souza Signed-off-by: Rodrigo Vivi Reviewed-by: Dhinakaran Pandiyan Link: https://patchwork.freedesktop.org/patch/msgid/20180720003155.16290-1-rodrigo.vivi@intel.com (cherry picked from commit 7a72c78bdd0a1ea1d879610542679cc680398220) Signed-off-by: Rodrigo Vivi commit 74c05a33cb02e75888771bc39e22e438195d6427 Author: Yangbo Lu Date: Mon Aug 6 12:39:11 2018 +0800 ptp_qoriq: use div_u64/div_u64_rem for 64-bit division This is a fix-up patch for below build issue with multi_v7_defconfig. drivers/ptp/ptp_qoriq.o: In function `qoriq_ptp_probe': ptp_qoriq.c:(.text+0xd0c): undefined reference to `__aeabi_uldivmod' Fixes: 91305f281262 ("ptp_qoriq: support automatic configuration for ptp timer") Signed-off-by: Yangbo Lu Signed-off-by: David S. Miller commit 9dae34978d83df06fc59aff5cf0d88ce41b80643 Author: Yafang Shao Date: Mon Aug 6 11:57:02 2018 +0800 net: avoid unnecessary sock_flag() check when enable timestamp The sock_flag() check is alreay inside sock_enable_timestamp(), so it is unnecessary checking it in the caller. void sock_enable_timestamp(struct sock *sk, int flag) { if (!sock_flag(sk, flag)) { ... } } Signed-off-by: Yafang Shao Signed-off-by: David S. Miller commit 429711aec282c4b5fe5bbd7b2f0bbbff4110ffb2 Author: Jason Wang Date: Mon Aug 6 11:17:47 2018 +0800 vhost: switch to use new message format We use to have message like: struct vhost_msg { int type; union { struct vhost_iotlb_msg iotlb; __u8 padding[64]; }; }; Unfortunately, there will be a hole of 32bit in 64bit machine because of the alignment. This leads a different formats between 32bit API and 64bit API. What's more it will break 32bit program running on 64bit machine. So fixing this by introducing a new message type with an explicit 32bit reserved field after type like: struct vhost_msg_v2 { __u32 type; __u32 reserved; union { struct vhost_iotlb_msg iotlb; __u8 padding[64]; }; }; We will have a consistent ABI after switching to use this. To enable this capability, introduce a new ioctl (VHOST_SET_BAKCEND_FEATURE) for userspace to enable this feature (VHOST_BACKEND_F_IOTLB_V2). Fixes: 6b1e6cc7855b ("vhost: new device IOTLB API") Signed-off-by: Jason Wang Signed-off-by: David S. Miller commit 9c2e955c48363a6a000a684aa49be7f4ac1120ad Author: zhong jiang Date: Mon Aug 6 11:07:23 2018 +0800 net/bridge/br_multicast: remove redundant variable "err" The err is not modified after initalization, So remove it and make it to be void function. Signed-off-by: zhong jiang Signed-off-by: David S. Miller commit be1459de2eea3619dbbb8f1f9a420e103a85986a Author: Al Viro Date: Sat Aug 4 21:41:27 2018 +0100 mellanox: fix the dport endianness in call of __inet6_lookup_established() __inet6_lookup_established() expect th->dport passed in host-endian, not net-endian. The reason is microoptimization in __inet6_lookup(), but if you use the lower-level helpers, you have to play by their rules... Signed-off-by: Al Viro Signed-off-by: David S. Miller commit 96b954895470fa1f64232fd9b1e31f445b8a3c35 Author: Masaharu Hayakawa Date: Mon Aug 6 12:42:00 2018 +0200 ata: sata_rcar: exclude setting of PHY registers in Gen3 According to documentation, setting of PHY registers is unnecessary with R-Car Gen3. The registers are not even described. So, don't initialize them. Signed-off-by: Masaharu Hayakawa [wsa: updated commit message] Signed-off-by: Wolfram Sang Reviewed-by: Sergei Shtylyov Signed-off-by: Tejun Heo commit e207610fffbc339d14c663a6966454b8e9b2deff Author: Wolfram Sang Date: Mon Aug 6 12:40:05 2018 +0200 ata: sata_rcar: really mask all interrupts on Gen2 and later Since R-Car Gen2, a new bit has been introduced to the interrupt mask register. Update the code to handle it properly as well. Signed-off-by: Wolfram Sang Reviewed-by: Sergei Shtylyov Signed-off-by: Tejun Heo commit eac7e072d7e99fad1b6e817c608b03c48205241e Author: Tejun Heo Date: Mon Aug 6 10:22:35 2018 -0700 Revert "ata: ahci_platform: allow disabling of hotplug to save power" This reverts commit aece27a2f01be4bb7683790f69cd1bed3a0929a2. Causes boot failure on some devices. http://lore.kernel.org/r/CA+G9fYuKW_jCFZPqG4tz=QY9ROfHO38KiCp9XTA+KaDOFVtcqQ@mail.gmail.com Signed-off-by: Tejun Heo commit 96c25b777442d3a875b1921b1f047ea00d96c8ea Author: Jeff Layton Date: Sun Jun 17 05:31:17 2018 -0400 mailmap: remap some of my email addresses to kernel.org address Signed-off-by: Jeff Layton commit c883da313ebf459efd33d262ca963e3a5f0ac024 Author: Jeff Layton Date: Mon Jul 30 07:54:56 2018 -0400 locks: add tracepoint in flock codepath Signed-off-by: Jeff Layton commit 7dc084d62591bd5d7d09b4801fd4ec4ea3c59dca Author: Robert P. J. Day Date: Mon Aug 6 12:26:48 2018 -0400 MIPS: Remove obsolete MIPS checks for DST node "chosen@0" As there is precious little left in any DTS files referring to the node "/chosen@0" as opposed to "/chosen", remove the two checks for the former node name. [paul.burton@mips.com: The modified yamon-dt code only operates on arch/mips/boot/dts/mti/sead3.dts right now, and that uses chosen rather than chosen@0 anyway, so this should have no behavioural effect.] Signed-off-by: Robert P. J. Day Signed-off-by: Paul Burton Patchwork: https://patchwork.linux-mips.org/patch/20131/ Cc: linux-mips@linux-mips.org commit fd8ca6dac9b45db8503cf508880edd63e039e2f2 Author: Uros Bizjak Date: Mon Aug 6 16:42:49 2018 +0200 KVM/x86: Use CC_SET()/CC_OUT in arch/x86/kvm/vmx.c Remove open-coded uses of set instructions to use CC_SET()/CC_OUT() in arch/x86/kvm/vmx.c. Signed-off-by: Uros Bizjak [Mark error paths as unlikely while touching this. - Paolo] Signed-off-by: Paolo Bonzini commit c21c834adb5bc81e7081aa93ac50619c6d060506 Author: Akshu Agrawal Date: Mon Aug 6 12:57:16 2018 +0530 ASoC: AMD: Set delay value for the capture case ACP->SYSMEM DMA happens at every I2S->SYSMEM period completion. Thus, there is delay of x frames till I2S->SYSMEM reaches a period length. This delay is communicated to user space. Signed-off-by: Akshu Agrawal Signed-off-by: Mark Brown commit 662fb3efe7ee835f0eeba6bc63b81e82a97fc312 Author: Mukunda, Vijendar Date: Mon Aug 6 12:57:15 2018 +0530 ASoC: AMD: Modified DMA pointer for capture Give position on ACP->SYSMEM DMA channel for the number of bytes that have been transferred on the basis of current descriptor under service. Signed-off-by: Vijendar Mukunda Signed-off-by: Akshu Agrawal Signed-off-by: Mark Brown commit bbdb7012b0736cda0b9b00a2949e9207cf2f892f Author: Akshu Agrawal Date: Mon Aug 6 12:57:14 2018 +0530 ASoC: AMD: Make ACP->SYSMEM DMA non circular In capture case we don't want ACP to SYSMEM dma to be circular. This is because if an in place DSP filter is applied to captured output then circular DMA can overwrite the filter value with stale data. Signed-off-by: Akshu Agrawal Signed-off-by: Mark Brown commit aaffcfd1e82d3378538408d0310b7424b98d8f81 Author: Wanpeng Li Date: Mon Jul 23 14:39:52 2018 +0800 KVM: X86: Implement PV IPIs in linux guest Implement paravirtual apic hooks to enable PV IPIs for KVM if the "send IPI" hypercall is available. The hypercall lets a guest send IPIs, with at most 128 destinations per hypercall in 64-bit mode and 64 vCPUs per hypercall in 32-bit mode. Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Vitaly Kuznetsov Signed-off-by: Wanpeng Li Signed-off-by: Paolo Bonzini commit d63bae079b6426afc998c5ea76d9cde8d8c98303 Author: Wanpeng Li Date: Mon Jul 23 14:39:51 2018 +0800 KVM: X86: Add kvm hypervisor init time platform setup callback Add kvm hypervisor init time platform setup callback which will be used to replace native apic hooks by pararvirtual hooks. Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Vitaly Kuznetsov Signed-off-by: Wanpeng Li Signed-off-by: Paolo Bonzini commit 4180bf1b655a791a0a6ef93a2ffffc762722c782 Author: Wanpeng Li Date: Mon Jul 23 14:39:54 2018 +0800 KVM: X86: Implement "send IPI" hypercall Using hypercall to send IPIs by one vmexit instead of one by one for xAPIC/x2APIC physical mode and one vmexit per-cluster for x2APIC cluster mode. Intel guest can enter x2apic cluster mode when interrupt remmaping is enabled in qemu, however, latest AMD EPYC still just supports xapic mode which can get great improvement by Exit-less IPIs. This patchset lets a guest send multicast IPIs, with at most 128 destinations per hypercall in 64-bit mode and 64 vCPUs per hypercall in 32-bit mode. Hardware: Xeon Skylake 2.5GHz, 2 sockets, 40 cores, 80 threads, the VM is 80 vCPUs, IPI microbenchmark(https://lkml.org/lkml/2017/12/19/141): x2apic cluster mode, vanilla Dry-run: 0, 2392199 ns Self-IPI: 6907514, 15027589 ns Normal IPI: 223910476, 251301666 ns Broadcast IPI: 0, 9282161150 ns Broadcast lock: 0, 8812934104 ns x2apic cluster mode, pv-ipi Dry-run: 0, 2449341 ns Self-IPI: 6720360, 15028732 ns Normal IPI: 228643307, 255708477 ns Broadcast IPI: 0, 7572293590 ns => 22% performance boost Broadcast lock: 0, 8316124651 ns x2apic physical mode, vanilla Dry-run: 0, 3135933 ns Self-IPI: 8572670, 17901757 ns Normal IPI: 226444334, 255421709 ns Broadcast IPI: 0, 19845070887 ns Broadcast lock: 0, 19827383656 ns x2apic physical mode, pv-ipi Dry-run: 0, 2446381 ns Self-IPI: 6788217, 15021056 ns Normal IPI: 219454441, 249583458 ns Broadcast IPI: 0, 7806540019 ns => 154% performance boost Broadcast lock: 0, 9143618799 ns Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Vitaly Kuznetsov Signed-off-by: Wanpeng Li Signed-off-by: Paolo Bonzini commit 74fec5b9dbaa5e6fe776f6c73e6c00fb23dca844 Author: Tianyu Lan Date: Mon Jul 23 12:31:21 2018 +0000 KVM/x86: Move X86_CR4_OSXSAVE check into kvm_valid_sregs() X86_CR4_OSXSAVE check belongs to sregs check and so move into kvm_valid_sregs(). Signed-off-by: Lan Tianyu Signed-off-by: Paolo Bonzini commit ee6268ba3a6861b2806e569bff7fe91fbdf846dd Author: Liang Chen Date: Wed Jul 25 16:32:14 2018 +0800 KVM: x86: Skip pae_root shadow allocation if tdp enabled Considering the fact that the pae_root shadow is not needed when tdp is in use, skip the pae_root shadow page allocation to allow mmu creation even not being able to obtain memory from DMA32 zone when particular cgroup cpuset.mems or mempolicy control is applied. Signed-off-by: Liang Chen Signed-off-by: Paolo Bonzini commit c2a4eadf7747a1359a80ede64e4ae0e0ba64ca08 Author: Tianyu Lan Date: Tue Jul 24 08:17:07 2018 +0000 KVM/MMU: Combine flushing remote tlb in mmu_set_spte() mmu_set_spte() flushes remote tlbs for drop_parent_pte/drop_spte() and set_spte() separately. This may introduce redundant flush. This patch is to combine these flushes and check flush request after calling set_spte(). Signed-off-by: Lan Tianyu Reviewed-by: Junaid Shahid Reviewed-by: Xiao Guangrong Signed-off-by: Paolo Bonzini commit 5e079c7ece1060491ef4a45414823162cce91b3d Author: Sean Christopherson Date: Mon Jul 23 12:32:50 2018 -0700 KVM: vmx: skip VMWRITE of HOST_{FS,GS}_BASE when possible The host's FS.base and GS.base rarely change, e.g. ~0.1% of host/guest swaps on my system. Cache the last value written to the VMCS and skip the VMWRITE to the associated VMCS fields when loading host state if the value hasn't changed since the last VMWRITE. Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit 8f21a0bbf36f58334695ae6e46c0cf906a217154 Author: Sean Christopherson Date: Mon Jul 23 12:32:49 2018 -0700 KVM: vmx: skip VMWRITE of HOST_{FS,GS}_SEL when possible On a 64-bit host, FS.sel and GS.sel are all but guaranteed to be 0, which in turn means they'll rarely change. Skip the VMWRITE for the associated VMCS fields when loading host state if the selector hasn't changed since the last VMWRITE. Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit f3bbc0dcedf50d29d2d6fdfb16c5ec3e2368837f Author: Sean Christopherson Date: Mon Jul 23 12:32:48 2018 -0700 KVM: vmx: always initialize HOST_{FS,GS}_BASE to zero during setup The HOST_{FS,GS}_BASE fields are guaranteed to be written prior to VMENTER, by way of vmx_prepare_switch_to_guest(). Initialize the fields to zero for 64-bit kernels instead of pulling the base values from their respective MSRs. In addition to eliminating two RDMSRs, vmx_prepare_switch_to_guest() can safely assume the initial value of the fields is zero in all cases. Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit d7ee039e2bab6341cdabf42d3036063cf91b40ea Author: Sean Christopherson Date: Mon Jul 23 12:32:47 2018 -0700 KVM: vmx: move struct host_state usage to struct loaded_vmcs Make host_state a property of a loaded_vmcs so that it can be used as a cache of the VMCS fields, e.g. to lazily VMWRITE the corresponding VMCS field. Treating host_state as a cache does not work if it's not VMCS specific as the cache would become incoherent when switching between vmcs01 and vmcs02. Move vmcs_host_cr3 and vmcs_host_cr4 into host_state. Explicitly zero out host_state when allocating a new VMCS for a loaded_vmcs. Unlike the pre-existing vmcs_host_cr{3,4} usage, the segment information is not guaranteed to be (re)initialized when running a new nested VMCS, e.g. HOST_FS_BASE is not written in vmx_set_constant_host_state(). Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit e920de8507c6c8760c775cd718627e7cbf57c3b7 Author: Sean Christopherson Date: Mon Jul 23 12:32:46 2018 -0700 KVM: vmx: compute need to reload FS/GS/LDT on demand Remove fs_reload_needed and gs_ldt_reload_needed from host_state and instead compute whether we need to reload various state at the time we actually do the reload. The state that is tracked by the *_reload_needed variables is not any more volatile than the trackers themselves. Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit fd1ec7723fbd560f924769b43cbdfe82dfd6a98e Author: Sean Christopherson Date: Mon Jul 23 12:32:45 2018 -0700 KVM: nVMX: remove a misleading comment regarding vmcs02 fields prepare_vmcs02() has an odd comment that says certain fields are "not in vmcs02". AFAICT the intent of the comment is to document that various VMCS fields are not handled by prepare_vmcs02(), e.g. HOST_{FS,GS}_{BASE,SELECTOR}. While technically true, the comment is misleading, e.g. it can lead the reader to think that KVM never writes those fields to vmcs02. Remove the comment altogether as the handling of FS and GS is not specific to nested VMX, and GUEST_PML_INDEX has been written by prepare_vmcs02() since commit "4e59516a12a6 (kvm: vmx: ensure VMCS is current while enabling PML)" Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit 6d6095bd2c915f4c2ba6f25e7d16e38b06c904de Author: Sean Christopherson Date: Mon Jul 23 12:32:44 2018 -0700 KVM: vmx: rename __vmx_load_host_state() and vmx_save_host_state() Now that the vmx_load_host_state() wrapper is gone, i.e. the only time we call the core functions is when we're actually about to switch between guest/host, rename the functions that handle lazy state switching to vmx_prepare_switch_to_{guest,host}_state() to better document the full extent of their functionality. Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit 678e315e78a780dbef384b92339c8414309dbc11 Author: Sean Christopherson Date: Mon Jul 23 12:32:43 2018 -0700 KVM: vmx: add dedicated utility to access guest's kernel_gs_base When lazy save/restore of MSR_KERNEL_GS_BASE was introduced[1], the MSR was intercepted in all modes and was only restored for the host when the guest is in 64-bit mode. So at the time, going through the full host restore prior to accessing MSR_KERNEL_GS_BASE was necessary to load host state and was not a significant waste of cycles. Later, MSR_KERNEL_GS_BASE interception was disabled for a 64-bit guest[2], and then unconditionally saved/restored for the host[3]. As a result, loading full host state is overkill for accesses to MSR_KERNEL_GS_BASE, and completely unnecessary when the guest is not in 64-bit mode. Add a dedicated utility to read/write the guest's MSR_KERNEL_GS_BASE (outside of the save/restore flow) to minimize the overhead incurred when accessing the MSR. When setting EFER, only decache the MSR if the new EFER will disable long mode. Removing out-of-band usage of vmx_load_host_state() also eliminates, or at least reduces, potential corner cases in its usage, which in turn will (hopefuly) make it easier to reason about future changes to the save/restore flow, e.g. optimization of saving host state. [1] commit 44ea2b1758d8 ("KVM: VMX: Move MSR_KERNEL_GS_BASE out of the vmx autoload msr area") [2] commit 5897297bc228 ("KVM: VMX: Don't intercept MSR_KERNEL_GS_BASE") [3] commit c8770e7ba63b ("KVM: VMX: Fix host userspace gsbase corruption") Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit bd9966de4e14fb559e89a06f7f5c9aab2cc028b9 Author: Sean Christopherson Date: Mon Jul 23 12:32:42 2018 -0700 KVM: vmx: track host_state.loaded using a loaded_vmcs pointer Using 'struct loaded_vmcs*' to track whether the CPU registers contain host or guest state kills two birds with one stone. 1. The (effective) boolean host_state.loaded is poorly named. It does not track whether or not host state is loaded into the CPU registers (which most readers would expect), but rather tracks if host state has been saved AND guest state is loaded. 2. Using a loaded_vmcs pointer provides a more robust framework for the optimized guest/host state switching, especially when consideration per-VMCS enhancements. To that end, WARN_ONCE if we try to switch to host state with a different VMCS than was last used to save host state. Resolve an occurrence of the new WARN by setting loaded_vmcs after the call to vmx_vcpu_put() in vmx_switch_vmcs(). Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit e368b875a8a91125f1bd0ffac1100c305c0bdff4 Author: Sean Christopherson Date: Mon Jul 23 12:32:41 2018 -0700 KVM: vmx: refactor segmentation code in vmx_save_host_state() Use local variables in vmx_save_host_state() to temporarily track the selector and base values for FS and GS, and reorganize the code so that the 64-bit vs 32-bit portions are contained within a single #ifdef. This refactoring paves the way for future patches to modify the updating of VMCS state with minimal changes to the code, and (hopefully) simplifies resolving a likely conflict with another in-flight patch[1] by being the whipping boy for future patches. [1] https://www.spinics.net/lists/kvm/msg171647.html Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit e49fcb8b9ef26dfb2d02b173d790e1ef41177121 Author: Jim Mattson Date: Fri Jul 27 13:44:45 2018 -0700 kvm: nVMX: Fix fault priority for VMX operations When checking emulated VMX instructions for faults, the #UD for "IF (not in VMX operation)" should take precedence over the #GP for "ELSIF CPL > 0." Suggested-by: Eric Northup Signed-off-by: Jim Mattson Reviewed-by: David Hildenbrand Signed-off-by: Paolo Bonzini commit 36090bf43a6b835a42f515cb515ff6fa293a25fe Author: Jim Mattson Date: Fri Jul 27 09:18:50 2018 -0700 kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 The fault that should be raised for a privilege level violation is #GP rather than #UD. Fixes: 727ba748e110b4 ("kvm: nVMX: Enforce cpl=0 for VMX instructions") Signed-off-by: Jim Mattson Reviewed-by: David Hildenbrand Signed-off-by: Paolo Bonzini commit b9b33da2aa7429b0f61bcd218d34e1a277459fb4 Author: Paolo Bonzini Date: Fri Jul 27 17:44:41 2018 +0200 KVM: try __get_user_pages_fast even if not in atomic context We are currently cutting hva_to_pfn_fast short if we do not want an immediate exit, which is represented by !async && !atomic. However, this is unnecessary, and __get_user_pages_fast is *much* faster because the regular get_user_pages takes pmd_lock/pte_lock. In fact, when many CPUs take a nested vmexit at the same time the contention on those locks is visible, and this patch removes about 25% (compared to 4.18) from vmexit.flat on a 16 vCPU nested guest. Suggested-by: Andrea Arcangeli Signed-off-by: Paolo Bonzini commit 877ad952be3d51445f6a74dd63708a9327c8f19d Author: Tianyu Lan Date: Thu Jul 19 08:40:23 2018 +0000 KVM: vmx: Add tlb_remote_flush callback support Register tlb_remote_flush callback for vmx when hyperv capability of nested guest mapping flush is detected. The interface can help to reduce overhead when flush ept table among vcpus for nested VM. The tradition way is to send IPIs to all affected vcpus and executes INVEPT on each vcpus. It will trigger several vmexits for IPI and INVEPT emulation. Hyper-V provides such hypercall to do flush for all vcpus and call the hypercall when all ept table pointers of single VM are same. Signed-off-by: Lan Tianyu Signed-off-by: Paolo Bonzini commit b08660e59dbdb600c55953787ed2265a0b510f77 Author: Tianyu Lan Date: Thu Jul 19 08:40:17 2018 +0000 KVM: x86: Add tlb remote flush callback in kvm_x86_ops. This patch is to provide a way for platforms to register hv tlb remote flush callback and this helps to optimize operation of tlb flush among vcpus for nested virtualization case. Signed-off-by: Lan Tianyu Signed-off-by: Paolo Bonzini commit 60cfce4c4f6f6741882032ee6f895e835533a16b Author: Tianyu Lan Date: Thu Jul 19 08:40:12 2018 +0000 X86/Hyper-V: Add hyperv_nested_flush_guest_mapping ftrace support This patch is to add hyperv_nested_flush_guest_mapping support to trace hvFlushGuestPhysicalAddressSpace hypercall. Signed-off-by: Lan Tianyu Acked-by: K. Y. Srinivasan Signed-off-by: Paolo Bonzini commit eb914cfe72f4c948b2318b1381f6d2e08d43b63c Author: Tianyu Lan Date: Thu Jul 19 08:40:06 2018 +0000 X86/Hyper-V: Add flush HvFlushGuestPhysicalAddressSpace hypercall support Hyper-V supports a pv hypercall HvFlushGuestPhysicalAddressSpace to flush nested VM address space mapping in l1 hypervisor and it's to reduce overhead of flushing ept tlb among vcpus. This patch is to implement it. Signed-off-by: Lan Tianyu Acked-by: K. Y. Srinivasan Signed-off-by: Paolo Bonzini commit 3553ae5690a84a5baae5baa329467b3df2d99f72 Author: Waiman Long Date: Tue Jul 17 17:59:27 2018 -0400 x86/kvm: Don't use pvqspinlock code if only 1 vCPU On a VM with only 1 vCPU, the locking fast path will always be successful. In this case, there is no need to use the the PV qspinlock code which has higher overhead on the unlock side than the native qspinlock code. Signed-off-by: Waiman Long Signed-off-by: Paolo Bonzini commit 450917b654c12075bd2b07d1e375dfed1bc9ca1e Author: Tianyu Lan Date: Wed Jul 18 06:12:04 2018 +0000 KVM/MMU: Simplify __kvm_sync_page() function Merge check of "sp->role.cr4_pae != !!is_pae(vcpu))" and "vcpu-> arch.mmu.sync_page(vcpu, sp) == 0". kvm_mmu_prepare_zap_page() is called under both these conditions. Signed-off-by: Lan Tianyu Signed-off-by: Paolo Bonzini commit 208320ba103e01fd2f3a7b81e97c9c5bc85f0612 Author: Junaid Shahid Date: Wed Jun 27 14:59:21 2018 -0700 kvm: x86: Remove CR3_PCID_INVD flag It is a duplicate of X86_CR3_PCID_NOFLUSH. So just use that instead. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit b94742c958f0b97d304d4aecb4603a20ee9a2df3 Author: Junaid Shahid Date: Wed Jun 27 14:59:20 2018 -0700 kvm: x86: Add multi-entry LRU cache for previous CR3s Adds support for storing multiple previous CR3/root_hpa pairs maintained as an LRU cache, so that the lockless CR3 switch path can be used when switching back to any of them. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit faff87588d8bfd9e56e9203412f0bb80455da7b9 Author: Junaid Shahid Date: Fri Jun 29 13:10:05 2018 -0700 kvm: x86: Flush only affected TLB entries in kvm_mmu_invlpg* This needs a minor bug fix. The updated patch is as follows. Thanks, Junaid ------------------------------------------------------------------------------ kvm_mmu_invlpg() and kvm_mmu_invpcid_gva() only need to flush the TLB entries for the specific guest virtual address, instead of flushing all TLB entries associated with the VM. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit 956bf3531fba53c0501eda4fbc67950b0f7b913f Author: Junaid Shahid Date: Wed Jun 27 14:59:18 2018 -0700 kvm: x86: Skip shadow page resync on CR3 switch when indicated by guest When the guest indicates that the TLB doesn't need to be flushed in a CR3 switch, we can also skip resyncing the shadow page tables since an out-of-sync shadow page table is equivalent to an out-of-sync TLB. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit 08fb59d8a47d5e1f9de08659603a47f117fe60d5 Author: Junaid Shahid Date: Wed Jun 27 14:59:17 2018 -0700 kvm: x86: Support selectively freeing either current or previous MMU root kvm_mmu_free_roots() now takes a mask specifying which roots to free, so that either one of the roots (active/previous) can be individually freed when needed. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit 7eb77e9f5fcf652a21b2d12bff1cd509b6b14f21 Author: Junaid Shahid Date: Wed Jun 27 14:59:16 2018 -0700 kvm: x86: Add a root_hpa parameter to kvm_mmu->invlpg() This allows invlpg() to be called using either the active root_hpa or the prev_root_hpa. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit ade61e2824443a208bb3aaafd8b345ce878298cd Author: Junaid Shahid Date: Wed Jun 27 14:59:15 2018 -0700 kvm: x86: Skip TLB flush on fast CR3 switch when indicated by guest When PCIDs are enabled, the MSb of the source operand for a MOV-to-CR3 instruction indicates that the TLB doesn't need to be flushed. This change enables this optimization for MOV-to-CR3s in the guest that have been intercepted by KVM for shadow paging and are handled within the fast CR3 switch path. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit eb4b248e152d3ecf189b9d32c04961360dbd938a Author: Junaid Shahid Date: Wed Jun 27 14:59:14 2018 -0700 kvm: vmx: Support INVPCID in shadow paging mode Implement support for INVPCID in shadow paging mode as well. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit c9470a2e28479e97eb44d926ea7bbb5709ad9d6b Author: Junaid Shahid Date: Wed Jun 27 14:59:13 2018 -0700 kvm: x86: Propagate guest PCIDs to host PCIDs When using shadow paging mode, propagate the guest's PCID value to the shadow CR3 in the host instead of always using PCID 0. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit afe828d1de4047d26eb0cd0c0154f5ac3722bf63 Author: Junaid Shahid Date: Wed Jun 27 14:59:12 2018 -0700 kvm: x86: Add ability to skip TLB flush when switching CR3 Remove the implicit flush from the set_cr3 handlers, so that the callers are able to decide whether to flush the TLB or not. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit 50c28f21d045dde8c52548f8482d456b3f0956f5 Author: Junaid Shahid Date: Wed Jun 27 14:59:11 2018 -0700 kvm: x86: Use fast CR3 switch for nested VMX Use the fast CR3 switch mechanism to locklessly change the MMU root page when switching between L1 and L2. The switch from L2 to L1 should always go through the fast path, while the switch from L1 to L2 should go through the fast path if L1's CR3/EPTP for L2 hasn't changed since the last time. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit 1c53da3fa3a333eb15ee5a154700e75d135c21c8 Author: Junaid Shahid Date: Wed Jun 27 14:59:10 2018 -0700 kvm: x86: Support resetting the MMU context without resetting roots This adds support for re-initializing the MMU context in a different mode while preserving the active root_hpa and the prev_root. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit 0aab33e4f9459fc80378bc2a089d5784fe8ccd3b Author: Junaid Shahid Date: Wed Jun 27 14:59:09 2018 -0700 kvm: x86: Add support for fast CR3 switch across different MMU modes This generalizes the lockless CR3 switch path to be able to work across different MMU modes (e.g. nested vs non-nested) by checking that the expected page role of the new root page matches the page role of the previously stored root page in addition to checking that the new CR3 matches the previous CR3. Furthermore, instead of loading the hardware CR3 in fast_cr3_switch(), it is now done in vcpu_enter_guest(), as by that time the MMU context would be up-to-date with the VCPU mode. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit 6e42782f516f05c8030f63308f2457681b1c9919 Author: Junaid Shahid Date: Wed Jun 27 14:59:08 2018 -0700 kvm: x86: Introduce KVM_REQ_LOAD_CR3 The KVM_REQ_LOAD_CR3 request loads the hardware CR3 using the current root_hpa. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit 9fa72119b24db78d665a4034b5a0d349b0289b08 Author: Junaid Shahid Date: Wed Jun 27 14:59:07 2018 -0700 kvm: x86: Introduce kvm_mmu_calc_root_page_role() These functions factor out the base role calculation from the corresponding kvm_init_*_mmu() functions. The new functions return what would be the role assigned to a root page in the current VCPU state. This can be masked with mmu_base_role_mask to derive the base role. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit 7c390d350f8b677df3236afef4ced80dba6c3201 Author: Junaid Shahid Date: Wed Jun 27 14:59:06 2018 -0700 kvm: x86: Add fast CR3 switch code path When using shadow paging, a CR3 switch in the guest results in a VM Exit. In the common case, that VM exit doesn't require much processing by KVM. However, it does acquire the MMU lock, which can start showing signs of contention under some workloads even on a 2 VCPU VM when the guest is using KPTI. Therefore, we add a fast path that avoids acquiring the MMU lock in the most common cases e.g. when switching back and forth between the kernel and user mode CR3s used by KPTI with no guest page table changes in between. For now, this fast path is implemented only for 64-bit guests and hosts to avoid the handling of PDPTEs, but it can be extended later to 32-bit guests and/or hosts as well. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit 578e1c4db22135d91bad6c79585c4d19252b8d81 Author: Junaid Shahid Date: Wed Jun 27 14:59:05 2018 -0700 kvm: x86: Avoid taking MMU lock in kvm_mmu_sync_roots if no sync is needed kvm_mmu_sync_roots() can locklessly check whether a sync is needed and just bail out if it isn't. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit 5ce4786f75d16504223c7a65a42b200c2550fa29 Author: Junaid Shahid Date: Wed Jun 27 14:59:04 2018 -0700 kvm: x86: Make sync_page() flush remote TLBs once only sync_page() calls set_spte() from a loop across a page table. It would work better if set_spte() left the TLB flushing to its callers, so that sync_page() can aggregate into a single call. Signed-off-by: Junaid Shahid Signed-off-by: Paolo Bonzini commit 42522d08cdba6d8be4247e4f0770f39f4708b71f Author: Peter Xu Date: Wed Jul 18 15:57:50 2018 +0800 KVM: MMU: drop vcpu param in gpte_access It's never used. Drop it. Signed-off-by: Peter Xu Signed-off-by: Paolo Bonzini commit abfc52c612ddb101549846688bc87dfedbbfd4f4 Author: Liran Alon Date: Sat Jun 23 02:35:13 2018 +0300 KVM: nVMX: Separate logic allocating shadow vmcs to a function No functionality change. This is done as a preparation for VMCS shadowing virtualization. Signed-off-by: Liran Alon Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini commit 491a6038458fc07ec307447dd5e6722e34d67c04 Author: Liran Alon Date: Sat Jun 23 02:35:12 2018 +0300 KVM: VMX: Mark vmcs header as shadow in case alloc_vmcs_cpu() allocate shadow vmcs No functionality change. Signed-off-by: Liran Alon Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini commit 32c7acf044873c8782be45a03e46cf0ac579a459 Author: Liran Alon Date: Sat Jun 23 02:35:11 2018 +0300 KVM: nVMX: Expose VMCS shadowing to L1 guest Expose VMCS shadowing to L1 as a VMX capability of the virtual CPU, whether or not VMCS shadowing is supported by the physical CPU. (VMCS shadowing emulation) Shadowed VMREADs and VMWRITEs from L2 are handled by L0, without a VM-exit to L1. Signed-off-by: Liran Alon Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini commit a7cde481b6e8506ee147cf5031ad1917fcc8bf9b Author: Liran Alon Date: Sat Jun 23 02:35:10 2018 +0300 KVM: nVMX: Do not forward VMREAD/VMWRITE VMExits to L1 if required so by vmcs12 vmread/vmwrite bitmaps This is done as a preparation for VMCS shadowing emulation. Signed-off-by: Liran Alon Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini commit 6d894f498f5d121b57a231315b0b459e185abed1 Author: Liran Alon Date: Sat Jun 23 02:35:09 2018 +0300 KVM: nVMX: vmread/vmwrite: Use shadow vmcs12 if running L2 This is done as a preparation to VMCS shadowing emulation. Signed-off-by: Liran Alon Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini commit 9a78bdf31da79a2a58585474598afcf44b14b245 Author: Paolo Bonzini Date: Sun Jul 29 00:14:11 2018 +0200 KVM: selftests: add tests for shadow VMCS save/restore This includes setting up the shadow VMCS and the secondary execution controls in lib/vmx.c. Signed-off-by: Paolo Bonzini commit fa58a9fa74979f845fc6c94a58501e67f3abb6de Author: Paolo Bonzini Date: Wed Jul 18 19:45:51 2018 +0200 KVM: nVMX: include shadow vmcs12 in nested state The shadow vmcs12 cannot be flushed on KVM_GET_NESTED_STATE, because at that point guest memory is assumed by userspace to be immutable. Capture the cache in vmx_get_nested_state, adding another page at the end if there is an active shadow vmcs12. Signed-off-by: Paolo Bonzini commit 61ada7488ffdef0c0f83da14a12629870abb9e97 Author: Liran Alon Date: Sat Jun 23 02:35:08 2018 +0300 KVM: nVMX: Cache shadow vmcs12 on VMEntry and flush to memory on VMExit This is done is done as a preparation to VMCS shadowing emulation. Signed-off-by: Liran Alon Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini commit f145d90d97bab0e11b78da1739e5db742575037c Author: Liran Alon Date: Sat Jun 23 02:35:07 2018 +0300 KVM: nVMX: Verify VMCS shadowing VMCS link pointer Intel SDM considers these checks to be part of "Checks on Guest Non-Register State". Note that it is legal for vmcs->vmcs_link_pointer to be -1ull when VMCS shadowing is enabled. In this case, any VMREAD/VMWRITE to shadowed-field sets the ALU flags for VMfailInvalid (i.e. CF=1). Signed-off-by: Liran Alon Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini commit a8a7c02bf7b70cda6face6321a45de56519c24bf Author: Liran Alon Date: Sat Jun 23 02:35:06 2018 +0300 KVM: nVMX: Verify VMCS shadowing controls Signed-off-by: Liran Alon Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini commit f792d2743ed4db9e96eff43bdc1e15dd441f19bf Author: Liran Alon Date: Sat Jun 23 02:35:05 2018 +0300 KVM: nVMX: Introduce nested_cpu_has_shadow_vmcs() Signed-off-by: Liran Alon Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini commit a6192d40d52f6b86997a71449e2ebc3d7f5ca103 Author: Liran Alon Date: Sat Jun 23 02:35:04 2018 +0300 KVM: nVMX: Fail VMLAUNCH and VMRESUME on shadow VMCS Signed-off-by: Liran Alon Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini commit fa97d7dba7538adf174c3984e726c0537ab553a4 Author: Liran Alon Date: Wed Jul 18 14:07:59 2018 +0200 KVM: nVMX: Allow VMPTRLD for shadow VMCS if vCPU supports VMCS shadowing Signed-off-by: Liran Alon Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini commit e253674227328575084cf7454d22749b9be11d52 Author: Liran Alon Date: Sat Jun 23 02:35:02 2018 +0300 KVM: VMX: Change vmcs12_{read,write}_any() to receive vmcs12 as parameter No functionality change. This is done as a preparation for VMCS shadowing emulation. Signed-off-by: Liran Alon Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini commit 392b2f25aa415c0222b348f95875409be49a1201 Author: Liran Alon Date: Sat Jun 23 02:35:01 2018 +0300 KVM: VMX: Create struct for VMCS header No functionality change. Signed-off-by: Liran Alon Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini commit cb5476379f0718046f3c6b3195d18838c5b25ea2 Author: Paolo Bonzini Date: Sat Jul 28 21:56:09 2018 +0200 kvm: selftests: add test for nested state save/restore Signed-off-by: Paolo Bonzini commit 8fcc4b5923af5de58b80b53a069453b135693304 Author: Jim Mattson Date: Tue Jul 10 11:27:20 2018 +0200 kvm: nVMX: Introduce KVM_CAP_NESTED_STATE For nested virtualization L0 KVM is managing a bit of state for L2 guests, this state can not be captured through the currently available IOCTLs. In fact the state captured through all of these IOCTLs is usually a mix of L1 and L2 state. It is also dependent on whether the L2 guest was running at the moment when the process was interrupted to save its state. With this capability, there are two new vcpu ioctls: KVM_GET_NESTED_STATE and KVM_SET_NESTED_STATE. These can be used for saving and restoring a VM that is in VMX operation. Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Thomas Gleixner Cc: Ingo Molnar Cc: H. Peter Anvin Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Jim Mattson [karahmed@ - rename structs and functions and make them ready for AMD and address previous comments. - handle nested.smm state. - rebase & a bit of refactoring. - Merge 7/8 and 8/8 into one patch. ] Signed-off-by: KarimAllah Ahmed Signed-off-by: Paolo Bonzini commit 7f7f1ba33cf2c21d001821313088c231db42ff40 Author: Paolo Bonzini Date: Wed Jul 18 18:49:01 2018 +0200 KVM: x86: do not load vmcs12 pages while still in SMM If the vCPU enters system management mode while running a nested guest, RSM starts processing the vmentry while still in SMM. In that case, however, the pages pointed to by the vmcs12 might be incorrectly loaded from SMRAM. To avoid this, delay the handling of the pages until just before the next vmentry. This is done with a new request and a new entry in kvm_x86_ops, which we will be able to reuse for nested VMX state migration. Extracted from a patch by Jim Mattson and KarimAllah Ahmed. Signed-off-by: Paolo Bonzini commit fa3899add1056f209c5b61d0c60cec34775a6781 Author: Paolo Bonzini Date: Thu Jul 26 13:19:23 2018 +0200 kvm: selftests: add basic test for state save and restore The test calls KVM_RUN repeatedly, and creates an entirely new VM with the old memory and vCPU state on every exit to userspace. The kvm_util API is expanded with two functions that manage the lifetime of a kvm_vm struct: the first closes the file descriptors and leaves the memory allocated, and the second opens the file descriptors and reuses the memory from the previous incarnation of the kvm_vm struct. For now the test is very basic, as it does not test for example XSAVE or vCPU events. However, it will test nested virtualization state starting with the next patch. Signed-off-by: Paolo Bonzini commit 0a505fe6f272c5c1ceebbd266535ad79d9ca6920 Author: Paolo Bonzini Date: Thu Jul 26 13:02:24 2018 +0200 kvm: selftests: ensure vcpu file is released The selftests were not munmap-ing the kvm_run area from the vcpu file descriptor. The result was that kvm_vcpu_release was not called and a reference was left in the parent "struct kvm". Ultimately this was visible in the upcoming state save/restore test as an error when KVM attempted to create a duplicate debugfs entry. Signed-off-by: Paolo Bonzini commit 87ccb7dbb25b28c0003fe4be88ed02289b651f96 Author: Paolo Bonzini Date: Sat Jul 28 18:45:38 2018 +0200 kvm: selftests: actually use all of lib/vmx.c The allocation of the VMXON and VMCS is currently done twice, in lib/vmx.c and in vmx_tsc_adjust_test.c. Reorganize the code to provide a cleaner and easier to use API to the tests. lib/vmx.c now does the complete setup of the VMX data structures, but does not create the VM or set CPUID. This has to be done by the caller. Signed-off-by: Paolo Bonzini commit 2305339ee7129d9d56af3bdd4d59aff4d29ed390 Author: Paolo Bonzini Date: Sat Jul 28 18:09:44 2018 +0200 kvm: selftests: create a GDT and TSS The GDT and the TSS base were left to zero, and this has interesting effects when the TSS descriptor is later read to set up a VMCS's TR_BASE. Basically it worked by chance, and this patch fixes it by setting up all the protected mode data structures properly. Because the GDT and TSS addresses are virtual, the page tables now always exist at the time of vcpu setup. Signed-off-by: Paolo Bonzini commit 44883f01fe6ae436a8604c47d8435276fef369b0 Author: Paolo Bonzini Date: Thu Jul 26 13:01:52 2018 +0200 KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd Some of the MSRs returned by GET_MSR_INDEX_LIST currently cannot be sent back to KVM_GET_MSR and/or KVM_SET_MSR; either they can never be sent back, or you they are only accepted under special conditions. This makes the API a pain to use. To avoid this pain, this patch makes it so that the result of the get-list ioctl can always be used for host-initiated get and set. Since we don't have a separate way to check for read-only MSRs, this means some Hyper-V MSRs are ignored when written. Arguably they should not even be in the result of GET_MSR_INDEX_LIST, but I am leaving there in case userspace is using the outcome of GET_MSR_INDEX_LIST to derive the support for the corresponding Hyper-V feature. Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini commit cf81a7e580ac0d598d3e7e9c06864168b2b4073d Author: Sean Christopherson Date: Wed Jul 11 09:54:30 2018 -0700 KVM: vmx: remove save/restore of host BNDCGFS MSR Linux does not support Memory Protection Extensions (MPX) in the kernel itself, thus the BNDCFGS (Bound Config Supervisor) MSR will always be zero in the KVM host, i.e. RDMSR in vmx_save_host_state() is superfluous. KVM unconditionally sets VM_EXIT_CLEAR_BNDCFGS, i.e. BNDCFGS will always be zero after VMEXIT, thus manually loading BNDCFGS is also superfluous. And in the event the MPX kernel support is added (unlikely given that MPX for userspace is in its death throes[1]), BNDCFGS will likely be common across all CPUs[2], and at the least shouldn't change on a regular basis, i.e. saving the MSR on every VMENTRY is completely unnecessary. WARN_ONCE in hardware_setup() if the host's BNDCFGS is non-zero to document that KVM does not preserve BNDCFGS and to serve as a hint as to how BNDCFGS likely should be handled if MPX is used in the kernel, e.g. BNDCFGS should be saved once during KVM setup. [1] https://lkml.org/lkml/2018/4/27/1046 [2] http://www.openwall.com/lists/kernel-hardening/2017/07/24/28 Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit 86dafed50e2b9b18198cc663775ece819ff113ba Author: KarimAllah Ahmed Date: Tue Jul 10 11:27:19 2018 +0200 KVM: Switch 'requests' to be 64-bit (explicitly) Switch 'requests' to be explicitly 64-bit and update BUILD_BUG_ON check to use the size of "requests" instead of the hard-coded '32'. That gives us a bit more room again for arch-specific requests as we already ran out of space for x86 due to the hard-coded check. The only exception here is ARM32 as it is still 32-bits. Cc: Paolo Bonzini Cc: Radim KrÄmář Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Jim Mattson Signed-off-by: KarimAllah Ahmed Signed-off-by: Paolo Bonzini commit ca359066889f753ca6d54bb333b783e7a784c0d1 Author: Wei Huang Date: Mon Jun 25 23:41:57 2018 -0400 kvm: selftests: add cr4_cpuid_sync_test KVM is supposed to update some guest VM's CPUID bits (e.g. OSXSAVE) when CR4 is changed. A bug was found in KVM recently and it was fixed by Commit c4d2188206ba ("KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed"). This patch adds a test to verify the synchronization between guest VM's CR4 and CPUID bits. Signed-off-by: Wei Huang Signed-off-by: Paolo Bonzini commit d2ce98ca0a192e1bcb89068adfe6cb736f5e351c Merge: 85eae57bbb06 d72e90f33aa4 Author: Paolo Bonzini Date: Mon Aug 6 17:31:36 2018 +0200 Merge tag 'v4.18-rc6' into HEAD Pull bug fixes into the KVM development tree to avoid nasty conflicts. commit 12aea518a202bc7c947553840f1d93f8129b41b2 Author: Johannes Thumshirn Date: Fri Aug 3 18:35:17 2018 +0200 watchdog: fix dependencies of menz69_wdt.o Currently menz69_wdt.ko has a dependency on MCB or COMPILE_TEST. But it actually needs symbols exported by MCB so the || COMPILE_TEST is wrong. Signed-off-by: Johannes Thumshirn Reported-by: Randy Dunlap Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck commit dc0e4a3bb7dcd087e9d338acbe6ef3f3667b278b Author: Srinath Mannam Date: Thu Jul 26 10:28:42 2018 +0530 watchdog: sp805: Add clock-frequency property Use clock-frequency property given in _DSD object of ACPI device to calculate Watchdog rate as binding clock devices are not available as device tree. Note: There is no formal review process for _DSD properties Signed-off-by: Srinath Mannam Reviewed-by: Guenter Roeck Reviewed-by: Ray Jui Reviewed-by: Scott Branden Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck commit bf06bad958c4536ee5ac3461a18976ea3e896f26 Author: Gustavo A. R. Silva Date: Sat Aug 4 19:50:14 2018 -0500 xen/biomerge: Use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky commit f87c30c96cd9b5baa28bc63900f16e04e8c7cbb2 Author: Gustavo A. R. Silva Date: Mon Aug 6 08:14:55 2018 -0600 xen-blkfront: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Acked-by: Roger Pau Monné Signed-off-by: Gustavo A. R. Silva Signed-off-by: Jens Axboe commit ad3e0b2f3c9483fa79bb4148464dba52ce33ae46 Author: YueHaibing Date: Mon Aug 6 19:08:51 2018 +0800 Bluetooth: remove redundant variables 'adv_set' and 'cp' Variables 'adv_set' and 'cp' are being assigned but are never used hence they are redundant and can be removed. Cleans up clang warnings: net/bluetooth/hci_event.c:1135:29: warning: variable 'adv_set' set but not used [-Wunused-but-set-variable] net/bluetooth/mgmt.c:3359:39: warning: variable 'cp' set but not used [-Wunused-but-set-variable] Signed-off-by: YueHaibing Signed-off-by: Johan Hedberg commit 5b147465532365dc4e2fee8499d6ca1f52dd0d16 Author: Lucas Stach Date: Mon Jul 23 14:27:23 2018 +0200 drm/etnaviv: fix crash in GPU suspend when init failed due to buffer placement When the suballocator was unable to provide a suitable buffer for the MMUv1 linear window, we roll back the GPU initialization. As the GPU is runtime resumed at that point we need to clear the kernel cmdbuf suballoc entry to properly skip any attempt to manipulate the cmdbuf when the GPU gets shut down in the runtime suspend later on. Signed-off-by: Lucas Stach commit cfad05a24dcb2bf09ba6438e0843c6a0ed90381c Author: Souptick Joarder Date: Tue May 29 19:17:27 2018 +0530 drm/etnaviv: change return type to vm_fault_t Use new return type vm_fault_t for fault handler. For now, this is just documenting that the function returns a VM_FAULT value rather than an errno. Once all instances are converted, vm_fault_t will become a distinct type. Ref- commit 1c8f422059ae ("mm: change return type to vm_fault_t") Previously vm_insert_page() returns err which driver mapped into VM_FAULT_* type. The new function vmf_insert_page() will replace this inefficiency by returning VM_FAULT_* type. vmf_error() is the newly introduce inline function in 4.17-rc6. Signed-off-by: Souptick Joarder Reviewed-by: Matthew Wilcox Signed-off-by: Lucas Stach commit a0780bb1df60f00e4573db7bd53e7039e9eee1cb Author: Lucas Stach Date: Fri May 25 16:51:25 2018 +0200 drm/etnaviv: protect sched job submission with fence mutex The documentation of drm_sched_job_init and drm_sched_entity_push_job has been clarified. Both functions should be called under a shared lock, to avoid jobs getting pushed into the scheduler queue in a different order than their sched_fence seqnos, which will confuse checks that are looking at the seqnos to infer information about completion order. Signed-off-by: Lucas Stach commit 6ae9c84ff249f2756086e71405375fd06124cf1f Author: Philipp Zabel Date: Tue May 15 16:09:15 2018 +0200 drm/etnaviv: mmuv2: use memset32 to init scratch page Replace the open-coded scratch page initialization loop with memset32 Signed-off-by: Philipp Zabel Signed-off-by: Lucas Stach commit ad0eaee6195db1db1749dd46b9e6f4466793d178 Author: Gustavo A. R. Silva Date: Mon Aug 6 07:14:51 2018 -0500 ASoC: wm8994: Fix missing break in switch Add missing break statement in order to prevent the code from falling through to the default case. Addresses-Coverity-ID: 115050 ("Missing break in switch") Reported-by: Valdis Kletnieks Signed-off-by: Gustavo A. R. Silva Acked-by: Charles Keepax Signed-off-by: Mark Brown Cc: stable@vger.kernel.org commit 0961503412e3e13d82f885f9fb3af527edd58e47 Author: Srinivas Kandagatla Date: Mon Aug 6 11:12:09 2018 +0100 ASoC: qdsp6: q6afe-dai: add SLIM tx AIF_IN dapm Add missing AIF_IN dapm for slim tx ports. Signed-off-by: Srinivas Kandagatla Signed-off-by: Mark Brown commit d72117d0c89a3f5657ef91d5eef31337964e3cb2 Author: Srinivas Kandagatla Date: Mon Aug 6 11:12:08 2018 +0100 ASoC: qcom: remove unused header files from common.h This patch removes unused header files from common.h. Signed-off-by: Srinivas Kandagatla Signed-off-by: Mark Brown commit 846b2c96808cc7cdf4e0619d00604b3edd15b35a Author: Srinivas Kandagatla Date: Mon Aug 6 11:12:07 2018 +0100 ASoC: sdm845: remove unused header files This patch removes unused header files from the driver. Signed-off-by: Srinivas Kandagatla Signed-off-by: Mark Brown commit e9d244b14dd5cf9a78ab256a4463d946e580ca63 Author: Srinivas Kandagatla Date: Mon Aug 6 11:12:06 2018 +0100 ASoC: apq8096: remove unused header files This patch removes unused header files from the driver. Signed-off-by: Srinivas Kandagatla Signed-off-by: Mark Brown commit 8e3684f66e15c354dba5544c2af8ce973ed40cf6 Author: Srinivas Kandagatla Date: Mon Aug 6 11:12:05 2018 +0100 ASoC: qcom: make common.c as proper module This patch converts common helper functions in to proper module and also fixes below warning. WARNING: sound/soc/qcom/snd-soc-sdm845: 'qcom_snd_parse_of' exported twice. Previous export was in sound/soc/qcom/snd-soc-apq8096.ko Signed-off-by: Srinivas Kandagatla Signed-off-by: Mark Brown commit d7a4303b8d1fa6f60b73ed91317a51764a2a412c Author: Viresh Kumar Date: Thu Jul 5 10:39:23 2018 +0530 dt-bindings: thermal: Allow multiple devices to share cooling map Allow cooling devices sharing same trip point with same contribution value to share the cooling map as well. Otherwise the same information will be duplicated for each device sharing the trip point. Signed-off-by: Viresh Kumar Reviewed-by: Rob Herring Signed-off-by: Zhang Rui commit bee7d3c9f89a1bbe3d5f88ac9d6946de4705731b Author: Gustavo A. R. Silva Date: Sat Aug 4 16:56:02 2018 -0500 ASoC: wm8903: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Acked-by: Charles Keepax Signed-off-by: Mark Brown commit e1ec62b147c2f2deae66e69ee4f7347dc80123ae Author: Gustavo A. R. Silva Date: Sat Aug 4 16:55:28 2018 -0500 ASoC: da9055: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit 380ae4ec420304aa59adb36776eaf78aef37192c Author: Gustavo A. R. Silva Date: Sat Aug 4 16:54:54 2018 -0500 ASoC: wm5100-tables: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Acked-by: Charles Keepax Signed-off-by: Mark Brown commit 1752a35acd8e837463fb7b7d9492b18e2a2ed5e3 Author: Gustavo A. R. Silva Date: Sat Aug 4 16:54:10 2018 -0500 ASoC: da7213: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit bc94c8884e5a94914ec950dfc615563a1253e3f3 Author: Gustavo A. R. Silva Date: Sat Aug 4 16:53:38 2018 -0500 ASoC: twl6040: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit 965afd3c1dbaf293bfa9452aaf0a7e53d78d07f3 Author: Gustavo A. R. Silva Date: Sat Aug 4 16:53:10 2018 -0500 ASoC: da7219: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit eb086306bc6b42dc2c538ec2350d44a82d1a835b Author: Gustavo A. R. Silva Date: Sat Aug 4 16:52:35 2018 -0500 ASoC: wm8996: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Acked-by: Charles Keepax Signed-off-by: Mark Brown commit c34c4515286f27e7e99d8a0011b4322d1de6c9bc Author: Gustavo A. R. Silva Date: Sat Aug 4 16:52:01 2018 -0500 ASoC: cs4270: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit 064ee5a370150534e12e5bac4ff81f86528e27ca Author: Gustavo A. R. Silva Date: Sat Aug 4 16:51:01 2018 -0500 ASoC: wm8990: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Acked-by: Charles Keepax Signed-off-by: Mark Brown commit 10754bfc051256ab922b818de3ddd11391862a5f Author: Gustavo A. R. Silva Date: Sat Aug 4 16:50:27 2018 -0500 ASoC: tda7419: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit 508e8641f89cc89554adbec3ce59bcd28a4ced4b Author: Gustavo A. R. Silva Date: Sat Aug 4 16:49:55 2018 -0500 ASoC: rt5631: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit 038541dae968dbef99edca4b22bbb2a7b4afdc83 Author: Gustavo A. R. Silva Date: Sat Aug 4 16:49:02 2018 -0500 ASoC: max9850: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit 39379faaad79e3cf403a6904a08676b7850043ae Author: Naohiro Aota Date: Fri Jul 27 09:04:55 2018 +0900 btrfs: revert fs_devices state on error of btrfs_init_new_device When btrfs hits error after modifying fs_devices in btrfs_init_new_device() (such as btrfs_add_dev_item() returns error), it leaves everything as is, but frees allocated btrfs_device. As a result, fs_devices->devices and fs_devices->alloc_list contain already freed btrfs_device, leading to later use-after-free bug. Error path also messes the things like ->num_devices. While they go back to the original value by unscanning btrfs devices, it is safe to revert them here. Fixes: 79787eaab461 ("btrfs: replace many BUG_ONs with proper error handling") Signed-off-by: Naohiro Aota Reviewed-by: Filipe Manana Signed-off-by: David Sterba commit 64f64f43c89aca1782aa672e0586f6903c5d8979 Author: Qu Wenruo Date: Wed Aug 1 10:37:20 2018 +0800 btrfs: Exit gracefully when chunk map cannot be inserted to the tree It's entirely possible that a crafted btrfs image contains overlapping chunks. Although we can't detect such problem by tree-checker, it's not a catastrophic problem, current extent map can already detect such problem and return -EEXIST. We just only need to exit gracefully and fail the mount. Reported-by: Xu Wen Link: https://bugzilla.kernel.org/show_bug.cgi?id=200409 Signed-off-by: Qu Wenruo Reviewed-by: David Sterba Signed-off-by: David Sterba commit cf90d884b347c50a1e8c1effc4093e497dd68b4b Author: Qu Wenruo Date: Wed Aug 1 10:37:19 2018 +0800 btrfs: Introduce mount time chunk <-> dev extent mapping check This patch will introduce chunk <-> dev extent mapping check, to protect us against invalid dev extents or chunks. Since chunk mapping is the fundamental infrastructure of btrfs, extra check at mount time could prevent a lot of unexpected behavior (BUG_ON). Reported-by: Xu Wen Link: https://bugzilla.kernel.org/show_bug.cgi?id=200403 Link: https://bugzilla.kernel.org/show_bug.cgi?id=200407 Signed-off-by: Qu Wenruo Reviewed-by: Su Yue Reviewed-by: David Sterba Signed-off-by: David Sterba commit 7ef49515fa6727cb4b6f2f5b0ffbc5fc20a9f8c6 Author: Qu Wenruo Date: Wed Aug 1 10:37:17 2018 +0800 btrfs: Verify that every chunk has corresponding block group at mount time If a crafted image has missing block group items, it could cause unexpected behavior and breaks the assumption of 1:1 chunk<->block group mapping. Although we have the block group -> chunk mapping check, we still need chunk -> block group mapping check. This patch will do extra check to ensure each chunk has its corresponding block group. Link: https://bugzilla.kernel.org/show_bug.cgi?id=199847 Reported-by: Xu Wen Signed-off-by: Qu Wenruo Reviewed-by: Gu Jinxiang Reviewed-by: David Sterba Signed-off-by: David Sterba commit 514c7dca85a0bf40be984dab0b477403a6db901f Author: Qu Wenruo Date: Wed Aug 1 10:37:16 2018 +0800 btrfs: Check that each block group has corresponding chunk at mount time A crafted btrfs image with incorrect chunk<->block group mapping will trigger a lot of unexpected things as the mapping is essential. Although the problem can be caught by block group item checker added in "btrfs: tree-checker: Verify block_group_item", it's still not sufficient. A sufficiently valid block group item can pass the check added by the mentioned patch but could fail to match the existing chunk. This patch will add extra block group -> chunk mapping check, to ensure we have a completely matching (start, len, flags) chunk for each block group at mount time. Here we reuse the original helper find_first_block_group(), which is already doing the basic bg -> chunk checks, adding further checks of the start/len and type flags. Link: https://bugzilla.kernel.org/show_bug.cgi?id=199837 Reported-by: Xu Wen Signed-off-by: Qu Wenruo Reviewed-by: Su Yue Reviewed-by: David Sterba Signed-off-by: David Sterba commit 22d3151c2c4cb517a309154d1e828a28106508c7 Author: Filipe Manana Date: Mon Jul 30 12:39:58 2018 +0100 Btrfs: send, fix incorrect file layout after hole punching beyond eof When doing an incremental send, if we have a file in the parent snapshot that has prealloc extents beyond EOF and in the send snapshot it got a hole punch that partially covers the prealloc extents, the send stream, when replayed by a receiver, can result in a file that has a size bigger than it should and filled with zeroes past the correct EOF. For example: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ xfs_io -f -c "falloc -k 0 4M" /mnt/foobar $ xfs_io -c "pwrite -S 0xea 0 1M" /mnt/foobar $ btrfs subvolume snapshot -r /mnt /mnt/snap1 $ btrfs send -f /tmp/1.send /mnt/snap1 $ xfs_io -c "fpunch 1M 2M" /mnt/foobar $ btrfs subvolume snapshot -r /mnt /mnt/snap2 $ btrfs send -f /tmp/2.send -p /mnt/snap1 /mnt/snap2 $ stat --format %s /mnt/snap2/foobar 1048576 $ md5sum /mnt/snap2/foobar d31659e82e87798acd4669a1e0a19d4f /mnt/snap2/foobar $ umount /mnt $ mkfs.btrfs -f /dev/sdc $ mount /dev/sdc /mnt $ btrfs receive -f /mnt/1.snap /mnt $ btrfs receive -f /mnt/2.snap /mnt $ stat --format %s /mnt/snap2/foobar 3145728 # --> should be 1Mb and not 3Mb (which was the end offset of hole # punch operation) $ md5sum /mnt/snap2/foobar 117baf295297c2a995f92da725b0b651 /mnt/snap2/foobar # --> should be d31659e82e87798acd4669a1e0a19d4f as in the original fs This issue actually happens only since commit ffa7c4296e93 ("Btrfs: send, do not issue unnecessary truncate operations"), but before that commit we were issuing a write operation full of zeroes (to "punch" a hole) which was extending the file size beyond the correct value and then immediately issue a truncate operation to the correct size and undoing the previous write operation. Since the send protocol does not support fallocate, for extent preallocation and hole punching, fix this by not even attempting to send a "hole" (regular write full of zeroes) if it starts at an offset greater then or equals to the file's size. This approach, besides being much more simple then making send issue the truncate operation, adds the benefit of avoiding the useless pair of write of zeroes and truncate operations, saving time and IO at the receiver and reducing the size of the send stream. A test case for fstests follows soon. Fixes: ffa7c4296e93 ("Btrfs: send, do not issue unnecessary truncate operations") CC: stable@vger.kernel.org # 4.17+ Signed-off-by: Filipe Manana Signed-off-by: David Sterba commit 672d599041c862dd61a1576c32e946ef0d77aa34 Author: Misono Tomohiro Date: Thu Aug 2 16:19:07 2018 +0900 btrfs: Use wrapper macro for rcu string to remove duplicate code Cleanup patch and no functional changes. Signed-off-by: Misono Tomohiro Reviewed-by: Qu Wenruo Reviewed-by: David Sterba Signed-off-by: David Sterba commit f5b3a4173ff624b766c56936bb315e1517603891 Author: Al Viro Date: Sun Jul 29 23:04:51 2018 +0100 btrfs: simplify btrfs_iget Don't open-code iget_failed(), don't bother with btrfs_free_path(NULL), move handling of positive return values of btrfs_lookup_inode() from btrfs_read_locked_inode() to btrfs_iget() and kill now obviously pointless ASSERT() in there. Signed-off-by: Al Viro Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit 9bc2ceff660580454f971ed3f891a2c82085433a Author: Al Viro Date: Sun Jul 29 23:04:50 2018 +0100 btrfs: lift make_bad_inode into btrfs_iget We don't need to check is_bad_inode() after the call of btrfs_read_locked_inode() - it's exactly the same as checking return value for being non-zero. Signed-off-by: Al Viro Reviewed-by: David Sterba Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit 8d9e220ca0844bf75b98cb5b8e2c25d203c0d0f6 Author: Al Viro Date: Sun Jul 29 23:04:46 2018 +0100 btrfs: simplify IS_ERR/PTR_ERR checks IS_ERR(p) && PTR_ERR(p) == n is a weird way to spell p == ERR_PTR(n). Signed-off-by: Al Viro Reviewed-by: David Sterba Reviewed-by: Nikolay Borisov [ update changelog ] Signed-off-by: David Sterba commit 2e19f1f9d31b3515356710b8bdfb655f47a98448 Author: Al Viro Date: Sun Jul 29 23:04:45 2018 +0100 btrfs: btrfs_iget never returns an is_bad_inode inode Just get rid of pointless checks. Signed-off-by: Al Viro Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit 1e7e1f9e3aba00c9b9c323bfeeddafe69ff21ff6 Author: Misono Tomohiro Date: Tue Jul 31 16:20:21 2018 +0900 btrfs: replace: Reset on-disk dev stats value after replace on-disk devs stats value is updated in btrfs_run_dev_stats(), which is called during commit transaction, if device->dev_stats_ccnt is not zero. Since current replace operation does not touch dev_stats_ccnt, on-disk dev stats value is not updated. Therefore "btrfs device stats" may return old device's value after umount/mount (Example: See "btrfs ins dump-t -t DEV $DEV" after btrfs/100 finish). Fix this by just incrementing dev_stats_ccnt in btrfs_dev_replace_finishing() when replace is succeeded and this will update the values. Signed-off-by: Misono Tomohiro Reviewed-by: David Sterba Signed-off-by: David Sterba commit 85c39548199b966062578fb99d4d4ecdeae2afae Author: Misono Tomohiro Date: Thu Jul 26 11:40:54 2018 +0900 btrfs: extent-tree: Remove unused __btrfs_free_block_rsv There is no user of this function anymore. This was forgotten to be removed in commit a575ceeb1338 ("Btrfs: get rid of unused orphan infrastructure"). Signed-off-by: Misono Tomohiro Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit afc6961ffd96ee7e2a86e70e9691a008eadf2926 Author: Misono Tomohiro Date: Thu Jul 26 10:22:58 2018 +0900 btrfs: backref: Use ERR_CAST to return error code Use ERR_CAST() instead of void * to make meaning clear. Signed-off-by: Misono Tomohiro Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit 5b7d687ad5913a56b6a8788435d7a53990b4176d Author: Lu Fengqi Date: Wed Aug 1 11:32:31 2018 +0800 btrfs: Remove redundant btrfs_release_path from btrfs_unlink_subvol Although it is safe to call this on already released paths with no locks held or extent buffers, removing the redundant btrfs_release_path is reasonable. Signed-off-by: Lu Fengqi Reviewed-by: David Sterba Signed-off-by: David Sterba commit 401b3b19d592391b718b7a17295ae34eace973dd Author: Lu Fengqi Date: Wed Aug 1 11:32:30 2018 +0800 btrfs: Remove root parameter from btrfs_unlink_subvol All callers pass the root tree of dir, we can push that down to the function itself. Signed-off-by: Lu Fengqi Reviewed-by: David Sterba Signed-off-by: David Sterba commit 6025c19fb208e93b99eafc304e7f16160e49fc88 Author: Lu Fengqi Date: Wed Aug 1 11:32:29 2018 +0800 btrfs: Remove fs_info from btrfs_add_root_ref It can be referenced from the passed transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 3ee1c5530e649182e602eb2f81193289c4d2e655 Author: Lu Fengqi Date: Wed Aug 1 11:32:28 2018 +0800 btrfs: Remove fs_info from btrfs_del_root_ref It can be referenced from the passed transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit ab9ce7d42bf66f0750a4ca4a228a2db238376afb Author: Lu Fengqi Date: Wed Aug 1 11:32:27 2018 +0800 btrfs: Remove fs_info from btrfs_del_root It can be referenced from the passed transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 9add29457ac124e846cde4b875c632edaa722c08 Author: Lu Fengqi Date: Wed Aug 1 11:32:26 2018 +0800 btrfs: Remove fs_info from btrfs_delete_delayed_dir_index It can be referenced from the passed transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 4465c8b4229de50f17b6780677ce068b3582a55d Author: Lu Fengqi Date: Wed Aug 1 11:32:25 2018 +0800 btrfs: Remove fs_info from btrfs_insert_delayed_dir_index It can be referenced from the passed transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit b5851021f1ea0e099543fa125744368de7e9b865 Author: David Sterba Date: Tue Jul 24 17:19:48 2018 +0200 btrfs: extent-tree: remove unused member walk_control::for_reloc Leftover after fix e339a6b097c5 ("Btrfs: __btrfs_mod_ref should always use no_quota"), that removed it from the function calls but not the structure. Signed-off-by: David Sterba commit 46b2f4590aab71d31088a265c86026b1e96c9de4 Author: Filipe Manana Date: Tue Jul 24 11:54:04 2018 +0100 Btrfs: fix send failure when root has deleted files still open The more common use case of send involves creating a RO snapshot and then use it for a send operation. In this case it's not possible to have inodes in the snapshot that have a link count of zero (inode with an orphan item) since during snapshot creation we do the orphan cleanup. However, other less common use cases for send can end up seeing inodes with a link count of zero and in this case the send operation fails with a ENOENT error because any attempt to generate a path for the inode, with the purpose of creating it or updating it at the receiver, fails since there are no inode reference items. One use case it to use a regular subvolume for a send operation after turning it to RO mode or turning a RW snapshot into RO mode and then using it for a send operation. In both cases, if a file gets all its hard links deleted while there is an open file descriptor before turning the subvolume/snapshot into RO mode, the send operation will encounter an inode with a link count of zero and then fail with errno ENOENT. Example using a full send with a subvolume: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar # keep an open file descriptor on file bar $ exec 73> /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap2 # Turn the second snapshot to RW mode and delete file foo while # holding an open file descriptor on it. $ btrfs property set /mnt/snap2 ro false $ exec 73 Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba commit 0d836392cadd5535f4184d46d901a82eb276ed62 Author: Filipe Manana Date: Fri Jul 20 10:59:06 2018 +0100 Btrfs: fix mount failure after fsync due to hard link recreation If we end up with logging an inode reference item which has the same name but different index from the one we have persisted, we end up failing when replaying the log with an errno value of -EEXIST. The error comes from btrfs_add_link(), which is called from add_inode_ref(), when we are replaying an inode reference item. Example scenario where this happens: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ touch /mnt/foo $ ln /mnt/foo /mnt/bar $ sync # Rename the first hard link (foo) to a new name and rename the second # hard link (bar) to the old name of the first hard link (foo). $ mv /mnt/foo /mnt/qwerty $ mv /mnt/bar /mnt/foo # Create a new file, in the same parent directory, with the old name of # the second hard link (bar) and fsync this new file. # We do this instead of calling fsync on foo/qwerty because if we did # that the fsync resulted in a full transaction commit, not triggering # the problem. $ touch /mnt/bar $ xfs_io -c "fsync" /mnt/bar $ mount /dev/sdb /mnt mount: mount /dev/sdb on /mnt failed: File exists So fix this by checking if a conflicting inode reference exists (same name, same parent but different index), removing it (and the associated dir index entries from the parent inode) if it exists, before attempting to add the new reference. A test case for fstests follows soon. CC: stable@vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana Signed-off-by: David Sterba commit 4559b0a71749c442d34f7cfb9e72c9e58db83948 Author: Josef Bacik Date: Thu Jul 19 10:49:51 2018 -0400 btrfs: don't leak ret from do_chunk_alloc If we're trying to make a data reservation and we have to allocate a data chunk we could leak ret == 1, as do_chunk_alloc() will return 1 if it allocated a chunk. Since the end of the function is the success path just return 0. CC: stable@vger.kernel.org # 4.4+ Signed-off-by: Josef Bacik Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit 84db5ccf4262894852e0d178d250678945d9b0b8 Author: David Sterba Date: Fri Jul 20 16:30:25 2018 +0200 btrfs: merge free_fs_root helpers The exported helper just calls the static one. There's no obvious reason to have them separate eg. for performance reasons where the static one could be better optimized in the same unit. There's a slight decrease in code size and stack consumption. Signed-off-by: David Sterba commit 2ffad70ed3b6fbc946bc102f9d11c0e7c1cd380f Author: David Sterba Date: Fri Jul 20 16:30:23 2018 +0200 btrfs: constify strings passed to assertion helper Signed-off-by: David Sterba commit e9539cff04728e31e150b41000b828745fc0c2b3 Author: David Sterba Date: Fri Jul 20 16:30:20 2018 +0200 btrfs: dev-replace: remove unused members of btrfs_dev_replace Lock owner and nesting level have been unused since day 1, probably copy&pasted from the extent_buffer locking scheme without much thinking. The locking of device replace is simpler and does not need any lock nesting. Signed-off-by: David Sterba commit e17385ca2960177da402d6f4d80bdc5b53c29bc4 Author: David Sterba Date: Fri Jul 20 16:30:18 2018 +0200 btrfs: remove unused member btrfs_root::name Added in 58176a9604c ("Btrfs: Add per-root block accounting and sysfs entries") in 2007, the roots had names exported in sysfs. The code was commented out in 4df27c4d5cc1dda54ed ("Btrfs: change how subvolumes are organized") and cleaned by 182608c8294b5fe9 ("btrfs: remove old unused commented out code"). Signed-off-by: David Sterba commit 616d374efa23cb699074ea02b301254ad64d224a Author: Adam Borowski Date: Wed Jul 18 00:08:59 2018 +0200 btrfs: allow defrag on a file opened read-only that has rw permissions Requiring a read-write descriptor conflicts both ways with exec, returning ETXTBSY whenever you try to defrag a program that's currently being run, or causing intermittent exec failures on a live system being defragged. As defrag doesn't change the file's contents in any way, there's no reason to consider it a rw operation. Thus, let's check only whether the file could have been opened rw. Such access control is still needed as currently defrag can use extra disk space, and might trigger bugs. We return EINVAL when the request is invalid; here it's ok but merely the user has insufficient privileges. Thus, the EPERM return value reflects the error better -- as discussed in the identical case for dedupe. According to codesearch.debian.net, no userspace program distinguishes these values beyond strerror(). Signed-off-by: Adam Borowski Reviewed-by: David Sterba [ fold the EPERM patch from Adam ] Signed-off-by: David Sterba commit 3c4276936f6fbe52884b4ea4e6cc120b890a0f9f Author: Josef Bacik Date: Fri Jul 20 11:46:10 2018 -0700 Btrfs: fix btrfs_write_inode vs delayed iput deadlock We recently ran into the following deadlock involving btrfs_write_inode(): [ +0.005066] __schedule+0x38e/0x8c0 [ +0.007144] schedule+0x36/0x80 [ +0.006447] bit_wait+0x11/0x60 [ +0.006446] __wait_on_bit+0xbe/0x110 [ +0.007487] ? bit_wait_io+0x60/0x60 [ +0.007319] __inode_wait_for_writeback+0x96/0xc0 [ +0.009568] ? autoremove_wake_function+0x40/0x40 [ +0.009565] inode_wait_for_writeback+0x21/0x30 [ +0.009224] evict+0xb0/0x190 [ +0.006099] iput+0x1a8/0x210 [ +0.006103] btrfs_run_delayed_iputs+0x73/0xc0 [ +0.009047] btrfs_commit_transaction+0x799/0x8c0 [ +0.009567] btrfs_write_inode+0x81/0xb0 [ +0.008008] __writeback_single_inode+0x267/0x320 [ +0.009569] writeback_sb_inodes+0x25b/0x4e0 [ +0.008702] wb_writeback+0x102/0x2d0 [ +0.007487] wb_workfn+0xa4/0x310 [ +0.006794] ? wb_workfn+0xa4/0x310 [ +0.007143] process_one_work+0x150/0x410 [ +0.008179] worker_thread+0x6d/0x520 [ +0.007490] kthread+0x12c/0x160 [ +0.006620] ? put_pwq_unlocked+0x80/0x80 [ +0.008185] ? kthread_park+0xa0/0xa0 [ +0.007484] ? do_syscall_64+0x53/0x150 [ +0.007837] ret_from_fork+0x29/0x40 Writeback calls: btrfs_write_inode btrfs_commit_transaction btrfs_run_delayed_iputs If iput() is called on that same inode, evict() will wait for writeback forever. btrfs_write_inode() was originally added way back in 4730a4bc5bf3 ("btrfs_dirty_inode") to support O_SYNC writes. However, ->write_inode() hasn't been used for O_SYNC since 148f948ba877 ("vfs: Introduce new helpers for syncing after writing to O_SYNC file or IS_SYNC inode"), so btrfs_write_inode() is actually unnecessary (and leads to a bunch of unnecessary commits). Get rid of it, which also gets rid of the deadlock. CC: stable@vger.kernel.org # 3.2+ Signed-off-by: Josef Bacik [Omar: new commit message] Signed-off-by: Omar Sandoval Signed-off-by: David Sterba commit 97aff912a2fa75555641303d42bd4c723a98df5d Author: Nikolay Borisov Date: Fri Jul 20 19:37:53 2018 +0300 btrfs: Remove fs_info from btrfs_finish_chunk_alloc It can be referenced from the passed transaction handle. Signed-off-by: Nikolay Borisov Reviewed-by: Lu Fengqi Signed-off-by: David Sterba commit f4208794d02e74f16e5744fe2fe294d7f71fa0f9 Author: Nikolay Borisov Date: Fri Jul 20 19:37:52 2018 +0300 btrfs: Remove fs_info form btrfs_free_chunk It can be referenced from the passed transaction handle. Signed-off-by: Nikolay Borisov Reviewed-by: Lu Fengqi Signed-off-by: David Sterba commit 4f5ad7bd6315528ed50a11d53c66854a5d16425b Author: Nikolay Borisov Date: Fri Jul 20 19:37:51 2018 +0300 btrfs: Remove fs_info from btrfs_destroy_dev_replace_tgtdev This function is always passed a well-formed tgtdevice so the fs_info can be referenced from there. Signed-off-by: Nikolay Borisov Reviewed-by: Lu Fengqi Signed-off-by: David Sterba commit d6507cf1e2dfa4f6888cd90e4c9a307f7ac9b383 Author: Nikolay Borisov Date: Fri Jul 20 19:37:50 2018 +0300 btrfs: Remove fs_info from btrfs_assign_next_active_device It can be referenced from the passed 'device' argument which is always a well-formed device. Signed-off-by: Nikolay Borisov Reviewed-by: Lu Fengqi Reviewed-by: David Sterba Signed-off-by: David Sterba commit 5495f195fc5b246d8b0b8a2e0fbbc9c94b3ebf24 Author: Nikolay Borisov Date: Fri Jul 20 19:37:49 2018 +0300 btrfs: remove fs_info argument from update_dev_stat_item It can be referenced from the passed transaction handle. Signed-off-by: Nikolay Borisov Reviewed-by: Lu Fengqi Signed-off-by: David Sterba commit 68a9db5f2395cdef98b387bbb816604f6f298056 Author: Nikolay Borisov Date: Fri Jul 20 19:37:48 2018 +0300 btrfs: Remove fs_info from btrfs_rm_dev_replace_remove_srcdev It can be referenced from the passed srcdev argument. Signed-off-by: Nikolay Borisov Reviewed-by: Lu Fengqi Signed-off-by: David Sterba commit 8e87e8562744e23e10afea98d610cc6b7f4ba9bb Author: Nikolay Borisov Date: Fri Jul 20 19:37:47 2018 +0300 btrfs: Remove fs_info argument from btrfs_add_dev_item It can be referenced form the passed transaction handle. Signed-off-by: Nikolay Borisov Reviewed-by: Lu Fengqi Signed-off-by: David Sterba commit 5e23a6fea6189d1f9d6e6ca5cb3290b4a0fe2d48 Author: Qu Wenruo Date: Mon Jul 23 14:47:29 2018 +0800 btrfs: extent-tree: Remove dead alignment check In find_free_extent() under checks: label, we have the following code: search_start = ALIGN(offset, fs_info->stripesize); /* move on to the next group */ if (search_start + num_bytes > block_group->key.objectid + block_group->key.offset) { btrfs_add_free_space(block_group, offset, num_bytes); goto loop; } if (offset < search_start) btrfs_add_free_space(block_group, offset, search_start - offset); BUG_ON(offset > search_start); However ALIGN() is rounding up, thus @search_start >= @offset and that BUG_ON() will never be triggered. Signed-off-by: Qu Wenruo Reviewed-by: David Sterba Signed-off-by: David Sterba commit ca5d2ba1ae2dfd651b798218d56c3277784fa499 Author: Filipe Manana Date: Mon Jul 23 09:10:09 2018 +0100 Btrfs: remove unused key assignment when doing a full send At send.c:full_send_tree() we were setting the 'key' variable in the loop while never using it later. We were also using two btrfs_key variables to store the initial key for search and the key found in every iteration of the loop. So remove this useless key assignment and use the same btrfs_key variable to store the initial search key and the key found in each iteration. This was introduced in the initial send commit but was never used (commit 31db9f7c23fb ("Btrfs: introduce BTRFS_IOC_SEND for btrfs send/receive"). Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba commit 5cdc84bfde22dc17b11ee7cb18cebd48f4a09f70 Author: David Sterba Date: Wed Jul 18 20:32:52 2018 +0200 btrfs: drop extent_io_ops::set_range_writeback callback The data and metadata callback implementation both use the same function. We can remove the call indirection and intermediate helper completely. Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit 00032d38eaa89c76de7d9c1ae6de8c48c14edd74 Author: David Sterba Date: Wed Jul 18 19:28:09 2018 +0200 btrfs: drop extent_io_ops::merge_bio_hook callback The data and metadata callback implementation both use the same function. We can remove the call indirection completely. Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit 05912a3c04ebca217507b4323b679c60eda4ac11 Author: David Sterba Date: Wed Jul 18 19:23:45 2018 +0200 btrfs: drop extent_io_ops::tree_fs_info callback All implementations of the callback are trivial and do the same and there's only one user. Merge everything together. Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit e288c080dddd1fdc3b7e0165cebd7af51a52d016 Author: David Sterba Date: Wed Jul 18 17:36:24 2018 +0200 btrfs: unify end_io callbacks of async_submit_bio The end_io callbacks passed to btrfs_wq_submit_bio (btrfs_submit_bio_done and btree_submit_bio_done) are effectively the same code, there's no point to do the indirection. Export btrfs_submit_bio_done and call it directly. Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit d7cbfafc4bc37ed21351cdedbc6f9d979545dbf3 Author: David Sterba Date: Wed Jul 18 17:31:10 2018 +0200 btrfs: remove unused member async_submit_bio::bio_flags After splitting the start and end hooks in a758781d4b76c3 ("btrfs: separate types for submit_bio_start and submit_bio_done"), some of the function arguments were dropped but not removed from the structure. Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit d7e8555b1dd493c809e56e359974eecabe7d3fde Author: David Sterba Date: Wed Jul 18 17:31:19 2018 +0200 btrfs: remove unused member async_submit_bio::fs_info Introduced by c6100a4b4e3d1 ("Btrfs: replace tree->mapping with tree->private_data") to be used in run_one_async_done where it got unused after 736cd52e0c720103 ("Btrfs: remove nr_async_submits and async_submit_draining"). Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit 315409b0098fb2651d86553f0436b70502b29bb2 Author: Gu Jinxiang Date: Wed Jul 4 18:16:39 2018 +0800 btrfs: validate type when reading a chunk Reported in https://bugzilla.kernel.org/show_bug.cgi?id=199839, with an image that has an invalid chunk type but does not return an error. Add chunk type check in btrfs_check_chunk_valid, to detect the wrong type combinations. Link: https://bugzilla.kernel.org/show_bug.cgi?id=199839 Reported-by: Xu Wen Reviewed-by: Qu Wenruo Signed-off-by: Gu Jinxiang Signed-off-by: David Sterba commit b0132a3be5daf84116833542717ff5692f51640e Author: Nikolay Borisov Date: Wed Jun 27 16:38:24 2018 +0300 btrfs: Rename EXTENT_BUFFER_DUMMY to EXTENT_BUFFER_UNMAPPED EXTENT_BUFFER_DUMMY is an awful name for this flag. Buffers which have this flag set are not in any way dummy. Rather, they are private in the sense that are not mapped and linked to the global buffer tree. This flag has subtle implications to the way free_extent_buffer works for example, as well as controls whether page->mapping->private_lock is held during extent_buffer release. Pages for an unmapped buffer cannot be under io, nor can they be written by a 3rd party so taking the lock is unnecessary. Signed-off-by: Nikolay Borisov Reviewed-by: David Sterba [ EXTENT_BUFFER_UNMAPPED, update changelog ] Signed-off-by: David Sterba commit 07e21c4dad42be8d2a6b8cd0b98cf8e6931e12fd Author: Nikolay Borisov Date: Wed Jun 27 16:38:23 2018 +0300 btrfs: Document locking requirement via lockdep_assert_held Remove stale comment since there is no longer an eb->eb_lock and document the locking expectation with a lockdep_assert_held statement. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit 55ac01396ae8cfc0616e85bb4b49a130144633c2 Author: David Sterba Date: Thu Jul 19 17:24:32 2018 +0200 btrfs: rename btrfs_release_extent_buffer_page The function used to release one page (and always the first one), but not anymore since a50924e3a4d7fccb0ecfbd4 ("btrfs: drop constant param from btrfs_release_extent_buffer_page"). Update the name and comment. Signed-off-by: David Sterba commit d64766fdf9cd172f8416d898cc9d5219ed933b96 Author: Nikolay Borisov Date: Wed Jun 27 16:38:22 2018 +0300 btrfs: Refactor loop in btrfs_release_extent_buffer_page The purpose of the function is to free all the pages comprising an extent buffer. This can be achieved with a simple for loop rather than the slightly more involved 'do {} while' construct. So rewrite the loop using a 'for' construct. Additionally we can never have an extent_buffer that has 0 pages so remove the check for index == 0. No functional changes. The reversed order used to have a meaning in the past where the first page served as a blocking point for several callers. See eg 4f2de97acee6532b36dd6e99 ("Btrfs: set page->private to the eb"). Signed-off-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit b16d011e79fb353abff70b2ef35b22ed90dc8db5 Author: Nikolay Borisov Date: Wed Jul 4 10:24:52 2018 +0300 btrfs: Reword dodgy comments in alloc_extent_buffer Commit eb14ab8ed24a ("Btrfs: fix page->private races") fixed a genuine race between extent buffer initialisation and btree_releasepage. Unfortunately as the code has evolved the comments weren't changed which made them slightly wrong and they weren't very clear in the fist place. Fix this by (hopefully) rewording them in a more approachable manner. Signed-off-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit 28187ae569e8a6c34eb7ac8871f479d94be31e16 Author: Nikolay Borisov Date: Wed Jul 4 10:24:51 2018 +0300 btrfs: Simplify page unlocking in alloc_extent_buffer Current version of the page unlocking code was added in 727011e07cbd ("Btrfs: allow metadata blocks larger than the page size") but even in this commit that particular flag was never used per-se. In fact, btrfs only uses PageChecked for data pages to identify pages which have been dirtied but don't have ORDERED bit set. For more information see 247e743cbe6e ("Btrfs: Use async helpers to deal with pages that have been improperly dirtied"). However, this doesn't apply to extent buffer pages. The important bit here is that the pages are unlocked AFTER the extent buffer has been properly recorded in the radix tree to avoid races with btree_releasepage. Let's exploit this fact and simplify the page unlocking sequence by unlocking the pages in-order and removing the redundant PageChecked flag setting/clearing. Signed-off-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit 8b9b6f255485a4354da5474b16e79c447222e9ed Author: Qu Wenruo Date: Wed Jul 11 13:41:22 2018 +0800 btrfs: scrub: cleanup the remaining nodatasum fixup code Remove the remaining code that misused the page cache pages during device replace and could cause data corruption for compressed nodatasum extents. Such files do not normally exist but there's a bug that allows this combination and the corruption was exposed by device replace fixup code. Signed-off-by: Qu Wenruo Signed-off-by: David Sterba commit 46df06b85e28eaf430aa5c8f8aa26120fa746b72 Author: David Sterba Date: Fri Jul 13 20:46:30 2018 +0200 btrfs: refactor block group replication factor calculation to a helper There are many places that open code the duplicity factor of the block group profiles, create a common helper. This can be easily extended for more copies. Signed-off-by: David Sterba commit 321a4bf72b251319aa456ea542161729442b6f61 Author: Anand Jain Date: Mon Jul 16 22:58:09 2018 +0800 btrfs: use the assigned fs_devices instead of the dereference We have assigned the %fs_info->fs_devices in %fs_devices as its not modified just use it for the mutex_lock(). Signed-off-by: Anand Jain Signed-off-by: David Sterba commit 62088ca7427d23ec1a5def9143098ca9c41c5302 Author: Lu Fengqi Date: Wed Jul 18 14:45:42 2018 +0800 btrfs: qgroup: Drop fs_info parameter from qgroup_rescan_leaf It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit a937742250199a37358a4da0a990744b92c8623c Author: Lu Fengqi Date: Wed Jul 18 14:45:41 2018 +0800 btrfs: qgroup: Drop fs_info parameter from btrfs_qgroup_inherit It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 280f8bd2cbe0b4b578c217b8fa504294c30abde1 Author: Lu Fengqi Date: Wed Jul 18 14:45:40 2018 +0800 btrfs: qgroup: Drop fs_info parameter from btrfs_run_qgroups It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 8696d76045579c9611fe1cfc064e48ada32bb796 Author: Lu Fengqi Date: Wed Jul 18 14:45:39 2018 +0800 btrfs: qgroup: Drop fs_info parameter from btrfs_qgroup_account_extent It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit deb406274339f386836313af7eeb8001cca6c33f Author: Lu Fengqi Date: Wed Jul 18 14:45:38 2018 +0800 btrfs: qgroup: Drop root parameter from btrfs_qgroup_trace_subtree The fs_info can be fetched from the transaction handle directly. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 8d38d7eb7bb60a7a441cec3ba92784d9f1e20d5f Author: Lu Fengqi Date: Wed Jul 18 14:45:37 2018 +0800 btrfs: qgroup: Drop fs_info parameter from btrfs_qgroup_trace_leaf_items It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit a95f3aafd6a2d0e8de834c95e91066825e3e7787 Author: Lu Fengqi Date: Wed Jul 18 16:28:03 2018 +0800 btrfs: qgroup: Drop fs_info parameter from btrfs_qgroup_trace_extent It can be fetched from the transaction handle. In addition, remove the WARN_ON(trans == NULL) because it's not possible to hit this condition. Signed-off-by: Lu Fengqi Reviewed-by: David Sterba Signed-off-by: David Sterba commit f0042d5e92b66969a12166d1deb5a979250d6c25 Author: Lu Fengqi Date: Wed Jul 18 14:45:35 2018 +0800 btrfs: qgroup: Drop fs_info parameter from btrfs_limit_qgroup It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 3efbee1d006a97eaec5f070430c75010ef8746f1 Author: Lu Fengqi Date: Wed Jul 18 14:45:34 2018 +0800 btrfs: qgroup: Drop fs_info parameter from btrfs_remove_qgroup It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 49a05ecde3f130ae9d69ab619e3ea125cf1f32c9 Author: Lu Fengqi Date: Wed Jul 18 14:45:33 2018 +0800 btrfs: qgroup: Drop fs_info parameter from btrfs_create_qgroup It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 39616c2735ad04ecf4874519b64556decb73d968 Author: Lu Fengqi Date: Wed Jul 18 14:45:32 2018 +0800 btrfs: qgroup: Drop fs_info parameter from btrfs_del_qgroup_relation It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 6b36f1aa5cda39acac50f6f80c81776a31fccd24 Author: Lu Fengqi Date: Wed Jul 18 14:45:31 2018 +0800 btrfs: qgroup: Drop fs_info parameter from __del_qgroup_relation It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 9f8a6ce6ba8ebeb86de59b1adfdc64087049f76f Author: Lu Fengqi Date: Wed Jul 18 14:45:30 2018 +0800 btrfs: qgroup: Drop fs_info parameter from btrfs_add_qgroup_relation It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 2e980acdd829742966c6a7e565ef3382c0717295 Author: Lu Fengqi Date: Wed Jul 18 14:45:29 2018 +0800 btrfs: qgroup: Drop quota_root and fs_info parameters from update_qgroup_status_item They can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 3e07e9a09f27868dbc63d07db8677fcd256e3bbc Author: Lu Fengqi Date: Wed Jul 18 14:45:28 2018 +0800 btrfs: qgroup: Drop root parameter from update_qgroup_info_item It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit ac8a866af17edc692b50cbdd2aec612de4205c8f Author: Lu Fengqi Date: Wed Jul 18 14:45:27 2018 +0800 btrfs: qgroup: Drop root parameter from update_qgroup_limit_item It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 69104618f4b9dd445109e8dd755406427bd75b76 Author: Lu Fengqi Date: Wed Jul 18 14:45:26 2018 +0800 btrfs: qgroup: Drop quota_root parameter from del_qgroup_item It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 99d7f09ac01cbea28767a84d4d34dd5b1922a245 Author: Lu Fengqi Date: Wed Jul 18 14:45:25 2018 +0800 btrfs: qgroup: Drop quota_root parameter from del_qgroup_relation_item It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit 711169c40f908df6df91ba2672d05b44243833e4 Author: Lu Fengqi Date: Wed Jul 18 14:45:24 2018 +0800 btrfs: qgroup: Drop quota_root parameter from add_qgroup_relation_item It can be fetched from the transaction handle. Signed-off-by: Lu Fengqi Signed-off-by: David Sterba commit fa59f27c8c35bbe00af8eff23de446a7f4b048b0 Author: Anand Jain Date: Mon Jul 16 22:18:07 2018 +0800 btrfs: rename btrfs_parse_early_options Rename btrfs_parse_early_options() to btrfs_parse_device_options(). As btrfs_parse_early_options() parses the -o device options and scan the device provided. So this rename specifies its action. Also the function name is in line with btrfs_parse_subvol_options(). No functional changes. Signed-off-by: Anand Jain Signed-off-by: David Sterba commit c8389d4c0d6eb7c0b7f8b8a98620874f9123cd20 Author: Lu Fengqi Date: Tue Jul 17 16:58:22 2018 +0800 btrfs: qgroup: cleanup the unused srcroot from btrfs_qgroup_inherit Since commit 0b246afa62b0 ("btrfs: root->fs_info cleanup, add fs_info convenience variables"), the srcroot is no longer used to get fs_info::nodesize. In fact, it can be dropped after commit 707e8a071528 ("btrfs: use nodesize everywhere, kill leafsize"). Signed-off-by: Lu Fengqi Reviewed-by: David Sterba Signed-off-by: David Sterba commit 031f24da2c8a7b611331c368d7bfabccafda09fa Author: Qu Wenruo Date: Tue May 22 16:43:47 2018 +0800 btrfs: Use btrfs_mark_bg_unused to replace open code Introduce a small helper, btrfs_mark_bg_unused(), to acquire locks and add a block group to unused_bgs list. No functional modification, and only 3 callers are involved. Signed-off-by: Qu Wenruo Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit 2556fbb0bead7929ddf67f8b4184f434cee4e7d7 Author: Nikolay Borisov Date: Wed Apr 18 10:27:57 2018 +0300 btrfs: Rewrite retry logic in do_chunk_alloc do_chunk_alloc implements logic to detect whether there is currently pending chunk allocation (by means of space_info->chunk_alloc being set) and if so it loops around to the 'again' label. Additionally, based on the state of the space_info (e.g. whether it's full or not) and the return value of should_alloc_chunk() it decides whether this is a "hard" error (ENOSPC) or we can just return 0. This patch refactors all of this: 1. Put order to the scattered ifs handling the various cases in an easy-to-read if {} else if{} branches. This makes clear the various cases we are interested in handling. 2. Call should_alloc_chunk only once and use the result in the if/else if constructs. All of this is done under space_info->lock, so even before multiple calls of should_alloc_chunk were unnecessary. 3. Rewrite the "do {} while()" loop currently implemented via label into an explicit loop construct. 4. Move the mutex locking for the case where the caller is the one doing the allocation. For the case where the caller needs to wait a concurrent allocation, introduce a pair of mutex_lock/mutex_unlock to act as a barrier and reword the comment. 5. Switch local vars to bool type where pertinent. All in all this shouldn't introduce any functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit dec59fa3a760952fc71f2e122e66a7291109670a Author: Ethan Lien Date: Fri Jul 13 16:50:42 2018 +0800 btrfs: use customized batch size for total_bytes_pinned In commit b150a4f10d878 ("Btrfs: use a percpu to keep track of possibly pinned bytes") we use total_bytes_pinned to track how many bytes we are going to free in this transaction. When we are close to ENOSPC, we check it and know if we can make the allocation by commit the current transaction. For every data/metadata extent we are going to free, we add total_bytes_pinned in btrfs_free_extent() and btrfs_free_tree_block(), and release it in unpin_extent_range() when we finish the transaction. So this is a variable we frequently update but rarely read - just the suitable use of percpu_counter. But in previous commit we update total_bytes_pinned by default 32 batch size, making every update essentially a spin lock protected update. Since every spin lock/unlock operation involves syncing a globally used variable and some kind of barrier in a SMP system, this is more expensive than using total_bytes_pinned as a simple atomic64_t. So fix this by using a customized batch size. Since we only read total_bytes_pinned when we are close to ENOSPC and fail to allocate new chunk, we can use a really large batch size and have nearly no penalty in most cases. [Test] We tested the patch on a 4-cores x86 machine: 1. fallocate a 16GiB size test file 2. take snapshot (so all following writes will be COW) 3. run a 180 sec, 4 jobs, 4K random write fio on test file We also added a temporary lockdep class on percpu_counter's spin lock used by total_bytes_pinned to track it by lock_stat. [Results] unpatched: lock_stat version 0.4 ----------------------------------------------------------------------- class name con-bounces contentions waittime-min waittime-max waittime-total waittime-avg acq-bounces acquisitions holdtime-min holdtime-max holdtime-total holdtime-avg total_bytes_pinned_percpu: 82 82 0.21 0.61 29.46 0.36 298340 635973 0.09 11.01 173476.25 0.27 patched: lock_stat version 0.4 ----------------------------------------------------------------------- class name con-bounces contentions waittime-min waittime-max waittime-total waittime-avg acq-bounces acquisitions holdtime-min holdtime-max holdtime-total holdtime-avg total_bytes_pinned_percpu: 1 1 0.62 0.62 0.62 0.62 13601 31542 0.14 9.61 11016.90 0.35 [Analysis] Since the spin lock only protects a single in-memory variable, the contentions (number of lock acquisitions that had to wait) in both unpatched and patched version are low. But when we see acquisitions and acq-bounces, we get much lower counts in patched version. Here the most important metric is acq-bounces. It means how many times the lock gets transferred between different cpus, so the patch can really reduce cacheline bouncing of spin lock (also the global counter of percpu_counter) in a SMP system. Fixes: b150a4f10d878 ("Btrfs: use a percpu to keep track of possibly pinned bytes") Signed-off-by: Ethan Lien Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit d814a49198eafa6163698bdd93961302f3a877a4 Author: Ethan Lien Date: Mon Jul 2 15:44:58 2018 +0800 btrfs: use correct compare function of dirty_metadata_bytes We use customized, nodesize batch value to update dirty_metadata_bytes. We should also use batch version of compare function or we will easily goto fast path and get false result from percpu_counter_compare(). Fixes: e2d845211eda ("Btrfs: use percpu counter for dirty metadata count") CC: stable@vger.kernel.org # 4.4+ Signed-off-by: Ethan Lien Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit 36350e95a2b1feed6382fe38cc80f79ec35a1323 Author: Gu Jinxiang Date: Thu Jul 12 14:23:16 2018 +0800 btrfs: return device pointer from btrfs_scan_one_device Return device pointer (with the IS_ERR semantics) from btrfs_scan_one_device so we don't have to return in through pointer. And since btrfs_fs_devices can be obtained from btrfs_device, return that. Signed-off-by: Gu Jinxiang Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba [ fixed conflics after recent changes to btrfs_scan_one_device ] Signed-off-by: David Sterba commit d64dcbd183abab251beb0fa0acd81a772a09887e Author: Gu Jinxiang Date: Thu Jul 12 14:23:15 2018 +0800 btrfs: make fs_devices a local variable in btrfs_parse_early_options fs_devices is always passed to btrfs_scan_one_device which overrides it. In the call stack below fs_devices is passed to btrfs_scan_one_device from btrfs_mount_root. In btrfs_mount_root the output fs_devices of this call stack is not used. btrfs_mount_root btrfs_parse_early_options btrfs_scan_one_device So, it is not necessary to pass fs_devices from btrfs_mount_root, using a local variable in btrfs_parse_early_options is enough. Signed-off-by: Gu Jinxiang Reviewed-by: Anand Jain Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit 81ffd56b5745355b70d54ca4e1bdd0d64a66ff9f Author: David Sterba Date: Tue Jun 19 18:04:07 2018 +0200 btrfs: fix mount and ioctl device scan ioctl race Technically this extends the critical section covered by uuid_mutex to: - parse early mount options -- here we can call device scan on paths that can be passed as 'device=/dev/...' - scan the device passed to mount - open the devices related to the fs_devices -- this increases fs_devices::opened The race can happen when mount calls one of the scans and there's another one called eg. by mkfs or 'btrfs dev scan': Mount Scan ----- ---- scan_one_device (dev1, fsid1) scan_one_device (dev2, fsid1) add the device free stale devices fsid1 fs_devices::opened == 0 find fsid1:dev1 free fsid1:dev1 if it's the last one, free fs_devices of fsid1 too open_devices (dev1, fsid1) dev1 not found When fixed, the uuid mutex will make sure that mount will increase fs_devices::opened and this will not be touched by the racing scan ioctl. Reported-and-tested-by: syzbot+909a5177749d7990ffa4@syzkaller.appspotmail.com Reported-and-tested-by: syzbot+ceb2606025ec1cc3479c@syzkaller.appspotmail.com Reviewed-by: Anand Jain Signed-off-by: David Sterba commit 399f7f4c42e8a58c8456264d5112287aefe44cf4 Author: David Sterba Date: Tue Jun 19 18:01:24 2018 +0200 btrfs: reorder initialization before the mount locks uuid_mutex In preparation to take a big lock, move resource initialization before the critical section. It's not obvious from the diff, the desired order is: - initialize mount security options - allocate temporary fs_info - allocate superblock buffers Reviewed-by: Anand Jain Signed-off-by: David Sterba commit 5139cff598d42b1e531f40c84691a7e945f04553 Author: David Sterba Date: Tue Jun 19 17:50:25 2018 +0200 btrfs: lift uuid_mutex to callers of btrfs_parse_early_options Prepartory work to fix race between mount and device scan. btrfs_parse_early_options calls the device scan from mount and we'll need to let mount completely manage the critical section. Reviewed-by: Anand Jain Signed-off-by: David Sterba commit f5194e34cabaddd348a90f950e0a8188dd26cdc0 Author: David Sterba Date: Tue Jun 19 17:09:47 2018 +0200 btrfs: lift uuid_mutex to callers of btrfs_open_devices Prepartory work to fix race between mount and device scan. The callers will have to manage the critical section, eg. mount wants to scan and then call btrfs_open_devices without the ioctl scan walking in and modifying the fs devices in the meantime. Reviewed-by: Anand Jain Signed-off-by: David Sterba commit 899f9307c33ce4758c30a076b10ed54d5c91c6e7 Author: David Sterba Date: Tue Jun 19 16:37:36 2018 +0200 btrfs: lift uuid_mutex to callers of btrfs_scan_one_device Prepartory work to fix race between mount and device scan. The callers will have to manage the critical section, eg. mount wants to scan and then call btrfs_open_devices without the ioctl scan walking in and modifying the fs devices in the meantime. Reviewed-by: Anand Jain Signed-off-by: David Sterba commit 7bcb8164ad9435068d9bc3b83b8a002c64d63ff6 Author: Anand Jain Date: Tue May 29 17:23:20 2018 +0800 btrfs: use device_list_mutex when removing stale devices btrfs_free_stale_devices() finds a stale (not opened) device matching path in the fs_uuid list. We are already under uuid_mutex so when we check for each fs_devices, hold the device_list_mutex too. Signed-off-by: Anand Jain Reviewed-by: David Sterba Signed-off-by: David Sterba commit fa6d2ae540a200a17bb7ee769f9df22d411c9404 Author: Anand Jain Date: Tue May 29 15:33:08 2018 +0800 btrfs: rename local devices for fs_devices in btrfs_free_stale_devices( Over the years we named %fs_devices and %devices to represent the struct btrfs_fs_devices and the struct btrfs_device. So follow the same scheme here too. No functional changes. Signed-off-by: Anand Jain Signed-off-by: David Sterba commit 9c6d173ea6e4c8c939ae6c257c7fc18f7b320316 Author: Anand Jain Date: Tue May 29 14:10:20 2018 +0800 btrfs: extend locked section when adding a new device in device_list_add Make sure the device_list_lock is held the whole time: * when the device is being looked up * new device is initialized and put to the list * the list counters are updated (fs_devices::opened, fs_devices::total_devices) Signed-off-by: Anand Jain [ update changelog ] Reviewed-by: David Sterba Signed-off-by: David Sterba commit 4306a97449f9a0f9e5229af7889d4401315355aa Author: Anand Jain Date: Tue May 29 12:28:37 2018 +0800 btrfs: do btrfs_free_stale_devices outside of device_list_add btrfs_free_stale_devices() looks for device path reused for another filesystem, and deletes the older fs_devices::device entry. In preparation to handle locking in device_list_add, move btrfs_free_stale_devices outside as these two functions serve a different purpose. Signed-off-by: Anand Jain Reviewed-by: David Sterba Signed-off-by: David Sterba commit 959b1c04675735aa51b9a7b3e28963c4141bf3e7 Author: Nikolay Borisov Date: Fri Jun 29 08:26:05 2018 +0300 btrfs: close devices without offloading to a temporary list Since commit 88c14590cdd6 ("btrfs: use RCU in btrfs_show_devname for device list traversal") btrfs_show_devname no longer takes device_list_mutex. As such the deadlock that 0ccd05285e7f ("btrfs: fix a possible umount deadlock") aimed to fix no longer exists, we can free the devices immediatelly and remove the code that does the pending work. Signed-off-by: Nikolay Borisov Reviewed-by: Anand Jain [ update changelog ] Reviewed-by: David Sterba Signed-off-by: David Sterba commit 621567a28ce081424bdcaaef7763a34b204d5be0 Author: Qu Wenruo Date: Mon Jul 9 14:52:54 2018 +0800 btrfs: Remove unused function btrfs_account_dev_extents_size This function is not used since the alloc_start parameter has been obsoleted in commit 0d0c71b317207082856 ("btrfs: obsolete and remove mount option alloc_start"). Signed-off-by: Qu Wenruo Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit 93b9bcdf9fbcb683d4e8c44ee8cec0989053d4de Author: Gu Jinxiang Date: Mon Jul 9 14:39:15 2018 +0800 btrfs: remove unused parameter from btrfs_parse_subvol_options Since parameter flags is no more used since commit d7407606564c ("btrfs: split parse_early_options() in two"), remove it. Signed-off-by: Gu Jinxiang Reviewed-by: David Sterba Signed-off-by: David Sterba commit b4993e64f78a9605b45252fa9ba385c88a1f4ce9 Author: Anand Jain Date: Tue Jul 3 17:07:23 2018 +0800 btrfs: fix in-memory value of total_devices after seed device deletion In case of deleting the seed device the %cur_devices (seed) and the %fs_devices (parent) are different. Now, as the parent fs_devices::total_devices also maintains the total number of devices including the seed device, so decrement its in-memory value for the successful seed delete. We are already updating its corresponding on-disk btrfs_super_block::number_devices value. Signed-off-by: Anand Jain Signed-off-by: David Sterba commit 340f1aa27f367e0c3d2662d44f356b05087fea05 Author: Nikolay Borisov Date: Thu Jul 5 14:50:48 2018 +0300 btrfs: qgroups: Move transaction management inside btrfs_quota_enable/disable Commit 5d23515be669 ("btrfs: Move qgroup rescan on quota enable to btrfs_quota_enable") not only resulted in an easier to follow code but it also introduced a subtle bug. It changed the timing when the initial transaction rescan was happening: - before the commit: it would happen after transaction commit had occured - after the commit: it might happen before the transaction was committed This results in failure to correctly rescan the quota since there could be data which is still not committed on disk. This patch aims to fix this by moving the transaction creation/commit inside btrfs_quota_enable, which allows to schedule the quota commit after the transaction has been committed. Fixes: 5d23515be669 ("btrfs: Move qgroup rescan on quota enable to btrfs_quota_enable") Reported-by: Misono Tomohiro Link: https://marc.info/?l=linux-btrfs&m=152999289017582 Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba commit c7b562c5480322ffaf591f45a4ff7ee089340ab4 Author: David Sterba Date: Fri Jun 29 10:57:10 2018 +0200 btrfs: raid56: catch errors from full_stripe_write Add fall-back code to catch failure of full_stripe_write. Proper error handling from inside run_plug would need more code restructuring as it's called at arbitrary points by io scheduler. Signed-off-by: David Sterba commit 176571a1f64f7670c87c3f8d3b50c11cc836110e Author: David Sterba Date: Fri Jun 29 10:57:05 2018 +0200 btrfs: raid56: merge rbio_is_full helpers There's only one call site of the unlocked helper so it can be folded into the caller. Signed-off-by: David Sterba commit a81b747d0f6efc01506fbd5335e91607dc013b8d Author: David Sterba Date: Fri Jun 29 10:57:03 2018 +0200 btrfs: raid56: use new helper for async_scrub_parity Signed-off-by: David Sterba commit e66d8d5a41c1e3c560fc7aba4edcb53caf4f26c8 Author: David Sterba Date: Fri Jun 29 10:57:00 2018 +0200 btrfs: raid56: use new helper for async_read_rebuild Signed-off-by: David Sterba commit cf6a4a7587dc997b29359e29cf14079e1931715b Author: David Sterba Date: Fri Jun 29 10:56:58 2018 +0200 btrfs: raid56: use new helper for async_rmw_stripe Signed-off-by: David Sterba commit ac63885907ee25bf277fa39ba66a0d85dec20786 Author: David Sterba Date: Fri Jun 29 10:56:56 2018 +0200 btrfs: raid56: add new helper for starting async work Add helper that schedules a given function to run on the rmw workqueue. This will replace several standalone helpers. Signed-off-by: David Sterba commit ebcc326316f3d798e9715e5ca1451c3e457b95dd Author: David Sterba Date: Fri Jun 29 10:56:53 2018 +0200 btrfs: open-code bio_set_op_attrs The helper is trivial and marked as deprecated. Signed-off-by: David Sterba commit cc5e31a4775d0d6b98139fdee51868a270bda42f Author: David Sterba Date: Thu Mar 1 18:20:27 2018 +0100 btrfs: switch types to int when counting eb pages The loops iterating eb pages use unsigned long, that's an overkill as we know that there are at most 16 pages (64k / 4k), and 4 by default (with nodesize 16k). Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit 8791d43207966f40d8ffba18c663514aca5a6f3e Author: David Sterba Date: Wed Jul 4 17:49:31 2018 +0200 btrfs: use round_up wrapper in num_extent_pages Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit 65ad010488a5cc0f123a9924f7ad26a1b3f6a4f6 Author: David Sterba Date: Fri Jun 29 10:56:49 2018 +0200 btrfs: pass only eb to num_extent_pages Almost all callers pass the start and len as 2 arguments but this is not necessary, all the information is provided by the eb. By reordering the calls to num_extent_pages, we don't need the local variables with start/len. Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit d7f663fa3ff906247a979c1115bc92cbabfb19ba Author: David Sterba Date: Fri Jun 29 10:56:47 2018 +0200 btrfs: prune unused includes Remove includes if none of the interfaces and exports is used in the given source file. Signed-off-by: David Sterba commit 69d2480456d1baf027a86e530989d7bedd698d5f Author: David Sterba Date: Fri Jun 29 10:56:44 2018 +0200 btrfs: use copy_page for copying pages instead of memcpy Use the helper that's possibly optimized for full page copies. Signed-off-by: David Sterba commit 3ffbd68c48320730ef64ebfb5e639220f1f65483 Author: David Sterba Date: Fri Jun 29 10:56:42 2018 +0200 btrfs: simplify pointer chasing of local fs_info variables Functions that get btrfs inode can simply reach the fs_info by dereferencing the root and this looks a bit more straightforward compared to the btrfs_sb(...) indirection. If the transaction handle is available and not NULL it's used instead. Signed-off-by: David Sterba commit 37508515621551538addaf826ab4b8a9aaf0a382 Author: David Sterba Date: Fri Jun 29 10:56:40 2018 +0200 btrfs: simplify some assignments of inode numbers There are several places when the btrfs inode is converted to the generic inode, back to btrfs and then passed to btrfs_ino. We can remove the extra back and forth conversions. Signed-off-by: David Sterba commit 8f6c72a9e08c2a74d2159d2fc986fa9b29ceb851 Author: Zhihui Zhang Date: Mon Jul 2 20:00:54 2018 -0400 Btrfs: free space cache: make sure there is always room for generation number io_ctl_set_generation() assumes that the generation number shares the same page with inline CRCs. Let's make sure this is always true. Signed-off-by: Zhihui Zhang Reviewed-by: David Sterba Signed-off-by: David Sterba commit 694c51fb2eb6b6d7c9552af78ba646023a843366 Author: Anand Jain Date: Tue Jul 3 13:14:51 2018 +0800 btrfs: drop unnecessary variable in btrfs_init_new_device There is only usage of the declared devices variable, instead use its value directly. Signed-off-by: Anand Jain Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit 5da54bc13801d378bf2e868beb623fc13ba40a83 Author: Anand Jain Date: Tue Jul 3 13:14:50 2018 +0800 btrfs: use a temporary variable for fs_devices in btrfs_init_new_device There are many instances of the %fs_info->fs_devices pointer dereferences, use a temporary variable instead. Signed-off-by: Anand Jain Signed-off-by: David Sterba commit 389305b2aa68723c754f88d9dbd268a400e10664 Author: Qu Wenruo Date: Tue Jul 3 17:10:07 2018 +0800 btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized Invalid reloc tree can cause kernel NULL pointer dereference when btrfs does some cleanup of the reloc roots. It turns out that fs_info::reloc_ctl can be NULL in btrfs_recover_relocation() as we allocate relocation control after all reloc roots have been verified. So when we hit: note, we haven't called set_reloc_control() thus fs_info::reloc_ctl is still NULL. Link: https://bugzilla.kernel.org/show_bug.cgi?id=199833 Reported-by: Xu Wen Signed-off-by: Qu Wenruo Tested-by: Gu Jinxiang Reviewed-by: David Sterba Signed-off-by: David Sterba commit ba480dd4db9f1798541eb2d1c423fc95feee8d36 Author: Qu Wenruo Date: Tue Jul 3 17:10:06 2018 +0800 btrfs: tree-checker: Detect invalid and empty essential trees A crafted image has empty root tree block, which will later cause NULL pointer dereference. The following trees should never be empty: 1) Tree root Must contain at least root items for extent tree, device tree and fs tree 2) Chunk tree Or we can't even bootstrap as it contains the mapping. 3) Fs tree At least inode item for top level inode (.). 4) Device tree Dev extents for chunks 5) Extent tree Must have corresponding extent for each chunk. If any of them is empty, we are sure the fs is corrupted and no need to mount it. Link: https://bugzilla.kernel.org/show_bug.cgi?id=199847 Reported-by: Xu Wen Signed-off-by: Qu Wenruo Tested-by: Gu Jinxiang Reviewed-by: David Sterba Signed-off-by: David Sterba commit fce466eab7ac6baa9d2dcd88abcf945be3d4a089 Author: Qu Wenruo Date: Tue Jul 3 17:10:05 2018 +0800 btrfs: tree-checker: Verify block_group_item A crafted image with invalid block group items could make free space cache code to cause panic. We could detect such invalid block group item by checking: 1) Item size Known fixed value. 2) Block group size (key.offset) We have an upper limit on block group item (10G) 3) Chunk objectid Known fixed value. 4) Type Only 4 valid type values, DATA, METADATA, SYSTEM and DATA|METADATA. No more than 1 bit set for profile type. 5) Used space No more than the block group size. This should allow btrfs to detect and refuse to mount the crafted image. Link: https://bugzilla.kernel.org/show_bug.cgi?id=199849 Reported-by: Xu Wen Signed-off-by: Qu Wenruo Reviewed-by: Gu Jinxiang Reviewed-by: Nikolay Borisov Tested-by: Gu Jinxiang Reviewed-by: David Sterba Signed-off-by: David Sterba commit 6d8ff4e4584cd84093b751671351c8103ead551d Author: David Sterba Date: Tue Jun 26 16:20:59 2018 +0200 btrfs: annotate unlikely branches after V0 extent type removal The v0 extent type checks are the right case for the unlikely annotations as we don't expect to ever see them, so let's give the compiler some hint. Reviewed-by: Nikolay Borisov Signed-off-by: David Sterba commit ba3c2b196bf59ba8574808fe6f8fd88d0fed7510 Author: Nikolay Borisov Date: Tue Jun 26 16:57:36 2018 +0300 btrfs: Add graceful handling of V0 extents Following the removal of the v0 handling code let's be courteous and print an error message when such extents are handled. In the cases where we have a transaction just abort it, otherwise just call btrfs_handle_fs_error. Both cases result in the FS being re-mounted RO. In case the error handling would be too intrusive, leave the BUG_ON in place, like extent_data_ref_count, other proper handling would catch that earlier. Signed-off-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit a79865c680d81220a1355cd13098e75227dc2994 Author: Nikolay Borisov Date: Thu Jun 21 09:45:00 2018 +0300 btrfs: Remove V0 extent support The v0 compat code was introduced in commit 5d4f98a28c7d ("Btrfs: Mixed back reference (FORWARD ROLLING FORMAT CHANGE)") 9 years ago, which was merged in 2.6.31. This means that the code is there to support filesystems which are _VERY_ old and if you are using btrfs on such an old kernel, you have much bigger problems. This coupled with the fact that no one is likely testing/maintining this code likely means it has bugs lurking. All things considered I think 43 kernel releases later it's high time this remnant of the past got removed. This patch removes all code wrapped in #ifdefs but leaves the BUG_ONs in case we have a v0 with no support intact as a sort of safety-net. Signed-off-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit 4de426cd394e4de4d3039aff7d20724d7d988dcf Author: Chengguang Xu Date: Wed Jun 27 12:16:38 2018 +0800 btrfs: remove unnecessary curly braces in btrfs_get_acl It's only coding style fix not functinal change. When if/else has only one statement then the braces are not needed. Signed-off-by: Chengguang Xu Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit dc7789ef8785ea996ecf302a89415439ccf10faa Author: Chengguang Xu Date: Wed Jun 27 12:16:37 2018 +0800 btrfs: avoid error code override in btrfs_get_acl It's not good to override the error code when failing from btrfs_getxattr() in btrfs_get_acl() because it hides the real reason of the failure. Signed-off-by: Chengguang Xu Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit 5ee552da503961e6df785b8495bcfc98eb30eb2a Author: Chengguang Xu Date: Wed Jun 27 12:16:36 2018 +0800 btrfs: remove unnecessary -ERANGE check in btrfs_get_acl There is no chance to get into -ERANGE error condition because we first call btrfs_getxattr to get the length of the attribute, then we do a subsequent call with the size from the first call. Between the 2 calls the size shouldn't change. So remove the unnecessary -ERANGE error check. Signed-off-by: Chengguang Xu Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit 7e35eab958e30d15743b1f9928d15b559a6e432d Author: Chengguang Xu Date: Wed Jun 27 12:16:35 2018 +0800 btrfs: replace empty string with NULL when getting attribute length in btrfs_get_acl In btrfs_get_acl() the first call of btr_getxattr() is for getting the length of attribute, the value buffer is never used in this case. So it's better to replace empty string with NULL. Signed-off-by: Chengguang Xu Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit ab3629ed86ec43e7d95cf087d0b5a9d403fcd822 Author: Chengguang Xu Date: Wed Jun 27 12:16:34 2018 +0800 btrfs: return error instead of crash when detecting unexpected type in btrfs_get_acl The caller of btrfs_get_acl() checks error condition so there is no impact from this change. In practice there is no chance to get into default case of switch statement because VFS has already checked the type. Signed-off-by: Chengguang Xu Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit af431dcb249ffff20b16e08adaa4b624405a046b Author: Su Yue Date: Fri Jun 22 16:18:01 2018 +0800 btrfs: return EUCLEAN if extent_inline_ref type is invalid If type of extent_inline_ref found is not expected, filesystem may have been corrupted, should return EUCLEAN instead of EINVAL. Signed-off-by: Su Yue Reviewed-by: David Sterba Signed-off-by: David Sterba commit e4af400a9c5081e7d2b703e4c479cb9831cc1117 Author: Goldwyn Rodrigues Date: Sun Jun 17 12:39:47 2018 -0500 btrfs: Use iocb to derive pos instead of passing a separate parameter struct kiocb carries the ki_pos, so there is no need to pass it as a separate function parameter. generic_file_direct_write() increments ki_pos, so we now assign pos after the function. Signed-off-by: Goldwyn Rodrigues Reviewed-by: Misono Tomohiro [ rename to btrfs_buffered_write ] Signed-off-by: David Sterba commit 893bf4b115c713738df05bb557f8fba14f07c077 Author: Su Yue Date: Fri Jun 22 09:52:15 2018 +0800 btrfs: print more details when checking tree block finds a problem For easier debugging, print eb->start if level is invalid. Also make clear if bytenr found is not expected. Signed-off-by: Su Yue Reviewed-by: David Sterba Signed-off-by: David Sterba commit 7b4284de93c51b1d78699bf06bccee892699aa4e Author: Nikolay Borisov Date: Wed Jun 20 18:43:12 2018 +0300 btrfs: Streamline memory allocation failure handling in btrfs_add_delayed_tree_ref Currently the function uses 2 goto labels to properly handle allocation failures. This could be simplified by simply re-arranging the code so that allocations are the in the beginning of the function. This allows to use simple return statements. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Su Yue Signed-off-by: David Sterba commit 43794446548730ac8461be30bbe47d5d027d1d16 Author: Qu Wenruo Date: Fri Jun 22 12:35:00 2018 +0800 btrfs: Don't remove block group that still has pinned down bytes [BUG] Under certain KVM load and LTP tests, it is possible to hit the following calltrace if quota is enabled: BTRFS critical (device vda2): unable to find logical 8820195328 length 4096 BTRFS critical (device vda2): unable to find logical 8820195328 length 4096 WARNING: CPU: 0 PID: 49 at ../block/blk-core.c:172 blk_status_to_errno+0x1a/0x30 CPU: 0 PID: 49 Comm: kworker/u2:1 Not tainted 4.12.14-15-default #1 SLE15 (unreleased) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 Workqueue: btrfs-endio-write btrfs_endio_write_helper [btrfs] task: ffff9f827b340bc0 task.stack: ffffb4f8c0304000 RIP: 0010:blk_status_to_errno+0x1a/0x30 Call Trace: submit_extent_page+0x191/0x270 [btrfs] ? btrfs_create_repair_bio+0x130/0x130 [btrfs] __do_readpage+0x2d2/0x810 [btrfs] ? btrfs_create_repair_bio+0x130/0x130 [btrfs] ? run_one_async_done+0xc0/0xc0 [btrfs] __extent_read_full_page+0xe7/0x100 [btrfs] ? run_one_async_done+0xc0/0xc0 [btrfs] read_extent_buffer_pages+0x1ab/0x2d0 [btrfs] ? run_one_async_done+0xc0/0xc0 [btrfs] btree_read_extent_buffer_pages+0x94/0xf0 [btrfs] read_tree_block+0x31/0x60 [btrfs] read_block_for_search.isra.35+0xf0/0x2e0 [btrfs] btrfs_search_slot+0x46b/0xa00 [btrfs] ? kmem_cache_alloc+0x1a8/0x510 ? btrfs_get_token_32+0x5b/0x120 [btrfs] find_parent_nodes+0x11d/0xeb0 [btrfs] ? leaf_space_used+0xb8/0xd0 [btrfs] ? btrfs_leaf_free_space+0x49/0x90 [btrfs] ? btrfs_find_all_roots_safe+0x93/0x100 [btrfs] btrfs_find_all_roots_safe+0x93/0x100 [btrfs] btrfs_find_all_roots+0x45/0x60 [btrfs] btrfs_qgroup_trace_extent_post+0x20/0x40 [btrfs] btrfs_add_delayed_data_ref+0x1a3/0x1d0 [btrfs] btrfs_alloc_reserved_file_extent+0x38/0x40 [btrfs] insert_reserved_file_extent.constprop.71+0x289/0x2e0 [btrfs] btrfs_finish_ordered_io+0x2f4/0x7f0 [btrfs] ? pick_next_task_fair+0x2cd/0x530 ? __switch_to+0x92/0x4b0 btrfs_worker_helper+0x81/0x300 [btrfs] process_one_work+0x1da/0x3f0 worker_thread+0x2b/0x3f0 ? process_one_work+0x3f0/0x3f0 kthread+0x11a/0x130 ? kthread_create_on_node+0x40/0x40 ret_from_fork+0x35/0x40 BTRFS critical (device vda2): unable to find logical 8820195328 length 16384 BTRFS: error (device vda2) in btrfs_finish_ordered_io:3023: errno=-5 IO failure BTRFS info (device vda2): forced readonly BTRFS error (device vda2): pending csums is 2887680 [CAUSE] It's caused by race with block group auto removal: - There is a meta block group X, which has only one tree block The tree block belongs to fs tree 257. - In current transaction, some operation modified fs tree 257 The tree block gets COWed, so the block group X is empty, and marked as unused, queued to be deleted. - Some workload (like fsync) wakes up cleaner_kthread() Which will call btrfs_delete_unused_bgs() to remove unused block groups. So block group X along its chunk map get removed. - Some delalloc work finished for fs tree 257 Quota needs to get the original reference of the extent, which will read tree blocks of commit root of 257. Then since the chunk map gets removed, the above warning gets triggered. [FIX] Just let btrfs_delete_unused_bgs() skip block group which still has pinned bytes. However there is a minor side effect: currently we only queue empty blocks at update_block_group(), and such empty block group with pinned bytes won't go through update_block_group() again, such block group won't be removed, until it gets new extent allocated and removed. Signed-off-by: Qu Wenruo Reviewed-by: Filipe Manana Signed-off-by: David Sterba commit bc931c0ef8f9e21ed5732ea148aeea9d0fffd3f8 Author: Geert Uytterhoeven Date: Fri Jun 22 09:18:29 2018 +0200 btrfs: Refactor count handling in btrfs_unpin_free_ino With gcc 4.1.2: fs/btrfs/inode-map.c: In function ‘btrfs_unpin_free_ino’: fs/btrfs/inode-map.c:241: warning: ‘count’ may be used uninitialized in this function While this warning is a false-positive, it can easily be killed by refactoring the code. Signed-off-by: Geert Uytterhoeven Reviewed-by: David Sterba Signed-off-by: David Sterba commit d3c6be6fdab48dd26af3d3e01c5972ffe20985b9 Author: Arnd Bergmann Date: Thu Jun 21 18:04:06 2018 +0200 btrfs: use timespec64 for i_otime While the regular inode timestamps all use timespec64 now, the i_otime field is btrfs specific and still needs to be converted to correctly represent times beyond 2038. Signed-off-by: Arnd Bergmann Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit afd48513f0019a2048afed0d98904d3fec7e05dd Author: Arnd Bergmann Date: Thu Jun 21 18:04:05 2018 +0200 btrfs: use monotonic time for transaction handling The transaction times were changed to ktime_get_real_seconds to avoid the y2038 overflow, but they still have a minor problem when they go backwards or jump due to settimeofday() or leap seconds. This changes the transaction handling to instead use ktime_get_seconds(), which returns a CLOCK_MONOTONIC timestamp that has neither of those problems. Signed-off-by: Arnd Bergmann Reviewed-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit e41ca5897489b1c18af75ff0cc8f5c80260b3281 Author: Qu Wenruo Date: Wed Jun 6 15:41:49 2018 +0800 btrfs: Get rid of the confusing btrfs_file_extent_inline_len We used to call btrfs_file_extent_inline_len() to get the uncompressed data size of an inlined extent. However this function is hiding evil, for compressed extent, it has no choice but to directly read out ram_bytes from btrfs_file_extent_item. While for uncompressed extent, it uses item size to calculate the real data size, and ignoring ram_bytes completely. In fact, for corrupted ram_bytes, due to above behavior kernel btrfs_print_leaf() can't even print correct ram_bytes to expose the bug. Since we have the tree-checker to verify all EXTENT_DATA, such mismatch can be detected pretty easily, thus we can trust ram_bytes without the evil btrfs_file_extent_inline_len(). Signed-off-by: Qu Wenruo Reviewed-by: David Sterba Signed-off-by: David Sterba commit bc877d285ca3dba24c52406946a4a69847cc7422 Author: Nikolay Borisov Date: Mon Jun 18 14:13:19 2018 +0300 btrfs: Deduplicate extent_buffer init code When a new extent buffer is allocated there are a few mandatory fields which need to be set in order for the buffer to be sane: level, generation, bytenr, backref_rev, owner and FSID/UUID. Currently this is open coded in the callers of btrfs_alloc_tree_block, meaning it's fairly high in the abstraction hierarchy of operations. This patch solves this by simply moving this init code in btrfs_init_new_buffer, since this is the function which initializes a newly allocated extent buffer. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit 9912bbf6440ba0555e91d3306520da01872c7c1d Author: Qu Wenruo Date: Wed Jun 20 15:38:58 2018 +0800 btrfs: check-integrity: Fix NULL pointer dereference for degraded mount Commit f8f84b2dfda5 ("btrfs: index check-integrity state hash by a dev_t") changed how btrfsic indexes device state. Now we need to access device->bdev->bd_dev, while for degraded mount it's completely possible to have device->bdev as NULL, thus it will trigger a NULL pointer dereference at mount time. Fix it by checking if the device is degraded before accessing device->bdev->bd_dev. There are a lot of other places accessing device->bdev->bd_dev, however the other call sites have either checked device->bdev, or the device->bdev is passed from btrfsic_map_block(), so it won't cause harm. Fixes: f8f84b2dfda5 ("btrfs: index check-integrity state hash by a dev_t") Signed-off-by: Qu Wenruo Reviewed-by: David Sterba Signed-off-by: David Sterba commit 43a7e99db6788110fb2bd97bdad5aa5c0c004aff Author: Nikolay Borisov Date: Wed Jun 20 15:49:15 2018 +0300 btrfs: Remove fs_info from btrfs_force_chunk_alloc It can be referenced from the passed transaction handle. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit c83488afc5a772e424d8f159236bcf805b3c249c Author: Nikolay Borisov Date: Wed Jun 20 15:49:14 2018 +0300 btrfs: Remove fs_info from btrfs_inc_block_group_ro It can be referenced from the passed bg cache. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 61da2abfcad9c7e1a9c2f74ae7af8637d9fba36e Author: Nikolay Borisov Date: Wed Jun 20 15:49:13 2018 +0300 btrfs: Remove fs_info from btrfs_alloc_logged_file_extent It can be referenced from trans since the function is always called within a valid transaction. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 87cc7a8a2afbe806bb18ef440277c4f2e58224fa Author: Nikolay Borisov Date: Wed Jun 20 15:49:12 2018 +0300 btrfs: Remove fs_info from remove_extent_backref It can be referenced directly from the transaction handle since it's always valid. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 5fac7f9ee142a3f498137669931265bc7207135d Author: Nikolay Borisov Date: Wed Jun 20 15:49:11 2018 +0300 btrfs: Remove fs_info from run_one_delayed_ref It can be referenced from the passed transaction handle, since it's always valid. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit a639cdeba3486883be9f016c96d03bbb31063f11 Author: Nikolay Borisov Date: Wed Jun 20 15:49:10 2018 +0300 btrfs: Remove fs_info from insert_inline_extent_backref It can be referenced from the passed transaction handle, since it's always valid. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 3c4da6574e7749353be6d5e9f06d17388c241469 Author: Nikolay Borisov Date: Wed Jun 20 15:49:09 2018 +0300 btrfs: Remove fs_info from exclude_super_stripes It can be referenced from the passed block group. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 9e715da86001cdbb2d802f1ac8eb5e12c6eb0d08 Author: Nikolay Borisov Date: Wed Jun 20 15:49:08 2018 +0300 btrfs: Remove fs_info from free_excluded_extents It can be referenced from the passed block group. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 451a2c130342125ca44dbbf3b62521c3f0041cfb Author: Nikolay Borisov Date: Wed Jun 20 15:49:07 2018 +0300 btrfs: Remove fs_info from check_system_chunk It can be referenced from trans since the function is always called within a transaction. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit c216b2039aa06f9be23a9f385cb2d2f6434927d7 Author: Nikolay Borisov Date: Wed Jun 20 15:49:06 2018 +0300 btrfs: Remove fs_info from btrfs_alloc_chunk It can be referenced from trans since the function is always called within a transaction. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 01458828bb420d6a8f9aa09af2376caab71660b3 Author: Nikolay Borisov Date: Wed Jun 20 15:49:05 2018 +0300 btrfs: Remove fs_info from do_chunk_alloc This function is always called with a valid transaction handle from where fs_info can be referenced. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit f97806f2eefdd762304e078fdbb2f8b994942ea6 Author: Nikolay Borisov Date: Wed Jun 20 15:49:04 2018 +0300 btrfs: Remove fs_info from run_delayed_tree_ref It can always be referneced from the passed transaction handle since it's always valid. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit f9871eddd9cb1acff770e03344a4cf12c343546f Author: Nikolay Borisov Date: Wed Jun 20 15:49:03 2018 +0300 btrfs: Remove fs_info from cleanup_ref_head fs_info can be refenreced from the transaction handle, since it's always valid. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit c4d56d4a1688e9cb926fd4abb428e5a9c1f963b9 Author: Nikolay Borisov Date: Wed Jun 20 15:49:02 2018 +0300 btrfs: Remove unused fs_info from cleanup_extent_op The argument is no longer used so remove it. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 20b9a2d670fa9f06d9f682cc414f3d1cb0adf440 Author: Nikolay Borisov Date: Wed Jun 20 15:49:01 2018 +0300 btrfs: Remove fs_info from run_delayed_extent_op This function is always called with a valid transaction handle so fs_info can be referenced from there. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 2bf98ef35f7fd4b5222b0d82e3abd3a27eb49a50 Author: Nikolay Borisov Date: Wed Jun 20 15:49:00 2018 +0300 btrfs: Remove fs_info from run_delayed_data_ref This function is always called with a valid transaction from where fs_info can be referenced. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 2590d0f155c7c133b0c05048526ccc0a8dd5e9e4 Author: Nikolay Borisov Date: Wed Jun 20 15:48:59 2018 +0300 btrfs: Remove fs_info argument from __btrfs_inc_extent_ref This function already takes a transaction which holds a reference to the fs_info struct. Use that reference and remove the extra arg. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit ef89b8245bc77a29f31cad2dec5be5f50d3a7c2b Author: Nikolay Borisov Date: Wed Jun 20 15:48:58 2018 +0300 btrfs: Remove fs_info from alloc_reserved_file_extent fs_info can be referenced from the transaction handle, which is always valid. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit e72cb9235d26e5b7360a38a702e644a24d8975e6 Author: Nikolay Borisov Date: Wed Jun 20 15:48:57 2018 +0300 btrfs: Remove fs_info from __btrfs_free_extent This function is always called with a valid transaction handle so we can reference the fs_info from there. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 5a98ec0141805a0ff9adb18fd18834a906637f2f Author: Nikolay Borisov Date: Wed Jun 20 15:48:56 2018 +0300 btrfs: Remove fs_info from btrfs_remove_block_group This function is always called with a valid transaction handle from where we can reference fs_info. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit e7e02096d98388a003323c4223630d011ba1b382 Author: Nikolay Borisov Date: Wed Jun 20 15:48:55 2018 +0300 btrfs: Remove fs_info from btrfs_make_block_group This function is always called with a valid transaction handle from where we can reference the fs_info. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 88a979c615d0d9da19498b3b7692e725fb2f387e Author: Nikolay Borisov Date: Wed Jun 20 15:48:54 2018 +0300 btrfs: Remove fs_info from btrfs_add_delayed_data_ref This function is always called with a valid transaction handle from where fs_info can be referenced. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 44e1c47d5c3f31a9f5c883834eb9e29d0b165ea8 Author: Nikolay Borisov Date: Wed Jun 20 15:48:53 2018 +0300 btrfs: Remove fs_info from btrfs_add_delayed_tree_ref This function is always called with a valid transaction handle from where fs_info can be referenced. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit fbe4801b26c3ca4192e679f04c0cf0dda32a6cda Author: Nikolay Borisov Date: Wed Jun 20 15:48:52 2018 +0300 btrfs: Remove fs_info from lookup_extent_backref This argument is unused. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit bd1d53ef358d584a0aa9dbd304c807fcc5e3dd5f Author: Nikolay Borisov Date: Wed Jun 20 15:48:51 2018 +0300 btrfs: Remove fs_info argument from lookup_extent_data_ref This function is always called with a valid transaction handle from where fs_info can be referenced. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit b8582eeabb727f24ad0f128141558e4eb0928aec Author: Nikolay Borisov Date: Wed Jun 20 15:48:50 2018 +0300 btrfs: Remove fs_info argument from lookup_tree_block_ref This function is always called with a valid transaction handle from where the fs_info can be referenced. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 61a18f1c66636c3226598719935eca06e81976ca Author: Nikolay Borisov Date: Wed Jun 20 15:48:49 2018 +0300 btrfs: Remove fs_info argument from update_inline_extent_backref This function always uses the leaf's extent_buffer which already contains a reference to the fs_info. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 867cc1fbebea7029ee5f95ea7e54f927ef7972b6 Author: Nikolay Borisov Date: Wed Jun 20 15:48:48 2018 +0300 btrfs: Remove fs_info from lookup_inline_extent_backref This function is always called with a valid transaction handle from where the fs_info can be referenced. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit b167fa9152015c91fef9489d059e9dd80d1032fd Author: Nikolay Borisov Date: Wed Jun 20 15:48:47 2018 +0300 btrfs: Remove fs_info from fixup_low_keys This argument is unused. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit e9f6290d593a8b2f6a3cf90e4ffd446ca25faea9 Author: Nikolay Borisov Date: Wed Jun 20 15:48:46 2018 +0300 btrfs: Remove fs_info from remove_extent_data_ref This function is always called with a valid transaction from where the fs_info can be referenced. No functional change. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 375934105c97476f88eefe5f836808dd0cfc3eeb Author: Nikolay Borisov Date: Wed Jun 20 15:48:45 2018 +0300 btrfs: Remove fs_info argument from insert_extent_backref This function is always called with a valid transaction handle from where fs_info can be referenced. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 62b895af4022017c11855087801b0575a442ccc6 Author: Nikolay Borisov Date: Wed Jun 20 15:48:44 2018 +0300 btrfs: Remove fs_info from insert_extent_data_ref This function is always called with a valid transaction handle from where fs_info can be referenced. So remove the redundant argument. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 10728404c6f64a570f5be95cd5b237c69d94d818 Author: Nikolay Borisov Date: Wed Jun 20 15:48:43 2018 +0300 btrfs: Remove fs_info from insert_tree_block_ref This function is always called with a valid transaction so there is no need to duplicate the fs_info, we can reference it directly from the trans handle. No functional changes. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit edf57cbf2b030781885e339f32e35a470d2f8eba Author: Bart Van Assche Date: Wed Jun 20 10:03:33 2018 -0700 btrfs: Fix a C compliance issue The C programming language does not allow to use preprocessor statements inside macro arguments (pr_info() is defined as a macro). Hence rework the pr_info() statement in btrfs_print_mod_info() such that it becomes compliant. This patch allows tools like sparse to analyze the BTRFS source code. Fixes: 62e855771dac ("btrfs: convert printk(KERN_* to use pr_* calls") Signed-off-by: Bart Van Assche Reviewed-by: David Sterba Signed-off-by: David Sterba commit acd43e3cdffcb2e361e8b481c72e057d34fcd780 Author: Bart Van Assche Date: Wed Jun 20 10:03:32 2018 -0700 btrfs: Annotate fall-through when parsing mount option This patch avoids that the compiler complains that a fall-through annotation is missing when building with W=1. Signed-off-by: Bart Van Assche Signed-off-by: David Sterba commit bece2e8239331d382f98b381f90e425a11157653 Author: Bart Van Assche Date: Wed Jun 20 10:03:31 2018 -0700 btrfs: Fix misleading indentation reported by smatch This patch avoids that building the BTRFS source code with smatch triggers complaints about inconsistent indenting. Signed-off-by: Bart Van Assche Signed-off-by: David Sterba commit a9ecb653b0ac9ed95671aa494015bbb705bf3eae Author: Nikolay Borisov Date: Wed Jun 20 17:26:42 2018 +0300 btrfs: Streamline log_extent_csums a bit Currently this function takes the root as an argument only to get the log_root from it. Simplify this by directly passing the log root from the caller. Also eliminate the fs_info local variable, since it's used only once, so directly reference it from the transaction handle. Signed-off-by: Nikolay Borisov Reviewed-by: David Sterba Signed-off-by: David Sterba commit ca5788aba3e8153da38cf99ca3ce2294f032fb51 Author: David Sterba Date: Thu Jul 19 15:27:46 2018 +0200 btrfs: remove remaing full_sync logic from btrfs_sync_file The logic to check if the inode is already in the log can now be simplified since we always wait for the ordered extents to complete before deciding whether the inode needs to be logged. The big comment about it can go away too. CC: Filipe Manana Suggested-by: Filipe Manana [ code and changelog copied from mail discussion ] Signed-off-by: David Sterba commit 5636cf7d6dc86f47fd66757dae088e35014da464 Author: Josef Bacik Date: Wed May 23 11:58:36 2018 -0400 btrfs: remove the logged extents infrastructure This is no longer used anywhere, remove all of it. Signed-off-by: Josef Bacik Reviewed-by: Filipe Manana Signed-off-by: David Sterba commit a2120a473a80905e0275df9b0427fa7fa1187b72 Author: Josef Bacik Date: Wed May 23 11:58:35 2018 -0400 btrfs: clean up the left over logged_list usage We no longer use this list we've passed around so remove it everywhere. Also remove the extra checks for ordered/filemap errors as this is handled higher up now that we're waiting on ordered_extents before getting to the tree log code. Signed-off-by: Josef Bacik Reviewed-by: Filipe Manana Signed-off-by: David Sterba commit e7175a692765940f3ac3f0c005b9a766a59303d7 Author: Josef Bacik Date: Wed May 23 11:58:34 2018 -0400 btrfs: remove the wait ordered logic in the log_one_extent path Since we are waiting on all ordered extents at the start of the fsync() path we don't need to wait on any logged ordered extents, and we don't need to look up the checksums on the ordered extents as they will already be on disk prior to getting here. Rework this so we're only looking up and copying the on-disk checksums for the extent range we care about. Signed-off-by: Josef Bacik Reviewed-by: Filipe Manana Signed-off-by: David Sterba commit b5e6c3e170b77025b5f6174258c7ad71eed2d4de Author: Josef Bacik Date: Wed May 23 11:58:33 2018 -0400 btrfs: always wait on ordered extents at fsync time There's a priority inversion that exists currently with btrfs fsync. In some cases we will collect outstanding ordered extents onto a list and only wait on them at the very last second. However this "very last second" falls inside of a transaction handle, so if we are in a lower priority cgroup we can end up holding the transaction open for longer than needed, so if a high priority cgroup is also trying to fsync() it'll see latency. Signed-off-by: Josef Bacik Reviewed-by: Filipe Manana Signed-off-by: David Sterba commit 16d1c062c7de2999ea7be61d31070fa4ce3d99c4 Author: Nikolay Borisov Date: Mon Jun 18 14:59:26 2018 +0300 btrfs: Fix comment in lookup_inline_extent_backref The comment wrongfully states that the owner parameter is the level of the parent block. In fact owner is the level of the current block and by adding 1 to it we can eventually get to the parent/root. Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba commit bd3c685ed9fd3763615a51a70e19ff08a456e3e1 Author: Nikolay Borisov Date: Mon Jun 18 14:59:25 2018 +0300 btrfs: Document __btrfs_inc_extent_ref Here is a doc-only patch which tires to deobfuscate the terra-incognita that arguments for delayed refs are. Signed-off-by: Nikolay Borisov Reviewed-by: Qu Wenruo Signed-off-by: David Sterba commit 9bebe665c3e4f4af30add8602217938d8c17ee23 Author: Qu Wenruo Date: Wed Jun 6 13:13:12 2018 +0800 btrfs: scrub: Remove unused copy_nocow_pages and its callchain Since commit ac0b4145d662a3b9e340 ("btrfs: scrub: Don't use inode pages for device replace") the function is not used and we can remove all functions down the call chain. There was an optimization that reused inode pages to speed up device replace, but broke when there was nodatasum and compressed page. The potential performance gain is small so we don't loose much by removing it and using scrub_pages same as the other pages. Signed-off-by: Qu Wenruo [ update changelog ] Signed-off-by: David Sterba commit a944442c2b8a420301e7830f976bab8cc86a2b4d Author: Allen Pais Date: Tue Jun 12 17:18:25 2018 +0530 btrfs: replace get_seconds with new 64bit time API The get_seconds() function is deprecated as it truncates the timestamp to 32 bits. Change it to or ktime_get_real_seconds(). Signed-off-by: Allen Pais Reviewed-by: David Sterba [ update changelog ] Signed-off-by: David Sterba commit be36abb71d878f3320412a84e6bbec8dd796010c Author: Quentin Schulz Date: Wed Jul 25 14:26:21 2018 +0200 pinctrl: ocelot: add support for interrupt controller This GPIO controller can serve as an interrupt controller as well on the GPIOs it handles. An interrupt is generated whenever a GPIO line changes and the interrupt for this GPIO line is enabled. This means that both the changes from low to high and high to low generate an interrupt. For some use cases, it makes sense to ignore the high to low change and not generate an interrupt. Such a use case is a line that is hold in a level high/low manner until the event holding the line gets acked. This can be achieved by making sure the interrupt on the GPIO controller side gets acked and masked only after the line gets hold in its default state, this is what's done with the fasteoi functions. Only IRQ_TYPE_EDGE_BOTH and IRQ_TYPE_LEVEL_HIGH are supported for now. Signed-off-by: Quentin Schulz Signed-off-by: Linus Walleij commit 9e90c7985229430428dc9ba0ec7fe422901b456d Merge: 4f7799d96e66 a8db74564b0c Author: Thomas Gleixner Date: Mon Aug 6 12:45:42 2018 +0200 Merge tag 'irqchip-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/core Pull irqchip updates from Marc Zyngier: - GICv3 ITS LPI allocation revamp - GICv3 support for hypervisor-enforced LPI range - GICv3 ITS conversion to raw spinlock commit 34dbc9c6584d28d307690e13af882d159562581f Author: Christoph Hellwig Date: Sat Aug 4 12:14:02 2018 +0200 PCI/xilinx: Depend on OF instead of the ARCH There isn't a hard dependency of the Xilinx AXI-PCIe host bridge on any architecture. For example: at SiFive we map RISC-V cores to Xilinx FPGAs and connect the Xilinx IP via a TileLink adapter, so the RISC-V Linux port will need to be able to enable PCIE_XILINX in order to have PCIe support. This patch decouples the PCIE_XILINX support from ARCH. Instead it just depends on OF, which is the only true dependency. Signed-off-by: Palmer Dabbelt [hch: switch to OF instead of OF_PCI now that the latter is gone] Signed-off-by: Christoph Hellwig [lorenzo.pieralisi@arm.com: trimmed the commit log] Signed-off-by: Lorenzo Pieralisi commit 55f2503c3b69328735e88031ff8d6ba291bd952b Author: Pingfan Liu Date: Tue Jul 31 16:51:32 2018 +0800 PM / reboot: Eliminate race between reboot and suspend At present, "systemctl suspend" and "shutdown" can run in parrallel. A system can suspend after devices_shutdown(), and resume. Then the shutdown task goes on to power off. This causes many devices are not really shut off. Hence replacing reboot_mutex with system_transition_mutex (renamed from pm_mutex) to achieve the exclusion. The renaming of pm_mutex as system_transition_mutex can be better to reflect the purpose of the mutex. Signed-off-by: Pingfan Liu Acked-by: Pavel Machek Signed-off-by: Rafael J. Wysocki commit 33c740411adad674b31444787a9b4e46c193ab67 Merge: 981467033a37 1bb38e8bb81e Author: Kalle Valo Date: Mon Aug 6 12:34:43 2018 +0300 Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git ath.git patches for 4.19. Major changes: ath10k * add debugfs file warm_hw_reset wil6210 * add debugfs files tx_latency, link_stats and link_stats_global * add 3-MSI support * allow scan on AP interface * support max aggregation window size 64 commit be10d5d1c2d15252624e965202508f30a218a46a Author: Alexander Aring Date: Sat Jul 14 12:33:06 2018 -0400 ieee802154: fakelb: add deprecated msg while probe Since mac802154_hwsim the fakelb driver will get deprecated. This patch will notifier all users of fakelb to switch to the new mac802154_hwsim driver. Signed-off-by: Alexander Aring Signed-off-by: Stefan Schmidt commit f25da51fdc381ca2863248c7060b3662632f0872 Author: Alexander Aring Date: Sat Jul 14 12:33:05 2018 -0400 ieee802154: hwsim: add replacement for fakelb This patch adds a new virtual driver mac802154_hwsim which is based on the fakelb driver. The fakelb driver will get deprecated and hopefully removed someday. The main reason for doing this step is to rename the driver to mac802154_hwsim to have a similar naming scheme as mac80211_hwsim, which is more popular in the 802.11 wireless word and the idea is the same behind this driver. The new features of this driver are to have knowledge about connected edges, which can be changed during runtime. This offers a testing environment for routing protocols e.g. RPL. The default behaviour is still as fakelb: two radios connected to each other. New added radios during runtime will not be connected to other wpan_hwsim instances. The netlink api is not namespace aware on purpose, only the registered wpan_phy's can be moved to namespaces. The physical layer according to wiresless "air" communication can be handled across namespaces. Furthermore the edges can be weighted with the LQI value according IEEE 802.15.4 which offers additional handling to mark bad or good connection indicators to other connected virtual phys. Signed-off-by: Alexander Aring Signed-off-by: Stefan Schmidt commit 4e54acb2022099e41231271b5a8ec58ca8ac2d86 Author: Colin Ian King Date: Tue Jul 31 16:45:07 2018 +0100 net: ieee802154: 6lowpan: remove redundant pointers 'fq' and 'net' Pointers fq and net are being assigned but are never used hence they are redundant and can be removed. Cleans up clang warnings: warning: variable 'fq' set but not used [-Wunused-but-set-variable] warning: variable 'net' set but not used [-Wunused-but-set-variable] Signed-off-by: Colin Ian King Signed-off-by: Stefan Schmidt commit f9c52831133050c6b82aa8b6831c92da2bbf2a0b Author: Alexander Aring Date: Mon Jul 2 16:32:03 2018 -0400 net: mac802154: tx: expand tailroom if necessary This patch is necessary if case of AF_PACKET or other socket interface which I am aware of it and didn't allocated the necessary room. Reported-by: David Palma Reported-by: Rabi Narayan Sahoo Cc: stable@vger.kernel.org Signed-off-by: Alexander Aring Signed-off-by: Stefan Schmidt commit ac74f87c789af40936a80131c4759f3e72579c3a Author: Alexander Aring Date: Sat Jul 14 12:52:10 2018 -0400 net: 6lowpan: fix reserved space for single frames This patch fixes patch add handling to take care tail and headroom for single 6lowpan frames. We need to be sure we have a skb with the right head and tailroom for single frames. This patch do it by using skb_copy_expand() if head and tailroom is not enough allocated by upper layer. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=195059 Reported-by: David Palma Reported-by: Rabi Narayan Sahoo Cc: stable@vger.kernel.org Signed-off-by: Alexander Aring Signed-off-by: Stefan Schmidt commit 82837ad5bda79cd13d64b9abad92e7872a06bc65 Author: Gustavo A. R. Silva Date: Sat Aug 4 21:12:00 2018 -0500 PM / hibernate: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. This addresses Coverity-ID: 114713 ("Missing break in switch"). Signed-off-by: Gustavo A. R. Silva Acked-by: Pavel Machek Signed-off-by: Rafael J. Wysocki commit e8693bcfa0b4a56268946f0756153d942cb66cf7 Author: Christoph Hellwig Date: Mon Jul 16 12:25:17 2018 +0200 aio: allow direct aio poll comletions for keyed wakeups If we get a keyed wakeup for a aio poll waitqueue and wake can acquire the ctx_lock without spinning we can just complete the iocb straight from the wakeup callback to avoid a context switch. Signed-off-by: Christoph Hellwig Tested-by: Avi Kivity commit bfe4037e722ec672c9dafd5730d9132afeeb76e9 Author: Christoph Hellwig Date: Mon Jul 16 09:08:20 2018 +0200 aio: implement IOCB_CMD_POLL Simple one-shot poll through the io_submit() interface. To poll for a file descriptor the application should submit an iocb of type IOCB_CMD_POLL. It will poll the fd for the events specified in the the first 32 bits of the aio_buf field of the iocb. Unlike poll or epoll without EPOLLONESHOT this interface always works in one shot mode, that is once the iocb is completed, it will have to be resubmitted. Signed-off-by: Christoph Hellwig Tested-by: Avi Kivity commit 9018ccc453af063d16b3b6b5dfa2ad0635390371 Author: Christoph Hellwig Date: Tue Jul 24 11:36:37 2018 +0200 aio: add a iocb refcount This is needed to prevent races caused by the way the ->poll API works. To avoid introducing overhead for other users of the iocbs we initialize it to zero and only do refcount operations if it is non-zero in the completion path. Signed-off-by: Christoph Hellwig Tested-by: Avi Kivity commit 7dda712818373d4d8ecc5dca2293664fcd3b0158 Author: Christoph Hellwig Date: Mon Jul 16 12:25:50 2018 +0200 timerfd: add support for keyed wakeups This prepares timerfd for use with aio poll. Signed-off-by: Christoph Hellwig Tested-by: Avi Kivity commit d3264f752a1aedac98aa90e50853df149d1346f2 Author: Srinivas Pandruvada Date: Wed Aug 1 17:26:06 2018 -0700 cpufreq: intel_pstate: Ignore turbo active ratio in HWP When HWP is active turbo active ratio is not used, so we should allow policy max frequency above turbo activation ratio to be set. When HWP is not active, then any policy max frequency above turbo activation ratio can result upto max one-core turbo frequency. This fix helps better thermal control in turbo region when other methods like "Running Average Power Limit" is not available to use. Signed-off-by: Srinivas Pandruvada Signed-off-by: Rafael J. Wysocki commit a8db74564b0c634667e1722264bde303d296f566 Author: Sebastian Andrzej Siewior Date: Wed Jul 18 17:42:04 2018 +0200 irqchip/gic-v3-its: Make its_lock a raw_spin_lock_t The its_lock lock is held while a new device is added to the list and during setup while the CPU is booted. Even on -RT the CPU-bootup is performed with disabled interrupts. Make its_lock a raw_spin_lock_t. Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Marc Zyngier commit b047c62e24418b9f62b721be017ec5c0364166a5 Author: Aaron Ma Date: Tue Jul 31 18:52:39 2018 +0800 ACPI / EC: Use ec_no_wakeup on ThinkPad X1 Yoga 3rd Like on X1C6, on X1Y3 EC interrupts constantly wake up system from s2idle, the power consumption is extremely high. So make ec_no_wakeup be true as default to keep system in s2idle mode and reduce power consumption. Power button works when ec_no_wakeup=true. Signed-off-by: Aaron Ma Signed-off-by: Rafael J. Wysocki commit 6ccbe1dcdd17c9b76cc9f63e2dc600b381cb2378 Merge: 01e61a42a5d3 5a4c996764da Author: Rafael J. Wysocki Date: Mon Aug 6 10:09:52 2018 +0200 Merge back cpufreq changes for 4.19. commit 398404d8372ce0428abc49d059487e3f83d45249 Merge: 460a53106ac3 2a61e9f60b2b Author: Rafael J. Wysocki Date: Mon Aug 6 10:09:02 2018 +0200 Merge back ACPICA material for 4.19. commit 627661ced8246c8e833f3bc3817070e934cd79ba Author: Takashi Sakamoto Date: Mon Aug 6 16:14:06 2018 +0900 ALSA: dice: fix wrong copy to rx parameters for Alesis iO26 A commit 28b208f600a3 ('ALSA: dice: add parameters of stream formats for models produced by Alesis') adds wrong copy to rx parameters instead of tx parameters for Alesis iO26. This commit fixes the bug for v4.18-rc8. Fixes: 28b208f600a3 ('ALSA: dice: add parameters of stream formats for models produced by Alesis') Signed-off-by: Takashi Sakamoto Cc: # v4.18 Signed-off-by: Takashi Iwai commit ef0075280cfe09ef076ce1b85f0a2294c5ed86f3 Author: Gustavo A. R. Silva Date: Sat Aug 4 15:13:26 2018 -0500 ALSA: echoaudio: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 115156 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Takashi Iwai commit 9d5a289a86a15a1a4248022f9338517f7e62832b Author: Gustavo A. R. Silva Date: Sat Aug 4 15:12:09 2018 -0500 ALSA: emu10k1: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Notice that in this particular case, I replaced the code comment with a proper "fall through" annotation, which is what GCC is expecting to find. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Takashi Iwai commit ac69c2f578bf51a3804c5e96467571ea5be0e882 Author: Gustavo A. R. Silva Date: Sat Aug 4 15:11:03 2018 -0500 ALSA: mixart: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Takashi Iwai commit a30461080366214b690a367225a48c95d7a6a189 Merge: 811e299f4645 981467033a37 Author: Stefan Schmidt Date: Mon Aug 6 09:04:48 2018 +0200 Merge remote-tracking branch 'net-next/master' commit aa1221b2584f06066d1e6b22ef7950fb12d94864 Author: Benjamin Herrenschmidt Date: Mon Aug 6 12:22:37 2018 +1000 fsi: scom: Fix NULL dereference The chardev conversion forgot to copy the fsi_dev, silly mistake, compounded by a testing mistake on my side, this specific driver wasn't being tested properly. Fixes: d8f4587655f9 "fsi: scom: Convert to use the new chardev" Signed-off-by: Benjamin Herrenschmidt commit f10fe9d85dc0802b54519c917716e6f0092b4ce7 Author: Matias Bjørling Date: Sun Aug 5 08:25:19 2018 -0600 lightnvm: remove minor version check for 2.0 A minor version number increase should not break backwards compatibility. Fixes: 3cb98f84d368b ("lightnvm: add minor version to generic geometry") Reviewed-by: Javier González Signed-off-by: Matias Bjørling Signed-off-by: Jens Axboe commit f87b0f0dfa5496fc4a701c071fa3ce7ad7ca5152 Merge: 05b9ba4b550f b369b30cf510 Author: Jens Axboe Date: Sun Aug 5 19:34:09 2018 -0600 Merge branch 'nvme-4.19' of git://git.infradead.org/nvme into for-4.19/block2 Pull NVMe changes from Christoph: "This contains the support for TP4004, Asymmetric Namespace Access, which makes NVMe multipathing usable in practice." * 'nvme-4.19' of git://git.infradead.org/nvme: nvmet: use Retain Async Event bit to clear AEN nvmet: support configuring ANA groups nvmet: add minimal ANA support nvmet: track and limit the number of namespaces per subsystem nvmet: keep a port pointer in nvmet_ctrl nvme: add ANA support nvme: remove nvme_req_needs_failover nvme: simplify the API for getting log pages nvme.h: add ANA definitions nvme.h: add support for the log specific field Signed-off-by: Jens Axboe commit 05b9ba4b550ff67d7362608828405f9e389e8988 Merge: 704f83928c8e d72e90f33aa4 Author: Jens Axboe Date: Sun Aug 5 19:32:09 2018 -0600 Merge tag 'v4.18-rc6' into for-4.19/block2 Pull in 4.18-rc6 to get the NVMe core AEN change to avoid a merge conflict down the line. Signed-of-by: Jens Axboe commit 981467033a37d916649647fa3afe1fe99bba1817 Author: Vlad Buslov Date: Sun Aug 5 22:37:09 2018 +0300 tc-testing: remove duplicate spaces in skbedit match patterns Match patterns for some skbedit tests contain duplicate whitespace that is not present in actual tc output. This causes tests to fail because they can't match required action, even when it was successfully created. Signed-off-by: Vlad Buslov Acked-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 757a9a39d483ae415a712388c33d4042a98b751f Author: Vlad Buslov Date: Sun Aug 5 22:36:44 2018 +0300 tc-testing: remove duplicate spaces in connmark match patterns Match patterns for some connmark tests contain duplicate whitespace that is not present in actual tc output. This causes tests to fail because they can't match required action, even when it was successfully created. Fixes: 1dad0f9ffff7 ("tc-testing: add connmark action tests") Signed-off-by: Vlad Buslov Acked-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 0c62f8a820b7fdeacf5ad9f9e24b53043d372c97 Author: Vlad Buslov Date: Sun Aug 5 22:36:25 2018 +0300 tc-testing: flush gact actions on test teardown Test 6fb4 creates one mirred and one pipe action, but only flushes mirred on teardown. Leaking pipe action causes failures in other tests. Add additional teardown command to also flush gact actions. Signed-off-by: Vlad Buslov Acked-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 64f61cddf1934277e9fbb77d3d67308ffbfd4fa3 Author: Vlad Buslov Date: Sun Aug 5 22:35:56 2018 +0300 tc-testing: fix ip address in u32 test Fix expected ip address to actually match configured ip address. Fix test to expect single matched filter. Signed-off-by: Vlad Buslov Acked-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit b9a7f2ee569296656a3debdabf3c5473a3923f8a Merge: 6277547f33ec e800a333135b Author: David S. Miller Date: Sun Aug 5 17:36:01 2018 -0700 Merge tag 'wireless-drivers-next-for-davem-2018-08-05' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next Kalle Valo says: ==================== wireless-drivers-next patches for 4.19 This time a bigger pull request as we have two new Mediatek drivers MT76x2u (CONFIG_MT76x2U) and MT76x0U (CONFIG_MT76x0U). Also iwlwifi got support for the new IEEE 802.11ax standard, the successor for 802.11ac. And naturally smaller new features and bugfixes all over. Major changes: wcn36xx * fix WEP in client mode wil6210 * add support for Talyn-MB (Talyn ver 2.0) device * add support for enhanced DMA firmware feature iwlwifi * implement 802.11ax D2.0 * support for the new 22560 device family * new PCI IDs for 22000 and 22560 qtnfmac * implement cfg80211 power management callback * enable multiple SSIDs scan support * qtnfmac: implement basic WoWLAN support mt7601u * fall back to software encryption for hw unsupported ciphers * enable 802.11 Management Frame Protection (MFP) mt76 * support setting RTS threshold * add USB support * add support for MT76x2u devices * add support for MT76x0U devices mwifiex * allow user space to set all other IEs except WMM IE rsi * add firmware support for AP+BT dual mode ==================== Signed-off-by: David S. Miller commit 6277547f33ecd6beaca373cb0858df69706e466a Merge: add0decc46a0 6c3711ec64fd Author: David S. Miller Date: Sun Aug 5 17:29:27 2018 -0700 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next Johan Hedberg says: ==================== pull request: bluetooth-next 2018-08-05 Here's the main bluetooth-next pull request for the 4.19 kernel. - Added support for Bluetooth Advertising Extensions - Added vendor driver support to hci_h5 HCI driver - Added serdev support to hci_h5 driver - Added support for Qualcomm wcn3990 controller - Added support for RTL8723BS and RTL8723DS controllers - btusb: Added new ID for Realtek 8723DE - Several other smaller fixes & cleanups Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller commit add0decc46a061069a9f9fd90eff95e590339039 Merge: b633d4405bb2 7b8195306694 Author: David S. Miller Date: Sun Aug 5 17:28:22 2018 -0700 Merge branch 'mlxsw-Enable-MC-aware-mode-for-mlxsw-ports' Ido Schimmel says: ==================== mlxsw: Enable MC-aware mode for mlxsw ports Petr says: Due to an issue in Spectrum chips, when unicast traffic shares the same queue as BUM traffic, and there is a congestion, the BUM traffic is admitted to the queue anyway, thus pushing out all UC traffic. In order to give unicast traffic precedence over BUM traffic, configure multicast-aware mode on all ports. Under multicast-aware regime, when assigning traffic class to a packet, the switch doesn't merely take the value prescribed by the QTCT register. For BUM traffic, it instead assigns that value plus 8. That limits the number of available TCs, but since mlxsw currently only uses the lower eight anyway, it is no real loss. The two TCs (UC and MC one) are then mapped to the same subgroup and strictly prioritized so that UC traffic is preferred in case of congestion. In patch #1, introduce a new register, QTCTM, which enables the multicast-aware mode. In patch #2, fix a typo in related code. In patch #3, set up TCs and QTCTM to enable multicast-aware mode. ==================== Signed-off-by: David S. Miller commit 7b819530669458c3af6d44edfc9cb34958492bca Author: Petr Machata Date: Sun Aug 5 09:03:08 2018 +0300 mlxsw: spectrum: Configure MC-aware mode on mlxsw ports In order to give unicast traffic precedence over BUM traffic, configure multicast-aware mode on all ports. Under multicast-aware regime, when assigning traffic class to a packet, the switch doesn't merely take the value prescribed by the QTCT register. For BUM traffic, it instead assigns that value plus 8. ETS elements for TCs 8..15 thus need to be configured as well. Extend mlxsw_sp_port_ets_init() so that it maps each of them to the same subgroup as their corresponding TC from the range 0..7, such that TCs X and X+8 map to the same subgroup. The existing code configures TCs with strict priority. So far this was immaterial, because each TC had its own subgroup. Now that two TCs share a subgroup it becomes important. TCs are prioritized in order of 7, 6, ..., 0, 15, 14, ..., 8: the higher TCs used for BUM traffic end up being deprioritized. Since that's what's needed, keep that configuration as it is, and configure the new TCs likewise. Finally in mlxsw_sp_port_create(), invoke configuration of QTCTM to enable MC-aware mode on each port. Signed-off-by: Petr Machata Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit d0a07d6ada004ddaf010888a66d72ef606336bf4 Author: Petr Machata Date: Sun Aug 5 09:03:07 2018 +0300 mlxsw: spectrum: Fix a typo Signed-off-by: Petr Machata Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit 671ae8af05d58a74e58c39a7243836ec836baf2d Author: Petr Machata Date: Sun Aug 5 09:03:06 2018 +0300 mlxsw: reg: Add QoS Switch Traffic Class Table is Multicast-Aware Register This register configures if the Switch Priority to Traffic Class mapping is based on Multicast packet indication. If so, then multicast packets will get a Traffic Class that is plus (cap_max_tclass_data/2) the value configured by QTCT. Signed-off-by: Petr Machata Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit b633d4405bb276518812fbc20a5c61ce4cef25ae Author: Gustavo A. R. Silva Date: Sat Aug 4 21:42:05 2018 -0500 virtio-net: mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1402059 ("Missing break in switch") Addresses-Coverity-ID: 1402060 ("Missing break in switch") Addresses-Coverity-ID: 1402061 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 1cbc36a53b60d43daa686280385b1ddbe51d5809 Author: Dan Carpenter Date: Fri Aug 3 22:27:55 2018 +0300 net: sched: cls_flower: Fix an error code in fl_tmplt_create() We forgot to set the error code on this path, so we return NULL instead of an error pointer. In the current code kzalloc() won't fail for small allocations so this doesn't really affect runtime. Fixes: b95ec7eb3b4d ("net: sched: cls_flower: implement chain templates") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller commit a6bcfc89694ed8cb482a82cdc8b93aae63a8b691 Author: Li RongQing Date: Fri Aug 3 15:45:21 2018 +0800 net: check extack._msg before print dev_set_mtu_ext is able to fail with a valid mtu value, at that condition, extack._msg is not set and random since it is in stack, then kernel will crash when print it. Fixes: 7a4c53bee3324a ("net: report invalid mtu value via netlink extack") Signed-off-by: Zhang Yu Signed-off-by: Li RongQing Signed-off-by: David S. Miller commit 0ed4229b08c13c84a3c301a08defdc9e7f4467e6 Author: Florian Westphal Date: Fri Aug 3 02:22:20 2018 +0200 ipv6: defrag: drop non-last frags smaller than min mtu don't bother with pathological cases, they only waste cycles. IPv6 requires a minimum MTU of 1280 so we should never see fragments smaller than this (except last frag). v3: don't use awkward "-offset + len" v2: drop IPv4 part, which added same check w. IPV4_MIN_MTU (68). There were concerns that there could be even smaller frags generated by intermediate nodes, e.g. on radio networks. Cc: Peter Oskolkov Cc: Eric Dumazet Signed-off-by: Florian Westphal Signed-off-by: David S. Miller commit c30f1fc041b74ecdb072dd44f858750414b8b19f Merge: cfb4099fb4c1 fa0f527358bd Author: David S. Miller Date: Sun Aug 5 17:16:46 2018 -0700 Merge branch 'ip-Use-rb-trees-for-IP-frag-queue' Peter Oskolkov says: ==================== ip: Use rb trees for IP frag queue. This patchset * changes IPv4 defrag behavior to match that of IPv6: overlapping fragments now cause the whole IP datagram to be discarded (suggested by David Miller): there are no legitimate use cases for overlapping fragments; * changes IPv4 defrag queue from a list to a rb tree (suggested by Eric Dumazet): this change removes a potential attach vector. Upcoming patches will contain similar changes for IPv6 frag queue, as well as a comprehensive IP defrag self-test (temporarily delayed). ==================== Signed-off-by: David S. Miller commit fa0f527358bd900ef92f925878ed6bfbd51305cc Author: Peter Oskolkov Date: Thu Aug 2 23:34:39 2018 +0000 ip: use rb trees for IP frag queue. Similar to TCP OOO RX queue, it makes sense to use rb trees to store IP fragments, so that OOO fragments are inserted faster. Tested: - a follow-up patch contains a rather comprehensive ip defrag self-test (functional) - ran neper `udp_stream -c -H -F 100 -l 300 -T 20`: netstat --statistics Ip: 282078937 total packets received 0 forwarded 0 incoming packets discarded 946760 incoming packets delivered 18743456 requests sent out 101 fragments dropped after timeout 282077129 reassemblies required 944952 packets reassembled ok 262734239 packet reassembles failed (The numbers/stats above are somewhat better re: reassemblies vs a kernel without this patchset. More comprehensive performance testing TBD). Reported-by: Jann Horn Reported-by: Juha-Matti Tilli Suggested-by: Eric Dumazet Signed-off-by: Peter Oskolkov Signed-off-by: Eric Dumazet Cc: Florian Westphal Signed-off-by: David S. Miller commit 385114dec8a49b5e5945e77ba7de6356106713f4 Author: Peter Oskolkov Date: Thu Aug 2 23:34:38 2018 +0000 net: modify skb_rbtree_purge to return the truesize of all purged skbs. Tested: see the next patch is the series. Suggested-by: Eric Dumazet Signed-off-by: Peter Oskolkov Signed-off-by: Eric Dumazet Cc: Florian Westphal Signed-off-by: David S. Miller commit 7969e5c40dfd04799d4341f1b7cd266b6e47f227 Author: Peter Oskolkov Date: Thu Aug 2 23:34:37 2018 +0000 ip: discard IPv4 datagrams with overlapping segments. This behavior is required in IPv6, and there is little need to tolerate overlapping fragments in IPv4. This change simplifies the code and eliminates potential DDoS attack vectors. Tested: ran ip_defrag selftest (not yet available uptream). Suggested-by: David S. Miller Signed-off-by: Peter Oskolkov Signed-off-by: Eric Dumazet Cc: Florian Westphal Acked-by: Stephen Hemminger Signed-off-by: David S. Miller commit cfb4099fb4c101dad283a163c9525240ef4a1a99 Author: Vakul Garg Date: Thu Aug 2 20:43:10 2018 +0530 net/tls: Mark the end in scatterlist table Function zerocopy_from_iter() unmarks the 'end' in input sgtable while adding new entries in it. The last entry in sgtable remained unmarked. This results in KASAN error report on using apis like sg_nents(). Before returning, the function needs to mark the 'end' in the last entry it adds. Signed-off-by: Vakul Garg Acked-by: Dave Watson Signed-off-by: David S. Miller commit 5f379ef51bc967567bbddacdcdecb772d4d7c3b3 Author: Georg Kohmann Date: Thu Aug 2 13:56:58 2018 +0200 ipv6: icmp: Updating pmtu for link local route When a ICMPV6_PKT_TOOBIG is received from a link local address the pmtu will be updated on a route with an arbitrary interface index. Subsequent packets sent back to the same link local address may therefore end up not considering the updated pmtu. Current behavior breaks TAHI v6LC4.1.4 Reduce PMTU On-link. Referring to RFC 1981: Section 3: "Note that Path MTU Discovery must be performed even in cases where a node "thinks" a destination is attached to the same link as itself. In a situation such as when a neighboring router acts as proxy [ND] for some destination, the destination can to appear to be directly connected but is in fact more than one hop away." Using the interface index from the incoming ICMPV6_PKT_TOOBIG when updating the pmtu. Signed-off-by: Georg Kohmann Signed-off-by: David S. Miller commit 91305f2812624c0cf7ccbb44133b66d3b24676e4 Author: Yangbo Lu Date: Wed Aug 1 18:05:54 2018 +0800 ptp_qoriq: support automatic configuration for ptp timer This patch is to support automatic configuration for ptp timer. If required ptp dts properties are not provided, driver could try to calculate a set of default configurations to initialize the ptp timer. This makes the driver work for many boards which don't have the required ptp dts properties in current kernel. Also the users could set dts properties by themselves according to their requirement. Signed-off-by: Yangbo Lu Signed-off-by: David S. Miller commit a16b5da54d1f3a06df642b866779358fc64d00e2 Author: Yangbo Lu Date: Wed Aug 1 18:05:53 2018 +0800 powerpc/mpc85xx: add clocks property for fman ptp timer node This patch is to add clocks property for fman ptp timer node. Signed-off-by: Yangbo Lu Signed-off-by: David S. Miller commit f63421a70f9e7d6dac6ec06b4d9f7cf516f8a885 Author: Yangbo Lu Date: Wed Aug 1 18:05:52 2018 +0800 arm64: dts: fsl: add clocks property for fman ptp timer node This patch is to add clocks property for fman ptp timer node. Signed-off-by: Yangbo Lu Signed-off-by: David S. Miller commit c595be94c7b93ffdd2ed635b115dd2e6e8472f4c Merge: 074fb8801667 aabfc016e9a6 Author: David S. Miller Date: Sun Aug 5 17:08:27 2018 -0700 Merge branch 'bnxt_en-Updates-for-net-next' Michael Chan says: ==================== bnxt_en: Updates for net-next. This series includes the usual firmware spec update. The driver has added external phy loopback test and phy setup retry logic that is needed during hotplug. In the SRIOV space, the driver has added a new VF resource allocation mode that requires the VF driver to reserve resources during IFUP. IF state changes are now propagated to firmware so that firmware can release some resources during IFDOWN. ethtool method to get firmware core dump and hwmon temperature reading have been added. DSCP to user priority support has been added to the driver's DCBNL interface, and the CoS queue logic has been refined to make sure that the special RDMA Congestion Notification hardware CoS queue will not be used for networking traffic. ==================== Signed-off-by: David S. Miller commit aabfc016e9a6db2a8c2da815fc84bfd5a2e8d221 Author: Michael Chan Date: Sun Aug 5 16:51:58 2018 -0400 bnxt_en: Do not use the CNP CoS queue for networking traffic. The CNP CoS queue is reserved for internal RDMA Congestion Notification Packets (CNP) and should not be used for a TC. Modify the CoS queue discovery code to skip over the CNP CoS queue and to reduce bp->max_tc accordingly. However, if RDMA is disabled in NVRAM, the the CNP CoS queue can be used for a TC. Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit afdc8a84844a2163e25ad735f9f69d220ae02529 Author: Michael Chan Date: Sun Aug 5 16:51:57 2018 -0400 bnxt_en: Add DCBNL DSCP application protocol support. Expand the .ieee_setapp() and ieee_delapp() DCBNL methods to support DSCP. This allows DSCP values to user priority mappings instead of using VLAN priorities. Each DSCP mapping is added or deleted one entry at a time using the firmware API. The firmware call can only be made from a PF. Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit cde49a42a9bbba18d7f33550fd70037930c14e97 Author: Vasundhara Volam Date: Sun Aug 5 16:51:56 2018 -0400 bnxt_en: Add hwmon sysfs support to read temperature Export temperature sensor reading via hwmon sysfs. Signed-off-by: Vasundhara Volam Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 25e1acd6b92bde36c03273d883c44c4d0e8995e6 Author: Michael Chan Date: Sun Aug 5 16:51:55 2018 -0400 bnxt_en: Notify firmware about IF state changes. Use latest firmware API to notify firmware about IF state changes. Firmware has the option to clean up resources during IF down and to require the driver to reserve resources again during IF up. Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 97381a1831124c95801fbfaba8436b4abc7d03f5 Author: Michael Chan Date: Sun Aug 5 16:51:54 2018 -0400 bnxt_en: Move firmware related flags to a new fw_cap field in struct bnxt. The flags field is almost getting full. Move firmware capability flags to a new fw_cap field to better organize these firmware flags. Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit f1ca94de0d8760726dc615e8b4f9801f7ad9cf3b Author: Michael Chan Date: Sun Aug 5 16:51:53 2018 -0400 bnxt_en: Add BNXT_NEW_RM() macro. The BNXT_FLAG_NEW_RM flag is checked a lot in the code to determine if the new resource manager is in effect. Define a macro to perform this check. Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 6c5657d085ae8c13a8565b98e6a23fe68f0bede4 Author: Vasundhara Volam Date: Sun Aug 5 16:51:52 2018 -0400 bnxt_en: Add support for ethtool get dump. Add support to collect live firmware coredump via ethtool. Signed-off-by: Vasundhara Volam Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 50f011b63d8caab7f40de52ca6cf4807aea7a941 Author: Michael Chan Date: Sun Aug 5 16:51:51 2018 -0400 bnxt_en: Update RSS setup and GRO-HW logic according to the latest spec. Set the default hash mode flag in HWRM_VNIC_RSS_CFG to signal to the firmware that the driver is compliant with the latest spec. With that, the firmware can return expanded RSS profile IDs that the driver checks to setup the proper gso_type for GRO-HW packets. But instead of checking for the new profile IDs, we check the IP_TYPE flag in TPA_START which is more straight forward than checking a list of profile IDs. Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit bf82736da3c376c03a42c74ea6fa971e89740d7a Author: Michael Chan Date: Sun Aug 5 16:51:50 2018 -0400 bnxt_en: Add new VF resource allocation strategy mode. The new mode is "minimal-static" to be used when resources are more limited to support a large number of VFs, for example The PF driver will provision guaranteed minimum resources of 0. Each VF has no guranteed resources until it tries to reserve resources during device open. Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit a1ef4a7920549d015128a8a49d7c9e654d197c98 Author: Michael Chan Date: Sun Aug 5 16:51:49 2018 -0400 bnxt_en: Add PHY retry logic. During hotplug, the driver's open function can be called almost immediately after power on reset. The PHY may not be ready and the firmware may return failure when the driver tries to update PHY settings. Add retry logic fired from the driver's timer to retry the operation for 5 seconds. Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 55fd0cf320c3051f8dcb88c07ddd1e4c54b82cba Author: Michael Chan Date: Sun Aug 5 16:51:48 2018 -0400 bnxt_en: Add external loopback test to ethtool selftest. Add code to detect firmware support for external loopback and the extra test entry for external loopback. Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit e795892e93b6ccbda7e0f0fc476d0d4629b44f84 Author: Michael Chan Date: Sun Aug 5 16:51:47 2018 -0400 bnxt_en: Adjust timer based on ethtool stats-block-usecs settings. The driver gathers statistics using 2 mechanisms. Some stats are DMA'ed directly from hardware and others are polled from the driver's timer. Currently, we only adjust the DMA frequency based on the ethtool stats-block-usecs setting. This patch adjusts the driver's timer frequency as well to make everything consistent. Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 6fc92c33854b7844745ce424e1cb8029c06d1cf1 Author: Michael Chan Date: Sun Aug 5 16:51:46 2018 -0400 bnxt_en: Update firmware interface version to 1.9.2.25. New interface has firmware core dump support, new extended port statistics, and IF state change notifications to the firmware. Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 074fb8801667add0b63083af90a3af6edca9532c Merge: c1c8626fcebe 483f3fdcc70b Author: David S. Miller Date: Sun Aug 5 16:25:22 2018 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following patchset contains Netfilter updates for your net-next tree: 1) Support for transparent proxying for nf_tables, from Mate Eckl. 2) Patchset to add OS passive fingerprint recognition for nf_tables, from Fernando Fernandez. This takes common code from xt_osf and place it into the new nfnetlink_osf module for codebase sharing. 3) Lightweight tunneling support for nf_tables. 4) meta and lookup are likely going to be used in rulesets, make them direct calls. From Florian Westphal. A bunch of incremental updates: 5) use PTR_ERR_OR_ZERO() from nft_numgen, from YueHaibing. 6) Use kvmalloc_array() to allocate hashtables, from Li RongQing. 7) Explicit dependencies between nfnetlink_cttimeout and conntrack timeout extensions, from Harsha Sharma. 8) Simplify NLM_F_CREATE handling in nf_tables. 9) Removed unused variable in the get element command, from YueHaibing. 10) Expose bridge hook priorities through uapi, from Mate Eckl. And a few fixes for previous Netfilter batch for net-next: 11) Use per-netns mutex from flowtable event, from Florian Westphal. 12) Remove explicit dependency on iptables CT target from conntrack zones, from Florian. 13) Fix use-after-free in rmmod nf_conntrack path, also from Florian. ==================== Signed-off-by: David S. Miller commit 379d98ddf41344273d9718556f761420f4dc80b3 Author: Alistair Strachan Date: Fri Aug 3 10:39:31 2018 -0700 x86: vdso: Use $LD instead of $CC to link The vdso{32,64}.so can fail to link with CC=clang when clang tries to find a suitable GCC toolchain to link these libraries with. /usr/bin/ld: arch/x86/entry/vdso/vclock_gettime.o: access beyond end of merged section (782) This happens because the host environment leaked into the cross compiler environment due to the way clang searches for suitable GCC toolchains. Clang is a retargetable compiler, and each invocation of it must provide --target= --gcc-toolchain= to allow it to find the correct binutils for cross compilation. These flags had been added to KBUILD_CFLAGS, but the vdso code uses CC and not KBUILD_CFLAGS (for various reasons) which breaks clang's ability to find the correct linker when cross compiling. Most of the time this goes unnoticed because the host linker is new enough to work anyway, or is incompatible and skipped, but this cannot be reliably assumed. This change alters the vdso makefile to just use LD directly, which bypasses clang and thus the searching problem. The makefile will just use ${CROSS_COMPILE}ld instead, which is always what we want. This matches the method used to link vmlinux. This drops references to DISABLE_LTO; this option doesn't seem to be set anywhere, and not knowing what its possible values are, it's not clear how to convert it from CC to LD flag. Signed-off-by: Alistair Strachan Signed-off-by: Thomas Gleixner Acked-by: Andy Lutomirski Cc: "H. Peter Anvin" Cc: Greg Kroah-Hartman Cc: kernel-team@android.com Cc: joel@joelfernandes.org Cc: Andi Kleen Link: https://lkml.kernel.org/r/20180803173931.117515-1-astrachan@google.com commit 208cbb32558907f68b3b2a081ca2337ac3744794 Author: Nick Desaulniers Date: Fri Aug 3 10:05:50 2018 -0700 x86/irqflags: Provide a declaration for native_save_fl It was reported that the commit d0a8d9378d16 is causing users of gcc < 4.9 to observe -Werror=missing-prototypes errors. Indeed, it seems that: extern inline unsigned long native_save_fl(void) { return 0; } compiled with -Werror=missing-prototypes produces this warning in gcc < 4.9, but not gcc >= 4.9. Fixes: d0a8d9378d16 ("x86/paravirt: Make native_save_fl() extern inline"). Reported-by: David Laight Reported-by: Jean Delvare Signed-off-by: Nick Desaulniers Signed-off-by: Thomas Gleixner Cc: hpa@zytor.com Cc: jgross@suse.com Cc: kstewart@linuxfoundation.org Cc: gregkh@linuxfoundation.org Cc: boris.ostrovsky@oracle.com Cc: astrachan@google.com Cc: mka@chromium.org Cc: arnd@arndb.de Cc: tstellar@redhat.com Cc: sedat.dilek@gmail.com Cc: David.Laight@aculab.com Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180803170550.164688-1-ndesaulniers@google.com commit 6ea2738e0ca0e626c75202fb051c1e88d7a950fa Author: Dave Hansen Date: Thu Aug 2 15:58:29 2018 -0700 x86/mm/init: Add helper for freeing kernel image pages When chunks of the kernel image are freed, free_init_pages() is used directly. Consolidate the three sites that do this. Also update the string to give an incrementally better description of that memory versus what was there before. Signed-off-by: Dave Hansen Signed-off-by: Thomas Gleixner Cc: keescook@google.com Cc: aarcange@redhat.com Cc: jgross@suse.com Cc: jpoimboe@redhat.com Cc: gregkh@linuxfoundation.org Cc: peterz@infradead.org Cc: hughd@google.com Cc: torvalds@linux-foundation.org Cc: bp@alien8.de Cc: luto@kernel.org Cc: ak@linux.intel.com Cc: Kees Cook Cc: Andrea Arcangeli Cc: Juergen Gross Cc: Josh Poimboeuf Cc: Greg Kroah-Hartman Cc: Peter Zijlstra Cc: Hugh Dickins Cc: Linus Torvalds Cc: Borislav Petkov Cc: Andy Lutomirski Cc: Andi Kleen Link: https://lkml.kernel.org/r/20180802225829.FE0E32EA@viggo.jf.intel.com commit 9f515cdb411ef34f1aaf4c40bb0c932cf6db5de1 Author: Dave Hansen Date: Thu Aug 2 15:58:28 2018 -0700 x86/mm/init: Pass unconverted symbol addresses to free_init_pages() The x86 code has several places where it frees parts of kernel image: 1. Unused SMP alternative 2. __init code 3. The hole between text and rodata 4. The hole between rodata and data We call free_init_pages() to do this. Strangely, we convert the symbol addresses to kernel direct map addresses in some cases (#3, #4) but not others (#1, #2). The virt_to_page() and the other code in free_reserved_area() now works fine for for symbol addresses on x86, so don't bother converting the addresses to direct map addresses before freeing them. Signed-off-by: Dave Hansen Signed-off-by: Thomas Gleixner Cc: keescook@google.com Cc: aarcange@redhat.com Cc: jgross@suse.com Cc: jpoimboe@redhat.com Cc: gregkh@linuxfoundation.org Cc: peterz@infradead.org Cc: hughd@google.com Cc: torvalds@linux-foundation.org Cc: bp@alien8.de Cc: luto@kernel.org Cc: ak@linux.intel.com Cc: Kees Cook Cc: Andrea Arcangeli Cc: Juergen Gross Cc: Josh Poimboeuf Cc: Greg Kroah-Hartman Cc: Peter Zijlstra Cc: Hugh Dickins Cc: Linus Torvalds Cc: Borislav Petkov Cc: Andy Lutomirski Cc: Andi Kleen Link: https://lkml.kernel.org/r/20180802225828.89B2D0E2@viggo.jf.intel.com commit 0d83432811f26871295a9bc24d3c387924da6071 Author: Dave Hansen Date: Thu Aug 2 15:58:26 2018 -0700 mm: Allow non-direct-map arguments to free_reserved_area() free_reserved_area() takes pointers as arguments to show which addresses should be freed. However, it does this in a somewhat ambiguous way. If it gets a kernel direct map address, it always works. However, if it gets an address that is part of the kernel image alias mapping, it can fail. It fails if all of the following happen: * The specified address is part of the kernel image alias * Poisoning is requested (forcing a memset()) * The address is in a read-only portion of the kernel image The memset() fails on the read-only mapping, of course. free_reserved_area() *is* called both on the direct map and on kernel image alias addresses. We've just lucked out thus far that the kernel image alias areas it gets used on are read-write. I'm fairly sure this has been just a happy accident. It is quite easy to make free_reserved_area() work for all cases: just convert the address to a direct map address before doing the memset(), and do this unconditionally. There is little chance of a regression here because we previously did a virt_to_page() on the address for the memset, so we know these are not highmem pages for which virt_to_page() would fail. Signed-off-by: Dave Hansen Signed-off-by: Thomas Gleixner Cc: keescook@google.com Cc: aarcange@redhat.com Cc: jgross@suse.com Cc: jpoimboe@redhat.com Cc: gregkh@linuxfoundation.org Cc: peterz@infradead.org Cc: hughd@google.com Cc: torvalds@linux-foundation.org Cc: bp@alien8.de Cc: luto@kernel.org Cc: ak@linux.intel.com Cc: Kees Cook Cc: Andrea Arcangeli Cc: Juergen Gross Cc: Josh Poimboeuf Cc: Greg Kroah-Hartman Cc: Peter Zijlstra Cc: Hugh Dickins Cc: Linus Torvalds Cc: Borislav Petkov Cc: Andy Lutomirski Cc: Andi Kleen Link: https://lkml.kernel.org/r/20180802225826.1287AE3E@viggo.jf.intel.com commit eac7073aa69aa1cac819aa712146284f53f642b1 Author: Dave Hansen Date: Thu Aug 2 15:58:25 2018 -0700 x86/mm/pti: Clear Global bit more aggressively The kernel image starts out with the Global bit set across the entire kernel image. The bit is cleared with set_memory_nonglobal() in the configurations with PCIDs where the performance benefits of the Global bit are not needed. However, this is fragile. It means that we are stuck opting *out* of the less-secure (Global bit set) configuration, which seems backwards. Let's start more secure (Global bit clear) and then let things opt back in if they want performance, or are truly mapping common data between kernel and userspace. This fixes a bug. Before this patch, there are areas that are unmapped from the user page tables (like like everything above 0xffffffff82600000 in the example below). These have the hallmark of being a wrong Global area: they are not identical in the 'current_kernel' and 'current_user' page table dumps. They are also read-write, which means they're much more likely to contain secrets. Before this patch: current_kernel:---[ High Kernel Mapping ]--- current_kernel-0xffffffff80000000-0xffffffff81000000 16M pmd current_kernel-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_kernel-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_kernel-0xffffffff81e11000-0xffffffff82000000 1980K RW GLB NX pte current_kernel-0xffffffff82000000-0xffffffff82600000 6M ro PSE GLB NX pmd current_kernel-0xffffffff82600000-0xffffffff82c00000 6M RW PSE GLB NX pmd current_kernel-0xffffffff82c00000-0xffffffff82e00000 2M RW GLB NX pte current_kernel-0xffffffff82e00000-0xffffffff83200000 4M RW PSE GLB NX pmd current_kernel-0xffffffff83200000-0xffffffffa0000000 462M pmd current_user:---[ High Kernel Mapping ]--- current_user-0xffffffff80000000-0xffffffff81000000 16M pmd current_user-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_user-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_user-0xffffffff81e11000-0xffffffff82000000 1980K RW GLB NX pte current_user-0xffffffff82000000-0xffffffff82600000 6M ro PSE GLB NX pmd current_user-0xffffffff82600000-0xffffffffa0000000 474M pmd After this patch: current_kernel:---[ High Kernel Mapping ]--- current_kernel-0xffffffff80000000-0xffffffff81000000 16M pmd current_kernel-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_kernel-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_kernel-0xffffffff81e11000-0xffffffff82000000 1980K RW NX pte current_kernel-0xffffffff82000000-0xffffffff82600000 6M ro PSE GLB NX pmd current_kernel-0xffffffff82600000-0xffffffff82c00000 6M RW PSE NX pmd current_kernel-0xffffffff82c00000-0xffffffff82e00000 2M RW NX pte current_kernel-0xffffffff82e00000-0xffffffff83200000 4M RW PSE NX pmd current_kernel-0xffffffff83200000-0xffffffffa0000000 462M pmd current_user:---[ High Kernel Mapping ]--- current_user-0xffffffff80000000-0xffffffff81000000 16M pmd current_user-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_user-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_user-0xffffffff81e11000-0xffffffff82000000 1980K RW NX pte current_user-0xffffffff82000000-0xffffffff82600000 6M ro PSE GLB NX pmd current_user-0xffffffff82600000-0xffffffffa0000000 474M pmd Fixes: 0f561fce4d69 ("x86/pti: Enable global pages for shared areas") Reported-by: Hugh Dickins Signed-off-by: Dave Hansen Signed-off-by: Thomas Gleixner Cc: keescook@google.com Cc: aarcange@redhat.com Cc: jgross@suse.com Cc: jpoimboe@redhat.com Cc: gregkh@linuxfoundation.org Cc: peterz@infradead.org Cc: torvalds@linux-foundation.org Cc: bp@alien8.de Cc: luto@kernel.org Cc: ak@linux.intel.com Cc: Kees Cook Cc: Andrea Arcangeli Cc: Juergen Gross Cc: Josh Poimboeuf Cc: Greg Kroah-Hartman Cc: Peter Zijlstra Cc: Linus Torvalds Cc: Borislav Petkov Cc: Andy Lutomirski Cc: Andi Kleen Link: https://lkml.kernel.org/r/20180802225825.A100C071@viggo.jf.intel.com commit c1c8626fcebed467184ffd8de0ab5c9f9d9c3594 Merge: d89d41556141 1ffaddd029c8 Author: David S. Miller Date: Sun Aug 5 13:04:31 2018 -0700 Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net Lots of overlapping changes, mostly trivial in nature. The mlxsw conflict was resolving using the example resolution at: https://github.com/jpirko/linux_mlxsw/blob/combined_queue/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c Signed-off-by: David S. Miller commit cfd355145c32bb7ccb65fccbe2d67280dc2119e1 Author: Prasad Sodagudi Date: Fri Aug 3 13:56:06 2018 -0700 stop_machine: Atomically queue and wake stopper threads When cpu_stop_queue_work() releases the lock for the stopper thread that was queued into its wake queue, preemption is enabled, which leads to the following deadlock: CPU0 CPU1 sched_setaffinity(0, ...) __set_cpus_allowed_ptr() stop_one_cpu(0, ...) stop_two_cpus(0, 1, ...) cpu_stop_queue_work(0, ...) cpu_stop_queue_two_works(0, ..., 1, ...) -grabs lock for migration/0- -spins with preemption disabled, waiting for migration/0's lock to be released- -adds work items for migration/0 and queues migration/0 to its wake_q- -releases lock for migration/0 and preemption is enabled- -current thread is preempted, and __set_cpus_allowed_ptr has changed the thread's cpu allowed mask to CPU1 only- -acquires migration/0 and migration/1's locks- -adds work for migration/0 but does not add migration/0 to wake_q, since it is already in a wake_q- -adds work for migration/1 and adds migration/1 to its wake_q- -releases migration/0 and migration/1's locks, wakes migration/1, and enables preemption- -since migration/1 is requested to run, migration/1 begins to run and waits on migration/0, but migration/0 will never be able to run, since the thread that can wake it is affine to CPU1- Disable preemption in cpu_stop_queue_work() before queueing works for stopper threads, and queueing the stopper thread in the wake queue, to ensure that the operation of queueing the works and waking the stopper threads is atomic. Fixes: 0b26351b910f ("stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock") Signed-off-by: Prasad Sodagudi Signed-off-by: Isaac J. Manjarres Signed-off-by: Thomas Gleixner Cc: peterz@infradead.org Cc: matt@codeblueprint.co.uk Cc: bigeasy@linutronix.de Cc: gregkh@linuxfoundation.org Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/1533329766-4856-1-git-send-email-isaacm@codeaurora.org Co-Developed-by: Isaac J. Manjarres commit 7964410fcf135d7e76deef4e475816ec02482f7b Author: Gustavo A. R. Silva Date: Wed Aug 1 19:39:05 2018 -0500 fs: dcache: Use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This issue was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Al Viro commit 808aa6c5e34a25213bff4d80d3cdb588752879dd Merge: 1401a0fc2d47 e876c445df40 Author: Al Viro Date: Sun Aug 5 15:51:10 2018 -0400 Merge branch 'work.hpfs' into work.lookup commit 1401a0fc2d47988677dc1dbfd56ff89daa323717 Author: Al Viro Date: Sun Jun 24 10:45:44 2018 -0400 afs_try_auto_mntpt(): return NULL instead of ERR_PTR(-ENOENT) simpler logics in callers that way Acked-by: David Howells Signed-off-by: Al Viro commit 34b2a88fb4aa4de34e1d5f9fc2761b746980f9b1 Author: Al Viro Date: Sun Jun 24 10:43:51 2018 -0400 afs_lookup(): switch to d_splice_alias() ->lookup() methods can (and should) use d_splice_alias() instead of d_add(). Even if they are not going to be hit by open_by_handle(), code does get copied around; besides, d_splice_alias() has better calling conventions for use in ->lookup(), so the code gets simpler. Acked-by: David Howells Signed-off-by: Al Viro commit 855371bd01b4cd8cf0e2b8ca172a5c30a481f963 Author: Al Viro Date: Sat Jun 23 20:48:31 2018 -0400 afs: switch dynroot lookups to d_splice_alias() ->lookup() methods can (and should) use d_splice_alias() instead of d_add(). Even if they are not going to be hit by open_by_handle(), code does get copied around... Acked-by: David Howells Signed-off-by: Al Viro commit 2bc7596438aba6d9eacc4fdfac8dd8b22ae4a267 Author: Kristaps Čivkulis Date: Sun Aug 5 18:21:01 2018 +0300 staging: erofs: fix if assignment style issue Fix coding style issue "do not use assignment in if condition" detected by checkpatch.pl. Signed-off-by: Kristaps Čivkulis Reviewed-by: Gao Xiang Signed-off-by: Greg Kroah-Hartman commit 56e40eb6d656194e55ce2012fee9d5a496270aaa Author: Alexandru Gagniuc Date: Sat Aug 4 11:44:44 2018 -0500 ALSA: hda/realtek - Add mute LED quirk for HP Spectre x360 This device has the same issues as the HP x360 wrt the MUTE LED and the front speakers not working. This patch fixes the MUTE LED issue, but doesn't touch the HDA verbs. The fix for the x360 does not work on the Spectre. Signed-off-by: Alexandru Gagniuc Signed-off-by: Takashi Iwai commit 5b76a3cff011df2dcb6186c965a2e4d809a05ad4 Author: Paolo Bonzini Date: Sun Aug 5 16:07:47 2018 +0200 KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry When nested virtualization is in use, VMENTER operations from the nested hypervisor into the nested guest will always be processed by the bare metal hypervisor, and KVM's "conditional cache flushes" mode in particular does a flush on nested vmentry. Therefore, include the "skip L1D flush on vmentry" bit in KVM's suggested ARCH_CAPABILITIES setting. Add the relevant Documentation. Signed-off-by: Paolo Bonzini Signed-off-by: Thomas Gleixner commit 8e0b2b916662e09dd4d09e5271cdf214c6b80e62 Author: Paolo Bonzini Date: Sun Aug 5 16:07:46 2018 +0200 x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry Bit 3 of ARCH_CAPABILITIES tells a hypervisor that L1D flush on vmentry is not needed. Add a new value to enum vmx_l1d_flush_state, which is used either if there is no L1TF bug at all, or if bit 3 is set in ARCH_CAPABILITIES. Signed-off-by: Paolo Bonzini Signed-off-by: Thomas Gleixner commit ea156d192f5257a5bf393d33910d3b481bf8a401 Author: Paolo Bonzini Date: Sun Aug 5 16:07:45 2018 +0200 x86/speculation: Simplify sysfs report of VMX L1TF vulnerability Three changes to the content of the sysfs file: - If EPT is disabled, L1TF cannot be exploited even across threads on the same core, and SMT is irrelevant. - If mitigation is completely disabled, and SMT is enabled, print "vulnerable" instead of "vulnerable, SMT vulnerable" - Reorder the two parts so that the main vulnerability state comes first and the detail on SMT is second. Signed-off-by: Paolo Bonzini Signed-off-by: Thomas Gleixner commit 58331136136935c631c2b5f06daf4c3006416e91 Author: Thomas Gleixner Date: Sun Aug 5 17:06:12 2018 +0200 Documentation/l1tf: Remove Yonah processors from not vulnerable list Dave reported, that it's not confirmed that Yonah processors are unaffected. Remove them from the list. Reported-by: ave Hansen Signed-off-by: Thomas Gleixner commit f2701b77bbd992f3df4631de8493f21db0830452 Merge: 18b57ce2eb8c acb1872577b3 Author: Thomas Gleixner Date: Sun Aug 5 16:39:29 2018 +0200 Merge 4.18-rc7 into master to pick up the KVM dependcy Signed-off-by: Thomas Gleixner commit a39284ae9d2ad09975c8ae33f1bd0f05fbfbf6ee Author: Dan Carpenter Date: Thu Aug 2 11:42:22 2018 +0300 misc: mic: SCIF Fix scif_get_new_port() error handling There are only 2 callers of scif_get_new_port() and both appear to get the error handling wrong. Both treat zero returns as error, but it actually returns negative error codes and >= 0 on success. Fixes: e9089f43c9a7 ("misc: mic: SCIF open close bind and listen APIs") Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman commit 0171114210c7a3181f64118b0372b0eae2b57649 Author: Parth Y Shah Date: Fri Aug 3 15:50:38 2018 +0530 misc: cxl: changed asterisk position Resolved <"foo* bar" should be "foo *bar"> error Signed-off-by: Parth Y Shah Signed-off-by: Greg Kroah-Hartman commit 7a92719356cac8fef100a8a92e64b583f39368d2 Author: Gustavo A. R. Silva Date: Sat Aug 4 19:37:03 2018 -0500 genwqe: card_base: Use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Greg Kroah-Hartman commit b83a4141f025388fd1edeaa48789e3e166e95c7a Author: Parth Y Shah Date: Fri Aug 3 14:50:43 2018 +0530 misc: eeprom: assignment outside the if statement Assignment of any variable should be kept outside the if statement Signed-off-by: Parth Y Shah Reviewed-by: Jean Delvare Signed-off-by: Greg Kroah-Hartman commit 1061bdba2fc395e4738315782655dd9b477b1f9f Author: Michael Straube Date: Sat Aug 4 16:35:43 2018 +0200 staging: rtl8188eu: remove unnecessary includes In the header rtw_iol.h there is only one function declared. Remove the include of rtw_iol.h from files that do not use this function. Signed-off-by: Michael Straube Signed-off-by: Greg Kroah-Hartman commit b5c7af4139f45495779257588ee87aaea6c1a60a Author: Michael Straube Date: Sat Aug 4 16:35:42 2018 +0200 staging: rtl8188eu: remove redundant include The header osdep_service.h is included from drv_types.h, so remove the redundant include. Signed-off-by: Michael Straube Signed-off-by: Greg Kroah-Hartman commit 5eb438c9d23622595f6d599e33b11f179d50c3a6 Author: Michael Straube Date: Sat Aug 4 16:35:41 2018 +0200 staging: rtl8188eu: remove unnecessary parentheses Remove unnecessary parentheses from if conditions. Signed-off-by: Michael Straube Signed-off-by: Greg Kroah-Hartman commit ac588ce4b5163199455b3dd8fa589f5e4eb56152 Author: Michael Straube Date: Sat Aug 4 16:35:40 2018 +0200 staging: rtl8188eu: rename rtw_IOL_applied Rename rtw_IOL_applied to be all lowercase. rtw_IOL_applied -> rtw_iol_applied Signed-off-by: Michael Straube Signed-off-by: Greg Kroah-Hartman commit 8e0c18d3a114d4ea37140b8245a0543392743ba7 Author: John Whitmore Date: Sat Aug 4 10:18:59 2018 +0100 staging:rtl8192u: Replace magic number with defined constant - Style Replace the magic number '8' with defined constant which is normally used 'MAX_DEV_ADDR_SIZE'. This is a coding style change which should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 3750985c8d365618612fa191035b0fb2641b8c68 Author: John Whitmore Date: Sat Aug 4 10:18:57 2018 +0100 staging:rtl8192u: Remove comments - Style Removal of three comments. The comments in question do not add anything to the understanding of the code, and if they are necessary it would imply that the structure and its member variables are badly named. This is a simple style change and should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 4651fb4c4098ce9093db3f6ebcf9373267329436 Author: John Whitmore Date: Sat Aug 4 10:18:56 2018 +0100 staging:rtl8192u: Remove blank line - Style Removal of a blank like which causes a checkpatch issue. This is a simple coding style change and should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 51606f72a837d3886dab8a77efe1f6d4b291116c Author: John Whitmore Date: Sat Aug 4 10:18:55 2018 +0100 staging:rtl8192u: Rename multiple variables - Style All of the variables used within the structures of the union qos_tclas cause checkpatch issue due to CamelCase naming. As none the member variables are used in code all have been changed on one patch. These changes are coding style in nature and should not impact runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit e8ac237d4854072c34fc069c8e59b586e31e945c Author: John Whitmore Date: Sat Aug 4 10:18:54 2018 +0100 staging:rtl8192u: Rename types in QOS_TCLAS union - Style Whilst none of the structures inside the qos_tclas union are used, their names conflict with the coding standard being named in uppercase. The names of all five have been changed to lowercase. This is a style change, and since none of the structures are referenced, these changes should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit f1c3b4880bdf4f64c3bfb6d122e33b54b17231cd Author: John Whitmore Date: Sat Aug 4 10:18:53 2018 +0100 staging:rtl8192u: Remove typedef and rename QOS_TCLAS - Style Remove the typedef from the union QOS_TCLAS, which causes a checkpatch issue with defining new types. In addition, as a type, the name should be in lowercase so has been changed. These are coding style changes and should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 0f79619d70bb1c1fa85f1a2b7dc54080b11532cb Author: John Whitmore Date: Fri Aug 3 01:02:11 2018 +0100 staging:rtl8192u: Clean up of spacing - Style Multiple blank line, which cause an issue with checkpath, have been removed and the spacing of definitions have been aligned to look cleaner. These are coding style changes which should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 1bb6d9b95025c2f86d237fc3504b0dd837a3b0f8 Author: John Whitmore Date: Fri Aug 3 01:02:10 2018 +0100 staging:rtl8192u: Rename Register Constants - Style The four register constants, 'Current_Tx_Rate_Reg', 'Initial_Tx_Rate_Reg', 'Tx_Retry_Count_Reg' and 'RegC38_TH' all cause checkpatch issue with CamelCase naming. The three have been renamed to 'CURRENT_TX_RATE_REG', 'INITIAL_TX_RATE_REG', 'TX_RETRY_COUNT_REG' and 'REG_C38_TH' respectively. These are coding style changes which should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 070c1ce978916b4434b63cb7bb881aaeaa58f2ef Author: John Whitmore Date: Fri Aug 3 01:02:09 2018 +0100 staging:rtl8192u: Rename constants - Style The constants 'VeryLowRSSI' and 'CTSToSelfTHVal' generate warnings from checkpatch due to the use of CamelCase naming. The two constants have been renamed to 'VERY_LOW_RSSI' and 'CTS_TO_SELF_TH_VAL' respectively. These are coding style changes which should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit c972be9a7525db60dbc500658ef4d532c70eb3d7 Author: John Whitmore Date: Fri Aug 3 01:02:08 2018 +0100 staging:rtl8192u: Rename constants RateAdaptiveTH_Low_* - Style The two constants, RateAdaptiveTH_Low_20M and RateAdaptiveTH_Low_40M generate a checkpatch warning about CamelCase naming. The two have been renamed to clear this issue. RATE_ADAPTIVE_TH_LOW_20M and RATE_ADAPTIVE_TH_LOW_40M This is a coding style change which should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 0395a9aad5832a218322cd610afc511b6244decb Author: John Whitmore Date: Fri Aug 3 01:02:07 2018 +0100 staging:rtl8192u: Rename RateAdaptiveTH_High - Style The constant RateAdaptiveTH_High causes a checkpatch issue with respect to CamelCase naming. As a result the constant has been renamed to RATE_ADAPTIVE_TH_HIGH. This is purely a coding style change which should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit a7a014961548ba7f33788fad9d54c65c9d970c24 Author: John Whitmore Date: Fri Aug 3 01:02:06 2018 +0100 staging:rtl8192u: Rename DM_DIG_MIN_Netcore - Style The constant DM_DIG_MIN_Netcore causes a checkpatch issue with CamelCase naming so has been renamed to DM_DIG_MIN_NETCORE. This is a simple coding style change which should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit d3c90eff9c4ed66a9f16db2ef99b75455a850e7b Author: John Whitmore Date: Fri Aug 3 01:02:05 2018 +0100 staging:rtl8192u: Refactor DCMD_TXCMD_T structure - Style The structure DCMD_TXCMD_T is declared with a typedef, which causes a checkpatch issue with defining new types. As a result the typedef has been removed. The structure's name DCMD_TXCMD_T, as a type, is meant to be lowercase so has been renamed to tx_config_cmd. The structures three members, (Op, Length, and Value) are all violating the coding standard policy on CamelCase naming, so have all been renamed. They have been renamed with longer names, (cmd_op, cmd_length and cmd_value), to make the variable names easier to search for in code. The magic numbers '4' and '12' have both been replaced with sizeof() calls, as they both represent the size of data elements. These are coding style changes which should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 447558d26ebb5dde7a368d3ed001915141e77a07 Author: John Whitmore Date: Fri Aug 3 01:02:04 2018 +0100 staging:rtl8192u: Remove member reserved - Style The structure dynamic_rx_path_sel contains a u8 member variable called reserved. This member variable is never actually used in the code. The naming suggests that the sizeof the structure is significant but the only use of the structure is a local static in r8192U_dm.c: static struct dynamic_rx_path_sel DM_RxPathSelTable; There is no apparent significance to the sizeof the declared structure DM_RxPathSelTable. As a result the reserved member variable has been removed from the structure. This is a coding style change which should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 68d84843665cc9d53e08f90537d7be267da7b442 Author: John Whitmore Date: Fri Aug 3 01:02:03 2018 +0100 staging:rtl8192u: Rename member disabledRF - Style Rename the member variable disabledRF to disabled_rf. This change resolves the checkpatch issue with CamelCase naming. The change is purely a coding style change which should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 2a2271e4ac8792e54989fe2109a63bf34914d0f3 Author: John Whitmore Date: Fri Aug 3 01:02:02 2018 +0100 staging:rtl8192u: Remove member diff_TH - Style The member variable diff_TH is assigned a constant value and then used in a comparison. The variable is never changed so the comparison can as easily be performed directly with the defined constant. The member variable has been removed and the defined constant RxPathSelection_diff_TH renamed to RX_PATH_SELECTION_DIFF_TH, to clear the checkpatch issue with CamelCase naming. These are coding style changes which should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit f793836c16a56596d4501f87fec85b7dc6366fb5 Author: John Whitmore Date: Fri Aug 3 01:02:01 2018 +0100 staging:rtl8192u: Remove SS_TH_low - Style The member variable SS_TH_low is assigned a constant and then used in a comparison. This member variable is redundant as the constant can be used directly for the comparison. In addition the constant RxPathSelection_SS_TH_low has been renamed to RX_PATH_SELECTION_SS_TH_LOW, to clear the checkpatch issue with CamelCase naming. These changes are coding style in nature and should not impact runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit f19a08e76d09bd12b15faedf1eeacd33c7862dbd Author: John Whitmore Date: Fri Aug 3 01:02:00 2018 +0100 staging:rtl8192u: Rename cck_Rx_path - Style Rename the member variable cck_Rx_path to cck_rx_path. This clears the checkpatch issue with CamelCase naming. This is a coding style change which should have no impact one runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 863108d5a06bb896c8a9912fc669ec13176b306d Author: John Whitmore Date: Fri Aug 3 01:01:59 2018 +0100 staging:rtl8192u: Remove member variable Enable - Style The structure dynamic_rx_path_sel defines a member variable 'Enable' which is initialised and later tested. The variable is however never changed to the test is redundant and the member variable is then never used. The member variable, initialisation and test have all been removed. This is a coding style change which should not impact runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 916501c8047c5420f57ff87a41c120007c8a76e7 Author: John Whitmore Date: Fri Aug 3 01:01:58 2018 +0100 staging:rtl8192u: Remove unused extern DM_RxPathSelTable - Style The file r8192U_dm.h defines the structure DM_RxPathSelTable as being external. The structure is however declared in r8192U_dm.c and only used locally in that file. As a result the external definition has been removed and the declaration in r8192U_dm.c changed to being of type static. This is a coding style change which should not impact runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit f835f4b38300b4798a90c90bfed73b6a4f05053e Author: John Whitmore Date: Fri Aug 3 01:01:57 2018 +0100 staging:rtl8192u: Rename enum constants - Style Rename the two constants defined in the enumerated type enum cck_rx_path_method so that they are both uppercase, as suggested by the coding style. This is purely a coding style change and should have no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 976a4b90931ff929255652bdfba12eb32ef48b7f Author: John Whitmore Date: Fri Aug 3 01:01:56 2018 +0100 staging:rtl8192u: Remove member initialgain_lowerbound_state - Style The structure 'dig' defines a member variable 'initialgain_lowerbound_state', which although initialised to false, is never used in the code. As a result this unused member variable has been removed. This is a coding style change which should not impact runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit a2351af9f562a77480ca91c970ea151ceba47c36 Author: John Whitmore Date: Fri Aug 3 01:01:55 2018 +0100 staging:rtl8192u: Remove member variable rx_gain_range_max - Style The structure 'dig' defines a member variable, (rx_gain_range_max) which is initialised to the value 'DM_DIG_MAX', (a defined constant). The variable is then used to test and set another variable. Since the member rx_gain_range_max is never assigned any other value then the constant 'DM_DIG_MAX' the code might as well simply use that constant, rather the a member variable set to that constant. The member variable has been removed and the constant used directly in the code. This is a coding style change which should not impact runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 8add1eb548d2867d6c82863823ac37f84bf6952d Author: John Whitmore Date: Fri Aug 3 01:01:54 2018 +0100 staging:rtl8192u: Remove debug member from structures - Style Two structures, (struct dig and struct dynamic_rx_path_sel) contain a u8 member variable representing debug setting. In the file r8192U_dm.c these member variables, for both structures, are initialised to an enumerated constant 'DM_DBG_OFF'. The member variables are never assigned another value, other then off. Later in code the member variables are tested to for equality to 'DM_DBG_OFF' and if that is the case an assignment statement is executed. Since the value of the variables is always off the test is redundant and the conditional branch can just be executed without the test. Since the member variables are then actually used both have been removed, along with the enumerated type which defines debug status, on/off. These are coding style changes to remove unused or redundant code, there should be no impact on runtime code execution. Signed-off-by: John Whitmore Signed-off-by: Greg Kroah-Hartman commit 5751e4f164c3bc64a7e632b13b14da1d5330853c Author: Ajay Singh Date: Fri Aug 3 16:26:15 2018 +0530 staging: wilc1000: remove TODO item for comments and code style Remove below item from TODO as these changes were included as part of previous submitted patch series. 'rework comments and function headers(also coding style)' Signed-off-by: Ajay Singh Signed-off-by: Greg Kroah-Hartman commit 2345ef30ea30cdb91f08e54eff3b5e807a0d4cc9 Author: Ajay Singh Date: Fri Aug 3 16:26:14 2018 +0530 staging: wilc1000: replace ISWILC1000() macro with inline function Cleanup patch to avoid below checkpatch issue by replacing the macro with inline function. Macro argument 'id' may be better as '(id)' to avoid precedence issues. Signed-off-by: Ajay Singh Signed-off-by: Greg Kroah-Hartman commit e61c7a1caa97b5e90e7dee927231cdd4cc71d434 Author: Ajay Singh Date: Fri Aug 3 16:26:13 2018 +0530 staging: wilc1000: added Microchip copyright notice header Cleanup the copyright notice header from the WILC1000 files. Replace copyright header of 'Atmel' & 'NewportMedia' with 'Microchip & its subsidiaries'. Also added the same copyright notice header for all wilc1000 driver source and header files. Signed-off-by: Ajay Singh Signed-off-by: Greg Kroah-Hartman commit 515bc432e4a5b597e36d915df9fb3194c7083078 Author: Todd Poynor Date: Thu Aug 2 18:49:52 2018 -0700 Revert "staging: gasket: core: hold reference to pci_dev while used" There's no need to take an additional reference on the pci_dev structure for the pointer copy saved in gasket data structures. This reverts commit: 8dd8a48b9a7d ("staging: gasket: core: hold reference to pci_dev while used") Reported-by: Dmitry Torokhov Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit a43a98da75ff2821e484e5cb2a7f3ad0354255c8 Author: Todd Poynor Date: Thu Aug 2 18:49:51 2018 -0700 staging: gasket: core: add subsystem and device info to logs Identify gasket as the subsystem printing various messages. Add the driver name to appropriate messages to indicate which driver has a problem. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit 8445a07db8784cfc5b11d7ceebfe698d1ee086ea Author: Todd Poynor Date: Thu Aug 2 18:49:50 2018 -0700 staging: gasket: core: device register debug log cleanups At device/driver registration time, convert a not-very-informative info message to a more informative debug message, drop some not overly helpful debug messages. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit 5bf553b671cfab548185ee0b75cc80eda816f81c Author: Todd Poynor Date: Thu Aug 2 18:49:49 2018 -0700 staging: gasket: core: remove registration logs Remove logs for loading gasket drivers. Signed-off-by: Todd Poynor Signed-off-by: Greg Kroah-Hartman commit a13bb977bca68b2c15a505c60ed6382398ef656d Author: Tim Collier Date: Fri Aug 3 08:44:37 2018 +0100 staging: wlan-ng: remove unused definitions from p80211types.h Remove the following unused definitions from p80211types.h: * struct p80211enum * struct p80211enumpair * struct catlistitem declaration and associated function pointer typedefs (along with preceding block comment) Signed-off-by: Tim Collier Signed-off-by: Greg Kroah-Hartman commit ae3b4ed1a23fc197716c4bcf1e32be37f2472d3b Author: Michael Straube Date: Sun Aug 5 14:11:54 2018 +0200 staging: rtl8188eu: use phydm_regdefine11n.h from rtlwifi Use rtlwifi/phydm/phydm_regdefine11n.h instead of odm_RegDefine11N.h and remove the now unused odm_RegDefine11N.h. The defines from odm_RegDefine11N.h are defined with the same values in rtlwifi/phydm/phydm_regdefine11n.h. There is one define that is named different, but that one is not used in the rtl8188eu code. rtl8188eu: #define ODM_REG_RX_PATH_11N 0xC04 rtlwifi: #defnie ODM_REG_BB_RX_PATH_11N 0xC04 Signed-off-by: Michael Straube Signed-off-by: Greg Kroah-Hartman commit a9df8cd5e3fcd046c20e036073b1f90854b3e863 Author: Sohil Ladhani Date: Sun Aug 5 16:59:55 2018 +0530 Staging: rtlwifi: base: Modified the line ending with a parenthesis This patch fixes the "Lines should not end with a '('" warning reported by checkpatch.pl script. The line containing 'rtl_mrate_idx_to_arfr_id' function previously ended with '(', which did not conform to the linux kernel coding style. Signed-off-by: Sohil Ladhani Signed-off-by: Greg Kroah-Hartman commit 2ec34a4393f1799f1c0fd49afb930e877de27452 Author: Ioana Radulescu Date: Thu Aug 2 12:24:42 2018 -0500 staging: fsl-dpaa2/eth: Use named arguments in function definition Checkpatch complains about unnamed arguments in a function prototype, so fix it. Signed-off-by: Ioana Radulescu Signed-off-by: Greg Kroah-Hartman commit bec2dd69696cb163fe31dd40ac7752056e1bcb97 Author: Kees Cook Date: Fri Jun 29 11:48:18 2018 -0700 drm/msm/adreno: Remove VLA usage In the quest to remove all stack VLA usage from the kernel[1], this switches to using a kasprintf()ed buffer. Return paths are updated to free the allocation. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook Signed-off-by: Rob Clark commit 18b57ce2eb8c8b9a24174a89250cf5f57c76ecdc Author: Nicolai Stange Date: Sun Jul 22 13:38:18 2018 +0200 x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() For VMEXITs caused by external interrupts, vmx_handle_external_intr() indirectly calls into the interrupt handlers through the host's IDT. It follows that these interrupts get accounted for in the kvm_cpu_l1tf_flush_l1d per-cpu flag. The subsequently executed vmx_l1d_flush() will thus be aware that some interrupts have happened and conduct a L1d flush anyway. Setting l1tf_flush_l1d from vmx_handle_external_intr() isn't needed anymore. Drop it. Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner commit ffcba43ff66c7dab34ec700debd491d2a4d319b4 Author: Nicolai Stange Date: Sun Jul 29 13:06:04 2018 +0200 x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d The last missing piece to having vmx_l1d_flush() take interrupts after VMEXIT into account is to set the kvm_cpu_l1tf_flush_l1d per-cpu flag on irq entry. Issue calls to kvm_set_cpu_l1tf_flush_l1d() from entering_irq(), ipi_entering_ack_irq(), smp_reschedule_interrupt() and uv_bau_message_interrupt(). Suggested-by: Paolo Bonzini Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner commit 447ae316670230d7d29430e2cbf1f5db4f49d14c Author: Nicolai Stange Date: Sun Jul 29 12:15:33 2018 +0200 x86: Don't include linux/irq.h from asm/hardirq.h The next patch in this series will have to make the definition of irq_cpustat_t available to entering_irq(). Inclusion of asm/hardirq.h into asm/apic.h would cause circular header dependencies like asm/smp.h asm/apic.h asm/hardirq.h linux/irq.h linux/topology.h linux/smp.h asm/smp.h or linux/gfp.h linux/mmzone.h asm/mmzone.h asm/mmzone_64.h asm/smp.h asm/apic.h asm/hardirq.h linux/irq.h linux/irqdesc.h linux/kobject.h linux/sysfs.h linux/kernfs.h linux/idr.h linux/gfp.h and others. This causes compilation errors because of the header guards becoming effective in the second inclusion: symbols/macros that had been defined before wouldn't be available to intermediate headers in the #include chain anymore. A possible workaround would be to move the definition of irq_cpustat_t into its own header and include that from both, asm/hardirq.h and asm/apic.h. However, this wouldn't solve the real problem, namely asm/harirq.h unnecessarily pulling in all the linux/irq.h cruft: nothing in asm/hardirq.h itself requires it. Also, note that there are some other archs, like e.g. arm64, which don't have that #include in their asm/hardirq.h. Remove the linux/irq.h #include from x86' asm/hardirq.h. Fix resulting compilation errors by adding appropriate #includes to *.c files as needed. Note that some of these *.c files could be cleaned up a bit wrt. to their set of #includes, but that should better be done from separate patches, if at all. Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner commit 45b575c00d8e72d69d75dd8c112f044b7b01b069 Author: Nicolai Stange Date: Fri Jul 27 13:22:16 2018 +0200 x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d Part of the L1TF mitigation for vmx includes flushing the L1D cache upon VMENTRY. L1D flushes are costly and two modes of operations are provided to users: "always" and the more selective "conditional" mode. If operating in the latter, the cache would get flushed only if a host side code path considered unconfined had been traversed. "Unconfined" in this context means that it might have pulled in sensitive data like user data or kernel crypto keys. The need for L1D flushes is tracked by means of the per-vcpu flag l1tf_flush_l1d. KVM exit handlers considered unconfined set it. A vmx_l1d_flush() subsequently invoked before the next VMENTER will conduct a L1d flush based on its value and reset that flag again. Currently, interrupts delivered "normally" while in root operation between VMEXIT and VMENTER are not taken into account. Part of the reason is that these don't leave any traces and thus, the vmx code is unable to tell if any such has happened. As proposed by Paolo Bonzini, prepare for tracking all interrupts by introducing a new per-cpu flag, "kvm_cpu_l1tf_flush_l1d". It will be in strong analogy to the per-vcpu ->l1tf_flush_l1d. A later patch will make interrupt handlers set it. For the sake of cache locality, group kvm_cpu_l1tf_flush_l1d into x86' per-cpu irq_cpustat_t as suggested by Peter Zijlstra. Provide the helpers kvm_set_cpu_l1tf_flush_l1d(), kvm_clear_cpu_l1tf_flush_l1d() and kvm_get_cpu_l1tf_flush_l1d(). Make them trivial resp. non-existent for !CONFIG_KVM_INTEL as appropriate. Let vmx_l1d_flush() handle kvm_cpu_l1tf_flush_l1d in the same way as l1tf_flush_l1d. Suggested-by: Paolo Bonzini Suggested-by: Peter Zijlstra Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner Reviewed-by: Paolo Bonzini commit 9aee5f8a7e30330d0a8f4c626dc924ca5590aba5 Author: Nicolai Stange Date: Fri Jul 27 12:46:29 2018 +0200 x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 An upcoming patch will extend KVM's L1TF mitigation in conditional mode to also cover interrupts after VMEXITs. For tracking those, stores to a new per-cpu flag from interrupt handlers will become necessary. In order to improve cache locality, this new flag will be added to x86's irq_cpustat_t. Make some space available there by shrinking the ->softirq_pending bitfield from 32 to 16 bits: the number of bits actually used is only NR_SOFTIRQS, i.e. 10. Suggested-by: Paolo Bonzini Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner Reviewed-by: Paolo Bonzini commit 5b6ccc6c3b1a477fbac9ec97a0b4c1c48e765209 Author: Nicolai Stange Date: Sat Jul 21 22:35:28 2018 +0200 x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() Currently, vmx_vcpu_run() checks if l1tf_flush_l1d is set and invokes vmx_l1d_flush() if so. This test is unncessary for the "always flush L1D" mode. Move the check to vmx_l1d_flush()'s conditional mode code path. Notes: - vmx_l1d_flush() is likely to get inlined anyway and thus, there's no extra function call. - This inverts the (static) branch prediction, but there hadn't been any explicit likely()/unlikely() annotations before and so it stays as is. Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner commit 427362a142441f08051369db6fbe7f61c73b3dca Author: Nicolai Stange Date: Sat Jul 21 22:25:00 2018 +0200 x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' The vmx_l1d_flush_always static key is only ever evaluated if vmx_l1d_should_flush is enabled. In that case however, there are only two L1d flushing modes possible: "always" and "conditional". The "conditional" mode's implementation tends to require more sophisticated logic than the "always" mode. Avoid inverted logic by replacing the 'vmx_l1d_flush_always' static key with a 'vmx_l1d_flush_cond' one. There is no change in functionality. Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner commit 379fd0c7e6a391e5565336a646f19f218fb98c6c Author: Nicolai Stange Date: Sat Jul 21 22:16:56 2018 +0200 x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() vmx_l1d_flush() gets invoked only if l1tf_flush_l1d is true. There's no point in setting l1tf_flush_l1d to true from there again. Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner commit d89d41556141a527030a15233135ba622ba3350d Author: Florian Fainelli Date: Sat Aug 4 14:20:40 2018 -0700 ethtool: Remove trailing semicolon for static inline Android's header sanitization tool chokes on static inline functions having a trailing semicolon, leading to an incorrectly parsed header file. While the tool should obviously be fixed, also fix the header files for the two affected functions: ethtool_get_flow_spec_ring() and ethtool_get_flow_spec_ring_vf(). Fixes: 8cf6f497de40 ("ethtool: Add helper routines to pass vf to rx_flow_spec") Reporetd-by: Blair Prescott Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit 863c37fcb14f8b66ea831b45fb35a53ac4a8d69e Author: zhong jiang Date: Sat Aug 4 17:34:07 2018 -0400 ext4: remove unneeded variable "err" in ext4_mb_release_inode_pa() The err is not used after initalization. So just remove the variable. Signed-off-by: zhong jiang Signed-off-by: Theodore Ts'o commit 7957c2e276ee73e6c6cb1ab69e2372bd095c097a Author: Wolfram Sang Date: Mon Jul 23 22:26:16 2018 +0200 i2c: sh_mobile: use core to detect 'no zero length read' quirk And don't reimplement in the driver. Signed-off-by: Wolfram Sang Reviewed-by: Niklas Söderlund Signed-off-by: Wolfram Sang commit 6e6664700d2712ca75aecebf8399b2ebc05d505d Author: Wolfram Sang Date: Mon Jul 23 22:26:15 2018 +0200 i2c: xlr: use core to detect 'no zero length' quirk And don't reimplement in the driver. Signed-off-by: Wolfram Sang Signed-off-by: Wolfram Sang commit 3ef3e5cd72aa3b8e31e06825f9ff90f3d1b6a378 Author: Wolfram Sang Date: Mon Jul 23 22:26:14 2018 +0200 i2c: rcar: use core to detect 'no zero length' quirk And don't reimplement in the driver. Signed-off-by: Wolfram Sang Reviewed-by: Niklas Söderlund Signed-off-by: Wolfram Sang commit 5314355a916aea235968d4c51710a65b7c9811ef Author: Wolfram Sang Date: Mon Jul 23 22:26:11 2018 +0200 i2c: stu300: use core to detect 'no zero length' quirk And don't reimplement in the driver. Signed-off-by: Wolfram Sang Reviewed-by: Linus Walleij Signed-off-by: Wolfram Sang commit 22dda3e4f8219bc502c439277df3a15e9235a7ec Author: Wolfram Sang Date: Mon Jul 23 22:26:09 2018 +0200 i2c: pmcmsp: use core to detect 'no zero length' quirk And don't reimplement in the driver. Signed-off-by: Wolfram Sang Signed-off-by: Wolfram Sang commit aa14b124702c02154f5719605fe2d8e57e52f383 Author: Wolfram Sang Date: Mon Jul 23 22:26:07 2018 +0200 i2c: mxs: use core to detect 'no zero length' quirk And don't reimplement in the driver. Signed-off-by: Wolfram Sang Signed-off-by: Wolfram Sang commit 40fce5217055317898e7c2f959bf0aee5ebc4351 Author: Wolfram Sang Date: Mon Jul 23 22:26:06 2018 +0200 i2c: designware-master: use core to detect 'no zero length' quirk And don't reimplement in the driver. Signed-off-by: Wolfram Sang Reviewed-by: Andy Shevchenko Tested-by: Jarkko Nikula Acked-by: Jarkko Nikula Signed-off-by: Wolfram Sang commit d9cfe2ce246845b9cca0ec1b881e826965893c58 Author: Wolfram Sang Date: Mon Jul 23 22:26:05 2018 +0200 i2c: quirks: add zero length checks Some adapters do not support a message length of 0. Add this as a quirk so drivers don't have to open code it. Signed-off-by: Wolfram Sang Reviewed-by: Niklas Söderlund Reviewed-by: Andy Shevchenko Tested-by: Jarkko Nikula Acked-by: Jarkko Nikula Signed-off-by: Wolfram Sang commit 6c3711ec64fd23a9abc8aaf59a9429569a6282df Author: Johan Hedberg Date: Sat Aug 4 23:40:26 2018 +0300 Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV This driver was recently updated to use serdev, so add the appropriate dependency. Without this one can get compiler warnings like this if CONFIG_SERIAL_DEV_BUS is not enabled: CC [M] drivers/bluetooth/hci_h5.o drivers/bluetooth/hci_h5.c:934:36: warning: ‘h5_serdev_driver’ defined but not used [-Wunused-variable] static struct serdev_device_driver h5_serdev_driver = { ^~~~~~~~~~~~~~~~ Signed-off-by: Johan Hedberg Signed-off-by: Marcel Holtmann commit 5799c4b2f1dbc0166d9b1d94443deaafc6e7a070 Author: Jae Hyun Yoo Date: Tue Jul 24 13:36:15 2018 -0700 i2c: aspeed: Add an explicit type casting for *get_clk_reg_val This commit fixes this sparse warning: drivers/i2c/busses/i2c-aspeed.c:875:38: warning: incorrect type in assignment (different modifiers) drivers/i2c/busses/i2c-aspeed.c:875:38: expected unsigned int ( *get_clk_reg_val )( ... ) drivers/i2c/busses/i2c-aspeed.c:875:38: got void const *const data Reported-by: Wolfram Sang Signed-off-by: Jae Hyun Yoo Reviewed-by: Brendan Higgins Signed-off-by: Wolfram Sang commit 2f471d90249551d4b2dab3c7f0527640a3395f2e Merge: d211e62af466 6856909ce542 Author: Wolfram Sang Date: Sat Aug 4 23:05:11 2018 +0200 Merge branch 'i2c-mux/for-next' of https://github.com/peda-r/i2c-mux into i2c/for-4.19 Simplify the probe function of the pca954x driver commit d211e62af46693f90f6386085817e22239e3fe79 Author: Manivannan Sadhasivam Date: Wed Aug 1 23:32:31 2018 +0530 i2c: Add Actions Semiconductor Owl family S900 I2C driver Add Actions Semiconductor Owl family S900 I2C driver. Signed-off-by: Manivannan Sadhasivam Acked-by: Peter Rosin Signed-off-by: Wolfram Sang commit 5344cbf95b0f32a01c8b95b5190bf0448e86e026 Author: Manivannan Sadhasivam Date: Wed Aug 1 23:32:27 2018 +0530 dt-bindings: i2c: Add binding for Actions Semiconductor Owl I2C controller Add devicetree binding for Actions Semiconductor Owl I2C controller Signed-off-by: Manivannan Sadhasivam Reviewed-by: Rob Herring Signed-off-by: Wolfram Sang commit 12e5e452aec3520f7a66718600eaa991b54098ad Merge: f13b546847ff 31ba191bf5ab Author: David S. Miller Date: Sat Aug 4 13:23:15 2018 -0700 Merge branch 'net-ARRAY_SIZE' zhong jiang says: ==================== Use ARRAY_SIZE to replace computing the size zhong jiang (2): net:usb: Use ARRAY_SIZE instead of calculating the array size include/net/bond_3ad: Simplify the code by using the ARRAY_SIZE ==================== Signed-off-by: David S. Miller commit 31ba191bf5ab2975c1955f1adf771a5a0b57afaa Author: zhong jiang Date: Fri Aug 3 14:53:15 2018 +0800 include/net/bond_3ad: Simplify the code by using the ARRAY_SIZE We prefer to ARRAY_SIZE rather than the open code to calculate size. Signed-off-by: zhong jiang Signed-off-by: David S. Miller commit bf37afceaf549ce9ef50e3042f64d257a3d4be80 Author: zhong jiang Date: Fri Aug 3 14:53:14 2018 +0800 net:usb: Use ARRAY_SIZE instead of calculating the array size We use ARRAY_SIZE to replace open code sizeof(lan78xx_regs) / sizeof(u32). It make the code concise. Signed-off-by: zhong jiang Signed-off-by: David S. Miller commit f13b546847ff5862ea313f3e79010c52c3fe32b4 Author: Li RongQing Date: Fri Aug 3 15:50:02 2018 +0800 tun: not use hardcoded mask value 0x3ff in tun_hashfn is mask of TUN_NUM_FLOW_ENTRIES, instead of hardcode, define a macro to setup the relationship with TUN_NUM_FLOW_ENTRIES Signed-off-by: Li RongQing Signed-off-by: David S. Miller commit 039b1d5e5862375b0da534bb75fc580eaa547d53 Author: Jia-Ju Bai Date: Sat Aug 4 08:40:09 2018 +0800 net: cisco: enic: Replace GFP_ATOMIC with GFP_KERNEL vnic_dev_register(), vnic_rq_alloc_bufs() and vnic_wq_alloc_bufs() are never called in atomic context. They call kzalloc() with GFP_ATOMIC, which is not necessary. GFP_ATOMIC can be replaced with GFP_KERNEL. This is found by a static analysis tool named DCNS written by myself. Signed-off-by: Jia-Ju Bai Acked-by: Govindarajulu Varadarajan Signed-off-by: David S. Miller commit 07d53ae4fbdf7458f4d51249aa24d75c76fe52a8 Author: zhong jiang Date: Sat Aug 4 19:41:41 2018 +0800 net: Remove some unneeded semicolon These semicolons are not needed. Just remove them. Signed-off-by: zhong jiang Signed-off-by: David S. Miller commit 0c26159352ba1cdc5a8c8d74131cc19cdfdf9371 Author: Jakub Kicinski Date: Fri Aug 3 22:06:00 2018 -0700 nfp: bpf: xdp_adjust_tail support Add support for adjust_tail. There are no FW changes needed but add a FW capability just in case there would be any issue with previously released FW, or we will have to change the ABI in the future. The helper is trivial and shouldn't be used too often so just inline the body of the function. We add the delta to locally maintained packet length register and check for overflow, since add of negative value must overflow if result is positive. Note that if delta of 0 would be allowed in the kernel this trick stops working and we need one more instruction to compare lengths before and after the change. Signed-off-by: Jakub Kicinski Reviewed-by: Quentin Monnet Signed-off-by: Daniel Borkmann commit afd3e3dad6761ddf08119afe121bfbe096c0844b Merge: 4f53a4a76cdf cda676b5c93f Author: Olof Johansson Date: Sat Aug 4 11:02:54 2018 -0700 Merge tag 'qcom-arm64-for-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/agross/linux into next/dt Qualcomm ARM64 Updates for v4.19 - Part 2 * Add thermal nodes for MSM8996 and SDM845 * tag 'qcom-arm64-for-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/agross/linux: (21 commits) arm64: dts: sdm845: Add tsens nodes arm64: dts: msm8996: thermal: Initialise via DT and add second controller soc: qcom: rmtfs-mem: fix memleak in probe error paths soc: qcom: llc-slice: Add missing MODULE_LICENSE() drivers: qcom: rpmh: fix unwanted error check for get_tcs_of_type() drivers: qcom: rpmh-rsc: fix the loop index check in get_req_from_tcs firmware: qcom: scm: add a dummy qcom_scm_assign_mem() drivers: qcom: rpmh-rsc: Check cmd_db_ready() to help children drivers: qcom: rpmh-rsc: allow active requests from wake TCS drivers: qcom: rpmh: add support for batch RPMH request drivers: qcom: rpmh: allow requests to be sent asynchronously drivers: qcom: rpmh: cache sleep/wake state requests drivers: qcom: rpmh-rsc: allow invalidation of sleep/wake TCS drivers: qcom: rpmh-rsc: write sleep/wake requests to TCS drivers: qcom: rpmh: add RPMH helper functions drivers: qcom: rpmh-rsc: log RPMH requests in FTRACE dt-bindings: introduce RPMH RSC bindings for Qualcomm SoCs drivers: qcom: rpmh-rsc: add RPMH controller for QCOM SoCs drivers: soc: Add LLCC driver dt-bindings: Documentation for qcom, llcc ... commit eb2caeb88c181904110f8e74995c7b0bb7fd39f6 Author: Gustavo A. R. Silva Date: Fri Aug 3 15:53:54 2018 -0500 ALSA: seq_oss: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Warning level 2 was used: -Wimplicit-fallthrough=2 Signed-off-by: Gustavo A. R. Silva Signed-off-by: Takashi Iwai commit 2f3b94e539a46052f8eba1f295ff5646e227578a Author: Gustavo A. R. Silva Date: Fri Aug 3 15:52:33 2018 -0500 ALSA: seq: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Notice that in this particular case, I replaced the code comment with a proper "fall through" annotation, which is what GCC is expecting to find. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Takashi Iwai commit e800a333135bef633ffb21bdd471b8ffc491db7b Author: Stanislaw Gruszka Date: Fri Aug 3 13:44:40 2018 +0200 mt76x0: rename trace symbols Rename trace symbols that conflict with mt7601u and remove some definitions that are not used. Patch fixes build errors like this: ld: drivers/net/wireless/mediatek/mt76/mt76x0/trace.o:(__tracepoints+0x0): multiple definition of `__tracepoint_set_shared_key'; drivers/net/wireless/mediatek/mt7601u/trace.o:(__tracepoints+0x0): first defined here Reported-by: Stephen Rothwell Fixes: 7b4859026ccd ("mt76x0: core files") Signed-off-by: Stanislaw Gruszka Signed-off-by: Kalle Valo commit 909da6e4b577be65432ba4bcede3e036db2d1dc8 Author: Stanislaw Gruszka Date: Fri Aug 3 13:44:39 2018 +0200 mt76x0: rename mt76_* functions mt76_* functions conflicts with mt7601u driver what prevents to build those drivers in the kernel or use both drivers modules at once. Patch fixes build errors like this: ld: drivers/net/wireless/mediatek/mt76/mt76x0/mac.o:(.opd+0x30): multiple definition of `mt76_mac_tx_rate_val'; drivers/net/wireless/mediatek/mt7601u/mac.o:(.opd+0x30): first defined here Reported-by: Stephen Rothwell Fixes: 7b4859026ccd ("mt76x0: core files") Signed-off-by: Stanislaw Gruszka Signed-off-by: Kalle Valo commit 924de3b8c9410c404c6eda7abffd282b97b3ff7f Author: Eric W. Biederman Date: Mon Jul 23 13:38:00 2018 -0500 fork: Have new threads join on-going signal group stops There are only two signals that are delivered to every member of a signal group: SIGSTOP and SIGKILL. Signal delivery requires every signal appear to be delivered either before or after a clone syscall. SIGKILL terminates the clone so does not need to be considered. Which leaves only SIGSTOP that needs to be considered when creating new threads. Today in the event of a group stop TIF_SIGPENDING will get set and the fork will restart ensuring the fork syscall participates in the group stop. A fork (especially of a process with a lot of memory) is one of the most expensive system so we really only want to restart a fork when necessary. It is easy so check to see if a SIGSTOP is ongoing and have the new thread join it immediate after the clone completes. Making it appear the clone completed happened just before the SIGSTOP. The calculate_sigpending function will see the bits set in jobctl and set TIF_SIGPENDING to ensure the new task takes the slow path to userspace. V2: The call to task_join_group_stop was moved before the new task is added to the thread group list. This should not matter as sighand->siglock is held over both the addition of the threads, the call to task_join_group_stop and do_signal_stop. But the change is trivial and it is one less thing to worry about when reading the code. Signed-off-by: "Eric W. Biederman" commit 1021bcf44d0e876b10f8739594ad7e6e9c746026 Author: Geliang Tang Date: Wed Aug 1 19:23:37 2018 +0800 pstore: add zstd compression support This patch added the 6th compression algorithm support for pstore: zstd. Signed-off-by: Geliang Tang Signed-off-by: Kees Cook commit 4390e9eadbbb6774b7ba03fde0a0fdf3f07db4cd Author: Eric W. Biederman Date: Fri Aug 3 20:10:54 2018 -0500 fork: Skip setting TIF_SIGPENDING in ptrace_init_task The code in calculate_sigpending will now handle this so it is just redundant and possibly a little confusing to continue setting TIF_SIGPENDING in ptrace_init_task. Suggested-by: Oleg Nesterov Signed-off-by: "Eric W. Biederman" commit 088fe47ce952542389e604e83f533811750aaf7c Author: Eric W. Biederman Date: Mon Jul 23 17:26:49 2018 -0500 signal: Add calculate_sigpending() Add a function calculate_sigpending to test to see if any signals are pending for a new task immediately following fork. Signals have to happen either before or after fork. Today our practice is to push all of the signals to before the fork, but that has the downside that frequent or periodic signals can make fork take much much longer than normal or prevent fork from completing entirely. So we need move signals that we can after the fork to prevent that. This updates the code to set TIF_SIGPENDING on a new task if there are signals or other activities that have moved so that they appear to happen after the fork. As the code today restarts if it sees any such activity this won't immediately have an effect, as there will be no reason for it to set TIF_SIGPENDING immediately after the fork. Adding calculate_sigpending means the code in fork can safely be changed to not always restart if a signal is pending. The new calculate_sigpending function sets sigpending if there are pending bits in jobctl, pending signals, the freezer needs to freeze the new task or the live kernel patching framework need the new thread to take the slow path to userspace. I have verified that setting TIF_SIGPENDING does make a new process take the slow path to userspace before it executes it's first userspace instruction. I have looked at the callers of signal_wake_up and the code paths setting TIF_SIGPENDING and I don't see anything else that needs to be handled. The code probably doesn't need to set TIF_SIGPENDING for the kernel live patching as it uses a separate thread flag as well. But at this point it seems safer reuse the recalc_sigpending logic and get the kernel live patching folks to sort out their story later. V2: I have moved the test into schedule_tail where siglock can be grabbed and recalc_sigpending can be reused directly. Further as the last action of setting up a new task this guarantees that TIF_SIGPENDING will be properly set in the new process. The helper calculate_sigpending takes the siglock and uncontitionally sets TIF_SIGPENDING and let's recalc_sigpending clear TIF_SIGPENDING if it is unnecessary. This allows reusing the existing code and keeps maintenance of the conditions simple. Oleg Nesterov suggested the movement and pointed out the need to take siglock if this code was going to be called while the new task is discoverable. Signed-off-by: "Eric W. Biederman" commit a01512b14d4faa9f6f7501201d7033216d2e563a Author: YueHaibing Date: Fri Aug 3 16:28:48 2018 +0800 tcp: remove unneeded variable 'err' variable 'err' is unmodified after initalization, so simply cleans up it and returns 0. Signed-off-by: YueHaibing Signed-off-by: David S. Miller commit 51f7e95187f127d5eadf50541943813ff57f12ba Author: Jason Baron Date: Fri Aug 3 17:24:53 2018 -0400 af_unix: ensure POLLOUT on remote close() for connected dgram socket Applications use -ECONNREFUSED as returned from write() in order to determine that a socket should be closed. However, when using connected dgram unix sockets in a poll/write loop, a final POLLOUT event can be missed when the remote end closes. Thus, the poll is stuck forever: thread 1 (client) thread 2 (server) connect() to server write() returns -EAGAIN unix_dgram_poll() -> unix_recvq_full() is true close() ->unix_release_sock() ->wake_up_interruptible_all() unix_dgram_poll() (due to the wake_up_interruptible_all) -> unix_recvq_full() still is true ->free all skbs Now thread 1 is stuck and will not receive anymore wakeups. In this case, when thread 1 gets the -EAGAIN, it has not queued any skbs otherwise the 'free all skbs' step would in fact cause a wakeup and a POLLOUT return. So the race here is probably fairly rare because it means there are no skbs that thread 1 queued and that thread 1 schedules before the 'free all skbs' step. This issue was reported as a hang when /dev/log is closed. The fix is to signal POLLOUT if the socket is marked as SOCK_DEAD, which means a subsequent write() will get -ECONNREFUSED. Reported-by: Ian Lance Taylor Cc: David Rientjes Cc: Rainer Weikusat Cc: Eric Dumazet Signed-off-by: Jason Baron Signed-off-by: David S. Miller commit 483f3fdcc70b3c3a1f314235ab0066f3dbd4cfbe Author: Pablo Neira Ayuso Date: Sat Aug 4 00:31:48 2018 +0200 netfilter: nft_tunnel: fix sparse errors [...] net/netfilter/nft_tunnel.c:117:25: expected unsigned int [unsigned] [usertype] flags net/netfilter/nft_tunnel.c:117:25: got restricted __be16 [usertype] [...] net/netfilter/nft_tunnel.c:246:33: expected restricted __be16 [addressable] [assigned] [usertype] tp_dst net/netfilter/nft_tunnel.c:246:33: got int Fixes: af308b94a2a4 ("netfilter: nf_tables: add tunnel support") Reported-by: kbuild test robot Signed-off-by: Pablo Neira Ayuso commit 1e506464a4d5c5d7482fda1f745b9ec79e44ad4f Author: Colin Ian King Date: Fri Aug 3 10:35:58 2018 -0400 media: au0828: fix spelling mistake: "completition" -> "completion" Trivial fix to spelling mistake in au0828_isocdbg debug message Signed-off-by: Colin Ian King Signed-off-by: Mauro Carvalho Chehab commit 854bb4ec126320046afd2e299c8dd070946d2410 Author: Colin Ian King Date: Fri Aug 3 10:35:59 2018 -0400 media: cx231xx: fix spelling mistake: "completition" -> "completion" Trivial fix to spelling mistake in dev_dbg debug messages Signed-off-by: Colin Ian King Signed-off-by: Mauro Carvalho Chehab commit 3c8496e5d0595cec6e463b35b7ad87eefabc531f Author: Colin Ian King Date: Fri Aug 3 10:36:00 2018 -0400 media: dvb-usb-v2: fix spelling mistake: "completition" -> "completion" Trivial fix to spelling mistake in dev_dbg and dev_err messages Signed-off-by: Colin Ian King Signed-off-by: Mauro Carvalho Chehab commit 16200248f48dded48f7c79a0d20d18b8c6b02605 Author: Colin Ian King Date: Fri Aug 3 10:36:01 2018 -0400 media: dvb-usb: fix spelling mistake: "completition" -> "completion" Trivial fix to spelling mistake in debug and error messages Signed-off-by: Colin Ian King Signed-off-by: Mauro Carvalho Chehab commit 12f336c88090fb8004736fd4329184326a49673b Author: Kuninori Morimoto Date: Wed Jul 25 22:37:11 2018 -0400 media: sh_mobile_ceu: convert to SPDX identifiers Signed-off-by: Kuninori Morimoto Signed-off-by: Laurent Pinchart Reviewed-by: Simon Horman Signed-off-by: Mauro Carvalho Chehab commit 7b381978c8563672e19d90db00119d74ed2221b3 Author: Kuninori Morimoto Date: Wed Jul 25 22:36:55 2018 -0400 media: sh_vou: convert to SPDX identifiers Signed-off-by: Kuninori Morimoto Signed-off-by: Laurent Pinchart Reviewed-by: Simon Horman Signed-off-by: Mauro Carvalho Chehab commit d81469d2b77553b281b9b59eadd995309728f506 Author: Kuninori Morimoto Date: Wed Jul 25 22:36:36 2018 -0400 media: sh_veu: convert to SPDX identifiers Signed-off-by: Kuninori Morimoto Signed-off-by: Laurent Pinchart Reviewed-by: Simon Horman Signed-off-by: Mauro Carvalho Chehab commit 88352b163c839277be367ddcf13ef5971ce9df2a Author: Kuninori Morimoto Date: Wed Jul 25 22:36:21 2018 -0400 media: rcar_jpu: convert to SPDX identifiers Signed-off-by: Kuninori Morimoto Signed-off-by: Laurent Pinchart Reviewed-by: Simon Horman Signed-off-by: Mauro Carvalho Chehab commit 7c1d62e455ab934ab3fdf86e03bc2a1fa550aa23 Author: Kuninori Morimoto Date: Wed Jul 25 22:36:04 2018 -0400 media: rcar_fdp1: convert to SPDX identifiers Signed-off-by: Kuninori Morimoto Acked-by: Kieran Bingham Signed-off-by: Laurent Pinchart Reviewed-by: Simon Horman Signed-off-by: Mauro Carvalho Chehab commit adeb6970568256e4208b1b131f710f544c58d5c8 Author: Kuninori Morimoto Date: Wed Jul 25 22:35:49 2018 -0400 media: rcar_drif: convert to SPDX identifiers As original license mentioned, it is GPL-2.0+ in SPDX. Then, MODULE_LICENSE() should be "GPL" instead of "GPL v2". See ${LINUX}/include/linux/module.h "GPL" [GNU Public License v2 or later] "GPL v2" [GNU Public License v2] Signed-off-by: Kuninori Morimoto Signed-off-by: Laurent Pinchart Reviewed-by: Simon Horman Acked-by: Ramesh Shanmugasundaram Signed-off-by: Mauro Carvalho Chehab commit 58c708f64aee6a0adf4e7ca00589c0bf1dd69fe6 Author: Kuninori Morimoto Date: Wed Jul 25 22:35:23 2018 -0400 media: rcar-fcp: convert to SPDX identifiers Signed-off-by: Kuninori Morimoto Signed-off-by: Laurent Pinchart Reviewed-by: Simon Horman Signed-off-by: Mauro Carvalho Chehab commit aa7b827878f06876c32b050d1737c3a1a3816af1 Author: Kuninori Morimoto Date: Wed Jul 25 22:35:06 2018 -0400 media: rcar-vin: convert to SPDX identifiers Kconfig and Makefile doesn't have license line, thus, these are GPL-2.0 as default. All ohter files are GPL-2.0+ as original license. Signed-off-by: Kuninori Morimoto Signed-off-by: Laurent Pinchart Reviewed-by: Simon Horman Acked-by: Niklas Söderlund Signed-off-by: Mauro Carvalho Chehab commit c7b15a8657da7f8d11269c7cc3d8beef10d26b43 Author: Al Viro Date: Sat Jun 30 14:32:04 2018 -0400 jfs: don't bother with make_bad_inode() in ialloc() We hit that when inumber allocation has failed. In that case the in-core inode is not hashed and since its ->i_nlink is 1 the only place where jfs checks is_bad_inode() won't be reached. Signed-off-by: Al Viro commit d8e78da8682028ad53d040339a2b9d6fb6092d63 Author: Al Viro Date: Sat Jun 30 03:15:49 2018 -0400 adfs: don't put inodes into icache We never look them up in there; inode_fake_hash() will make them appear hashed for mark_inode_dirty() purposes. And don't leave them around until memory pressure kicks them out - we never look them up again. Signed-off-by: Al Viro commit 5bef915104f32c9d0bb5df6e86a98e31cb524e9a Author: Al Viro Date: Fri Jun 29 19:36:57 2018 -0400 new helper: inode_fake_hash() open-coded in a quite a few places... Signed-off-by: Al Viro commit e950564b97fd0f541b02eb207685d0746f5ecf29 Author: Miklos Szeredi Date: Tue Jul 24 15:01:55 2018 +0200 vfs: don't evict uninitialized inode iput() ends up calling ->evict() on new inode, which is not yet initialized by owning fs. So use destroy_inode() instead. Add to sb->s_inodes list only if inode is not in I_CREATING state (meaning that it wasn't allocated with new_inode(), which already does the insertion). Reported-by: Al Viro Signed-off-by: Miklos Szeredi Fixes: 80ea09a002bf ("vfs: factor out inode_insert5()") Signed-off-by: Al Viro commit a6cbedfa8783b42b9272c05297865bdb501005cb Author: Al Viro Date: Fri Jun 29 11:59:37 2018 -0400 jfs: switch to discard_new_inode() we don't want open-by-handle to pick an in-core inode that has failed setup halfway through. Signed-off-by: Al Viro commit 2e5afe54e0cd6fce79b51ca547caf08a990ad56d Author: Al Viro Date: Wed May 16 18:29:56 2018 -0400 ext2: make sure that partially set up inodes won't be returned by ext2_iget() Signed-off-by: Al Viro commit 5c1a68a358f94b9ac2e33183327bc04f207feed2 Author: Al Viro Date: Wed May 16 12:25:39 2018 -0400 udf: switch to discard_new_inode() we don't want open-by-handle to pick an in-core inode that has failed setup halfway through. Signed-off-by: Al Viro commit dd54992776ebb44519ba4cd69145c4f19d166ddb Author: Al Viro Date: Wed May 16 12:22:50 2018 -0400 ufs: switch to discard_new_inode() we don't want open-by-handle to pick an in-core inode that has failed setup halfway through. Signed-off-by: Al Viro commit 32955c5422a8a5460bbefe2a6fc51eadcafff4c9 Author: Al Viro Date: Wed May 16 12:20:05 2018 -0400 btrfs: switch to discard_new_inode() Make sure that no partially set up inodes can be returned by open-by-handle. Signed-off-by: Al Viro commit 4679b79f217550f2f4c83101eb8149c5e552a93a Author: Kuninori Morimoto Date: Wed Jul 25 22:34:42 2018 -0400 media: soc_camera_platform: convert to SPDX identifiers Signed-off-by: Kuninori Morimoto Signed-off-by: Laurent Pinchart Reviewed-by: Simon Horman Signed-off-by: Mauro Carvalho Chehab commit e90561d40f830f1266d9531ae95eae8252dd8fa1 Author: Kieran Bingham Date: Fri Aug 3 07:37:29 2018 -0400 media: vsp1: Support Interlaced display pipelines Calculate the top and bottom fields for the interlaced frames and utilise the extended display list command feature to implement the auto-field operations. This allows the DU to update the VSP2 registers dynamically based upon the currently processing field. Signed-off-by: Kieran Bingham Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab commit f3b98e3c4d2e16bb7c99fc75d652559bd591070f Author: Kieran Bingham Date: Fri Aug 3 07:37:28 2018 -0400 media: vsp1: Provide support for extended command pools VSPD and VSP-DL devices can provide extended display lists supporting extended command display list objects. These extended commands require their own dma memory areas for a header and body specific to the command type. Implement a command pool to allocate all necessary memory in a single DMA allocation to reduce pressure on the TLB, and provide convenient re-usable command objects for the entities to utilise. Signed-off-by: Kieran Bingham Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab commit 7d630c4924d82c4679e2df4bf55c2fd94e668e91 Author: Kieran Bingham Date: Fri Aug 3 07:37:27 2018 -0400 media: vsp1: Add support for extended display list headers Extended display list headers allow pre and post command lists to be executed by the VSP pipeline. This provides the base support for features such as AUTO_FLD (for interlaced support) and AUTO_DISP (for supporting continuous camera preview pipelines. Signed-off-by: Kieran Bingham Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab commit 08e41f6219c717d16bb22b53010ee7401c27fb11 Author: Kieran Bingham Date: Fri Aug 3 07:37:26 2018 -0400 media: vsp1: Use header display lists for all WPF outputs linked to the DU Header mode display lists are now supported on all WPF outputs. To support extended headers and auto-fld capabilities for interlaced mode handling only header mode display lists can be used. Disable the headerless display list configuration, and remove the dead code. Signed-off-by: Kieran Bingham Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab commit 177fb098b89644b1f1143482a87587a6ed7de578 Author: Kieran Bingham Date: Fri Aug 3 07:37:25 2018 -0400 media: vsp1: Provide VSP1 feature helper macro The VSP1 devices define their specific capabilities through features marked in their device info structure. Various parts of the code read this info structure to infer if the features are available. Wrap this into a more readable vsp1_feature(vsp1, f) macro to ensure that usage is consistent throughout the driver. Signed-off-by: Kieran Bingham Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab commit 8a3a0797dedd39a6ee7a52c3749d31f8104aafa7 Author: Kieran Bingham Date: Fri Aug 3 07:37:24 2018 -0400 media: vsp1: Clean up DLM objects on error If there is an error allocating a display list within a DLM object the existing display lists are not free'd, and neither is the DL body pool. Use the existing vsp1_dlm_destroy() function to clean up on error. Signed-off-by: Kieran Bingham Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab commit b6ee44d1ea189cf0872b48e4fa56d648dec10fa2 Author: Kieran Bingham Date: Fri Aug 3 07:37:23 2018 -0400 media: vsp1: Remove unused display list structure field The vsp1 reference in the vsp1_dl_body structure is not used. Remove it. Signed-off-by: Kieran Bingham Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab commit 2ca72570b934e820f9a5b645cfb9b5df93e3c139 Author: Kieran Bingham Date: Fri Aug 3 07:37:22 2018 -0400 media: vsp1: Rename dl_child to dl_next Both vsp1_dl_list_commit() and __vsp1_dl_list_put() walk the display list chain referencing the nodes as children, when in reality they are siblings. Update the terminology to 'dl_next' to be consistent with the vsp1_video_pipeline_run() usage. Signed-off-by: Kieran Bingham Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab commit 3e737e394329564b70ceff8eb0c5f587904aa396 Author: Kieran Bingham Date: Fri Aug 3 07:37:21 2018 -0400 media: vsp1: use kernel __packed for structures The kernel provides a __packed definition to abstract away from the compiler specific attributes tag. Convert all packed structures in VSP1 to use it. The GCC documentation [0] describes this attribute as "the structure or union is placed to minimize the memory required". The Keil compiler documentation at [1] warns that the use of this attribute can cause a performance penalty in the event that the compiler can not deduce the allignment of each field. Careful examination of the object code generated both with and without this attribute shows that these structures are accessed identically and are not affected by any performance penalty. The structures are correctly aligned and padded to match the needs of the hardware already. This patch does not serve to make a decision as to the use of the attribute, but purely to clean up the code to use the kernel defined abstraction as per [2]. [0] https://gcc.gnu.org/onlinedocs/gcc/Common-Type-Attributes.html#index-packed-type-attribute [1] http://www.keil.com/support/man/docs/armcc/armcc_chr1359124230195.htm [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/linux/compiler-gcc.h?h=v4.16-rc5#n92 Signed-off-by: Kieran Bingham Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab commit c2b6d621c4ffe9936adf7a55c8b1c769672c306f Author: Al Viro Date: Thu Jun 28 15:53:17 2018 -0400 new primitive: discard_new_inode() We don't want open-by-handle picking half-set-up in-core struct inode from e.g. mkdir() having failed halfway through. In other words, we don't want such inodes returned by iget_locked() on their way to extinction. However, we can't just have them unhashed - otherwise open-by-handle immediately *after* that would've ended up creating a new in-core inode over the on-disk one that is in process of being freed right under us. Solution: new flag (I_CREATING) set by insert_inode_locked() and removed by unlock_new_inode() and a new primitive (discard_new_inode()) to be used by such halfway-through-setup failure exits instead of unlock_new_inode() / iput() combinations. That primitive unlocks new inode, but leaves I_CREATING in place. iget_locked() treats finding an I_CREATING inode as failure (-ESTALE, once we sort out the error propagation). insert_inode_locked() treats the same as instant -EBUSY. ilookup() treats those as icache miss. [Fix by Dan Carpenter folded in] Signed-off-by: Al Viro commit a394b3af206c211b80b02e47c19aab763fd33b3d Author: Kees Cook Date: Fri Aug 3 09:37:45 2018 -0700 ppp: mppe: Remove VLA usage In the quest to remove all stack VLA usage from the kernel[1], this removes the discouraged use of AHASH_REQUEST_ON_STACK (and associated VLA) by switching to shash directly and keeping the associated descriptor allocated with the regular state on the heap. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook Acked-by: Arnd Bergmann Signed-off-by: David S. Miller commit 3c56b2cccbd1d66ab394ca73f4de48d8c98d923d Author: Kieran Bingham Date: Fri Aug 3 07:37:20 2018 -0400 media: vsp1: drm: Fix minor grammar error The pixel format is 'unsupported'. Fix the small debug message which incorrectly declares this. Signed-off-by: Kieran Bingham Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab commit eb9950eb31f56e57582a61c92073336d04a26542 Author: David Howells Date: Fri Aug 3 17:06:56 2018 +0100 rxrpc: Push iov_iter up from rxrpc_kernel_recv_data() to caller Push iov_iter up from rxrpc_kernel_recv_data() to its caller to allow non-contiguous iovs to be passed down, thereby permitting file reading to be simplified in the AFS filesystem in a future patch. Signed-off-by: David Howells Signed-off-by: David S. Miller commit 020f6cc5f75511c5974cfd454f224365bc0c2df4 Author: Florian Westphal Date: Fri Aug 3 18:40:21 2018 +0200 netfilter: conntrack: avoid use-after free on rmmod When the conntrack module is removed, we call nf_ct_iterate_destroy via nf_ct_l4proto_unregister(). Problem is that nf_conntrack_proto_fini() gets called after the conntrack hash table has already been freed. Just remove the l4proto unregister call, its unecessary as the nf_ct_protos[] array gets free'd right after anyway. v2: add comment wrt. missing unreg call. Fixes: a0ae2562c6c4b2 ("netfilter: conntrack: remove l3proto abstraction") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit 7bdfcea875ad42b6fd00413882fbc657c751f13a Author: Florian Westphal Date: Fri Aug 3 17:56:12 2018 +0200 netfilter: kconfig: remove ct zone/label dependencies connection tracking zones currently depend on the xtables CT target. The reasoning was that it makes no sense to support zones if they can't be configured (which needed CT target). Nowadays zones can also be used by OVS and configured via nftables, so remove the dependency. connection tracking labels are handled via hidden dependency that gets auto-selected by the connlabel match. Make it a visible knob, as labels can be attached via ctnetlink or via nftables rules (nft_ct expression) too. This allows to use conntrack labels and zones with nftables-only build. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit 445509eb9b00278b31c92f16b05260176a41c27f Author: Pablo Neira Ayuso Date: Fri Aug 3 13:35:36 2018 +0200 netfilter: nf_tables: simplify NLM_F_CREATE handling * From nf_tables_newchain(), codepath provides context that allows us to infer if we are updating a chain (in that case, no module autoload is required) or adding a new one (then, module autoload is indeed needed). * We only need it in one single spot in nf_tables_newrule(). * Not needed for nf_tables_newset() at all. Signed-off-by: Pablo Neira Ayuso commit 94276fa8a2a4c08ccb2e9d55e88b95dc972ccea3 Author: Máté Eckl Date: Fri Aug 3 13:36:13 2018 +0200 netfilter: bridge: Expose nf_tables bridge hook priorities through uapi Netfilter exposes standard hook priorities in case of ipv4, ipv6 and arp but not in case of bridge. This patch exposes the hook priority values of the bridge family (which are different from the formerly mentioned) via uapi so that they can be used by user-space applications just like the others. Signed-off-by: Máté Eckl Signed-off-by: Pablo Neira Ayuso commit aaecfdb5c5dd8bac2dfd112166844a9f2d5711f0 Author: Pablo Neira Ayuso Date: Thu Aug 2 20:51:46 2018 +0200 netfilter: nf_tables: match on tunnel metadata This patch allows us to match on the tunnel metadata that is available of the packet. We can use this to validate if the packet comes from/goes to tunnel and the corresponding tunnel ID. Signed-off-by: Pablo Neira Ayuso commit af308b94a2a4a5a27bec9028354c4df444a7c8ba Author: Pablo Neira Ayuso Date: Thu Aug 2 20:51:39 2018 +0200 netfilter: nf_tables: add tunnel support This patch implements the tunnel object type that can be used to configure tunnels via metadata template through the existing lightweight API from the ingress path. Signed-off-by: Pablo Neira Ayuso commit 3424b700225c2f76d599abc8e5ea03064790618b Merge: 723a00436adc 54226116add4 Author: David S. Miller Date: Fri Aug 3 12:11:43 2018 -0700 Merge branch 'dsa-systemport-WoL' Florian Fainelli says: ==================== net: dsa and systemport WoL changes This patch series extracts what was previously submitted as part of the "WAKE_FILTER" Wake-on-LAN patch series into patches that do not. Changes in this series: - properly align the dsa_is_cpu_port() check in first patch ==================== Signed-off-by: David S. Miller commit 54226116add4dcfe6391ffb810225f78c9c3d245 Author: Florian Fainelli Date: Fri Aug 3 11:08:44 2018 -0700 net: systemport: Create helper to set MPD Create a helper function to turn on/off MPD, this will be used to avoid duplicating code as we are going to add additional types of wake-up types. Signed-off-by: Florian Fainelli Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 9e85e22713d6fed4873057493d6307c08b1d86a6 Author: Florian Fainelli Date: Fri Aug 3 11:08:43 2018 -0700 net: systemport: Do not re-configure upon WoL interrupt We already properly resume from Wake-on-LAN whether such a condition occured or not, no need to process the WoL interrupt for functional changes since that could race with other settings. Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit c0e6820b7e4175171f302df6cc4706b818f4a691 Author: Florian Fainelli Date: Fri Aug 3 11:08:42 2018 -0700 net: dsa: bcm_sf2: Disable learning while in WoL When we are in Wake-on-LAN, we operate with the host sofware not running a network stack, so we want to the switch to flood packets in order to cause a system wake-up when matching specific filters (unicast or multicast). This was not necessary before since we supported Magic Packet which are targeting a broadcast MAC address which the switch already floods. Signed-off-by: Florian Fainelli Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 2104bc0ab0eee8a4768dd80df8ed42eb591543bc Author: Florian Fainelli Date: Fri Aug 3 11:08:41 2018 -0700 net: dsa: bcm_sf2: Allow targeting CPU ports for CFP rules ds->enabled_port_mask only contains a bitmask of user-facing enabled ports, we also need to allow programming CFP rules that target CPU ports (e.g: ports 5 and 8). Signed-off-by: Florian Fainelli Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 033eab53fff7acc0f5718dee6fda641734b94416 Author: Máté Eckl Date: Thu Aug 2 21:18:31 2018 +0200 netfilter: nft_tproxy: Add missing config check A config check was missing form the code when using nf_defrag_ipv6_enable with NFT_TPROXY != n and NF_DEFRAG_IPV6 = n and this caused the following error: ../net/netfilter/nft_tproxy.c: In function 'nft_tproxy_init': ../net/netfilter/nft_tproxy.c:237:3: error: implicit declaration of function +'nf_defrag_ipv6_enable' [-Werror=implicit-function-declaration] err = nf_defrag_ipv6_enable(ctx->net); This patch adds a check for NF_TABLES_IPV6 when NF_DEFRAG_IPV6 is selected by Kconfig. Reported-by: Randy Dunlap Fixes: 4ed8eb6570a4 ("netfilter: nf_tables: Add native tproxy support") Signed-off-by: Máté Eckl Acked-by: Randy Dunlap Signed-off-by: Pablo Neira Ayuso commit cb85d2b04b408ba8328eb5fa1e184cc538ba8c6a Author: Andy Shevchenko Date: Mon Jul 30 15:38:30 2018 +0300 pinctrl: intel: Don't shadow error code of gpiochip_lock_as_irq() gpiochip_lock_as_irq() may return a few error codes, do not shadow them by -EINVAL and let caller to decide. No functional change intended. Cc: Heikki Krogerus Signed-off-by: Andy Shevchenko Acked-by: Mika Westerberg Signed-off-by: Linus Walleij commit b5031b7db77dc47f474f0efc2b2552c32b7bb59d Author: YueHaibing Date: Wed Aug 1 13:10:49 2018 +0800 pinctrl: berlin: fix 'pctrl->functions' allocation in berlin_pinctrl_build_state fixes following Smatch static check warning: drivers/pinctrl/berlin/berlin.c:237 berlin_pinctrl_build_state() warn: passing devm_ allocated variable to kfree. 'pctrl->functions' As we will be calling krealloc() on pointer 'pctrl->functions', which means kfree() will be called in there, devm_kzalloc() shouldn't be used with the allocation in the first place. Fix the warning by calling kcalloc() and managing the free procedure in error path on our own. Fixes: 3de68d331c24 ("pinctrl: berlin: add the core pinctrl driver for Marvell Berlin SoCs") Signed-off-by: YueHaibing Reviewed-by: Jisheng Zhang Signed-off-by: Linus Walleij commit 40b25bce0adbe641a744d1291bc0e51fb7f3c3d8 Author: Dmitry Osipenko Date: Thu Aug 2 14:11:44 2018 +0300 gpio: tegra: Move driver registration to subsys_init level There is a bug in regards to deferred probing within the drivers core that causes GPIO-driver to suspend after its users. The bug appears if GPIO-driver probe is getting deferred, which happens after introducing dependency on PINCTRL-driver for the GPIO-driver by defining "gpio-ranges" property in device-tree. The bug in the drivers core is old (more than 4 years now) and is well known, unfortunately there is no easy fix for it. The good news is that we can workaround the deferred probe issue by changing GPIO / PINCTRL drivers registration order and hence by moving PINCTRL driver registration to the arch_init level and GPIO to the subsys_init. Signed-off-by: Dmitry Osipenko Acked-by: Stefan Agner Signed-off-by: Linus Walleij commit 1e0813ee5599932c856bda64a568895ed7a33d3a Author: Dmitry Osipenko Date: Thu Aug 2 14:11:43 2018 +0300 pinctrl: tegra: Move drivers registration to arch_init level There is a bug in regards to deferred probing within the drivers core that causes GPIO-driver to suspend after its users. The bug appears if GPIO-driver probe is getting deferred, which happens after introducing dependency on PINCTRL-driver for the GPIO-driver by defining "gpio-ranges" property in device-tree. The bug in the drivers core is old (more than 4 years now) and is well known, unfortunately there is no easy fix for it. The good news is that we can workaround the deferred probe issue by changing GPIO / PINCTRL drivers registration order and hence by moving PINCTRL driver registration to the arch_init level and GPIO to the subsys_init. Signed-off-by: Dmitry Osipenko Acked-by: Stefan Agner Signed-off-by: Linus Walleij commit 973232e2a327cbf30b50b678af081426ca403088 Author: Alexander Stein Date: Thu Aug 2 12:53:18 2018 +0200 pinctrl: baytrail: actually print the apparently misconfigured pin For further investigation the actual result in interrupt status register is needed. Signed-off-by: Alexander Stein Acked-by: Mika Westerberg Signed-off-by: Linus Walleij commit 723a00436adc2ab474a2501c18a8e72ea1fc73f1 Merge: f3184645cb04 e9697e2effad Author: David S. Miller Date: Fri Aug 3 10:03:57 2018 -0700 Merge branch 'l2tp-mtu' Guillaume Nault says: ==================== l2tp: sanitise MTU handling on sessions Most of the code handling sessions' MTU has no effect. The ->mtu field in struct l2tp_session might be used at session creation time, but neither PPP nor Ethernet pseudo-wires take updates into account. L2TP sessions don't have a concept of MTU, which is the reason why ->mtu is mostly ignored. MTU should remain a network device thing. Therefore this patch set does not try to propagate/update ->mtu to/from the device. That would complicate the code unnecessarily. Instead this field and the associated ioctl commands and netlink attributes are removed. Patch #1 defines l2tp_tunnel_dst_mtu() in order to simplify the following patches. Then patches #2 and #3 remove MTU handling from PPP and Ethernet pseudo-wires respectively. ==================== Signed-off-by: David S. Miller commit e9697e2effad50c0081b3c72002d3975f8ab4347 Author: Guillaume Nault Date: Fri Aug 3 12:38:39 2018 +0200 l2tp: ignore L2TP_ATTR_MTU This attribute's handling is broken. It can only be used when creating Ethernet pseudo-wires, in which case its value can be used as the initial MTU for the l2tpeth device. However, when handling update requests, L2TP_ATTR_MTU only modifies session->mtu. This value is never propagated to the l2tpeth device. Dump requests also return the value of session->mtu, which is not synchronised anymore with the device MTU. The same problem occurs if the device MTU is properly updated using the generic IFLA_MTU attribute. In this case, session->mtu is not updated, and L2TP_ATTR_MTU will report an invalid value again when dumping the session. It does not seem worthwhile to complexify l2tp_eth.c to synchronise session->mtu with the device MTU. Even the ip-l2tp manpage advises to use 'ip link' to initialise the MTU of l2tpeth devices (iproute2 does not handle L2TP_ATTR_MTU at all anyway). So let's just ignore it entirely. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit 789141b215fc509defdd0f0978e4bf1bb5b31fc2 Author: Guillaume Nault Date: Fri Aug 3 12:38:37 2018 +0200 l2tp: simplify MTU handling in l2tp_ppp The value of the session's .mtu field, as defined by pppol2tp_connect() or pppol2tp_session_create(), is later overwritten by pppol2tp_session_init() (unless getting the tunnel's socket PMTU fails). This field is then only used when setting the PPP channel's MTU in pppol2tp_connect(). Furthermore, the SIOC[GS]IFMTU ioctls only act on the session's .mtu without propagating this value to the PPP channel, making them useless. This patch initialises the PPP channel's MTU directly and ignores the session's .mtu entirely. MTU is still computed by subtracting the PPPOL2TP_HEADER_OVERHEAD constant. It is not optimal, but that doesn't really matter: po->chan.mtu is only used when the channel is part of a multilink PPP bundle. Running multilink PPP over packet switched networks is certainly not going to be efficient, so not picking the best MTU does not harm (in the worst case, packets will just be fragmented by the underlay). The SIOC[GS]IFMTU ioctls are removed entirely (as opposed to simply ignored), because these ioctls commands are part of the requests that should be handled generically by the socket layer. PX_PROTO_OL2TP was the only socket type abusing these ioctls. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit 1f5cd2a0107d4ed95cbd9118e6a5f7ccd3d4d12a Author: Guillaume Nault Date: Fri Aug 3 12:38:34 2018 +0200 l2tp: define l2tp_tunnel_dst_mtu() Consolidate retrieval of tunnel's socket mtu in order to simplify l2tp_eth and l2tp_ppp a bit. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit 5019027a566de4986a7f66017cf0d6d794fc155f Author: Gustavo A. R. Silva Date: Fri Aug 3 11:33:57 2018 -0500 ASoC: samsung: i2s: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1381093 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit a773c3b6be185d171e2755ac715e8b1ea099ebbc Author: Gustavo A. R. Silva Date: Fri Aug 3 11:31:48 2018 -0500 ASoC: omap-dmic: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1468847 ("Missing break in switch") Addresses-Coverity-ID: 1468849 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit 16bbeb2b43c3f5d69e1348477e75a24ae6d55d5a Author: Gustavo A. R. Silva Date: Fri Aug 3 11:29:53 2018 -0500 ASoC: fsl_esai: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1222121 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit f3184645cb0409d4ab0e63d65a0adcb565f55df4 Merge: 54424d389196 375dd5e43212 Author: David S. Miller Date: Fri Aug 3 09:53:24 2018 -0700 Merge branch 'hns3-next' Salil Mehta says: ==================== Some important fixes for HNS3 driver This patch presents some important fixes related to MSIX allocation in HNS3 driver. ==================== Signed-off-by: David S. Miller commit 375dd5e432128ee071227e3ab0071ca11d01ac8c Author: Jian Shen Date: Fri Aug 3 10:56:31 2018 +0100 net: hns3: Refine the MSIX allocation for PF The offset of msix number for roce is different between different revision id. We should get it from firmware, instead of a fix value. This patch refines the msix allocation, make it compatible. Signed-off-by: Jian Shen Signed-off-by: Peng Li Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit 07acf909ee33983fe22334446dd5c2adf0fdca26 Author: Jian Shen Date: Fri Aug 3 10:56:30 2018 +0100 net: hns3: Fix MSIX allocation issue for VF The msix number for vf is different, depends on the max vf number. Futherly if the vf supports roce, the offset of msix is not fixed. It's incorrect to fix the msix number to 33. This patch fixes it by querying the msix number from firmware, and adjusting it with roce support. Fixes: e2cb1dec9779 ("net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support") Signed-off-by: Jian Shen Signed-off-by: Peng Li Signed-off-by: Salil Mehta Signed-off-by: David S. Miller commit c75303269009667cc2b7ddee274bc9e96e840f57 Author: Harsha Sharma Date: Thu Aug 2 09:26:24 2018 +0530 netfilter: cttimeout: Make NF_CT_NETLINK_TIMEOUT depend on NF_CONNTRACK_TIMEOUT With this, remove ifdef for CONFIG_NF_CONNTRACK_TIMEOUT in nfnetlink_cttimeout. This is also required for moving ctnl_untimeout from nfnetlink_cttimeout to nf_conntrack_timeout. Signed-off-by: Harsha Sharma Signed-off-by: Pablo Neira Ayuso commit 1974d2453fa7bfea5574d09332df3cc7fb0d909a Author: YueHaibing Date: Wed Aug 1 10:14:00 2018 +0800 netfilter: nf_tables: remove unused variable Variable 'ext' is being assigned but are never used hence they are unused and can be removed. Cleans up clang warnings: net/netfilter/nf_tables_api.c:4032:28: warning: variable ‘ext’ set but not used [-Wunused-but-set-variable] Signed-off-by: YueHaibing Signed-off-by: Pablo Neira Ayuso commit 54424d3891967b83d707c9300a3509c2ae8f42ee Author: Kees Cook Date: Fri Aug 3 10:15:25 2018 +0100 rxrpc: Reuse SKCIPHER_REQUEST_ON_STACK buffer The use of SKCIPHER_REQUEST_ON_STACK() will trigger FRAME_WARN warnings (when less than 2048) once the VLA is no longer hidden from the check: net/rxrpc/rxkad.c:398:1: warning: the frame size of 1152 bytes is larger than 1024 bytes [-Wframe-larger-than=] net/rxrpc/rxkad.c:242:1: warning: the frame size of 1152 bytes is larger than 1024 bytes [-Wframe-larger-than=] This passes the initial SKCIPHER_REQUEST_ON_STACK allocation to the leaf functions for reuse. Two requests allocated on the stack is not needed when only one is used at a time. Signed-off-by: Kees Cook Acked-by: Arnd Bergmann Signed-off-by: David Howells Signed-off-by: David S. Miller commit 5ca8a25c144dbb04511147601943691baab0aaca Author: Jiri Pirko Date: Fri Aug 3 11:08:47 2018 +0200 net: sched: fix flush on non-existing chain User was able to perform filter flush on chain 0 even if it didn't have any filters in it. With the patch that avoided implicit chain 0 creation, this changed. So in case user wants filter flush on chain which does not exist, just return success. There's no reason for non-0 chains to behave differently than chain 0, so do the same for them. Reported-by: Ido Schimmel Fixes: f71e0ca4db18 ("net: sched: Avoid implicit chain 0 creation") Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller commit 1a12d5dc7dd1ffd985503f9770b736fb03db2e3f Author: Gustavo A. R. Silva Date: Fri Aug 3 11:34:30 2018 -0500 ASoC: core: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 146568 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit 85c81941d5033fc8a68646823d3157840c9de8b3 Author: Gustavo A. R. Silva Date: Fri Aug 3 11:32:52 2018 -0500 ASoC: omap-mcpdm: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1369526 ("Missing break in switch") Addresses-Coverity-ID: 1369529 ("Missing break in switch") Addresses-Coverity-ID: 1451415 ("Missing break in switch") Addresses-Coverity-ID: 115103 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit 3b7c88fcc2873eba64f9e8cef34c4af0cba20887 Author: Gustavo A. R. Silva Date: Fri Aug 3 11:28:24 2018 -0500 ASoC: davinci-i2s: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1364478 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit 6fd544c897d98bc6f185da215f1585dc144218cc Author: YueHaibing Date: Fri Aug 3 16:48:56 2018 +0800 bnxt_en: combine 'else if' and 'else' into single branch The else-if branch and else branch set mac_ok to true similarly, so combine the two into single else branch. Also add comments to explain the two conditions, which from Michael Chan and Vasundhara Volam. Signed-off-by: YueHaibing Acked-by: Michael Chan Signed-off-by: David S. Miller commit 9e619d87b277bbcc4e0b64cc5963520c1cd99f18 Author: Florian Westphal Date: Tue Jul 31 17:24:45 2018 +0200 netfilter: nf_tables: flow event notifier must use transaction mutex Fixes: f102d66b335a4 ("netfilter: nf_tables: use dedicated mutex to guard transactions") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit ddba40be59c9be4059288464f8e6f38fbba27495 Author: Fernando Fernandez Mancera Date: Tue Jul 31 20:25:01 2018 +0200 netfilter: nfnetlink_osf: rename nf_osf header file to nfnetlink_osf The first client of the nf_osf.h userspace header is nft_osf, coming in this batch, rename it to nfnetlink_osf.h as there are no userspace clients for this yet, hence this looks consistent with other nfnetlink subsystem. Suggested-by: Jan Engelhardt Signed-off-by: Fernando Fernandez Mancera Signed-off-by: Pablo Neira Ayuso commit 7cca1ed0bb248b8d5768d17f5afe297a832d66c0 Author: Fernando Fernandez Mancera Date: Tue Jul 31 20:25:00 2018 +0200 netfilter: nf_osf: move nf_osf_fingers to non-uapi header file All warnings (new ones prefixed by >>): >> ./usr/include/linux/netfilter/nf_osf.h:73: userspace cannot reference function or variable defined in the kernel Fixes: f9324952088f ("netfilter: nfnetlink_osf: extract nfnetlink_subsystem code from xt_osf.c") Reported-by: kbuild test robot Signed-off-by: Fernando Fernandez Mancera Signed-off-by: Pablo Neira Ayuso commit 285189c78eeb6f684a024b86fb5997d10c6aa564 Author: Li RongQing Date: Wed Jul 25 15:52:13 2018 +0800 netfilter: use kvmalloc_array to allocate memory for hashtable nf_ct_alloc_hashtable is used to allocate memory for conntrack, NAT bysrc and expectation hashtable. Assuming 64k bucket size, which means 7th order page allocation, __get_free_pages, called by nf_ct_alloc_hashtable, will trigger the direct memory reclaim and stall for a long time, when system has lots of memory stress so replace combination of __get_free_pages and vzalloc with kvmalloc_array, which provides a overflow check and a fallback if no high order memory is available, and do not retry to reclaim memory, reduce stall and remove nf_ct_free_hashtable, since it is just a kvfree Signed-off-by: Zhang Yu Signed-off-by: Wang Li Signed-off-by: Li RongQing Signed-off-by: Pablo Neira Ayuso commit a0e336ba3e3d1c7ec0f738a2e2e203434c00b08e Author: Huang Chong Date: Fri Aug 3 08:17:54 2018 -0700 xfs: fix a comment in xfs_log_reserve Fix the comment in xfs_log_reserve to avoid confusing. Signed-of-by: Huang Chong Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit 1f31c98d650ca342e2f54cb17c4554ad110c5a11 Author: Darrick J. Wong Date: Wed Aug 1 15:50:27 2018 -0700 xfs: only validate summary counts on primary superblock Skip the summary counter checks for secondary superblocks and inprogress primary superblocks because mkfs has always written those out with zeroed summary counters. Signed-off-by: Darrick J. Wong Reviewed-by: Carlos Maiolino commit 16196776185cb19bb8c2318ebd1dbbefb5350d6a Author: Harry Wentland Date: Thu Aug 2 15:32:01 2018 -0400 drm/amd/display: Only require EDID read for HDMI and DVI [Why] VGA sometimes has trouble retrieving the EDID on very long cables, KVM switches, or old displays. [How] Only require EDID read for HDMI and DVI and exempt other types (DP, VGA). We currently don't support VGA but if anyone adds support in the future this might get overlooked. Signed-off-by: Harry Wentland Suggested-by: Michel Dänzer Acked-by: Alex Deucher Signed-off-by: Alex Deucher commit 01dc285d5cd89b77686d8baef8482c58d7dc3ead Author: Harry Wentland Date: Wed Aug 1 10:48:23 2018 -0400 drm/amd/display: Report non-DP display as disconnected without EDID [Why] Some boards seem to have a problem where HPD is high on HDMI even though no display is connected. We don't want to report these as connected. DP spec still requires us to report DP displays as connected when HPD is high but we can't read the EDID in order to go to fail-safe mode. [How] If connector_signal is not DP abort detection if we can't retrieve the EDID. v2: Add Bugzilla and stable Bugzilla: https://bugs.freedesktop.org/107390 Bugzilla: https://bugs.freedesktop.org/106846 Cc: stable@vger.kernel.org Signed-off-by: Harry Wentland Acked-by: Alex Deucher Reviewed-by: Nicholas Kazlauskas Signed-off-by: Alex Deucher commit 8530ebf1079ccc84ffa32d970cdcae168b2f3684 Author: Gustavo A. R. Silva Date: Fri Aug 3 08:42:11 2018 -0500 ASoC: smd845: fix memory leak In case memory resources for *card* were allocated, release them before return. Addresses-Coverity-ID: 1472244 ("Resource leak") Fixes: 6b1687bf76ef ("ASoC: qcom: add sdm845 sound card support") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mark Brown commit 623a6143a845bd485b00ba684f0ccef11835edab Author: Houlong Wei Date: Wed Jul 25 09:26:40 2018 +0800 mailbox: mediatek: Add Mediatek CMDQ driver This patch is first version of Mediatek Command Queue(CMDQ) driver. The CMDQ is used to help write registers with critical time limitation, such as updating display configuration during the vblank. It controls Global Command Engine (GCE) hardware to achieve this requirement. Currently, CMDQ only supports display related hardwares, but we expect it can be extended to other hardwares for future requirements. Signed-off-by: Houlong Wei Signed-off-by: HS Liao Signed-off-by: CK Hu Signed-off-by: Jassi Brar commit 1c82407aa302774b24bf619e56973aa97cbf25bd Author: Houlong Wei Date: Wed Jul 25 09:26:39 2018 +0800 dt-bindings: soc: Add documentation for the MediaTek GCE unit This adds documentation for the MediaTek Global Command Engine (GCE) unit found in MT8173 SoCs. Signed-off-by: Houlong Wei Signed-off-by: HS Liao Reviewed-by: Rob Herring Signed-off-by: Jassi Brar commit c000c4f1d96534885bc7a8ef5185fd8c0de5e827 Author: Takashi Iwai Date: Fri Aug 3 15:48:54 2018 +0200 ALSA: synth: Remove empty init and exit For a sake of code simplification, remove the init and the exit entries that do nothing. Notes for readers: actually it's OK to remove *both* init and exit, but not OK to remove the exit entry. By removing only the exit while keeping init, the module becomes permanently loaded; i.e. you cannot unload it any longer! Signed-off-by: Takashi Iwai commit a7da09fecf35cc1b328f0229c019757f6582f6bb Author: Takashi Iwai Date: Fri Aug 3 15:48:41 2018 +0200 ALSA: pci: Remove empty init and exit For a sake of code simplification, remove the init and the exit entries that do nothing. Notes for readers: actually it's OK to remove *both* init and exit, but not OK to remove the exit entry. By removing only the exit while keeping init, the module becomes permanently loaded; i.e. you cannot unload it any longer! Signed-off-by: Takashi Iwai commit 3b23dc52da90c340c51273414f4e2d13e07e594c Author: Takashi Iwai Date: Fri Aug 3 15:48:26 2018 +0200 ALSA: i2c: Remove empty init and exit For a sake of code simplification, remove the init and the exit entries that do nothing. Notes for readers: actually it's OK to remove *both* init and exit, but not OK to remove the exit entry. By removing only the exit while keeping init, the module becomes permanently loaded; i.e. you cannot unload it any longer! Signed-off-by: Takashi Iwai commit 498aaa9152eef3e101ec897f9c9b51662f700830 Author: Takashi Iwai Date: Fri Aug 3 15:44:15 2018 +0200 ALSA: isa: Remove empty init and exit For a sake of code simplification, remove the init and the exit entries that do nothing. Notes for readers: actually it's OK to remove *both* init and exit, but not OK to remove the exit entry. By removing only the exit while keeping init, the module becomes permanently loaded; i.e. you cannot unload it any longer! Signed-off-by: Takashi Iwai commit 969686ee0e0ff62ece428e8e02b07f81ac88a84d Author: Takashi Iwai Date: Fri Aug 3 15:42:46 2018 +0200 ALSA: drivers: Remove empty init and exit For a sake of code simplification, remove the init and the exit entries that do nothing. Notes for readers: actually it's OK to remove *both* init and exit, but not OK to remove the exit entry. By removing only the exit while keeping init, the module becomes permanently loaded; i.e. you cannot unload it any longer! Signed-off-by: Takashi Iwai commit a6403299893982a2c0b0a6f43261976c43e1598e Author: Takashi Iwai Date: Fri Aug 3 15:40:25 2018 +0200 ALSA: compress: Remove empty init and exit For a sake of code simplification, remove the init and the exit entries that do nothing. Notes for readers: actually it's OK to remove *both* init and exit, but not OK to remove the exit entry. By removing only the exit while keeping init, the module becomes permanently loaded; i.e. you cannot unload it any longer! Signed-off-by: Takashi Iwai commit 9038820cef3c3824cdd846d69894746a73c053db Author: Colin Ian King Date: Fri Aug 3 14:47:56 2018 +0100 ALSA: gus: fix spelling mistake "acumulator" -> "accumulator" Trivial spelling mistake fix in debug message Signed-off-by: Colin Ian King Signed-off-by: Takashi Iwai commit a5f74ec7d3cb6278255f7bf2ffb28baa6ad6e157 Author: Souptick Joarder Date: Mon May 21 22:59:48 2018 +0530 gpu: drm: msm: Change return type to vm_fault_t Use new return type vm_fault_t for fault handler. For now, this is just documenting that the function returns a VM_FAULT value rather than an errno. Once all instances are converted, vm_fault_t will become a distinct type. Ref- commit 1c8f422059ae ("mm: change return type to vm_fault_t") Previously vm_insert_mixed() returns err which driver mapped into VM_FAULT_* type. The new function vmf_insert_mixed() will replace this inefficiency by returning VM_FAULT_* type. vmf_error() is the newly introduce inline function in 4.17-rc6. Signed-off-by: Souptick Joarder Reviewed-by: Matthew Wilcox Signed-off-by: Rob Clark commit da25a672cf0e2c143bffb40acb507a342e25b4f4 Author: Joel Fernandes (Google) Date: Thu Aug 2 19:34:07 2018 -0700 trace: Use rcu_dereference_raw for hooks from trace-event subsystem Since we switched to using SRCU for tracepoints used in the idle path, we can no longer use rcu_dereference_sched for dereferencing points in trace-event hooks. Since tracepoints can now use either SRCU or sched-RCU, just use rcu_dereference_raw for traceevents just like we're doing when dereferencing the tracepoint table. This prevents an RCU warning reported by Masami: [ 282.060593] WARNING: can't dereference registers at 00000000f3c7f62b [ 282.063200] ============================= [ 282.064082] WARNING: suspicious RCU usage [ 282.064963] 4.18.0-rc6+ #15 Tainted: G W [ 282.066048] ----------------------------- [ 282.066923] /home/mhiramat/ksrc/linux/kernel/trace/trace_events.c:242 suspicious rcu_dereference_check() usage! [ 282.068974] [ 282.068974] other info that might help us debug this: [ 282.068974] [ 282.070770] [ 282.070770] RCU used illegally from idle CPU! [ 282.070770] rcu_scheduler_active = 2, debug_locks = 1 [ 282.072938] RCU used illegally from extended quiescent state! [ 282.074183] no locks held by swapper/0/0. [ 282.075071] [ 282.075071] stack backtrace: [ 282.076121] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W [ 282.077782] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) [ 282.079604] Call Trace: [ 282.080212] [ 282.080755] dump_stack+0x85/0xcb [ 282.081523] trace_event_ignore_this_pid+0x66/0x70 [ 282.082541] trace_event_raw_event_preemptirq_template+0xa2/0xb0 [ 282.083774] ? interrupt_entry+0xc4/0xe0 [ 282.084665] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 282.085669] trace_hardirqs_off_caller+0x90/0xd0 [ 282.086597] trace_hardirqs_off_thunk+0x1a/0x1c [ 282.087433] ? call_function_interrupt+0xa/0x20 [ 282.088201] interrupt_entry+0xc4/0xe0 [ 282.088848] ? call_function_interrupt+0xa/0x20 [ 282.089579] [ 282.090029] ? native_safe_halt+0x2/0x10 [ 282.090695] ? default_idle+0x1f/0x160 [ 282.091330] ? default_idle_call+0x24/0x40 [ 282.091997] ? do_idle+0x210/0x250 [ 282.092658] ? cpu_startup_entry+0x6f/0x80 [ 282.093338] ? start_kernel+0x49d/0x4bd [ 282.093987] ? secondary_startup_64+0xa5/0xb0 Link: http://lkml.kernel.org/r/20180803023407.225852-1-joel@joelfernandes.org Reported-by: Masami Hiramatsu Tested-by: Masami Hiramatsu Fixes: e6753f23d961 ("tracepoint: Make rcuidle tracepoint callers use SRCU") Signed-off-by: Joel Fernandes (Google) Signed-off-by: Steven Rostedt (VMware) commit b96e6615cd197022017808a9fe82f1737e307875 Author: Thomas Richter Date: Thu Aug 2 09:46:20 2018 +0200 perf auxtrace: Support for perf report -D for s390 Add initial support for s390 auxiliary traces using the CPU-Measurement Sampling Facility. Support and ignore PERF_REPORT_AUXTRACE_INFO records in the perf data file. Later patches will show the contents of the auxiliary traces. Setup the auxtrace queues and data structures for s390. A raw dump of the perf.data file now does not show an error when an auxtrace event is encountered. Output before: [root@s35lp76 perf]# ./perf report -D -i perf.data.auxtrace 0x128 [0x10]: failed to process type: 70 Error: failed to process sample 0x128 [0x10]: event: 70 . . ... raw event: size 16 bytes . 0000: 00 00 00 46 00 00 00 10 00 00 00 00 00 00 00 00 ...F............ 0x128 [0x10]: PERF_RECORD_AUXTRACE_INFO type: 0 [root@s35lp76 perf]# Output after: # ./perf report -D -i perf.data.auxtrace |fgrep PERF_RECORD_AUXTRACE 0 0 0x128 [0x10]: PERF_RECORD_AUXTRACE_INFO type: 5 0 0 0x25a66 [0x30]: PERF_RECORD_AUXTRACE size: 0x40000 offset: 0 ref: 0 idx: 4 tid: -1 cpu: 4 .... Additional notes about the underlying hardware and software implementation, provided by Hendrik Brueckner (see Link: below). ============================================================================= The CPU-Measurement Facility (CPU-MF) provides a set of functions to obtain performance information on the mainframe. Basically, it was introduced with System z10 years ago for the z/Architecture, that means, 64-bit. For Linux, there are two facilities of interest, counter facility and sampling facility. The counter facility provides hardware counters for instructions, cycles, crypto-activities, and many more. The sampling facility is a hardware sampler that when started will write samples at a particular interval into a sampling buffer. At some point, for example, if a sample block is full, it generates an interrupt to collect samples (while the sampler continues to run). Few years ago, I started to provide the a perf PMU to use the counter and sampling facilities. Recently, the device driver was updated to also "export" the sampling buffer into the AUX area. Thomas now completed the related perf work to interpret and process these AUX data. If people are more interested in the sampling facility, they can have a look into: - The Load-Program-Parameter and the CPU-Measurement Facilities, SA23-2260-05 http://www-01.ibm.com/support/docview.wss?uid=isg26fcd1cc32246f4c8852574ce0044734a and to learn how-to use it for Linux on Z, have look at chapter 54, "Using the CPU-measurement facilities" in the: - Device Drivers, Features, and Commands, SC33-8411-34 http://public.dhe.ibm.com/software/dw/linux390/docu/l416dd34.pdf ============================================================================= Signed-off-by: Thomas Richter Reviewed-by: Hendrik Brueckner Link: http://lkml.kernel.org/r/20180803100758.GA28475@linux.ibm.com Cc: Heiko Carstens Cc: Martin Schwidefsky Link: http://lkml.kernel.org/r/20180802074622.13641-2-tmricht@linux.ibm.com Signed-off-by: Arnaldo Carvalho de Melo commit a2b79838b891718dd4f0caf86dfa193af789245d Author: Nishanth Menon Date: Mon Jul 16 13:06:07 2018 -0500 mailbox: ti-msgmgr: Add support for Secure Proxy Secure Proxy is another communication scheme in Texas Instrument's devices intended to provide an unique communication path from various processors in the System on Chip(SoC) to a central System Controller. Secure proxy is, in effect, an evolution of current generation Message Manager hardware block found in K2G devices. However the following changes have taken place: Secure Proxy instance exposes "threads" or "proxies" which is primary representation of "a" communication channel. Each thread is preconfigured by System controller configuration based on SoC usage requirements. Secure proxy by itself represents a single "queue" of communication but allows the proxies to be independently operated. Each Secure proxy thread can uniquely have their own error and threshold interrupts allowing for more fine control of IRQ handling. Provide the driver support for Secure Proxy and thread instances. NOTE: Secure proxy configuration is only done by System Controller, hence these are assumed to be pre-configured instances. See AM65x Technical Reference Manual (SPRUID7, April 2018) for further details: http://www.ti.com/lit/pdf/spruid7 Signed-off-by: Nishanth Menon Signed-off-by: Jassi Brar commit 0f23a179746c10de8f8fe6ecc4767a0d6c824fa9 Author: Nishanth Menon Date: Mon Jul 16 13:06:06 2018 -0500 dt-bindings: mailbox: Add support for secure proxy threads Secure Proxy is another communication scheme in Texas Instrument's devices intended to provide an unique communication path from various processors in the System on Chip(SoC) to a central System Controller. Secure proxy is, in effect, an evolution of current generation Message Manager hardware block found in K2G devices. However the following changes have taken place: Secure Proxy instance exposes "threads" or "proxies" which is primary representation of "a" communication channel. Each thread is preconfigured by System controller configuration based on SoC usage requirements. Secure proxy by itself represents a single "queue" of communication but allows the proxies to be independently operated. Each Secure proxy thread can uniquely have their own error and threshold interrupts allowing for more fine control of IRQ handling. Provide an hardware description of the same for device tree representation. See AM65x Technical Reference Manual (SPRUID7, April 2018) for further details: http://www.ti.com/lit/pdf/spruid7 Reviewed-by: Rob Herring Signed-off-by: Nishanth Menon Signed-off-by: Jassi Brar commit 89c976c2f3fc02b95ae0a4a35dc3373ec8bfbdcb Author: Nishanth Menon Date: Mon Jul 16 13:06:05 2018 -0500 mailbox: ti-msgmgr: Move the memory region name to descriptor For newer generation of the hardware, the naming of the region is decided at integration level and there could be additional regions as well. Hence move the region naming to be described from compatible descriptor. Signed-off-by: Nishanth Menon Signed-off-by: Jassi Brar commit 8e56086292094290600edd7c526841df14b201ca Author: Nishanth Menon Date: Mon Jul 16 13:06:04 2018 -0500 mailbox: ti-msgmgr: Change message count mask to be descriptor based Change mask used to extract the message count to be descriptor based. This is to support changes for count location for various SoC solutions. Signed-off-by: Nishanth Menon Signed-off-by: Jassi Brar commit 5ab935e1942bdf8cab192478ac668b1589c47059 Author: Nishanth Menon Date: Mon Jul 16 13:06:03 2018 -0500 mailbox: ti-msgmgr: Allocate Rx channel resources only on request In a much bigger system SoCs, the number of Rx channels can be many and mostly unused based on the system of choice, and not all Rx channels need IRQs and allocating all memory at probe will be inefficient. Some SoCs could have total threads in the 100s and usage would be just 1 Rx thread. Thus, request and map the IRQs and allocate memory only when needed. Since these channels are requested by client drivers on need, our utilization will be optimal. Signed-off-by: Nishanth Menon Signed-off-by: Jassi Brar commit e7474ca1005768bddde2aad6fdd920245357377e Author: Nishanth Menon Date: Mon Jul 16 13:06:02 2018 -0500 mailbox: ti-msgmgr: Get rid of unused structure members Though q_proxies and q_slices do describe the hardware configuration, they are not necessary for operation given that the values are always default. Hence drop the same. Signed-off-by: Nishanth Menon Signed-off-by: Jassi Brar commit ea2ec1e80f78e5f1d6bd04315a2a0bf0646d8548 Author: Suman Anna Date: Wed Jul 11 18:42:12 2018 -0500 mailbox/omap: use of_device_get_match_data() to get match data The OMAP Mailbox driver is directly using an integer value as match data for distinguishing the interrupt register layout between OMAP2 and OMAP4+ SoCs. Introduce a dedicated structure for storing this match data, and simplify the probe function by using the of_device_get_match_data() function. This allows the driver to scale for 64-bit platforms by eliminating the unnecessary type-casting between a u32 and a void pointer types. Signed-off-by: Suman Anna Signed-off-by: Jassi Brar commit 2ad5157650b446f14a719280ba3670303bc4f439 Author: Suman Anna Date: Wed Jul 11 18:42:11 2018 -0500 mailbox/omap: switch to SPDX license identifier Use the appropriate SPDX license identifier in the OMAP Mailbox driver source files and drop the previous boilerplate license text. Signed-off-by: Suman Anna Signed-off-by: Jassi Brar commit 3512a18cbd8d09e22a790540cb9624c3c49827ba Author: Gustavo A. R. Silva Date: Thu Jul 26 12:11:39 2018 -0500 mailbox: xgene-slimpro: Fix potential NULL pointer dereference There is a potential execution path in which function platform_get_resource() returns NULL. If this happens, we will end up having a NULL pointer dereference. Fix this by replacing devm_ioremap with devm_ioremap_resource, which has the NULL check and the memory region request. This code was detected with the help of Coccinelle. Cc: stable@vger.kernel.org Fixes: f700e84f417b ("mailbox: Add support for APM X-Gene platform mailbox driver") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Jassi Brar commit fa9ad876b8e0ebd2b4367ef1580f89be64ebd5d3 Author: Balakrishna Godavarthi Date: Fri Aug 3 17:46:32 2018 +0530 Bluetooth: hci_qca: Add support for Qualcomm Bluetooth chip wcn3990 Add support to set voltage/current of various regulators to power up/down Bluetooth chip wcn3990. Signed-off-by: Balakrishna Godavarthi Reviewed-by: Matthias Kaehlcke Signed-off-by: Marcel Holtmann commit 4219d4686875fdd83df3da00fda5ff0551e0a2d7 Author: Balakrishna Godavarthi Date: Fri Aug 3 17:46:31 2018 +0530 Bluetooth: btqca: Add wcn3990 firmware download support. This patch enables the RAM and NV patch download for wcn3990. Signed-off-by: Balakrishna Godavarthi Reviewed-by: Matthias Kaehlcke Signed-off-by: Marcel Holtmann commit be93a497fa7fea2302e0d35ad08dbed30e5791d3 Author: Balakrishna Godavarthi Date: Fri Aug 3 17:46:30 2018 +0530 Bluetooth: hci_qca: Enable 3.2 Mbps operating speed. Enable Qualcomm chips to operate at 3.2Mbps. Signed-off-by: Balakrishna Godavarthi Reviewed-by: Matthias Kaehlcke Signed-off-by: Marcel Holtmann commit 83d9c5e56687a75cd75e537f97fb35009e9ba232 Author: Balakrishna Godavarthi Date: Fri Aug 3 17:46:29 2018 +0530 Bluetooth: hci_qca: Add wrapper functions for setting UART speed In function qca_setup, we set initial and operating speeds for Qualcomm Bluetooth SoC's. This block of code is common across different Qualcomm Bluetooth SoC's. Instead of duplicating the code, created a wrapper function to set the speeds. So that future coming SoC's can use these wrapper functions to set speeds. Signed-off-by: Balakrishna Godavarthi Reviewed-by: Matthias Kaehlcke Signed-off-by: Marcel Holtmann commit aadebac4639d84ee51a12f2a1706fea1e4760b81 Author: Balakrishna Godavarthi Date: Fri Aug 3 17:46:28 2018 +0530 Bluetooth: btqca: Redefine qca_uart_setup() to generic function. Redefinition of qca_uart_setup will help future Qualcomm Bluetooth SoC, to use the same function instead of duplicating the function. Added new arguments soc_type and soc_ver to the functions. These arguments will help to decide type of firmware files to be loaded into Bluetooth chip. soc_type holds the Bluetooth chip connected to APPS processor. soc_ver holds the Bluetooth chip version. Signed-off-by: Balakrishna Godavarthi Reviewed-by: Matthias Kaehlcke Signed-off-by: Marcel Holtmann commit ba493d4fbcb84bd14842c61cc077ffb5b3f7ecb1 Author: Balakrishna Godavarthi Date: Fri Aug 3 17:46:27 2018 +0530 Bluetooth: btqca: Rename ROME specific functions to generic functions Some of the QCA BTSoC ROME functions, are used for different versions or different make of BTSoC's. Instead of duplicating the same functions for new chip, update names of the functions that are used for both chips to keep this generic and would help in future when we would have new BT SoC. To have generic text in logs updated from ROME to QCA where ever possible. This avoids confusion to user, when using the future Qualcomm Bluetooth SoC's. Updated BT_DBG, BT_ERR and BT_INFO with bt_dev_dbg, bt_dev_err and bt_dev_info where ever applicable. Signed-off-by: Balakrishna Godavarthi Reviewed-by: Matthias Kaehlcke Signed-off-by: Marcel Holtmann commit 505013555a47c8dfed11bd124d2f4ea71988c21e Author: Balakrishna Godavarthi Date: Fri Aug 3 17:46:26 2018 +0530 dt-bindings: net: bluetooth: Add device tree bindings for QTI chip wcn3990 This patch enables regulators for the Qualcomm Bluetooth wcn3990 controller. Signed-off-by: Balakrishna Godavarthi Reviewed-by: Rob Herring Reviewed-by: Stephen Boyd Reviewed-by: Matthias Kaehlcke Signed-off-by: Marcel Holtmann commit 21e2156f3c4b2ad8b780a6d02342ca0e028a8acd Author: Andreas Gruenbacher Date: Fri Aug 3 10:57:52 2018 +0100 gfs2: Get rid of gfs2_ea_strlen Function gfs2_ea_strlen is only called from ea_list_i, so inline it there. Remove the duplicate switch statement and the creative use of memcpy to set a null byte. Signed-off-by: Andreas Gruenbacher Reviewed-by: Andrew Price Reviewed-by: Bob Peterson commit 4c79148970fbb3cfe078d4ad31a2c7a7722196a8 Author: Hans de Goede Date: Thu Aug 2 16:57:21 2018 +0200 Bluetooth: hci_h5: Add support for enable and device-wake GPIOs Add support for the enable and device-wake GPIOs used on ACPI enumerated RTL8723BS devices. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann commit b825d7c4052643a9b8a10d1c83213394f795c806 Author: Jeremy Cline Date: Thu Aug 2 16:57:20 2018 +0200 Bluetooth: hci_h5: Add support for the RTL8723BS Implement support for the RTL8723BS chip. Signed-off-by: Jeremy Cline [hdegoede@redhat.com: Port from bt3wire.c to hci_h5.c, drop broken GPIO code] Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann commit 4eb3cbc4c4dbd3185c9e7595e38ed01a87bba80f Author: Jeremy Cline Date: Thu Aug 2 16:57:19 2018 +0200 Bluetooth: hci_h5: Add vendor setup, open, and close callbacks Allow vendor-specific setup, open, and close functions to be defined. Signed-off-by: Jeremy Cline [hdegoede@redhat.com: Port from bt3wire.c to hci_h5.c, drop dt support] Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann commit ce945552fde4a09f0bd4c0a33b8694b8515e2bd9 Author: Hans de Goede Date: Thu Aug 2 16:57:18 2018 +0200 Bluetooth: hci_h5: Add support for serdev enumerated devices Add basic support for serdev enumerated devices, note sine this does not (yet) declare any of / ACPI ids to bind to atm this is a nop. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann commit 1cc194caaffbe07b8e08d464d8c309bc8e824618 Author: Hans de Goede Date: Thu Aug 2 16:57:17 2018 +0200 Bluetooth: btrtl: Add support for a config filename postfix The contents of the rtl_bt/rtlXXXX_config.bin file may be board specific allow the caller of btrtl_initialize to specify a postfix identifying the board, which if specified will make btrtl_initialize look for rtl_bt/rtlXXXX_config-.bin instead. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann commit c50903e3ee1b55d0d8a43eebed0c159e91986496 Author: Martin Blumenstingl Date: Thu Aug 2 16:57:16 2018 +0200 Bluetooth: btrtl: add support for the RTL8723BS and RTL8723DS chips The Realtek RTL8723BS and RTL8723DS chipsets are SDIO wifi chips. They also contain a Bluetooth module which is connected via UART to the host. Realtek's userspace initialization tool (rtk_hciattach) differentiates these two via the HCI version and revision returned by the HCI_OP_READ_LOCAL_VERSION command. Additionally we apply these checks only the for UART devices. Everything else is assumed to be a "RTL8723B" which was originally supported by the driver (communicating via USB). Signed-off-by: Martin Blumenstingl Signed-off-by: Jeremy Cline Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann commit b85b0ee1001b112a3dd4c4718d80b0c40551a2bb Author: Martin Blumenstingl Date: Thu Aug 2 16:57:15 2018 +0200 Bluetooth: btrtl: add support for retrieving the UART settings The UART settings are embedded in the config blob. This has to be parsed to successfully initialize the Bluetooth part of the RTL8723BS (which is an SDIO chip, but the Bluetooth part is connected via UART). The Realtek "rtl8723bs_bt" and "rtl8723ds_bt" userspace Bluetooth UART initialization tools (rtk_hciattach) use the following sequence: - send H5 sync pattern (already supported by hci_h5) - get LMP version (already supported by btrtl) - get ROM version (already supported by btrtl) - load the firmware and config for the current chipset (already supported by btrtl) - read UART settings from the config blob (part of this patch) - send UART settings via a vendor command to the device (which changes the baudrate of the device and enables or disables flow control depending on the config) - change the baudrate and flow control settings on the host - send the firmware and config blob to the device (already supported by btrtl) Sending the last firmware and config blob download command (rtl_download_cmd) fails if the UART settings are not updated beforehand. This is presumably because the device applies the config right after the firmware and config blob download - which means that at this point the host is using different UART settings than the device (which will obviously result in non-working communication). Signed-off-by: Martin Blumenstingl Signed-off-by: Jeremy Cline Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann commit a5c76e67ca82f12b6ba6d2cbc0d3ff5dc89c45af Author: Hans de Goede Date: Thu Aug 2 16:57:14 2018 +0200 Bluetooth: btrtl: Use rtl_dev_err and rtl_dev_info Consistently use rtl_dev_err and rtl_dev_info everywhere for messages. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann commit 26503ad25de8c7c93a2037f919c2e49a62cf65f1 Author: Martin Blumenstingl Date: Thu Aug 2 16:57:13 2018 +0200 Bluetooth: btrtl: split the device initialization into smaller parts This prepares the btrtl code so it can be used to initialize Bluetooth modules connected via UART (these are found for example on the RTL8723BS and RTL8723DS SDIO chips, which come with an embedded UART Bluetooth module). The Realtek "rtl8723bs_bt" and "rtl8723ds_bt" userspace Bluetooth UART initialization tools (rtk_hciattach) use the following sequence: 1) send H5 sync pattern (already supported by hci_h5) 2) get LMP version (already supported by btrtl) 3) get ROM version (already supported by btrtl) 4) load the firmware and config for the current chipset (already supported by btrtl) 5) read UART settings from the config blob (currently not supported) 6) send UART settings via a vendor command to the device (which changes the baudrate of the device and enables or disables flow control depending on the config) 7) change the baudrate and flow control settings on the host 8) send the firmware and config blob to the device (already supported by btrtl) The main reason why the initialization has to be split is step #7. This requires changes to the underlying "bus", which should be kept outside of the "generic" btrtl driver. The idea for this split is borrowed from the btbcm driver but adjusted where needed (the btrtl driver for example needs two blobs: firmware and config, while the btbcm only needs one). This also prepares the code for step #5 (parsing the config blob) by centralizing the code which loads the firmware and config blobs and storing the result in the new struct btrtl_device_info. Signed-off-by: Martin Blumenstingl Signed-off-by: Jeremy Cline Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann commit f96dbd322a8f1368dc663c48c7dc3c66a086ec9f Author: Martin Blumenstingl Date: Thu Aug 2 16:57:12 2018 +0200 Bluetooth: btrtl: add MODULE_FIRMWARE declarations This makes the firmware names show up in modinfo. Signed-off-by: Martin Blumenstingl Signed-off-by: Jeremy Cline Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann commit 85418feff6faa96b6f3cee29235821d9afd8a592 Author: Marcel Holtmann Date: Fri Aug 3 11:20:49 2018 +0200 Bluetooth: btusb: Use bt_dev_err for Intel firmware loading errors Replace the BT_ERR functions with bt_dev_err to get a consistent error printout that always prefixes the HCI device identifier. Signed-off-by: Marcel Holtmann Signed-off-by: Johan Hedberg commit 4a7a54a55e7237386cacc73f173e74329773ac93 Author: Thomas Gleixner Date: Fri Aug 3 13:06:35 2018 +0200 x86/intel_rdt: Disable PMU access Peter is objecting to the direct PMU access in RDT. Right now the PMU usage is broken anyway as it is not coordinated with perf. Until this discussion settled, disable the PMU mechanics by simply rejecting the type '2' measurement in the resctrl file. Reported-by: Peter Zijlstra Signed-off-by: Thomas Gleixner Cc: Reinette Chatre Cc: Dave Hansen Cc: fenghua.yu@intel.com Cc: tony.luck@intel.com Cc: vikas.shivappa@linux.intel.com CC: gavin.hindman@intel.com Cc: jithu.joseph@intel.com Cc: hpa@zytor.com commit 706d51681d636a0c4a5ef53395ec3b803e45ed4d Author: Sai Praneeth Date: Wed Aug 1 11:42:25 2018 -0700 x86/speculation: Support Enhanced IBRS on future CPUs Future Intel processors will support "Enhanced IBRS" which is an "always on" mode i.e. IBRS bit in SPEC_CTRL MSR is enabled once and never disabled. From the specification [1]: "With enhanced IBRS, the predicted targets of indirect branches executed cannot be controlled by software that was executed in a less privileged predictor mode or on another logical processor. As a result, software operating on a processor with enhanced IBRS need not use WRMSR to set IA32_SPEC_CTRL.IBRS after every transition to a more privileged predictor mode. Software can isolate predictor modes effectively simply by setting the bit once. Software need not disable enhanced IBRS prior to entering a sleep state such as MWAIT or HLT." If Enhanced IBRS is supported by the processor then use it as the preferred spectre v2 mitigation mechanism instead of Retpoline. Intel's Retpoline white paper [2] states: "Retpoline is known to be an effective branch target injection (Spectre variant 2) mitigation on Intel processors belonging to family 6 (enumerated by the CPUID instruction) that do not have support for enhanced IBRS. On processors that support enhanced IBRS, it should be used for mitigation instead of retpoline." The reason why Enhanced IBRS is the recommended mitigation on processors which support it is that these processors also support CET which provides a defense against ROP attacks. Retpoline is very similar to ROP techniques and might trigger false positives in the CET defense. If Enhanced IBRS is selected as the mitigation technique for spectre v2, the IBRS bit in SPEC_CTRL MSR is set once at boot time and never cleared. Kernel also has to make sure that IBRS bit remains set after VMEXIT because the guest might have cleared the bit. This is already covered by the existing x86_spec_ctrl_set_guest() and x86_spec_ctrl_restore_host() speculation control functions. Enhanced IBRS still requires IBPB for full mitigation. [1] Speculative-Execution-Side-Channel-Mitigations.pdf [2] Retpoline-A-Branch-Target-Injection-Mitigation.pdf Both documents are available at: https://bugzilla.kernel.org/show_bug.cgi?id=199511 Originally-by: David Woodhouse Signed-off-by: Sai Praneeth Prakhya Signed-off-by: Thomas Gleixner Cc: Tim C Chen Cc: Dave Hansen Cc: Ravi Shankar Link: https://lkml.kernel.org/r/1533148945-24095-1-git-send-email-sai.praneeth.prakhya@intel.com commit 301d328a6f8b53bb86c5ecf72db7bc178bcf1999 Author: Peter Feiner Date: Wed Aug 1 11:06:57 2018 -0700 x86/cpufeatures: Add EPT_AD feature bit Some Intel processors have an EPT feature whereby the accessed & dirty bits in EPT entries can be updated by HW. MSR IA32_VMX_EPT_VPID_CAP exposes the presence of this capability. There is no point in trying to use that new feature bit in the VMX code as VMX needs to read the MSR anyway to access other bits, but having the feature bit for EPT_AD in place helps virtualization management as it exposes "ept_ad" in /proc/cpuinfo/$proc/flags if the feature is present. [ tglx: Amended changelog ] Signed-off-by: Peter Feiner Signed-off-by: Peter Shier Signed-off-by: Thomas Gleixner Reviewed-by: Jim Mattson Cc: "H. Peter Anvin" Cc: Borislav Petkov Cc: Konrad Rzeszutek Wilk Cc: David Woodhouse Link: https://lkml.kernel.org/r/20180801180657.138051-1-pshier@google.com commit 13a01635823c409a0911304ee50987cb851317da Author: Gustavo A. R. Silva Date: Thu Aug 2 15:42:39 2018 -0500 ALSA: es18xx: mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 115075 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Takashi Iwai commit 734be97b967c7e2bab72b34da87534ccd854c72d Author: Gustavo A. R. Silva Date: Thu Aug 2 15:41:55 2018 -0500 ALSA: opti9xx: mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 402016 ("Missing break in switch") Addresses-Coverity-ID: 1056542 ("Missing break in switch") Addresses-Coverity-ID: 1339579 ("Missing break in switch") Addresses-Coverity-ID: 1369526 ("Missing break in switch") Addresses-Coverity-ID: 1369529 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Takashi Iwai commit 3e313f34720ea1bb876636263e30a779ff65836e Author: Gustavo A. R. Silva Date: Thu Aug 2 15:41:21 2018 -0500 ALSA: opti92x: mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1165394 ("Missing break in switch") Addresses-Coverity-ID: 1167851 ("Missing break in switch") Addresses-Coverity-ID: 402015 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Takashi Iwai commit a9fe47e5e96be6401738f6c1e087edbcff6a5ceb Author: Gustavo A. R. Silva Date: Thu Aug 2 15:40:37 2018 -0500 ALSA: galaxy: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1468367 ("Missing break in switch") Addresses-Coverity-ID: 115037 ("Missing break in switch") Addresses-Coverity-ID: 115038 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Takashi Iwai commit 1b6266ebe3da8198e9a02fbad77bbb56e2f7ce2e Author: Sinan Kaya Date: Thu Aug 2 23:09:41 2018 -0700 watchdog: Reduce message verbosity Code is emitting the following error message during boot on systems without PMU hardware support while probing NMI capability. NMI watchdog: Perf event create on CPU 0 failed with -2 This error is emitted as the perf subsystem returns -ENOENT due to lack of PMUs in the system. It is followed by the warning that NMI watchdog is disabled: NMI watchdog: Perf NMI watchdog permanently disabled While NMI disabled information is useful for ordinary users, seeing a PERF event create failed with error code -2 is not. Reduce the message severity to debug so that if debugging is still possible in case the error code returned by perf is required for analysis. Signed-off-by: Sinan Kaya Signed-off-by: Thomas Gleixner Acked-by: Don Zickus Cc: Kate Stewart Cc: Greg Kroah-Hartman Cc: Colin Ian King Cc: Peter Zijlstra Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599368 Link: https://lkml.kernel.org/r/20180803060943.2643-1-okaya@kernel.org commit 4f7799d96e6621ce584df60739e1480a6fd89f0a Author: Palmer Dabbelt Date: Fri Jun 22 10:01:26 2018 -0700 genirq/irqchip: Remove MULTI_IRQ_HANDLER as it's now obselete Now that every user of MULTI_IRQ_HANDLER has been convereted over to use GENERIC_IRQ_MULTI_HANDLER remove the references to MULTI_IRQ_HANDLER. Signed-off-by: Palmer Dabbelt Signed-off-by: Thomas Gleixner Cc: linux@armlinux.org.uk Cc: catalin.marinas@arm.com Cc: Will Deacon Cc: jonas@southpole.se Cc: stefan.kristiansson@saunalahti.fi Cc: shorne@gmail.com Cc: jason@lakedaemon.net Cc: marc.zyngier@arm.com Cc: Arnd Bergmann Cc: nicolas.pitre@linaro.org Cc: vladimir.murzin@arm.com Cc: keescook@chromium.org Cc: jinb.park7@gmail.com Cc: yamada.masahiro@socionext.com Cc: alexandre.belloni@bootlin.com Cc: pombredanne@nexb.com Cc: Greg KH Cc: kstewart@linuxfoundation.org Cc: jhogan@kernel.org Cc: mark.rutland@arm.com Cc: ard.biesheuvel@linaro.org Cc: james.morse@arm.com Cc: linux-arm-kernel@lists.infradead.org Cc: openrisc@lists.librecores.org Link: https://lkml.kernel.org/r/20180622170126.6308-6-palmer@sifive.com commit c5ca4560de0f04a3c872bdd17ae3378762c66bd2 Author: Palmer Dabbelt Date: Fri Jun 22 10:01:25 2018 -0700 openrisc: Use the new GENERIC_IRQ_MULTI_HANDLER It appears that openrisc copied arm64's GENERIC_IRQ_MULTI_HANDLER code (which came from arm). Cnvert it to use the generic version. Signed-off-by: Palmer Dabbelt Signed-off-by: Thomas Gleixner Acked-by: Stafford Horne Cc: linux@armlinux.org.uk Cc: catalin.marinas@arm.com Cc: Will Deacon Cc: jonas@southpole.se Cc: stefan.kristiansson@saunalahti.fi Cc: jason@lakedaemon.net Cc: marc.zyngier@arm.com Cc: Arnd Bergmann Cc: nicolas.pitre@linaro.org Cc: vladimir.murzin@arm.com Cc: keescook@chromium.org Cc: jinb.park7@gmail.com Cc: yamada.masahiro@socionext.com Cc: alexandre.belloni@bootlin.com Cc: pombredanne@nexb.com Cc: Greg KH Cc: kstewart@linuxfoundation.org Cc: jhogan@kernel.org Cc: mark.rutland@arm.com Cc: ard.biesheuvel@linaro.org Cc: james.morse@arm.com Cc: linux-arm-kernel@lists.infradead.org Cc: openrisc@lists.librecores.org Link: https://lkml.kernel.org/r/20180622170126.6308-5-palmer@sifive.com commit 78ae2e1cd845480caaa2f181fee64e51f679f5aa Author: Palmer Dabbelt Date: Fri Jun 22 10:01:24 2018 -0700 arm64: Use the new GENERIC_IRQ_MULTI_HANDLER It appears arm64 copied arm's GENERIC_IRQ_MULTI_HANDLER code, but made it unconditional. Converts the arm64 code to use the new generic code, which simply consists of deleting the arm64 code and setting MULTI_IRQ_HANDLER instead. Signed-off-by: Palmer Dabbelt Signed-off-by: Thomas Gleixner Reviewed-by: Christoph Hellwig Cc: linux@armlinux.org.uk Cc: catalin.marinas@arm.com Cc: Will Deacon Cc: jonas@southpole.se Cc: stefan.kristiansson@saunalahti.fi Cc: shorne@gmail.com Cc: jason@lakedaemon.net Cc: marc.zyngier@arm.com Cc: Arnd Bergmann Cc: nicolas.pitre@linaro.org Cc: vladimir.murzin@arm.com Cc: keescook@chromium.org Cc: jinb.park7@gmail.com Cc: yamada.masahiro@socionext.com Cc: alexandre.belloni@bootlin.com Cc: pombredanne@nexb.com Cc: Greg KH Cc: kstewart@linuxfoundation.org Cc: jhogan@kernel.org Cc: mark.rutland@arm.com Cc: ard.biesheuvel@linaro.org Cc: james.morse@arm.com Cc: linux-arm-kernel@lists.infradead.org Cc: openrisc@lists.librecores.org Link: https://lkml.kernel.org/r/20180622170126.6308-4-palmer@sifive.com commit 4c301f9b6a94bb383089bc847083e287e9bfc96e Author: Palmer Dabbelt Date: Fri Jun 22 10:01:23 2018 -0700 ARM: Convert to GENERIC_IRQ_MULTI_HANDLER Converts the ARM interrupt code to use the recently added GENERIC_IRQ_MULTI_HANDLER, which is essentially just a copy of ARM's existhing MULTI_IRQ_HANDLER. The only changes are: * handle_arch_irq is now defined in a generic C file instead of an arm-specific assembly file. * handle_arch_irq is now marked as __ro_after_init. Signed-off-by: Palmer Dabbelt Signed-off-by: Thomas Gleixner Cc: linux@armlinux.org.uk Cc: catalin.marinas@arm.com Cc: Will Deacon Cc: jonas@southpole.se Cc: stefan.kristiansson@saunalahti.fi Cc: shorne@gmail.com Cc: jason@lakedaemon.net Cc: marc.zyngier@arm.com Cc: Arnd Bergmann Cc: nicolas.pitre@linaro.org Cc: vladimir.murzin@arm.com Cc: keescook@chromium.org Cc: jinb.park7@gmail.com Cc: yamada.masahiro@socionext.com Cc: alexandre.belloni@bootlin.com Cc: pombredanne@nexb.com Cc: Greg KH Cc: kstewart@linuxfoundation.org Cc: jhogan@kernel.org Cc: mark.rutland@arm.com Cc: ard.biesheuvel@linaro.org Cc: james.morse@arm.com Cc: linux-arm-kernel@lists.infradead.org Cc: openrisc@lists.librecores.org Link: https://lkml.kernel.org/r/20180622170126.6308-3-palmer@sifive.com commit 08fb550cb3f8e1efff5586b938eeedddb3ba0506 Author: Palmer Dabbelt Date: Fri Jun 22 10:01:22 2018 -0700 irqchip: Port the ARM IRQ drivers to GENERIC_IRQ_MULTI_HANDLER GENERIC_IRQ_MULTI_HANDLER is incompatible with MULTI_IRQ_HANDLER because they define the same symbols. Multiple generic irqchip drivers select MULTI_IRQ_HANDLER, which is now defined on all architectures that provide set_handle_irq(). To solve this select GENERIC_IRQ_MULTI_HANDLER for all drivers that used to select MULTI_IRQ_HANDLER, but only when MULTI_IRQ_HANDLER doesn't exist. After that every architecture can be converted over from MULTI_IRQ_HANDLER to GENERIC_IRQ_MULTI_HANDLER before removing the extra MULTI_IRQ_HANDLER scaffolding. Signed-off-by: Palmer Dabbelt Signed-off-by: Thomas Gleixner Cc: linux@armlinux.org.uk Cc: catalin.marinas@arm.com Cc: Will Deacon Cc: jonas@southpole.se Cc: stefan.kristiansson@saunalahti.fi Cc: shorne@gmail.com Cc: jason@lakedaemon.net Cc: marc.zyngier@arm.com Cc: Arnd Bergmann Cc: nicolas.pitre@linaro.org Cc: vladimir.murzin@arm.com Cc: keescook@chromium.org Cc: jinb.park7@gmail.com Cc: yamada.masahiro@socionext.com Cc: alexandre.belloni@bootlin.com Cc: pombredanne@nexb.com Cc: Greg KH Cc: kstewart@linuxfoundation.org Cc: jhogan@kernel.org Cc: mark.rutland@arm.com Cc: ard.biesheuvel@linaro.org Cc: james.morse@arm.com Cc: linux-arm-kernel@lists.infradead.org Cc: openrisc@lists.librecores.org Cc: Shea Levy Link: https://lkml.kernel.org/r/20180622170126.6308-2-palmer@sifive.com commit 9eab9901b015f489199105c470de1ffc337cfabb Author: Reza Arbab Date: Thu Aug 2 23:03:36 2018 -0500 powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage We've encountered a performance issue when multiple processors stress {get,put}_mmio_atsd_reg(). These functions contend for mmio_atsd_usage, an unsigned long used as a bitmask. The accesses to mmio_atsd_usage are done using test_and_set_bit_lock() and clear_bit_unlock(). As implemented, both of these will require a (successful) stwcx to that same cache line. What we end up with is thread A, attempting to unlock, being slowed by other threads repeatedly attempting to lock. A's stwcx instructions fail and retry because the memory reservation is lost every time a different thread beats it to the punch. There may be a long-term way to fix this at a larger scale, but for now resolve the immediate problem by gating our call to test_and_set_bit_lock() with one to test_bit(), which is obviously implemented without using a store. Fixes: 1ab66d1fbada ("powerpc/powernv: Introduce address translation services for Nvlink2") Signed-off-by: Reza Arbab Acked-by: Alistair Popple Signed-off-by: Michael Ellerman commit 06832fc004815b4b43628d21fc81715e8e7cadff Author: Christoph Hellwig Date: Mon Jul 30 09:37:21 2018 +0200 powerpc: Do not redefine NEED_DMA_MAP_STATE kernel/dma/Kconfig already defines NEED_DMA_MAP_STATE, just select it from CONFIG_PPC using the same condition as an if guard. Signed-off-by: Christoph Hellwig [mpe: Move it under PPC] Signed-off-by: Michael Ellerman commit 6e0495c2e8ac39b1aad0a4588fe64413ce9028c0 Author: Guenter Roeck Date: Mon Jul 30 18:44:14 2018 -0700 powerpc/4xx: Fix error return path in ppc4xx_msi_probe() An arbitrary error in ppc4xx_msi_probe() quite likely results in a crash similar to the following, seen after dma_alloc_coherent() returned an error. Unable to handle kernel paging request for data at address 0x00000000 Faulting instruction address: 0xc001bff0 Oops: Kernel access of bad area, sig: 11 [#1] BE Canyonlands Modules linked in: CPU: 0 PID: 1 Comm: swapper Tainted: G W 4.18.0-rc6-00010-gff33d1030a6c #1 NIP: c001bff0 LR: c001c418 CTR: c01faa7c REGS: cf82db40 TRAP: 0300 Tainted: G W (4.18.0-rc6-00010-gff33d1030a6c) MSR: 00029000 CR: 28002024 XER: 00000000 DEAR: 00000000 ESR: 00000000 GPR00: c001c418 cf82dbf0 cf828000 cf8de400 00000000 00000000 000000c4 000000c4 GPR08: c0481ea4 00000000 00000000 000000c4 22002024 00000000 c00025e8 00000000 GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 c0492380 0000004a GPR24: 00029000 0000000c 00000000 cf8de410 c0494d60 c0494d60 cf8bebc0 00000001 NIP [c001bff0] ppc4xx_of_msi_remove+0x48/0xa0 LR [c001c418] ppc4xx_msi_probe+0x294/0x3b8 Call Trace: [cf82dbf0] [00029000] 0x29000 (unreliable) [cf82dc10] [c001c418] ppc4xx_msi_probe+0x294/0x3b8 [cf82dc70] [c0209fbc] platform_drv_probe+0x40/0x9c [cf82dc90] [c0208240] driver_probe_device+0x2a8/0x350 [cf82dcc0] [c0206204] bus_for_each_drv+0x60/0xac [cf82dcf0] [c0207e88] __device_attach+0xe8/0x160 [cf82dd20] [c02071e0] bus_probe_device+0xa0/0xbc [cf82dd40] [c02050c8] device_add+0x404/0x5c4 [cf82dd90] [c0288978] of_platform_device_create_pdata+0x88/0xd8 [cf82ddb0] [c0288b70] of_platform_bus_create+0x134/0x220 [cf82de10] [c0288bcc] of_platform_bus_create+0x190/0x220 [cf82de70] [c0288cf4] of_platform_bus_probe+0x98/0xec [cf82de90] [c0449650] __machine_initcall_canyonlands_ppc460ex_device_probe+0x38/0x54 [cf82dea0] [c0002404] do_one_initcall+0x40/0x188 [cf82df00] [c043daec] kernel_init_freeable+0x130/0x1d0 [cf82df30] [c0002600] kernel_init+0x18/0x104 [cf82df40] [c000c23c] ret_from_kernel_thread+0x14/0x1c Instruction dump: 90010024 813d0024 2f890000 83c30058 41bd0014 48000038 813d0024 7f89f800 409d002c 813e000c 57ea103a 3bff0001 <7c69502e> 2f830000 419effe0 4803b26d ---[ end trace 8cf551077ecfc42a ]--- Fix it up. Specifically, - Return valid error codes from ppc4xx_setup_pcieh_hw(), have it clean up after itself, and only access hardware after all possible error conditions have been handled. - Use devm_kzalloc() instead of kzalloc() in ppc4xx_msi_probe() Signed-off-by: Guenter Roeck Reviewed-by: Christoph Hellwig Signed-off-by: Michael Ellerman commit d6e43798b3d9cb8c59e1fccfaeec7cb396dc0699 Author: Eric Biggers Date: Fri Jul 27 15:36:11 2018 -0700 crypto: dh - make crypto_dh_encode_key() make robust Make it return -EINVAL if crypto_dh_key_len() is incorrect rather than overflowing the buffer. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu commit 35f7d5225ffcbf1b759f641aec1735e3a89b1914 Author: Eric Biggers Date: Fri Jul 27 15:36:10 2018 -0700 crypto: dh - fix calculating encoded key size It was forgotten to increase DH_KPP_SECRET_MIN_SIZE to include 'q_size', causing an out-of-bounds write of 4 bytes in crypto_dh_encode_key(), and an out-of-bounds read of 4 bytes in crypto_dh_decode_key(). Fix it, and fix the lengths of the test vectors to match this. Reported-by: syzbot+6d38d558c25b53b8f4ed@syzkaller.appspotmail.com Fixes: e3fe0ae12962 ("crypto: dh - add public key verification test") Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu commit afb31cd2d1a1bc3ca055fb2519ec4e9ab969ffe0 Author: Tom Lendacky Date: Thu Jul 26 09:37:59 2018 -0500 crypto: ccp - Check for NULL PSP pointer at module unload Should the PSP initialization fail, the PSP data structure will be freed and the value contained in the sp_device struct set to NULL. At module unload, psp_dev_destroy() does not check if the pointer value is NULL and will end up dereferencing a NULL pointer. Add a pointer check of the psp_data field in the sp_device struct in psp_dev_destroy() and return immediately if it is NULL. Cc: # 4.16.x- Fixes: 2a6170dfe755 ("crypto: ccp: Add Platform Security Processor (PSP) device support") Signed-off-by: Tom Lendacky Acked-by: Gary R Hook Signed-off-by: Herbert Xu commit 4e34e51f48ab7f77a4022aa810a786daa3eb3e22 Author: Eric Biggers Date: Tue Jul 24 18:29:07 2018 -0700 crypto: arm/chacha20 - always use vrev for 16-bit rotates The 4-way ChaCha20 NEON code implements 16-bit rotates with vrev32.16, but the one-way code (used on remainder blocks) implements it with vshl + vsri, which is slower. Switch the one-way code to vrev32.16 too. Signed-off-by: Eric Biggers Acked-by: Ard Biesheuvel Signed-off-by: Herbert Xu commit f53ad3e1b35a558528f6d0041568016d1f623a9d Author: Gilad Ben-Yossef Date: Tue Jul 24 15:12:46 2018 +0100 crypto: ccree - allow bigger than sector XTS op The ccree driver had a sanity check that we are not asked to encrypt an XTS buffer bigger than a sane sector size since XTS IV needs to include the sector number in the IV so this is not expected in any real use case. Unfortunately, this breaks cryptsetup benchmark test which has a synthetic performance test using 64k buffer of data with the same IV. Remove the sanity check and allow the user to hang themselves and/or run benchmarks if they so wish. Reported-by: Geert Uytterhoeven Signed-off-by: Gilad Ben-Yossef Signed-off-by: Herbert Xu commit e30368f3f3ee72e20aa4b1fdb6ec2c5ddcd7e2d1 Author: Gilad Ben-Yossef Date: Tue Jul 24 15:12:45 2018 +0100 crypto: ccree - zero all of request ctx before use In certain error path req_ctx->iv was being freed despite not being allocated because it was not initialized to NULL. Rather than play whack a mole with the structure various field, zero it before use. This fixes a kernel panic that may occur if an invalid buffer size was requested triggering the bug above. Fixes: 63ee04c8b491 ("crypto: ccree - add skcipher support") Reported-by: Geert Uytterhoeven Signed-off-by: Gilad Ben-Yossef Signed-off-by: Herbert Xu commit f5c19df90ae7fc21d3dcf50af9d6b456aa6b3351 Author: Gilad Ben-Yossef Date: Tue Jul 24 15:12:44 2018 +0100 crypto: ccree - remove cipher ivgen left overs IV generation is not available via the skcipher interface. Remove the left over support of it from the ablkcipher days. Signed-off-by: Gilad Ben-Yossef Signed-off-by: Herbert Xu commit 76c9e53e633c8584f752effc4412d395ccf90547 Author: Gilad Ben-Yossef Date: Tue Jul 24 15:12:43 2018 +0100 crypto: ccree - drop useless type flag during reg Drop the explicit setting of CRYPTO_ALG_TYPE_AEAD or CRYPTO_ALG_TYPE_SKCIPHER flags during alg registration as they are set anyway by the framework. Signed-off-by: Gilad Ben-Yossef Signed-off-by: Herbert Xu commit 318abdfbe708aaaa652c79fb500e9bd60521f9dc Author: Eric Biggers Date: Mon Jul 23 10:54:58 2018 -0700 crypto: ablkcipher - fix crash flushing dcache in error path Like the skcipher_walk and blkcipher_walk cases: scatterwalk_done() is only meant to be called after a nonzero number of bytes have been processed, since scatterwalk_pagedone() will flush the dcache of the *previous* page. But in the error case of ablkcipher_walk_done(), e.g. if the input wasn't an integer number of blocks, scatterwalk_done() was actually called after advancing 0 bytes. This caused a crash ("BUG: unable to handle kernel paging request") during '!PageSlab(page)' on architectures like arm and arm64 that define ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE, provided that the input was page-aligned as in that case walk->offset == 0. Fix it by reorganizing ablkcipher_walk_done() to skip the scatterwalk_advance() and scatterwalk_done() if an error has occurred. Reported-by: Liu Chao Fixes: bf06099db18a ("crypto: skcipher - Add ablkcipher_walk interfaces") Cc: # v2.6.35+ Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu commit 0868def3e4100591e7a1fdbf3eed1439cc8f7ca3 Author: Eric Biggers Date: Mon Jul 23 10:54:57 2018 -0700 crypto: blkcipher - fix crash flushing dcache in error path Like the skcipher_walk case: scatterwalk_done() is only meant to be called after a nonzero number of bytes have been processed, since scatterwalk_pagedone() will flush the dcache of the *previous* page. But in the error case of blkcipher_walk_done(), e.g. if the input wasn't an integer number of blocks, scatterwalk_done() was actually called after advancing 0 bytes. This caused a crash ("BUG: unable to handle kernel paging request") during '!PageSlab(page)' on architectures like arm and arm64 that define ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE, provided that the input was page-aligned as in that case walk->offset == 0. Fix it by reorganizing blkcipher_walk_done() to skip the scatterwalk_advance() and scatterwalk_done() if an error has occurred. This bug was found by syzkaller fuzzing. Reproducer, assuming ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE: #include #include #include int main() { struct sockaddr_alg addr = { .salg_type = "skcipher", .salg_name = "ecb(aes-generic)", }; char buffer[4096] __attribute__((aligned(4096))) = { 0 }; int fd; fd = socket(AF_ALG, SOCK_SEQPACKET, 0); bind(fd, (void *)&addr, sizeof(addr)); setsockopt(fd, SOL_ALG, ALG_SET_KEY, buffer, 16); fd = accept(fd, NULL, NULL); write(fd, buffer, 15); read(fd, buffer, 15); } Reported-by: Liu Chao Fixes: 5cde0af2a982 ("[CRYPTO] cipher: Added block cipher type") Cc: # v2.6.19+ Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu commit 8088d3dd4d7c6933a65aa169393b5d88d8065672 Author: Eric Biggers Date: Mon Jul 23 10:54:56 2018 -0700 crypto: skcipher - fix crash flushing dcache in error path scatterwalk_done() is only meant to be called after a nonzero number of bytes have been processed, since scatterwalk_pagedone() will flush the dcache of the *previous* page. But in the error case of skcipher_walk_done(), e.g. if the input wasn't an integer number of blocks, scatterwalk_done() was actually called after advancing 0 bytes. This caused a crash ("BUG: unable to handle kernel paging request") during '!PageSlab(page)' on architectures like arm and arm64 that define ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE, provided that the input was page-aligned as in that case walk->offset == 0. Fix it by reorganizing skcipher_walk_done() to skip the scatterwalk_advance() and scatterwalk_done() if an error has occurred. This bug was found by syzkaller fuzzing. Reproducer, assuming ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE: #include #include #include int main() { struct sockaddr_alg addr = { .salg_type = "skcipher", .salg_name = "cbc(aes-generic)", }; char buffer[4096] __attribute__((aligned(4096))) = { 0 }; int fd; fd = socket(AF_ALG, SOCK_SEQPACKET, 0); bind(fd, (void *)&addr, sizeof(addr)); setsockopt(fd, SOL_ALG, ALG_SET_KEY, buffer, 16); fd = accept(fd, NULL, NULL); write(fd, buffer, 15); read(fd, buffer, 15); } Reported-by: Liu Chao Fixes: b286d8b1a690 ("crypto: skcipher - Add skcipher walk interface") Cc: # v4.10+ Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu commit 2a57c0be225f8c7140f8791819f5afbb6fb34c5a Author: Eric Biggers Date: Mon Jul 23 10:21:29 2018 -0700 crypto: skcipher - remove unnecessary setting of walk->nbytes Setting 'walk->nbytes = walk->total' in skcipher_walk_first() doesn't make sense because actually walk->nbytes needs to be set to the length of the first step in the walk, which may be less than walk->total. This is done by skcipher_walk_next() which is called immediately afterwards. Also walk->nbytes was already set to 0 in skcipher_walk_skcipher(), which is a better default value in case it's forgotten to be set later. Therefore, remove the unnecessary assignment to walk->nbytes. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu commit 3dd8cc00c34ab9cde4bcc808ebc607e7b9861280 Author: Eric Biggers Date: Mon Jul 23 10:04:28 2018 -0700 crypto: scatterwalk - remove scatterwalk_samebuf() scatterwalk_samebuf() is never used. Remove it. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu commit 8c30fbe63e4eff1b221f8db70ae5c48a9331eae0 Author: Eric Biggers Date: Mon Jul 23 10:01:33 2018 -0700 crypto: scatterwalk - remove 'chain' argument from scatterwalk_crypto_chain() All callers pass chain=0 to scatterwalk_crypto_chain(). Remove this unneeded parameter. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu commit 0567fc9e90b9b1c8dbce8a5468758e6206744d4a Author: Eric Biggers Date: Mon Jul 23 09:57:50 2018 -0700 crypto: skcipher - fix aligning block size in skcipher_copy_iv() The ALIGN() macro needs to be passed the alignment, not the alignmask (which is the alignment minus 1). Fixes: b286d8b1a690 ("crypto: skcipher - Add skcipher walk interface") Cc: # v4.10+ Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu commit e4a1f7858ab834b2cdddfc51be2f5debae782029 Author: Jonathan Cameron Date: Mon Jul 23 16:49:55 2018 +0100 arm64: dts: hisi: add SEC crypto accelerator nodes for hip07 SoC Enable all 4 SEC units available on d05 boards. Signed-off-by: Jonathan Cameron Signed-off-by: Herbert Xu commit 915e4e8413dacc086efcef4de04fdfdca57e8b1c Author: Jonathan Cameron Date: Mon Jul 23 16:49:54 2018 +0100 crypto: hisilicon - SEC security accelerator driver This accelerator is found inside hisilicon hip06 and hip07 SoCs. Each instance provides a number of queues which feed a different number of backend acceleration units. The queues are operating in an out of order mode in the interests of throughput. The silicon does not do tracking of dependencies between multiple 'messages' or update of the IVs as appropriate for training. Hence where relevant we need to do this in software. Signed-off-by: Jonathan Cameron Signed-off-by: Herbert Xu commit 778bd9924dba13d4816cbf73f9ae1519fe445a25 Author: Jonathan Cameron Date: Mon Jul 23 16:49:53 2018 +0100 dt-bindings: Add bindings for Hisilicon SEC crypto accelerators. The hip06 and hip07 SoCs contain a number of these crypto units which accelerate AES and DES operations. Signed-off-by: Jonathan Cameron Reviewed-by: Rob Herring Signed-off-by: Herbert Xu commit 2af632996b898687d382f2b52e820141aba72d63 Author: Horia Geantă Date: Mon Jul 23 17:18:48 2018 +0300 crypto: tcrypt - reschedule during speed tests Avoid RCU stalls in the case of non-preemptible kernel and lengthy speed tests by rescheduling when advancing from one block size to another. Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu commit f6adeef77e0724b695fa2b4a655936bb04df075c Author: Jia-Ju Bai Date: Mon Jul 23 16:43:46 2018 +0800 crypto: virtio - Replace GFP_ATOMIC with GFP_KERNEL in __virtio_crypto_ablkcipher_do_req() __virtio_crypto_ablkcipher_do_req() is never called in atomic context. __virtio_crypto_ablkcipher_do_req() is only called by virtio_crypto_ablkcipher_crypt_req(), which is only called by virtcrypto_find_vqs() that is never called in atomic context. __virtio_crypto_ablkcipher_do_req() calls kzalloc_node() with GFP_ATOMIC, which is not necessary. GFP_ATOMIC can be replaced with GFP_KERNEL. This is found by a static analysis tool named DCNS written by myself. I also manually check the kernel code before reporting it. Signed-off-by: Jia-Ju Bai Signed-off-by: Herbert Xu commit 8e8c0386b1fdd495173f085c8f58926d2a181c1c Author: Jia-Ju Bai Date: Mon Jul 23 16:27:44 2018 +0800 crypto: qat/adf_aer - Replace GFP_ATOMIC with GFP_KERNEL in adf_dev_aer_schedule_reset() adf_dev_aer_schedule_reset() is never called in atomic context, as it calls wait_for_completion_timeout(). adf_dev_aer_schedule_reset() calls kzalloc() with GFP_ATOMIC, which is not necessary. GFP_ATOMIC can be replaced with GFP_KERNEL. This is found by a static analysis tool named DCNS written by myself. I also manually check the kernel code before reporting it. Signed-off-by: Jia-Ju Bai Signed-off-by: Herbert Xu commit 1c96dde100987149f42bd6dd97013f7c421f27c7 Author: Jia-Ju Bai Date: Mon Jul 23 16:14:26 2018 +0800 crypto: cavium/nitrox - Replace GFP_ATOMIC with GFP_KERNEL in crypto_alloc_context() crypto_alloc_context() is only called by nitrox_skcipher_init(), which is never called in atomic context. crypto_alloc_context() calls dma_pool_alloc() with GFP_ATOMIC, which is not necessary. GFP_ATOMIC can be replaced with GFP_KERNEL. This is found by a static analysis tool named DCNS written by myself. I also manually check the kernel code before reporting it. Signed-off-by: Jia-Ju Bai Signed-off-by: Herbert Xu commit 43490e8046b5d273eb82710b04290c5997138adc Author: Stephan Müller Date: Fri Jul 20 19:42:01 2018 +0200 crypto: drbg - in-place cipher operation for CTR The cipher implementations of the kernel crypto API favor in-place cipher operations. Thus, switch the CTR cipher operation in the DRBG to perform in-place operations. This is implemented by using the output buffer as input buffer and zeroizing it before the cipher operation to implement a CTR encryption of a NULL buffer. The speed improvement is quite visibile with the following comparison using the LRNG implementation. Without the patch set: 16 bytes| 12.267661 MB/s| 61338304 bytes | 5000000213 ns 32 bytes| 23.603770 MB/s| 118018848 bytes | 5000000073 ns 64 bytes| 46.732262 MB/s| 233661312 bytes | 5000000241 ns 128 bytes| 90.038042 MB/s| 450190208 bytes | 5000000244 ns 256 bytes| 160.399616 MB/s| 801998080 bytes | 5000000393 ns 512 bytes| 259.878400 MB/s| 1299392000 bytes | 5000001675 ns 1024 bytes| 386.050662 MB/s| 1930253312 bytes | 5000001661 ns 2048 bytes| 493.641728 MB/s| 2468208640 bytes | 5000001598 ns 4096 bytes| 581.835981 MB/s| 2909179904 bytes | 5000003426 ns With the patch set: 16 bytes | 17.051142 MB/s | 85255712 bytes | 5000000854 ns 32 bytes | 32.695898 MB/s | 163479488 bytes | 5000000544 ns 64 bytes | 64.490739 MB/s | 322453696 bytes | 5000000954 ns 128 bytes | 123.285043 MB/s | 616425216 bytes | 5000000201 ns 256 bytes | 233.434573 MB/s | 1167172864 bytes | 5000000573 ns 512 bytes | 384.405197 MB/s | 1922025984 bytes | 5000000671 ns 1024 bytes | 566.313370 MB/s | 2831566848 bytes | 5000001080 ns 2048 bytes | 744.518042 MB/s | 3722590208 bytes | 5000000926 ns 4096 bytes | 867.501670 MB/s | 4337508352 bytes | 5000002181 ns Signed-off-by: Stephan Mueller Signed-off-by: Herbert Xu commit c5f5aeef9b55b362ad5a0e04e4b41cd63b208842 Merge: a47890899379 c7513c2a2714 Author: Herbert Xu Date: Fri Aug 3 17:55:12 2018 +0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux Merge mainline to pick up c7513c2a2714 ("crypto/arm64: aes-ce-gcm - add missing kernel_neon_begin/end pair"). commit 401c0d7712eb3189023efc9c0708a2ac984ed62e Author: Boris Brezillon Date: Fri Aug 3 11:50:39 2018 +0200 spi: spi-mem: Constify spi_mem->name There is no reason to make spi_mem->name modifiable. Moreover, spi_mem_ops->get_name() returns a const char *, which generates a gcc warning when assigning the value returned by spi_mem_ops->get_name() to spi_mem->name. Fixes: 5d27a9c8ea9e ("spi: spi-mem: Extend the SPI mem interface to set a custom memory name") Reported-by: Stephen Rothwell Signed-off-by: Boris Brezillon Signed-off-by: Mark Brown commit 26a6dce8ef99b0199e7682d1c203cf7d0b5fd5b0 Author: Yong Zhi Date: Thu Aug 2 18:21:31 2018 -0500 ASoC: Intel: bxt: Use refcap device for mono recording The refcap capture device supports mono recording only, this patch adds the channel constraints. Signed-off-by: Yong Zhi Reviewed-by: Pierre-Louis Bossart Signed-off-by: Mark Brown commit 3127692deba6eeb7ed6d416b25e91f179e17be8f Author: Nicholas Piggin Date: Fri Aug 3 01:39:51 2018 +1000 powernv/cpuidle: Fix idle states all being marked invalid Commit 9c7b185ab2fe ("powernv/cpuidle: Parse dt idle properties into global structure") parses dt idle states into structs, but never marks them valid. This results in all idle states being lost. Fixes: 9c7b185ab2fe ("powernv/cpuidle: Parse dt idle properties into global structure") Signed-off-by: Nicholas Piggin Acked-by: Akshay Adiga Signed-off-by: Michael Ellerman commit 07bf7908950a8b14e81aa1807e3c667eab39287a Author: Steffen Klassert Date: Wed Aug 1 13:45:11 2018 +0200 xfrm: Validate address prefix lengths in the xfrm selector. We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy Signed-off-by: Steffen Klassert commit 1313bccf00f6dfef99724d58e4416281b71e7189 Author: Amit K Bag Date: Fri Aug 3 12:43:20 2018 +0530 Bluetooth: btusb: Release RF resource on BT shutdown Issue description: Intel 7265 shares the same RF with Wifi and BT. In the shutdown scenario turn off BT, followed by turn WiFi off and on causing error in RF calibration in WiFi Module Solution: before shutdown BT ensure any RF activity to clear by HCI reset command. Reference Logs: ERR kernel: [ 386.193284] iwlwifi 0000:01:00.0: Failed to run INIT calibrations: -5 ERR kernel: [ 386.193298] iwlwifi 0000:01:00.0: Failed to run INIT ucode: -5 ERR kernel: [ 386.193309] iwlwifi 0000:01:00.0: Failed to start RT ucode: -5 Signed-off-by: Amit K Bag Singed-off-by: Chethan T N Signed-off-by: Marcel Holtmann commit 0069fb854364da79fd99236ea620affc8e1152d5 Author: Roman Gushchin Date: Thu Aug 2 15:47:10 2018 -0700 selftests/bpf: fix a typo in map in map test Commit fbeb1603bf4e ("bpf: verifier: MOV64 don't mark dst reg unbounded") revealed a typo in commit fb30d4b71214 ("bpf: Add tests for map-in-map"): BPF_MOV64_REG(BPF_REG_0, 0) was used instead of BPF_MOV64_IMM(BPF_REG_0, 0). I've noticed the problem by running bpf kselftests. Fixes: fb30d4b71214 ("bpf: Add tests for map-in-map") Signed-off-by: Roman Gushchin Cc: Martin KaFai Lau Cc: Arthur Fabre Cc: Daniel Borkmann Cc: Alexei Starovoitov Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit c2b6e1591b6b15e1dcd9c1596b0371b6abc48fed Author: Thomas Bianchi Date: Wed Aug 1 12:58:34 2018 -0700 xfs: substitute spaces with tabs Inside xfs_attr_shortform_list removes spaces at the beginnig of the line and replaces with tabs. Issue found by checkpatch. ERROR: code indent should use tabs where possible Signed-off-by: Thomas Bianchi Reviewed-by: Bill O'Donnell Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit 9d9e6233859706875c392707efd6d516cfb764fb Author: Brian Foster Date: Wed Aug 1 07:20:35 2018 -0700 xfs: fold dfops into the transaction struct xfs_defer_ops has now been reduced to a single list_head. The external dfops mechanism is unused and thus everywhere a (permanent) transaction is accessible the associated dfops structure is as well. Remove the xfs_defer_ops structure and fold the list_head into the transaction. Also remove the last remnant of external dfops in xfs_trans_dup(). Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Signed-off-by: Darrick J. Wong commit c03edc9e49b6a3c1f4b27f505a04093ab333b245 Author: Brian Foster Date: Wed Aug 1 07:20:35 2018 -0700 xfs: always defer agfl block frees The AGFL fixup code conditionally defers block frees from the free list based on whether the current transaction has an associated xfs_defer_ops structure. Now that dfops is embedded in the transaction and the internal dfops is used unconditionally, this invariant is always true. Remove the now dead logic to check for ->t_dfops in xfs_alloc_fix_freelist() and unconditionally defer AGFL block frees. Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Signed-off-by: Darrick J. Wong commit 0f37d1780c3d864599fb377dcb47ad1aa0686b4e Author: Brian Foster Date: Wed Aug 1 07:20:34 2018 -0700 xfs: pass transaction to xfs_defer_add() The majority of remaining references to struct xfs_defer_ops in XFS are associated with xfs_defer_add(). At this point, there are no more external xfs_defer_ops users left. All instances of xfs_defer_ops are embedded in the transaction, which means we can safely pass the transaction down to the dfops add interface. Update xfs_defer_add() to receive the transaction as a parameter. Various subsystems implement wrappers to allocate and construct the context specific data structures for the associated deferred operation type. Update these to also carry the transaction down as needed and clean up unused dfops parameters along the way. This removes most of the remaining references to struct xfs_defer_ops throughout the code and facilitates removal of the structure. Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Reviewed-by: Christoph Hellwig [darrick: fix unused variable warnings with ftrace disabled] Signed-off-by: Darrick J. Wong commit 1ae093cbea3d1ef04e1344b9e3996a9e1763a91b Author: Brian Foster Date: Wed Aug 1 07:20:34 2018 -0700 xfs: replace xfs_defer_ops ->dop_pending with on-stack list The xfs_defer_ops ->dop_pending list is used to track active deferred operations once intents are logged. These items must be aborted in the event of an error. The list is populated as intents are logged and items are removed as they complete (or are aborted). Now that xfs_defer_finish() cancels on error, there is no need to ever access ->dop_pending outside of xfs_defer_finish(). The list is only ever populated after xfs_defer_finish() begins and is either completed or cancelled before it returns. Remove ->dop_pending from xfs_defer_ops and replace it with a local list in the xfs_defer_finish() path. Pass the local list to the various helpers now that it is not accessible via dfops. Note that we have to check for NULL in the abort case as the final tx roll occurs outside of the scope of the new local list (once the dfops has completed and thus drained the list). Signed-off-by: Brian Foster Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit 9b1f4e9831df29776031e86e112e68784f1fc079 Author: Brian Foster Date: Wed Aug 1 07:20:33 2018 -0700 xfs: cancel dfops on xfs_defer_finish() error The current semantics of xfs_defer_finish() require the caller to call xfs_defer_cancel() on error. This is slightly inconsistent with transaction commit error handling where a failed commit cleans up the transaction before returning. More significantly, the only requirement for exposure of ->dop_pending outside of xfs_defer_finish() is so that xfs_defer_cancel() can drain it on error. Since the only recourse of xfs_defer_finish() errors is cancellation, mirror the transaction logic and cancel remaining dfops before returning from xfs_defer_finish() with an error. Beside simplifying xfs_defer_finish() semantics, this ensures that xfs_defer_finish() always returns with an empty ->dop_pending and thus facilitates removal of the list from xfs_defer_ops. Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Signed-off-by: Darrick J. Wong commit 60f31a609ed3d28791acb2bc24188cb7e2259176 Author: Brian Foster Date: Wed Aug 1 07:20:33 2018 -0700 xfs: clean out superfluous dfops dop params/vars The dfops code still passes around the xfs_defer_ops pointer superfluously in a few places. Clean this up wherever the transaction will suffice. Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Signed-off-by: Darrick J. Wong commit 7dbddbaccd189e63c39c9e22c728c4548b9893bb Author: Brian Foster Date: Wed Aug 1 07:20:32 2018 -0700 xfs: drop dop param from xfs_defer_op_type ->finish_item() callback The dfops infrastructure ->finish_item() callback passes the transaction and dfops as separate parameters. Since dfops is always part of a transaction, the latter parameter is no longer necessary. Remove it from the various callbacks. Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Signed-off-by: Darrick J. Wong commit a8198666fb755e129c2fe92819774256ec26c79c Author: Brian Foster Date: Wed Aug 1 07:20:32 2018 -0700 xfs: automatic dfops inode relogging Inodes that are held across deferred operations are explicitly joined to the dfops structure to ensure appropriate relogging. While inodes are currently joined explicitly, we can detect the conditions that require relogging at dfops finish time by inspecting the transaction item list for inodes with ili_lock_flags == 0. Replace the xfs_defer_ijoin() infrastructure with such detection and automatic relogging of held inodes. This eliminates the need for the per-dfops inode list, replaced by an on-stack variant in xfs_defer_trans_roll(). Signed-off-by: Brian Foster Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit 82ff27bc52a88cb5cc400bfa64e210d3ec8dfebd Author: Brian Foster Date: Wed Aug 1 07:20:32 2018 -0700 xfs: automatic dfops buffer relogging Buffers that are held across deferred operations are explicitly joined to the dfops structure to ensure appropriate relogging. While buffers are currently joined explicitly, we can detect the conditions that require relogging at dfops finish time by inspecting the transaction item list for held buffers. Replace the xfs_defer_bjoin() infrastructure with such detection and automatic relogging of held buffers. This eliminates the need for the per-dfops buffer list, replaced by an on-stack variant in xfs_defer_trans_roll(). Signed-off-by: Brian Foster Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit 488c919a5bec3be4b8613898de6958043edbb8d9 Author: Brian Foster Date: Wed Aug 1 07:20:31 2018 -0700 xfs: add missing defer ijoins for held inodes Log items that require relogging during deferred operations processing are explicitly joined to the associated dfops via the xfs_defer_*join() helpers. These calls imply that the associated object is "held" by the transaction such that when rolled, the item can be immediately joined to a follow up transaction. For buffers, this means the buffer remains locked and held after each roll. For inodes, this means that the inode remains locked. Failure to join a held item to the dfops structure means the associated object pins the tail of the log while dfops processing completes, because the item never relogs and is not unlocked or released until deferred processing completes. Currently, all buffers that are held in transactions (XFS_BLI_HOLD) with deferred operations are explicitly joined to the dfops. This is not the case for inodes, however, as various contexts defer operations to transactions with held inodes without explicit joins to the associated dfops (and thus not relogging). While this is not a catastrophic problem, it is not ideal. Given that we want to eventually relog such items automatically during dfops processing, start by explicitly adding these missing xfs_defer_ijoin() calls. A call is added everywhere an inode is joined to a transaction without transferring lock ownership and said transaction runs deferred operations. All xfs_defer_ijoin() calls will eventually be replaced by automatic dfops inode relogging. This patch essentially implements the behavior change that would otherwise occur due to automatic inode dfops relogging. Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Signed-off-by: Darrick J. Wong commit 1214f1cf663b0939fbb8f1bccdc74c1d1e452d53 Author: Brian Foster Date: Wed Aug 1 07:20:31 2018 -0700 xfs: replace dop_low with transaction flag The dop_low field enables the low free space allocation mode when a previous allocation has detected difficulty allocating blocks. It has historically been part of the xfs_defer_ops structure, which means if enabled, it remains enabled across a set of transactions until the deferred operations have completed and the dfops is reset. Now that the dfops is embedded in the transaction, we can save a bit more space by using a transaction flag rather than a standalone boolean. Drop the ->dop_low field and replace it with a transaction flag that is set at the same points, carried across rolling transactions and cleared on completion of deferred operations. This essentially emulates the behavior of ->dop_low and so should not change behavior. Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Signed-off-by: Darrick J. Wong commit ce356d64772f920f26cd6c1b02878a737a275638 Author: Brian Foster Date: Wed Aug 1 07:20:30 2018 -0700 xfs: pass transaction to dfops reset/move helpers All callers pass ->t_dfops of the associated transactions. Refactor the helpers to receive the transactions and facilitate further cleanups between xfs_defer_ops and xfs_trans. Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Signed-off-by: Darrick J. Wong commit 7279aa13b8fb954f50073a672f912898198efd14 Author: Brian Foster Date: Wed Aug 1 07:20:30 2018 -0700 xfs: remove unused __xfs_defer_cancel() internal helper With no more external dfops users, there is no need for an xfs_defer_ops cancel wrapper. Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Signed-off-by: Darrick J. Wong commit fbfa977d25dc8db92dbf5fcafb0e03fae0005be5 Author: Brian Foster Date: Wed Aug 1 07:20:29 2018 -0700 xfs: use transaction for intent recovery instead of raw dfops Log intent recovery is the last user of an external (on-stack) dfops. The pattern exists because the dfops is used to collect additional deferred operations queued during the whole recovery sequence. The dfops is finished with a new transaction after intent recovery completes. We already have a mechanism to create an empty, container-like transaction to support the scrub infrastructure. We can reuse that mechanism here to drop the final user of external dfops. This facilitates folding dfops state (i.e., dop_low) into the transaction, the elimination of now unused external dfops support and also eliminates the only caller of __xfs_defer_cancel(). Replace the on-stack dfops with an empty transaction and pass it around to the various helpers that queue and finish deferred operations during intent recovery. Signed-off-by: Brian Foster Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit 98719051e75ccf9eca18bd2b569de4ea637b4479 Author: Brian Foster Date: Wed Aug 1 07:20:29 2018 -0700 xfs: refactor internal dfops initialization The current transaction allocation code conditionally initializes the ->t_dfops indirection pointer. Transaction commit/cancel check the validity of the pointer to determine whether to finish/cancel the internal dfops. This disallows the ability to use the internal dfops list as a temporary container (via xfs_trans_alloc_empty()). Refactor transaction allocation to always initialize ->t_dfops and check permanent reservation state on transaction commit/cancel. Signed-off-by: Brian Foster Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit 6534770d6f176093b50896961107b2d545ef38f0 Author: Jakub Kicinski Date: Thu Aug 2 19:30:27 2018 -0700 tools: bpf: fix BTF code added twice to different trees commit 38d5d3b3d5db ("bpf: Introduce BPF_ANNOTATE_KV_PAIR") added to the bpf and net trees what commit 92b57121ca79 ("bpf: btf: export btf types and name by offset from lib") has already added to bpf-next/net-next, but in slightly different location. Remove the duplicates (to fix build of libbpf). Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller commit 760109760455a0a35491cb02a3bc3e15f0c180f6 Author: Jason Gunthorpe Date: Sun Jul 29 11:35:00 2018 +0300 IB/ipoib: Consolidate checking of the proposed child interface Move all the checking for pkey and other validity to the __ipoib_vlan_add function. This removes the last difference from the control flow of the __ipoib_vlan_add to make the overall design simpler to understand. Signed-off-by: Jason Gunthorpe Signed-off-by: Erez Shitrit Signed-off-by: Leon Romanovsky commit 13476d35bba60b59521ff25d902fdb552b8bf2ac Author: Jason Gunthorpe Date: Sun Jul 29 11:34:59 2018 +0300 IB/ipoib: Maintain the child_intfs list from ndo_init/uninit This fixes a bug in the netlink path where the vlan_rwsem was not held around __ipoib_vlan_add causing the child_intfs to be manipulated unsafely. In the process this greatly simplifies the vlan_rwsem write side locking to only cover a single non-sleeping statement. This also further increases the safety of the removal ordering by holding the netdev of the parent while the child is active to ensure most bugs become either an oops on a NULL priv or a deadlock on the netdev refcount. Signed-off-by: Jason Gunthorpe Signed-off-by: Leon Romanovsky commit 25405d98a2aa0b9983bb9c36b0b00815d39394f4 Author: Jason Gunthorpe Date: Sun Jul 29 11:34:58 2018 +0300 IB/ipoib: Do not remove child devices from within the ndo_uninit Switching to priv_destructor and needs_free_netdev created a subtle ordering problem in ipoib_remove_one. Now that unregister_netdev frees the netdev and priv we must ensure that the children are unregistered before trying to unregister the parent, or child unregister will use after free. The solution is to unregister the children, then parent, in the same batch all while holding the rtnl_lock. This closes all the races where a new child could have been added and ensures proper ordering. Signed-off-by: Jason Gunthorpe Signed-off-by: Leon Romanovsky commit ee190ab734ba4d3c7887bd193ce8124385738e44 Author: Jason Gunthorpe Date: Sun Jul 29 11:34:57 2018 +0300 IB/ipoib: Get rid of the sysfs_mutex This mutex was introduced to deal with the deadlock formed by calling unregister_netdev from within the sysfs callback of a netdev. Now that we have priv_destructor and needs_free_netdev we can switch to the more targeted solution of running the unregister from a work queue. This avoids the deadlock and gets rid of the mutex. The next patch in the series needs this mutex eliminated to create atomicity of unregisteration. Signed-off-by: Jason Gunthorpe Signed-off-by: Leon Romanovsky commit 9f49a5b5c21d58aa84e16cfdc5e99e49faefcb7a Author: Jason Gunthorpe Date: Sun Jul 29 11:34:56 2018 +0300 RDMA/netdev: Use priv_destructor for netdev cleanup Now that the unregister_netdev flow for IPoIB no longer relies on external code we can now introduce the use of priv_destructor and needs_free_netdev. The rdma_netdev flow is switched to use the netdev common priv_destructor instead of the special free_rdma_netdev and the IPOIB ULP adjusted: - priv_destructor needs to switch to point to the ULP's destructor which will then call the rdma_ndev's in the right order - We need to be careful around the error unwind of register_netdev as it sometimes calls priv_destructor on failure - ULPs need to use ndo_init/uninit to ensure proper ordering of failures around register_netdev Switching to priv_destructor is a necessary pre-requisite to using the rtnl new_link mechanism. The VNIC user for rdma_netdev should also be revised, but that is left for another patch. Signed-off-by: Jason Gunthorpe Signed-off-by: Denis Drozdov Signed-off-by: Leon Romanovsky commit eaeb398425089cb3c8edc81a406109db94b2705c Author: Jason Gunthorpe Date: Sun Jul 29 11:34:55 2018 +0300 IB/ipoib: Move init code to ndo_init Now that we have a proper ndo_uninit, move code that naturally pairs with the ndo_uninit into ndo_init. This allows the netdev core to natually handle ordering. This fixes the situation where register_netdev can fail before calling ndo_init, in which case it wouldn't call ndo_uninit either. Also move a bunch of duplicated init code that is shared between child and parent for clarity. Now the child and parent register functions look very similar. Signed-off-by: Jason Gunthorpe Signed-off-by: Leon Romanovsky commit 7cbee87c17965ede0eba2e7ba41d0a38ebd2249c Author: Jason Gunthorpe Date: Sun Jul 29 11:34:53 2018 +0300 IB/ipoib: Move all uninit code into ndo_uninit Currently uninit is sometimes done twice in error flows, and is sprinkled a bit all over the place. Improve the clarity of the design by moving all uninit only into ndo_uinit. Some duplication is removed: - Sometimes IPOIB_STOP_NEIGH_GC was done before unregister, but this duplicates the process in ipoib_neigh_hash_init - Flushing priv->wq was sometimes done before unregister, but that duplicates what has been done in ndo_uninit Uniniting the IB event queue must remain before unregister_netdev as it requires the RTNL lock to be dropped, this is moved to a helper to make that flow really clear and remove some duplication in error flows. If register_netdev fails (and ndo_init is NULL) then it almost always calls ndo_uninit, which lets us remove all the extra code from the error unwinds. The next patch in the series will close the 'almost always' hole by pairing a proper ndo_init with ndo_uninit. Signed-off-by: Jason Gunthorpe Signed-off-by: Leon Romanovsky commit cda8daf17914a261986d6d4b7294599736d5a463 Author: Erez Shitrit Date: Sun Jul 29 11:34:52 2018 +0300 IB/ipoib: Use cancel_delayed_work_sync for neigh-clean task The neigh_reap_task is self restarting, but so long as we call cancel_delayed_work_sync() it will be guaranteed to not be running and never start again. Thus we don't need to have the racy IPOIB_STOP_NEIGH_GC bit, or the confusing mismatch of places sometimes calling flush_workqueue after the cancel. This fixes a situation where the GC work could have been left running in some rare situations. Signed-off-by: Erez Shitrit Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 577e07ffbad9960551a6821b74af90a216ac10e2 Author: Jason Gunthorpe Date: Sun Jul 29 11:34:51 2018 +0300 IB/ipoib: Get rid of IPOIB_FLAG_GOING_DOWN This essentially duplicates the netdev's reg_state, so just use that directly. The reg_state is updated under the rntl_lock, and all places using GOING_DOWN already acquire the rtnl_lock so checking is safe. Since the only place we use GOING_DOWN is for the parent device this does not fix any bugs, but it is a step to tidy up the unregister flow so that after later patches the flow is uniform and sane. Signed-off-by: Jason Gunthorpe Signed-off-by: Leon Romanovsky commit 94245f4ad9e10c161affaa4763136d29fbe91cb9 Author: Potnuri Bharat Teja Date: Thu Aug 2 11:33:04 2018 +0530 iw_cxgb4: Support FW write completion WR To optimize NVME-oF READ IOPs, use a specialized WQE that combines the RDMA WRITE and SEND_INV WR chain submitted by the NVME-oF target driver. This reduces uP overhead per NVME-oF IO, and results in over 10% improvement in NVME-oF 4K READ IOPs. Signed-off-by: Potnuri Bharat Teja Signed-off-by: Steve Wise Signed-off-by: Jason Gunthorpe commit b9855f4ca0fe582aabfdbd08f0d856b22486e157 Author: Potnuri Bharat Teja Date: Thu Aug 2 11:33:03 2018 +0530 iw_cxgb4: RDMA write with immediate support Adds iw_cxgb4 functionality to support RDMA_WRITE_WITH_IMMEDATE opcode. Signed-off-by: Potnuri Bharat Teja Signed-off-by: Steve Wise Signed-off-by: Jason Gunthorpe commit 8001b717f09460d9e17457f6bade6699aa14604f Author: Dan Carpenter Date: Thu Aug 2 10:56:13 2018 +0300 rdma/cxgb4: fix some info leaks In c4iw_create_qp() there are several struct members which potentially aren't inintialized like uresp.rq_key. I've fixed this code before in in commit ae1fe07f3f42 ("RDMA/cxgb4: Fix stack info leak in c4iw_create_qp()") so this time I'm just going to take a big hammer approach and memset the whole struct to zero. Hopefully, it will stay fixed this time. In c4iw_create_srq() we don't clear uresp.reserved. Fixes: 6a0b6174d35a ("rdma/cxgb4: Add support for kernel mode SRQ's") Signed-off-by: Dan Carpenter Acked-by: Raju Rangoju Signed-off-by: Jason Gunthorpe commit 0425e3e6e0c7f92f2c2a396d902871b7a81da0eb Author: Yixian Liu Date: Thu Aug 2 10:38:05 2018 +0800 RDMA/hns: Support flush cqe for hip08 in kernel space According to IB protocol, there are some cases that work requests must return the flush error completion status through the completion queue. Due to hardware limitation, the driver needs to assist the flush process. This patch adds the support of flush cqe for hip08 in the cases that needed, such as poll cqe, post send, post recv and aeqe handle. The patch also considered the compatibility between kernel and user space. Signed-off-by: Yixian Liu Signed-off-by: Jason Gunthorpe commit 2c3449fb95c318920ca8dc645d918d408db219ac Author: Jia-Ju Bai Date: Mon Jul 30 05:33:20 2018 -0400 media: usb: hackrf: Replace GFP_ATOMIC with GFP_KERNEL hackrf_submit_urbs(), hackrf_alloc_stream_bufs() and hackrf_alloc_urbs() are never called in atomic context. They call usb_submit_urb(), usb_alloc_coherent() and usb_alloc_urb() with GFP_ATOMIC, which is not necessary. GFP_ATOMIC can be replaced with GFP_KERNEL. This is found by a static analysis tool named DCNS written by myself. Signed-off-by: Jia-Ju Bai Signed-off-by: Mauro Carvalho Chehab commit 7a3369e8a78538e813e96294b8c7fce9feb76e0f Author: Jia-Ju Bai Date: Mon Jul 30 05:24:59 2018 -0400 media: usb: em28xx: Replace mdelay() with msleep() in em28xx_pre_card_setup() em28xx_pre_card_setup() is never called in atomic context. It calls mdelay() to busily wait, which is not necessary. mdelay() can be replaced with msleep(). This is found by a static analysis tool named DCNS written by myself. Signed-off-by: Jia-Ju Bai Signed-off-by: Mauro Carvalho Chehab commit 2453e60702e1a4d22720e3b6aac543e1a96fcd6b Author: Jia-Ju Bai Date: Mon Jul 30 05:25:07 2018 -0400 media: usb: em28xx: Replace GFP_ATOMIC with GFP_KERNEL in em28xx_init_usb_xfer() em28xx_init_usb_xfer() is never called in atomic context. It calls usb_submit_urb() with GFP_ATOMIC, which is not necessary. GFP_ATOMIC can be replaced with GFP_KERNEL. This is found by a static analysis tool named DCNS written by myself. Signed-off-by: Jia-Ju Bai Signed-off-by: Mauro Carvalho Chehab commit 61e641f36ed81ae473177c085f0bfd83ad3b55ed Author: Anton Vasilyev Date: Fri Jul 27 07:52:20 2018 -0400 media: davinci: vpif_display: Mix memory leak on probe error path If vpif_probe() fails on v4l2_device_register() then memory allocated at initialize_vpif() for global vpif_obj.dev[i] become unreleased. The patch adds deallocation of vpif_obj.dev[i] on the error path and removes duplicated check on platform_data presence. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Anton Vasilyev Signed-off-by: Mauro Carvalho Chehab commit b9f0f653ea2c214933b16884bd40baf26ff61895 Author: Anton Vasilyev Date: Fri Jul 27 07:47:59 2018 -0400 media: vimc: Remove redundant free Commit 4a29b7090749 ("[media] vimc: Subdevices as modules") removes vimc allocation from vimc_probe(), so corresponding deallocation on the error path tries to free static memory. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Anton Vasilyev Acked-by: Helen Koike Signed-off-by: Mauro Carvalho Chehab commit 730129e9ba4dd668452371eba900e6e46f63b778 Author: Jia-Ju Bai Date: Thu Jul 26 22:52:49 2018 -0400 media: dvb-frontends: rtl2832_sdr: Replace GFP_ATOMIC with GFP_KERNEL rtl2832_sdr_submit_urbs(), rtl2832_sdr_alloc_stream_bufs(), and rtl2832_sdr_alloc_urbs() are never called in atomic context. They call usb_submit_urb(), usb_alloc_coherent() and usb_alloc_urb() with GFP_ATOMIC, which is not necessary. GFP_ATOMIC can be replaced with GFP_KERNEL. This is found by a static analysis tool named DCNS written by myself. Signed-off-by: Jia-Ju Bai Signed-off-by: Mauro Carvalho Chehab commit f46bdacdc06a2256187f98d7d063d1bd5c318b12 Author: kbuild test robot Date: Wed Jul 25 13:57:00 2018 -0400 media: omap2: omapfb: fix bugon.cocci warnings drivers/video/fbdev/omap2/omapfb/dss/dss_features.c:895:2-5: WARNING: Use BUG_ON instead of if condition followed by BUG. Please make sure the condition has no side effects (see conditional BUG_ON definition in include/asm-generic/bug.h) Use BUG_ON instead of a if condition followed by BUG. Semantic patch information: This makes an effort to find cases where BUG() follows an if condition on an expression and replaces the if condition and BUG() with a BUG_ON having the conditional expression of the if statement as argument. Generated by: scripts/coccinelle/misc/bugon.cocci Signed-off-by: kbuild test robot Signed-off-by: Mauro Carvalho Chehab commit 73fc60aa6386ecb4201908be42241dcbd790d556 Author: kbuild test robot Date: Wed Jul 25 13:57:00 2018 -0400 media: omap2: omapfb: fix boolreturn.cocci warnings drivers/video/fbdev/omap2/omapfb/omapfb-main.c:290:9-10: WARNING: return of 0/1 in function 'cmp_var_to_colormode' with return type bool Return statements in functions returning bool should use true/false instead of 1/0. Generated by: scripts/coccinelle/misc/boolreturn.cocci Signed-off-by: kbuild test robot Signed-off-by: Mauro Carvalho Chehab commit ad1363c05a7d65ce6d4c5dca1fdec823b58d6e8b Author: kbuild test robot Date: Wed Jul 25 13:57:00 2018 -0400 media: omap2: omapfb: fix ifnullfree.cocci warnings drivers/video/fbdev/omap2/omapfb/dss/core.c:141:2-26: WARNING: NULL check before some freeing functions is not needed. NULL check before some freeing functions is not needed. Based on checkpatch warning "kfree(NULL) is safe this check is probably not required" and kfreeaddr.cocci by Julia Lawall. Generated by: scripts/coccinelle/free/ifnullfree.cocci Signed-off-by: kbuild test robot Signed-off-by: Mauro Carvalho Chehab commit 0f408ce8941fcb1b6e8431272cfc9337a0407d73 Author: Katsuhiro Suzuki Date: Mon Jul 23 04:51:50 2018 -0400 media: dvb-frontends: add Socionext MN88443x ISDB-S/T demodulator driver This patch adds a frontend driver for the Socionext/Panasonic MN884434 and MN884433 ISDB-S/T demodulators. The maximum and minimum frequency of MN88443x comes from ISDB-S and ISDB-T so frequency range is the following: - ISDB-S (BS/CS110 IF frequency, Local freq 10.678GHz) - Min: BS-1: 1032MHz - Max: ND24: 2070MHz - ISDB-T - Min: ch13: 470MHz - Max: ch62: 770MHz Signed-off-by: Katsuhiro Suzuki Signed-off-by: Mauro Carvalho Chehab commit 65b40a986fc68cb3b362bb855303b73a2b8538c2 Author: Anton Vasilyev Date: Wed Jul 18 10:13:56 2018 -0400 media: dm1105: Limit number of cards to avoid buffer over read dm1105_probe() counts number of cards at dm1105_devcount, but missed bounds check before dereference a card array. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Anton Vasilyev Signed-off-by: Mauro Carvalho Chehab commit 817dc4b579d897d3f645c11dc255f21642aa99df Author: Katsuhiro Suzuki Date: Tue Jul 17 21:06:42 2018 -0400 media: helene: add I2C device probe function This patch adds I2C probe function to use dvb_module_probe() with this driver. And also support multiple delivery systems at the same device. Signed-off-by: Katsuhiro Suzuki Signed-off-by: Mauro Carvalho Chehab commit 299c7007e93645067e1d2743f4e50156de78c4ff Author: Anton Vasilyev Date: Mon Jul 23 13:04:54 2018 -0400 media: dw2102: Fix memleak on sequence of probes Each call to dw2102_probe() allocates memory by kmemdup for structures p1100, s660, p7500 and s421, but there is no their deallocation. dvb_usb_device_init() copies the corresponding structure into dvb_usb_device->props, so there is no use of original structure after dvb_usb_device_init(). The patch moves structures from global scope to local and adds their deallocation. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Anton Vasilyev Signed-off-by: Mauro Carvalho Chehab commit 82c018d734a7aa24a9ac8f33f610c55923fb6911 Merge: fbeb1603bf4e 28ba068760a7 Author: Daniel Borkmann Date: Fri Aug 3 00:47:33 2018 +0200 Merge branch 'bpf-cgroup-local-storage' Roman Gushchin says: ==================== This patchset implements cgroup local storage for bpf programs. The main idea is to provide a fast accessible memory for storing various per-cgroup data, e.g. number of transmitted packets. Cgroup local storage looks as a special type of map for userspace, and is accessible using generic bpf maps API for reading and updating of the data. The (cgroup inode id, attachment type) pair is used as a map key. A user can't create new entries or destroy existing entries; it happens automatically when a user attaches/detaches a bpf program to a cgroup. From a bpf program's point of view, cgroup storage is accessible without lookup using the special get_local_storage() helper function. It takes a map fd as an argument. It always returns a valid pointer to the corresponding memory area. To implement such a lookup-free access a pointer to the cgroup storage is saved for an attachment of a bpf program to a cgroup, if required by the program. Before running the program, it's saved in a special global per-cpu variable, which is accessible from the get_local_storage() helper. This patchset implement only cgroup local storage, however the API is intentionally made extensible to support other local storage types further: e.g. thread local storage, socket local storage, etc. v7->v6: - fixed a use-after-free bug, caused by not clearing prog->aux->cgroup_storage pointer after releasing the map v6->v5: - fixed an error with returning -EINVAL instead of a pointer v5->v4: - fixed an issue in verifier (test that flags == 0 properly) - added a corresponding test - added a note about synchronization, sync docs to tools/uapi/... - switched the cgroup test to use XADD - added a check for attr->max_entries to be 0, and atter->max_flags to be sane - use bpf_uncharge_memlock() in bpf_uncharge_memlock() - rebased to bpf-next v4->v3: - fixed a leak in cgroup attachment code (discovered by Daniel) - cgroup storage map will be released if the corresponding bpf program failed to load by any reason - introduced bpf_uncharge_memlock() helper v3->v2: - fixed more build and sparse issues - rebased to bpf-next v2->v1: - fixed build issues - removed explicit rlimit calls in patch 14 - rebased to bpf-next ==================== Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit 28ba068760a7e136a7fe2783bca74e3f43affb9b Author: Roman Gushchin Date: Thu Aug 2 14:27:30 2018 -0700 samples/bpf: extend test_cgrp2_attach2 test to use cgroup storage The test_cgrp2_attach test covers bpf cgroup attachment code well, so let's re-use it for testing allocation/releasing of cgroup storage. The extension is pretty straightforward: the bpf program will use the cgroup storage to save the number of transmitted bytes. Expected output: $ ./test_cgrp2_attach2 Attached DROP prog. This ping in cgroup /foo should fail... ping: sendmsg: Operation not permitted Attached DROP prog. This ping in cgroup /foo/bar should fail... ping: sendmsg: Operation not permitted Attached PASS prog. This ping in cgroup /foo/bar should pass... Detached PASS from /foo/bar while DROP is attached to /foo. This ping in cgroup /foo/bar should fail... ping: sendmsg: Operation not permitted Attached PASS from /foo/bar and detached DROP from /foo. This ping in cgroup /foo/bar should pass... ### override:PASS ### multi:PASS Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit 68cfa3ac6b8db2782300ad0d699da27aaa2ac9fb Author: Roman Gushchin Date: Thu Aug 2 14:27:29 2018 -0700 selftests/bpf: add a cgroup storage test Implement a test to cover the cgroup storage functionality. The test implements a bpf program which drops every second packet by using the cgroup storage as a persistent storage. The test also use the userspace API to check the data in the cgroup storage, alter it, and check that the loaded and attached bpf program sees the update. Expected output: $ ./test_cgroup_storage test_cgroup_storage:PASS Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit d4c9f573537506530019c505c8b6097a7d7a5fab Author: Roman Gushchin Date: Thu Aug 2 14:27:28 2018 -0700 selftests/bpf: add verifier cgroup storage tests Add the following verifier tests to cover the cgroup storage functionality: 1) valid access to the cgroup storage 2) invalid access: use regular hashmap instead of cgroup storage map 3) invalid access: use invalid map fd 4) invalid access: try access memory after the cgroup storage 5) invalid access: try access memory before the cgroup storage 6) invalid access: call get_local_storage() with non-zero flags For tests 2)-6) check returned error strings. Expected output: $ ./test_verifier #0/u add+sub+mul OK #0/p add+sub+mul OK #1/u DIV32 by 0, zero check 1 OK ... #280/p valid cgroup storage access OK #281/p invalid cgroup storage access 1 OK #282/p invalid cgroup storage access 2 OK #283/p invalid per-cgroup storage access 3 OK #284/p invalid cgroup storage access 4 OK #285/p invalid cgroup storage access 5 OK ... #649/p pass modified ctx pointer to helper, 2 OK #650/p pass modified ctx pointer to helper, 3 OK Summary: 901 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit f42ee093be2980f2689ea7a170d580364820f48b Author: Roman Gushchin Date: Thu Aug 2 14:27:27 2018 -0700 bpf/test_run: support cgroup local storage Allocate a temporary cgroup storage to use for bpf program test runs. Because the test program is not actually attached to a cgroup, the storage is allocated manually just for the execution of the bpf program. If the program is executed multiple times, the storage is not zeroed on each run, emulating multiple runs of the program, attached to a real cgroup. Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit 34a6bbb8131b75daeb3e9be026d39d6463762baf Author: Roman Gushchin Date: Thu Aug 2 14:27:26 2018 -0700 bpftool: add support for CGROUP_STORAGE maps Add BPF_MAP_TYPE_CGROUP_STORAGE maps to the list of maps types which bpftool recognizes. Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Jakub Kicinski Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit c419cf52da77d0f0f01d4b75a75ae89406f0923f Author: Roman Gushchin Date: Thu Aug 2 14:27:25 2018 -0700 bpf: sync bpf.h to tools/ Sync cgroup storage related changes: 1) new BPF_MAP_TYPE_CGROUP_STORAGE map type 2) struct bpf_cgroup_sotrage_key definition 3) get_local_storage() helper Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit cd3394317653837e2eb5c5d0904a8996102af9fc Author: Roman Gushchin Date: Thu Aug 2 14:27:24 2018 -0700 bpf: introduce the bpf_get_local_storage() helper function The bpf_get_local_storage() helper function is used to get a pointer to the bpf local storage from a bpf program. It takes a pointer to a storage map and flags as arguments. Right now it accepts only cgroup storage maps, and flags argument has to be 0. Further it can be extended to support other types of local storage: e.g. thread local storage etc. Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit 7b5dd2bde72cd33313b63cf3ba1de6a9e443a65d Author: Roman Gushchin Date: Thu Aug 2 14:27:23 2018 -0700 bpf: don't allow create maps of cgroup local storages As there is one-to-one relation between a bpf program and cgroup local storage map, there is no sense in creating a map of cgroup local storage maps. Forbid it explicitly to avoid possible side effects. Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit 3e6a4b3e0289dc9540a2c1d8a20657f4707fbabb Author: Roman Gushchin Date: Thu Aug 2 14:27:22 2018 -0700 bpf/verifier: introduce BPF_PTR_TO_MAP_VALUE BPF_MAP_TYPE_CGROUP_STORAGE maps are special in a way that the access from the bpf program side is lookup-free. That means the result is guaranteed to be a valid pointer to the cgroup storage; no NULL-check is required. This patch introduces BPF_PTR_TO_MAP_VALUE return type, which is required to cause the verifier accept programs, which are not checking the map value pointer for being NULL. Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit 394e40a29788820c9c0526b1c3497c9e0ec2a126 Author: Roman Gushchin Date: Thu Aug 2 14:27:21 2018 -0700 bpf: extend bpf_prog_array to store pointers to the cgroup storage This patch converts bpf_prog_array from an array of prog pointers to the array of struct bpf_prog_array_item elements. This allows to save a cgroup storage pointer for each bpf program efficiently attached to a cgroup. Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit d7bf2c10af053191e931b58704cd862fccb7f9de Author: Roman Gushchin Date: Thu Aug 2 14:27:20 2018 -0700 bpf: allocate cgroup storage entries on attaching bpf programs If a bpf program is using cgroup local storage, allocate a bpf_cgroup_storage structure automatically on attaching the program to a cgroup and save the pointer into the corresponding bpf_prog_list entry. Analogically, release the cgroup local storage on detaching of the bpf program. Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit aa0ad5b0391e268bdecf6cda31268388844f8afd Author: Roman Gushchin Date: Thu Aug 2 14:27:19 2018 -0700 bpf: pass a pointer to a cgroup storage using pcpu variable This commit introduces the bpf_cgroup_storage_set() helper, which will be used to pass a pointer to a cgroup storage to the bpf helper. Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit de9cbbaadba5adf88a19e46df61f7054000838f6 Author: Roman Gushchin Date: Thu Aug 2 14:27:18 2018 -0700 bpf: introduce cgroup storage maps This commit introduces BPF_MAP_TYPE_CGROUP_STORAGE maps: a special type of maps which are implementing the cgroup storage. >From the userspace point of view it's almost a generic hash map with the (cgroup inode id, attachment type) pair used as a key. The only difference is that some operations are restricted: 1) a user can't create new entries, 2) a user can't remove existing entries. The lookup from userspace is o(log(n)). Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit 0a4c58f5702858822621fa1177c7d3475f181ccb Author: Roman Gushchin Date: Thu Aug 2 14:27:17 2018 -0700 bpf: add ability to charge bpf maps memory dynamically This commits extends existing bpf maps memory charging API to support dynamic charging/uncharging. This is required to account memory used by maps, if all entries are created dynamically after the map initialization. Signed-off-by: Roman Gushchin Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit 1b7369acc465ddf3d9c7604af3971753b9a548f2 Author: Arnd Bergmann Date: Mon Jul 9 11:19:02 2018 -0400 media: headers: fix linux/mod_devicetable.h inclusions A couple of drivers produced build errors after the mod_devicetable.h header was split out from the platform_device one, e.g. drivers/media/platform/davinci/vpbe_osd.c:42:40: error: array type has incomplete element type 'struct platform_device_id' drivers/media/platform/davinci/vpbe_venc.c:42:40: error: array type has incomplete element type 'struct platform_device_id' This adds the inclusion where needed. Fixes: ac3167257b9f ("headers: separate linux/mod_devicetable.h from linux/platform_device.h") Signed-off-by: Arnd Bergmann Acked-by: Michael S. Tsirkin Acked-by: Randy Dunlap Acked-by: Lad, Prabhakar Acked-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 6a2a1ca34ca68025df793a1bedfba658be2b1952 Author: Mauro Carvalho Chehab Date: Thu Jul 5 18:59:37 2018 -0400 media: dvb_frontend: ensure that the step is ok for both FE and tuner The frequency step should take into account the tuner step, as, if tuner step is bigger than frontend step, the zigzag algorithm won't be doing the right thing, as it will be tuning multiple times at the same frequency. Signed-off-by: Mauro Carvalho Chehab commit f1b1eabff0eb3fc46b06668de8174c0f23b271fd Author: Mauro Carvalho Chehab Date: Thu Jul 5 18:59:36 2018 -0400 media: dvb: represent min/max/step/tolerance freqs in Hz Right now, satellite frontend drivers specify frequencies in kHz, while terrestrial/cable ones specify in Hz. That's confusing for developers. However, the main problem is that universal frontends capable of handling both satellite and non-satelite delivery systems are appearing. We end by needing to hack the drivers in order to support such hybrid frontends. So, convert everything to specify frontend frequencies in Hz. Tested-by: Katsuhiro Suzuki Signed-off-by: Mauro Carvalho Chehab commit 6b431d50d2a8acd1c418b998b856a055252ebc3a Author: Matthieu Baerts Date: Thu Aug 2 18:14:33 2018 +0200 net/socket: remove duplicated init code This refactoring work has been started by David Howells in cdfbabfb2f0c (net: Work around lockdep limitation in sockets that use sockets) but the exact same day in 581319c58600 (net/socket: use per af lockdep classes for sk queues), Paolo Abeni added new classes. This reduces the amount of (nearly) duplicated code and eases the addition of new socket types. Signed-off-by: Matthieu Baerts Signed-off-by: David S. Miller commit e9340c9205c3b1cea8f1b799b5f8e034d6e3e000 Author: Andy Shevchenko Date: Tue Jul 31 17:37:16 2018 +0300 MAINTAINERS: Replace Heikki as maintainer of Intel pinctrl Heikki has another priorities and no time to maintain Intel pinctrl driver. As we decided off line I'm going to replace him. Signed-off-by: Andy Shevchenko Reviewed-by: Heikki Krogerus Acked-by: Mika Westerberg Signed-off-by: Linus Walleij commit d3e2a25bcd0b24f0905554ef0762eb77cbca7ad5 Author: Gustavo A. R. Silva Date: Wed Aug 1 19:31:01 2018 -0500 xen-netback: use true and false for boolean values Return statements in functions returning bool should use true or false instead of an integer value. This issue was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Acked-by: Wei Liu Signed-off-by: David S. Miller commit bd34389d4fdb4fe85a4c4a663dcf29c97ea2111a Author: YueHaibing Date: Wed Aug 1 18:16:47 2018 +0800 net: hns: remove redundant variables 'max_frm' and 'tmp_mac_key' Variables 'max_frm' and 'tmp_mac_key' are being assigned, but are never used,hence they are redundant and can be removed. fix fllowing warning: drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c:461:6: warning: variable 'max_frm' set but not used [-Wunused-but-set-variable] drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c:1685:31: warning: variable 'tmp_mac_key' set but not used [-Wunused-but-set-variable] drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c:1855:41: warning: variable 'tmp_mac_key' set but not used [-Wunused-but-set-variable] Signed-off-by: YueHaibing Signed-off-by: David S. Miller commit fc389d1cb3855f6012093f741531a9ad0ec4ae9a Merge: 89b1698c93a9 2c7230446bc9 Author: David S. Miller Date: Thu Aug 2 14:36:57 2018 -0700 Merge branch 'Add--clock-config-and-pm-support-to-bcm-iProc-mdio-mux' Arun Parameswaran says: ==================== Add clock config and pm support to bcm iProc mdio mux The patchset extends the Broadcom iProc mdio mux to add support for suspend/resume and the ability to configure the internal clock divider. The patchset also sets the scan control register to disable external master access. The base address of the mdio-mux-bcm-iproc is modified to point to the start of the mdio block's address space, to be able to access all the mdio's registers. The missing registers are required to configure the internal clock divider registers in some of the Broadcom SoC's. Changes from v3: - Removed 'platform_set_drvdata(pdev, NULL)' call (in patch 5/8) - Fixed the return code handling for the devm_clk_get() call (in patch 7/8) - Added Reviewed-by tag to Patch 8/8 Changes from v2: - Addressed Andrew's comments: - Moved to using devm_mdiobus_alloc. Added this as a separate patch. - Changed to reverse christmas tree order for variable declaration in the clock patch - Addressed Florian's comments: - Removed null checks for the clock before calling unprepare in both clock and pm patches. - Added check for EPROBE_DEFER when fetching the clock in the clock patch. - The patch to use the devm API has been added before the clock & pm patches. This patch is now patch '5' in the series. - Added reviewed-by tags to commit messages of patches which remain unmodified from v2. - Modified PM patch to use platform_get_drvdata() in suspend/resume API's, similar to the recent fix that went in for the remove() api. Changes from v1: - Addressed Andrew's comments. - Reworked the patches to be based on 'net-next' - Removed 'fixes' from the commit messages, the changes are related to the new features being added. - Maintained backward compatibility to older dt-blob's specifying base addresse with an offset. The correction is applied in the driver and a message is printed to update the dt-blob. - Re-worked and re-ordered the last four patches (4-7). - Added setting of the scan control register as a new patch - Added a call to 'clk_prepare_enable()' in the patch that adds the clock config support, removed the debug message when clock is not passed. - Simplified the pm support patch (removed the array used for the save/restore logic). ==================== Signed-off-by: David S. Miller commit 2c7230446bc90bc883890007e2a5da60c399e88a Author: Arun Parameswaran Date: Wed Aug 1 17:53:53 2018 -0700 net: phy: Add pm support to Broadcom iProc mdio mux driver Add support for suspend and resume to the Broadcom iProc mdio mux driver. Signed-off-by: Arun Parameswaran Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 56aea577c8c08c9888d805a5ad81def62f89da55 Author: Arun Parameswaran Date: Wed Aug 1 17:53:52 2018 -0700 net: phy: Add support to configure clock in Broadcom iProc mdio mux Add support to configure the internal rate adjust register based on the core clock supplied through device tree in the Broadcom iProc mdio mux. The operating frequency of the mdio mux block is 11MHz. This is derrived by dividing the clock to the mdio mux with the rate adjust register. In some SoC's the default values of the rate adjust register do not yield 11MHz. These SoC's are required to specify the clock via the device tree for proper operation. Signed-off-by: Arun Parameswaran Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 0d5204abe527b28bd708d503c8116a0b627845b4 Author: Arun Parameswaran Date: Wed Aug 1 17:53:51 2018 -0700 dt-bindings: net: Add clock handle to Broadcom iProc mdio mux Add clock phandle, of the core clock driving the mdio block, as an optional property to the Broadcom iProc mdio mux. The clock, when specified, will be used to setup the rate adjust registers in the mdio to derrive the mdio's operating frequency. Signed-off-by: Arun Parameswaran Reviewed-by: Andrew Lunn Reviewed-by: Florian Fainelli Reviewed-by: Rob Herring Signed-off-by: David S. Miller commit 0fe2cd564c35ce322830967e24693a36bf30cc7f Author: Arun Parameswaran Date: Wed Aug 1 17:53:50 2018 -0700 net: phy: Use devm api for mdio bus allocation in bcm iproc mdio mux Use devm_mdiobus_alloc() instead of mdiobus_alloc() in the Broadcom iProc mdio mux driver. Signed-off-by: Arun Parameswaran Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 5634cb2b376cef882435c3acce57d4f429405254 Author: Arun Parameswaran Date: Wed Aug 1 17:53:49 2018 -0700 net: phy: Disable external master access in bcm mdio mux driver Configure the scan control register in the Broadcom iProc mdio mux driver to disable access to external master. In some SoC's, the scan control register defaults to an incorrect value. Signed-off-by: Arun Parameswaran Reviewed-by: Andrew Lunn Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 18b872d854dc7256863755ece26828aa1856c13f Author: Arun Parameswaran Date: Wed Aug 1 17:53:48 2018 -0700 arm64: dts: Fix the base address of the Broadcom iProc mdio mux Modify the base address of the mdio mux driver to point to the start of the mdio mux block's register address space. Signed-off-by: Arun Parameswaran Reviewed-by: Andrew Lunn Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 77fefa93bfebe4df44f154f2aa5938e32630d0bf Author: Arun Parameswaran Date: Wed Aug 1 17:53:47 2018 -0700 net: phy: Fix the register offsets in Broadcom iProc mdio mux driver Modify the register offsets in the Broadcom iProc mdio mux to start from the top of the register address space. Earlier, the base address pointed to the end of the block's register space. The base address will now point to the start of the mdio's address space. The offsets have been fixed to match this. Signed-off-by: Arun Parameswaran Reviewed-by: Andrew Lunn Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 9b1dd818095fdec6e4952b8ff5c5da20553c4e09 Author: Arun Parameswaran Date: Wed Aug 1 17:53:46 2018 -0700 dt-bindings: net: Fix Broadcom iProc mdio mux driver base address Modify the base address of the Broadcom iProc MDIO mux driver to point to the start of the block's register address space. Signed-off-by: Arun Parameswaran Reviewed-by: Andrew Lunn Reviewed-by: Florian Fainelli Reviewed-by: Rob Herring Signed-off-by: David S. Miller commit cda676b5c93fa3d1a1a1794a8ee8ae8860d06843 Author: Amit Kucheria Date: Wed Jul 18 12:13:13 2018 +0530 arm64: dts: sdm845: Add tsens nodes SDM845 has two tsens blocks, one with 13 sensors and the other with 8 sensors. It uses version 2 of the TSENS IP, so use the fallback property to allow more common code. Signed-off-by: Amit Kucheria Reviewed-by: Bjorn Andersson Tested-by: Matthias Kaehlcke Reviewed-by: Matthias Kaehlcke Reviewed-by: Douglas Anderson Signed-off-by: Andy Gross commit f35c11b03b44d68d7d0688e30f4a9a18a3a334d5 Author: Amit Kucheria Date: Wed Jul 18 12:13:10 2018 +0530 arm64: dts: msm8996: thermal: Initialise via DT and add second controller We also split up the regmap address space into two, for the TM and SROT registers. This was required to deal with different address offsets for the TM and SROT registers across different SoC families. 8996 has two TSENS IP blocks, initialise the second one too. Since tsens-common.c/init_common() currently only registers one address space, the order is important (TM before SROT). This is OK since the code doesn't really use the SROT functionality yet. Signed-off-by: Amit Kucheria Reviewed-by: Bjorn Andersson Tested-by: Matthias Kaehlcke Reviewed-by: Matthias Kaehlcke Reviewed-by: Douglas Anderson Signed-off-by: Andy Gross commit 9a47249d444d344051c7c0e909fad0e88515a5c2 Author: Jason A. Donenfeld Date: Tue Jul 31 21:11:00 2018 +0200 random: Make crng state queryable It is very useful to be able to know whether or not get_random_bytes_wait / wait_for_random_bytes is going to block or not, or whether plain get_random_bytes is going to return good randomness or bad randomness. The particular use case is for mitigating certain attacks in WireGuard. A handshake packet arrives and is queued up. Elsewhere a worker thread takes items from the queue and processes them. In replying to these items, it needs to use some random data, and it has to be good random data. If we simply block until we can have good randomness, then it's possible for an attacker to fill the queue up with packets waiting to be processed. Upon realizing the queue is full, WireGuard will detect that it's under a denial of service attack, and behave accordingly. A better approach is just to drop incoming handshake packets if the crng is not yet initialized. This patch, therefore, makes that information directly accessible. Signed-off-by: Jason A. Donenfeld Signed-off-by: Theodore Ts'o commit ae61bac9c470cf546558ea525e7cf6b636f04046 Author: Wei Yongjun Date: Wed Aug 1 01:40:31 2018 +0000 gpio: pxa: remove set but not used variable 'gpio_offset' Fixes gcc '-Wunused-but-set-variable' warning: drivers/gpio/gpio-pxa.c: In function "pxa_gpio_probe": drivers/gpio/gpio-pxa.c:629:35: warning: variable "gpio_offset" set but not used [-Wunused-but-set-variable] int irq0 = 0, irq1 = 0, irq_mux, gpio_offset = 0; ^ Signed-off-by: Wei Yongjun Acked-by: Robert Jarzmik Signed-off-by: Linus Walleij commit 7a0d5009dbb73bcecc199151e6a126aa3630d820 Merge: 0e8f31d78981 78ee559d7fc6 Author: Andy Gross Date: Thu Aug 2 16:27:10 2018 -0500 Merge tag 'qcom-drivers-for-4.19' into arm64-for-4.19-2 Qualcomm ARM Based Driver Updates for v4.19 * Add Qualcomm LLCC driver * Add Qualcomm RPMH controller * Fix memleak in Qualcomm RMTFS * Add dummy qcom_scm_assign_mem() * Fix check for global partition in SMEM commit 0e8f31d78981f5a3648d035b86c8fb920950865f Merge: ce397d215ccd e53db018315b Author: Andy Gross Date: Thu Aug 2 16:24:51 2018 -0500 Merge tag 'qcom-arm64-for-4.19' into arm64-for-4.19-2 Qualcomm ARM64 Updates for v4.19 * Add support for PM8005/PM8998 and related nodes * Add/fix nodes on SDM845 for I2c, SPI, UART, and RPMH * Fix BT LED trigger on DB410c * Drop legacy clock names on MSM8916 * Add gpio line names on DB820c commit 704f83928c8e7da6e06144569efb15dec73278e8 Author: Kees Cook Date: Tue Jul 31 12:51:54 2018 -0700 scsi: Check sense buffer size at build time To avoid introducing problems like those fixed in commit f7068114d45e ("sr: pass down correctly sized SCSI sense buffer"), this creates a macro wrapper for scsi_execute() that verifies the size of the sense buffer similar to what was done for command string sizes in commit 3756f6401c30 ("exec: avoid gcc-8 warning for get_task_comm"). Another solution could be to add a length argument to scsi_execute(), but this function already takes a lot of arguments and Jens was not fond of that approach. Additionally, this moves the SCSI_SENSE_BUFFERSIZE definition into scsi_device.h, and removes a redundant include for scsi_device.h from scsi_cmnd.h. Reviewed-by: Christoph Hellwig Signed-off-by: Kees Cook Signed-off-by: Jens Axboe commit 429296cc51c4cf145b240a78c8d68545e4d67e4c Author: Kees Cook Date: Tue Jul 31 12:51:53 2018 -0700 libata-scsi: Move sense buffers onto stack To support future compile-time sizeof() checks that will be able to validate the length of sense buffers, this removes the only dynamically allocated sense buffers in the tree by putting the 96 byte sense buffers on the stack. Reviewed-by: Christoph Hellwig Acked-by: Tejun Heo Signed-off-by: Kees Cook Signed-off-by: Jens Axboe commit 4e178c17cac07d58df7d31ef6fe10036cfa3883d Author: Kees Cook Date: Tue Jul 31 12:51:52 2018 -0700 cdrom: Use struct scsi_sense_hdr internally This removes more casts of struct request_sense and uses the standard struct scsi_sense_hdr instead. This also fixes any possible stale values since the prior code did not check the sense length. Reviewed-by: Christoph Hellwig Signed-off-by: Kees Cook Signed-off-by: Jens Axboe commit 7a6873be1b11517a0c55ab4534e4de54b3e228a3 Author: Kees Cook Date: Tue Jul 31 12:51:51 2018 -0700 ide-cd: Remove redundant sense buffer This is already able to process the sense buffer, so remove the redundant parsing during the failure path. This also fixes any possible stale values since the prior code did not check the sense length. Acked-by: David S. Miller Reviewed-by: Christoph Hellwig Signed-off-by: Kees Cook Signed-off-by: Jens Axboe commit e7d0748dd71695b94f3a35c8bdc05226a7f3d919 Author: Kees Cook Date: Thu Aug 2 15:22:13 2018 -0600 block: Switch struct packet_command to use struct scsi_sense_hdr There is a lot of needless struct request_sense usage in the CDROM code. These can all be struct scsi_sense_hdr instead, to avoid any confusion over their respective structure sizes. This patch is a lot of noise changing "sense" to "sshdr", but the final code is more readable to distinguish between "sense" meaning "struct request_sense" and "sshdr" meaning "struct scsi_sense_hdr". Reviewed-by: Christoph Hellwig Signed-off-by: Kees Cook Signed-off-by: Jens Axboe commit 8a39a0478355e9dfdd2f35038d07c4ebe3192441 Author: Christoph Hellwig Date: Tue Jul 31 12:51:49 2018 -0700 target: don't depend on SCSI The core target code only needs code from scsi_common.c, which is now separately selectable. Signed-off-by: Christoph Hellwig Signed-off-by: Kees Cook Signed-off-by: Jens Axboe commit ad80f9703a3de62c48c012af62899b754af087f1 Author: Christoph Hellwig Date: Tue Jul 31 12:51:48 2018 -0700 scsi: build scsi_common.o for all scsi passthrough request users Split scsi_common.o out of SCSI so that non-SCSI users can pull it in easily for future sense buffer helper usage. Signed-off-by: Christoph Hellwig Signed-off-by: Kees Cook Signed-off-by: Jens Axboe commit 1fd89e4ddcec0c8cae15ddd19980cb944b2baf5d Author: Kees Cook Date: Tue Jul 31 12:51:47 2018 -0700 scsi: cxlflash: Drop unused sense buffers This removes the unused sense buffer in read_cap16() and write_same16(). Reviewed-by: Christoph Hellwig Acked-by: Matthew R. Ochs Signed-off-by: Kees Cook Signed-off-by: Jens Axboe commit 54f8a7ae7c210382a3037887a9831462741ae0db Author: Kees Cook Date: Tue Jul 31 12:51:46 2018 -0700 ide-cd: Drop unused sense buffers This drops unused sense buffers from: cdrom_eject() cdrom_read_capacity() cdrom_read_tocentry() ide_cd_lockdoor() ide_cd_read_toc() Acked-by: David S. Miller Reviewed-by: Christoph Hellwig Signed-off-by: Kees Cook Signed-off-by: Jens Axboe commit dc0aa99258813b1e8b567e20bb50ed4a931a848a Author: Himanshu Madhani Date: Thu Aug 2 13:16:58 2018 -0700 scsi: qla2xxx: Update driver version to 10.00.00.08-k Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 8777e4314d397c4e3615dc02fe8537e571e3922f Author: Quinn Tran Date: Thu Aug 2 13:16:57 2018 -0700 scsi: qla2xxx: Migrate NVME N2N handling into state machine This patch fixes regression introduced for the N2N support for FC-NVMe. For FC-NVMe with N2N connection, instead of FW initiating the Login, Driver starts Login process. This patch migrates that new process from a standalone path into existing session management state machine. With this state change now driver will not wait for pull NPort ID from FW. Fixes: edd05de197592 ("scsi: qla2xxx: Changes to support N2N logins") Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 0eaaca4c1bd6349fff3a47228c4db8e9e5cf7cdf Author: Quinn Tran Date: Thu Aug 2 13:16:56 2018 -0700 scsi: qla2xxx: Save frame payload size from ICB Save frame payload size from init control block. This field/data is used to register with switch database. This allows the init control block temp buf to be reused. [mkp: remove unused variable] Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 15b6c3c9568765f0717b2dd3aa67a5f7eadd9734 Author: Himanshu Madhani Date: Thu Aug 2 13:16:55 2018 -0700 scsi: qla2xxx: Fix stalled relogin This patch sets and clears FCF_ASYNC_{SENT|ACTIVE} flags to prevent stalling of relogin attempt. Once flag are correctly set/cleared, relogin timer can retry relogin attempt for driver to continue login. Fixes: fa83e65885b9 ("scsi: qla2xxx: ensure async flags are reset correctly") Cc: stable@vger.kernel.org #4.17 Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit f6145e86d21fccd59bbb87bc1e1eb076658fd79a Author: Quinn Tran Date: Thu Aug 2 13:16:54 2018 -0700 scsi: qla2xxx: Fix race between switch cmd completion and timeout Fix race condition between switch cmd completion and timeout timer. Timer has popped triggers command free. On IOCB completion, stale sp point was reused. Instead, an abort will be sent to FW to nudge the command out of FW where the normal completion will take place. RIP: 0010:qla2x00_chk_ms_status+0xf3/0x1b0 [qla2xxx] Call Trace: qla24xx_els_ct_entry.isra.15+0x1d4/0x2b0 [qla2xxx] qla24xx_msix_rsp_q+0x39/0xf0 [qla2xxx] qla24xx_process_response_queue+0xbc/0x2b0 [qla2xxx] qla24xx_msix_rsp_q+0x8a/0xf0 [qla2xxx] __handle_irq_event_percpu+0xa0/0x1f0 Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit f6602f3befbb9979cdb031e32211358dd008d05e Author: Quinn Tran Date: Thu Aug 2 13:16:53 2018 -0700 scsi: qla2xxx: Fix Management Server NPort handle reservation logic After selecting the NPort handle/loop_id, set a bit in the loop_id_map to prevent others from selecting the same NPort handle. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit b2000805a9759d315f56eecaca7779aa9197a72f Author: Quinn Tran Date: Thu Aug 2 13:16:52 2018 -0700 scsi: qla2xxx: Flush mailbox commands on chip reset Flush pending mailbox commands on chip reset. Wake up command that's waiting for an interrupt and wait for mailbox counters to go to zero. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit cb97f2c2e8d9f8c71ddbf04ad57e163ee6d86474 Author: Quinn Tran Date: Thu Aug 2 13:16:51 2018 -0700 scsi: qla2xxx: Fix unintended Logout During normal IO, FW can return IO with 'port unavailble' status. Driver would send a LOGO to remote port for session resync. On an off chance, a PLOGI could arrive before sending the LOGO. This patch will skip sendiing LOGO if a PLOGI just came in. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 8fde6977ac478c00eeb2beccfdd4a6ad44219f6c Author: Quinn Tran Date: Thu Aug 2 13:16:50 2018 -0700 scsi: qla2xxx: Fix session state stuck in Get Port DB This patch sets discovery state back to GNL (Get Name List) when session is stuck at GPDB (Get Port DataBase). This will allow state machine to retry login and move session state ahead in discovery. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit b63d8b895a1038e5ff762e19b46e9fe9fa3a19a2 Author: Quinn Tran Date: Thu Aug 2 13:16:49 2018 -0700 scsi: qla2xxx: Fix redundant fc_rport registration Prevent multiple registrations with transport layer for the same remote port. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 3f915271b12e11183c606bed1c3dfff0983662d3 Author: Quinn Tran Date: Thu Aug 2 13:16:48 2018 -0700 scsi: qla2xxx: Silent erroneous message Driver uses shadow pointer instead of Mirror pointer for firmware dump collection. Skip those entries for Mirror pointers for Request/Response queue from firmware dump template reading. Following messages are printed in log messages: qla27xx_fwdt_entry_t268: unknown buffer 4 qla27xx_fwdt_entry_t268: unknown buffer 5 This patch fixes these error messages by adding skip_entry() to not read them from template. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 22ebde16f141a5602a5e7c090aac7d50eb05f475 Author: Quinn Tran Date: Thu Aug 2 13:16:47 2018 -0700 scsi: qla2xxx: Prevent sysfs access when chip is down Prevent user from sending commands through sysfs while firmware is not running or reset is in progress. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 7e84766c9bceb4fc687f483a4cc2bff06f89a563 Author: Quinn Tran Date: Thu Aug 2 13:16:46 2018 -0700 scsi: qla2xxx: Add longer window for chip reset qla2x00_reset_active only covers the window of turning the chip off. Add check to cover turning chip on. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 23dd98a6555897f65306c6937b428c8742fef610 Author: Quinn Tran Date: Thu Aug 2 13:16:45 2018 -0700 scsi: qla2xxx: Fix login retry count Login retry count was not properly decrementing which lead to endless retry. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 48acad099074984f6b0b6e4da011856ba25d12ba Author: Quinn Tran Date: Thu Aug 2 13:16:44 2018 -0700 scsi: qla2xxx: Fix N2N link re-connect In case of N2N connect, sg_reset for bus/device/host was causing driver and firmware state to go out of sync. This patch fixes this link instablity when reconnect is attempted after link flap. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 4ae5716b4188d20178fdcaa39561fa50f6e6b513 Author: Himanshu Madhani Date: Thu Aug 2 13:16:43 2018 -0700 scsi: qla2xxx: Cleanup for N2N code Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 67075b3cb8d509642ff09ef3134a3b2d30c45a32 Author: Kuninori Morimoto Date: Mon Jul 30 07:49:55 2018 +0000 clk: cs2000-cp: convert to SPDX identifiers Signed-off-by: Kuninori Morimoto Signed-off-by: Stephen Boyd commit 7a8655e19bdb3be43f6a3b4768c9b0928a2585fc Author: Amit Daniel Kachhap Date: Tue Jul 31 11:25:55 2018 +0530 clk: scmi: Fix the rounding of clock rate This fix rounds the clock rate properly by using quotient and not remainder in the calculation. This issue was found while testing HDMI in the Juno platform. Fixes: 6d6a1d82eaef7 ("clk: add support for clocks provided by SCMI") Acked-by: Sudeep Holla Signed-off-by: Amit Daniel Kachhap Signed-off-by: Stephen Boyd commit 75d6e175fc511e95ae3eb8f708680133bc211ed3 Author: Ming Lei Date: Thu Aug 2 18:23:26 2018 +0800 blk-mq: fix updating tags depth The passed 'nr' from userspace represents the total depth, meantime inside 'struct blk_mq_tags', 'nr_tags' stores the total tag depth, and 'nr_reserved_tags' stores the reserved part. There are two issues in blk_mq_tag_update_depth() now: 1) for growing tags, we should have used the passed 'nr', and keep the number of reserved tags not changed. 2) the passed 'nr' should have been used for checking against 'tags->nr_tags', instead of number of the normal part. This patch fixes the above two cases, and avoids kernel crash caused by wrong resizing sbitmap queue. Cc: "Ewan D. Milne" Cc: Christoph Hellwig Cc: Bart Van Assche Cc: Omar Sandoval Tested by: Marco Patalano Signed-off-by: Ming Lei Signed-off-by: Jens Axboe commit a89f4f1e5f56a3e595c1a87f43df68e22fabf479 Author: Colin Ian King Date: Wed Aug 1 15:58:41 2018 +0100 scsi: sym53c8xx: remove some redundant variables Variables scriptb0 and dp_sgmin are being assigned but are never used hence they are redundant and can be removed. Cleans up clang warnings: warning: variable 'scriptb0' set but not used [-Wunused-but-set-variable] warning: variable 'dp_sgmin' set but not used [-Wunused-but-set-variable] Signed-off-by: Colin Ian King Signed-off-by: Martin K. Petersen commit 46a75118d6fb93863abfa3723ea6a7ca921c928b Author: Arjun Vynipadath Date: Wed Aug 1 17:17:12 2018 +0530 scsi: csiostor: update csio_get_flash_params() - Updates csio_get_flash_params() to take care of ISSI, Macronix and Winbond FLASH parts. - Assume flash part size to be 4MB if it cannot be identified Signed-off-by: Arjun Vynipadath Signed-off-by: Varun Prakash Signed-off-by: Martin K. Petersen commit a3f90c75b833caeff123499e13e0e31cbecf7d5b Author: Mauro Carvalho Chehab Date: Thu Jul 5 18:59:35 2018 -0400 media: dvb: convert tuner_info frequencies to Hz Right now, satellite tuner drivers specify frequencies in kHz, while terrestrial/cable ones specify in Hz. That's confusing for developers. However, the main problem is that universal tuners capable of handling both satellite and non-satelite delivery systems are appearing. We end by needing to hack the drivers in order to support such hybrid tuners. So, convert everything to specify tuner frequencies in Hz. Plese notice that a similar patch is also needed for frontends. Tested-by: Katsuhiro Suzuki Acked-by: Michael Büsch Signed-off-by: Mauro Carvalho Chehab commit 0ee223b2e1f67cb2de9c0e3247c510d846e74d63 Author: Bart Van Assche Date: Thu Aug 2 10:51:41 2018 -0700 scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock A long time ago the unfortunate decision was taken to add a self-deletion attribute to the sysfs SCSI device directory. That decision was unfortunate because self-deletion is really tricky. We can't drop that attribute because widely used user space software depends on it, namely the rescan-scsi-bus.sh script. Hence this patch that avoids that writing into that attribute triggers a deadlock. See also commit 7973cbd9fbd9 ("[PATCH] add sysfs attributes to scan and delete scsi_devices"). This patch avoids that self-removal triggers the following deadlock: ====================================================== WARNING: possible circular locking dependency detected 4.18.0-rc2-dbg+ #5 Not tainted ------------------------------------------------------ modprobe/6539 is trying to acquire lock: 000000008323c4cd (kn->count#202){++++}, at: kernfs_remove_by_name_ns+0x45/0x90 but task is already holding lock: 00000000a6ec2c69 (&shost->scan_mutex){+.+.}, at: scsi_remove_host+0x21/0x150 [scsi_mod] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&shost->scan_mutex){+.+.}: __mutex_lock+0xfe/0xc70 mutex_lock_nested+0x1b/0x20 scsi_remove_device+0x26/0x40 [scsi_mod] sdev_store_delete+0x27/0x30 [scsi_mod] dev_attr_store+0x3e/0x50 sysfs_kf_write+0x87/0xa0 kernfs_fop_write+0x190/0x230 __vfs_write+0xd2/0x3b0 vfs_write+0x101/0x270 ksys_write+0xab/0x120 __x64_sys_write+0x43/0x50 do_syscall_64+0x77/0x230 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (kn->count#202){++++}: lock_acquire+0xd2/0x260 __kernfs_remove+0x424/0x4a0 kernfs_remove_by_name_ns+0x45/0x90 remove_files.isra.1+0x3a/0x90 sysfs_remove_group+0x5c/0xc0 sysfs_remove_groups+0x39/0x60 device_remove_attrs+0x82/0xb0 device_del+0x251/0x580 __scsi_remove_device+0x19f/0x1d0 [scsi_mod] scsi_forget_host+0x37/0xb0 [scsi_mod] scsi_remove_host+0x9b/0x150 [scsi_mod] sdebug_driver_remove+0x4b/0x150 [scsi_debug] device_release_driver_internal+0x241/0x360 device_release_driver+0x12/0x20 bus_remove_device+0x1bc/0x290 device_del+0x259/0x580 device_unregister+0x1a/0x70 sdebug_remove_adapter+0x8b/0xf0 [scsi_debug] scsi_debug_exit+0x76/0xe8 [scsi_debug] __x64_sys_delete_module+0x1c1/0x280 do_syscall_64+0x77/0x230 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&shost->scan_mutex); lock(kn->count#202); lock(&shost->scan_mutex); lock(kn->count#202); *** DEADLOCK *** 2 locks held by modprobe/6539: #0: 00000000efaf9298 (&dev->mutex){....}, at: device_release_driver_internal+0x68/0x360 #1: 00000000a6ec2c69 (&shost->scan_mutex){+.+.}, at: scsi_remove_host+0x21/0x150 [scsi_mod] stack backtrace: CPU: 10 PID: 6539 Comm: modprobe Not tainted 4.18.0-rc2-dbg+ #5 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 Call Trace: dump_stack+0xa4/0xf5 print_circular_bug.isra.34+0x213/0x221 __lock_acquire+0x1a7e/0x1b50 lock_acquire+0xd2/0x260 __kernfs_remove+0x424/0x4a0 kernfs_remove_by_name_ns+0x45/0x90 remove_files.isra.1+0x3a/0x90 sysfs_remove_group+0x5c/0xc0 sysfs_remove_groups+0x39/0x60 device_remove_attrs+0x82/0xb0 device_del+0x251/0x580 __scsi_remove_device+0x19f/0x1d0 [scsi_mod] scsi_forget_host+0x37/0xb0 [scsi_mod] scsi_remove_host+0x9b/0x150 [scsi_mod] sdebug_driver_remove+0x4b/0x150 [scsi_debug] device_release_driver_internal+0x241/0x360 device_release_driver+0x12/0x20 bus_remove_device+0x1bc/0x290 device_del+0x259/0x580 device_unregister+0x1a/0x70 sdebug_remove_adapter+0x8b/0xf0 [scsi_debug] scsi_debug_exit+0x76/0xe8 [scsi_debug] __x64_sys_delete_module+0x1c1/0x280 do_syscall_64+0x77/0x230 entry_SYSCALL_64_after_hwframe+0x49/0xbe See also https://www.mail-archive.com/linux-scsi@vger.kernel.org/msg54525.html. Fixes: ac0ece9174ac ("scsi: use device_remove_file_self() instead of device_schedule_callback()") Signed-off-by: Bart Van Assche Cc: Greg Kroah-Hartman Acked-by: Tejun Heo Cc: Johannes Thumshirn Cc: Signed-off-by: Martin K. Petersen commit 2afc9166f79b8f6da5f347f48515215ceee4ae37 Author: Bart Van Assche Date: Thu Aug 2 10:51:40 2018 -0700 scsi: sysfs: Introduce sysfs_{un,}break_active_protection() Introduce these two functions and export them such that the next patch can add calls to these functions from the SCSI core. Signed-off-by: Bart Van Assche Acked-by: Tejun Heo Acked-by: Greg Kroah-Hartman Cc: Signed-off-by: Martin K. Petersen commit 7fa8512330ab7cbb394b3e42ee092f4ad2e8f906 Author: James Smart Date: Tue Jul 31 17:23:25 2018 -0700 scsi: lpfc: update driver version to 12.0.0.6 Update the driver version to 12.0.0.6 Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen commit 06b6fa38155ea3709f4d612ae71c201c3f179164 Author: James Smart Date: Tue Jul 31 17:23:24 2018 -0700 scsi: lpfc: Remove lpfc_enable_pbde as module parameter Enablement of the PBDE optimization brought out some incompatible behaviors under error scenarios. Best to disable and remove the PBDE optimization. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen commit 24bc3119424ac163c2f67e072c956f50e153d034 Author: James Smart Date: Tue Jul 31 17:23:23 2018 -0700 scsi: lpfc: Correct LCB ACCept payload After memory allocation for the LCB response frame, the memory wasn't zero initialized, and not all fields are set. Thus garbage shows up in the payload. Fix by zeroing the memory at allocation. Also properly set the Capability field based on duration support. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen commit 2a5b7d626ed2256fd0ef0e799ebc6ef47b7bd283 Author: James Smart Date: Tue Jul 31 17:23:22 2018 -0700 scsi: lpfc: Limit tracking of tgt queue depth in fast path Performance is affected when target queue depth is tracked. An atomic counter is incremented on the submission path which competes with it being decremented on the completion path. In addition, multiple CPUs can simultaniously be manipulating this counter for the same ndlp. Reduce the overhead by only performing the target increment/decrement when the target queue depth is less than the overall adapter depth, thus is actually meaningful. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen commit 93a3922da428ec0752e8b2ab00c42dadbbf805a9 Author: James Smart Date: Tue Jul 31 17:23:21 2018 -0700 scsi: lpfc: Fix driver crash when re-registering NVME rports. During remote port loss fault testing, the driver crashed with the following trace: general protection fault: 0000 [#1] SMP RIP: ... lpfc_nvme_register_port+0x250/0x480 [lpfc] Call Trace: lpfc_nlp_state_cleanup+0x1b3/0x7a0 [lpfc] lpfc_nlp_set_state+0xa6/0x1d0 [lpfc] lpfc_cmpl_prli_prli_issue+0x213/0x440 lpfc_disc_state_machine+0x7e/0x1e0 [lpfc] lpfc_cmpl_els_prli+0x18a/0x200 [lpfc] lpfc_sli_sp_handle_rspiocb+0x3b5/0x6f0 [lpfc] lpfc_sli_handle_slow_ring_event_s4+0x161/0x240 [lpfc] lpfc_work_done+0x948/0x14c0 [lpfc] lpfc_do_work+0x16f/0x180 [lpfc] kthread+0xc9/0xe0 ret_from_fork+0x55/0x80 After registering a new remoteport, the driver is pulling an ndlp pointer from the lpfc rport associated with the private area of a newly registered remoteport. The private area is uninitialized, so it's garbage. Correct by pulling the the lpfc rport pointer from the entering ndlp point, then ndlp value from at rport. Note the entering ndlp may be replacing by the rport->ndlp due to an address change swap. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen commit 8931c73bee077f5bc5710afebc0136363970cb2b Author: James Smart Date: Tue Jul 31 17:23:20 2018 -0700 scsi: lpfc: Fix list corruption on the completion queue. Enabling list_debug showed the drivers txcmplq was suffering list corruption. The systems will eventually crash because the iocb free list gets crossed linked with the prings txcmplq. Most systems will run for a while after the corruption, but will eventually crash when a scsi eh reset occurs and the txcmplq is attempted to be flushed. The flush gets stuck in an endless loop. The problem is the abort handler does not hold the sli4 ring lock while validating the IO so the IO could complete while the driver is still preping the abort. The erroneously generated abort, when it completes, has pointers to the original IO that has already completed, and the IO manipulation (for the second time) corrupts the list. Correct by taking the ring lock early in the abort handler so the erroneous abort won't be sent if the io has/is completing. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen commit b615a20adf04cf3c8e9293851da3aac54792fb07 Author: James Smart Date: Tue Jul 31 17:23:19 2018 -0700 scsi: lpfc: Fix sysfs Speed value on CNA ports CNA ports were showing speed as "unknown" even if the link is up. Add speed decoding for FCOE-based adapters. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen commit faa832e97a0c0d79838c3a6521a473d870217053 Author: James Smart Date: Tue Jul 31 17:23:18 2018 -0700 scsi: lpfc: Fix ELS abort on SLI-3 adapters For ABORT_XRI_CN command, firmware identifies XRI to abort by IOTAG and RPI combination. For ELS aborts, driver specifies IOTAG correctly but RPI is not specified. Fix by setting RPI in WQE. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen commit 8687a3e2c7a026c173ac2e0d65d869c98c154a3a Author: Chengguang Xu Date: Thu Jul 19 22:15:26 2018 +0800 ceph: add additional offset check in ceph_write_iter() If the offset is larger or equal to both real file size and max file size, then return -EFBIG. Signed-off-by: Chengguang Xu Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit 0671e9968dfb3f99a366df816c361b8e871dba1b Author: Chengguang Xu Date: Thu Jul 19 22:15:25 2018 +0800 ceph: add additional range check in ceph_fallocate() If the range is larger than both real file size and limit of max file size, then return -EFBIG. Signed-off-by: Chengguang Xu Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit 719784ba706cdbb47ef87483950f0a4594d36e87 Author: Chengguang Xu Date: Thu Jul 19 22:15:24 2018 +0800 ceph: add new field max_file_size in ceph_fs_client In order to not bother to VFS and other specific filesystems, we decided to do offset validation inside ceph kernel client, so just simply set sb->s_maxbytes to MAX_LFS_FILESIZE so that it can successfully pass VFS check. We add new field max_file_size in ceph_fs_client to store real file size limit and doing proper check based on it. Signed-off-by: Chengguang Xu Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit f1d10e04637924f2b00a0fecdd2ca4565f5cfc3f Author: Ilya Dryomov Date: Fri Jul 27 19:45:36 2018 +0200 libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() Allow for extending ceph_x_authorize_reply in the future. Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil commit 130f52f2b203aa0aec179341916ffb2e905f3afd Author: Ilya Dryomov Date: Fri Jul 27 19:40:30 2018 +0200 libceph: check authorizer reply/challenge length before reading Avoid scribbling over memory if the received reply/challenge is larger than the buffer supplied with the authorizer. Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil commit cc255c76c70f7a87d97939621eae04b600d9f4a1 Author: Ilya Dryomov Date: Fri Jul 27 19:25:32 2018 +0200 libceph: implement CEPHX_V2 calculation mode Derive the signature from the entire buffer (both AES cipher blocks) instead of using just the first half of the first block, leaving out data_crc entirely. This addresses CVE-2018-1129. Link: http://tracker.ceph.com/issues/24837 Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil commit 6daca13d2e72bedaaacfc08f873114c9307d5aea Author: Ilya Dryomov Date: Fri Jul 27 19:18:34 2018 +0200 libceph: add authorizer challenge When a client authenticates with a service, an authorizer is sent with a nonce to the service (ceph_x_authorize_[ab]) and the service responds with a mutation of that nonce (ceph_x_authorize_reply). This lets the client verify the service is who it says it is but it doesn't protect against a replay: someone can trivially capture the exchange and reuse the same authorizer to authenticate themselves. Allow the service to reject an initial authorizer with a random challenge (ceph_x_authorize_challenge). The client then has to respond with an updated authorizer proving they are able to decrypt the service's challenge and that the new authorizer was produced for this specific connection instance. The accepting side requires this challenge and response unconditionally if the client side advertises they have CEPHX_V2 feature bit. This addresses CVE-2018-1128. Link: http://tracker.ceph.com/issues/24836 Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil commit 149cac4a50b0b4081b38b2f38de6ef71c27eaa85 Author: Ilya Dryomov Date: Fri Jul 27 16:37:54 2018 +0200 libceph: factor out encrypt_authorizer() Will be used for encrypting both the initial and updated authorizers. Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil commit c571fe24d243bfe7017f0e67fe800b3cc2a1d1f7 Author: Ilya Dryomov Date: Thu Jul 26 18:05:43 2018 +0200 libceph: factor out __ceph_x_decrypt() Will be used for decrypting the server challenge which is only preceded by ceph_x_encrypt_header. Drop struct_v check to allow for extending ceph_x_encrypt_header in the future. Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil commit c0f56b483aa09c99bfe97409a43ad786f33b8a5a Author: Ilya Dryomov Date: Thu Jul 26 17:43:47 2018 +0200 libceph: factor out __prepare_write_connect() Will be used for sending ceph_msg_connect with an updated authorizer, after the server challenges the initial authorizer. Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil commit 262614c4294d33b1f19e0d18c0091d9c329b544a Author: Ilya Dryomov Date: Thu Jul 26 15:17:46 2018 +0200 libceph: store ceph_auth_handshake pointer in ceph_connection We already copy authorizer_reply_buf and authorizer_reply_buf_len into ceph_connection. Factoring out __prepare_write_connect() requires two more: authorizer_buf and authorizer_buf_len. Store the pointer to the handshake in con->auth rather than piling on. Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil commit 24e1dd6afde9e9cca405df8ca98be59419ea7229 Author: Stephen Hemminger Date: Tue Jul 24 12:29:07 2018 -0700 ceph: fix whitespace Remove blank lines at end of file and trailing whitespace. Signed-off-by: Stephen Hemminger Signed-off-by: Ilya Dryomov commit 24499847e4471b0aba8126cebd640084136fc2bb Author: Souptick Joarder Date: Mon Jul 23 21:32:24 2018 +0530 ceph: adding new return type vm_fault_t Use new return type vm_fault_t for page_mkwrite and fault handler. Signed-off-by: Souptick Joarder Reviewed-by: Matthew Wilcox Signed-off-by: Ilya Dryomov commit f7e52d8efe8588c5d4b4c78eb33da81d89486c1a Author: Ilya Dryomov Date: Mon Jul 23 14:11:40 2018 +0200 libceph: remove now unused ceph_{en,de}code_timespec() Signed-off-by: Ilya Dryomov commit 0ed1e90a09eb0e2863cab43e1ed5c5df89566772 Author: Arnd Bergmann Date: Fri Jul 13 22:18:38 2018 +0200 ceph: use timespec64 for r_stamp The ceph_mds_request stamp still uses the deprecated timespec structure, this converts it over as well. Signed-off-by: Arnd Bergmann Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit fac02ddf910814c24f5d9d969dfdab5227f6f3eb Author: Arnd Bergmann Date: Fri Jul 13 22:18:37 2018 +0200 libceph: use timespec64 for r_mtime The request mtime field is used all over ceph, and is currently represented as a 'timespec' structure in Linux. This changes it to timespec64 to allow times beyond 2038, modifying all users at the same time. [ Remove now redundant ts variable in writepage_nounlock(). ] Signed-off-by: Arnd Bergmann Reviewed-by: Ilya Dryomov Signed-off-by: Ilya Dryomov commit 3f285135bcff65c4817541edbee55e5b7f7917d2 Author: Ajay Singh Date: Thu Aug 2 16:57:02 2018 +0530 staging: wilc1000: fix compilation warning for ARCH PowerPC Fix below warning reported for PowerPC arch compilation include/uapi/linux/byteorder/big_endian.h:95:37: warning: passing argument 1 of '__swab32s' makes pointer from integer without a cast [-Wint-conversion] Fixes: 02211edc9a1f ("staging: wilc1000: fix endianness warnings reported by sparse") Reported-by: kbuild test robot Signed-off-by: Ajay Singh Signed-off-by: Greg Kroah-Hartman commit 25b88550b7d57c6ae91b0e5f4b1be2aaa73a60df Author: Mike Christie Date: Thu Aug 2 12:12:27 2018 -0500 scsi: target: loop, usb, vhost, xen: use target_remove_session This converts drivers that were only calling transport_deregister_session to use target_remove_session. The calling of transport_deregister_session_configfs via target_remove_session for these types of drivers is ok, because they were not exporting info from fields like sess_acl_list, sess->se_tpg and sess->fabric_sess_ptr from configfs accessible functions, so they will see no difference. Signed-off-by: Mike Christie Reviewed-by: Bart Van Assche Reviewed-by: Christoph Hellwig Cc: Felipe Balbi Cc: Sebastian Andrzej Siewior Cc: Andrzej Pietrasiewicz Cc: Michael S. Tsirkin Cc: Juergen Gross Signed-off-by: Martin K. Petersen commit 60daca10065a13a133e88b738fdc5a40b3654575 Author: Mike Christie Date: Thu Aug 2 12:12:26 2018 -0500 scsi: tcm_fc: use target_remove_session This converts tcm_fc to use target_remove_session tcm_fc was calling transport_deregister_session_configfs then calling transport_deregister_session when commands have completed. It should be ok for it to call transport_deregister_session_configfs later via target_remove_session because transport_deregister_session_configfs only prevents access from configfs via tpg removal and its call to the close_session callback for that driver, and this is already protected by the ft_lport_lock and its port lookup handling. Signed-off-by: Mike Christie Reviewed-by: Bart Van Assche Reviewed-by: Christoph Hellwig Cc: Johannes Thumshirn Signed-off-by: Martin K. Petersen commit b287e3517ed5c76ad48afdfc4f11fadb58a0707e Author: Mike Christie Date: Thu Aug 2 12:12:25 2018 -0500 scsi: target: srp, vscsi, sbp, qla: use target_remove_session This converts the drivers that called transport_deregister_session_configfs and then immediately called transport_deregister_session to use target_remove_session. Signed-off-by: Mike Christie Reviewed-by: Bart Van Assche Reviewed-by: Christoph Hellwig Cc: Chris Boot Cc: Bryant G. Ly Cc: Michael Cyr Cc: Signed-off-by: Martin K. Petersen commit fb7c70f2d750a462c5a9757555bc23bf35360cec Author: Mike Christie Date: Thu Aug 2 12:12:24 2018 -0500 scsi: target: add session removal function This adds a function to remove a session which should be used by drivers that use target_setup_session. The next patches will convert the target drivers to use this new function. Signed-off-by: Mike Christie Reviewed-by: Bart Van Assche Reviewed-by: Christoph Hellwig Cc: Chris Boot Cc: Bryant G. Ly Cc: Michael Cyr Cc: Cc: Johannes Thumshirn Cc: Felipe Balbi Cc: Sebastian Andrzej Siewior Cc: Andrzej Pietrasiewicz Cc: Michael S. Tsirkin Cc: Juergen Gross Signed-off-by: Martin K. Petersen commit fa834287300ba6a89e0a590f520a3398527eb541 Author: Mike Christie Date: Thu Aug 2 12:12:23 2018 -0500 scsi: target: rename target_alloc_session Rename target_alloc_session to target_setup_session to avoid confusion with the other transport session allocation function that only allocates the session and because the target_alloc_session does so much more. It allocates the session, sets up the nacl and registers the session. The next patch will then add a remove function to match the setup in this one, so it should make sense for all drivers, except iscsi, to just call those 2 functions to setup and remove a session. iscsi will continue to be the odd driver. Signed-off-by: Mike Christie Reviewed-by: Bart Van Assche Reviewed-by: Christoph Hellwig Cc: Chris Boot Cc: Bryant G. Ly Cc: Michael Cyr Cc: Cc: Johannes Thumshirn Cc: Felipe Balbi Cc: Sebastian Andrzej Siewior Cc: Andrzej Pietrasiewicz Cc: Michael S. Tsirkin Cc: Juergen Gross Signed-off-by: Martin K. Petersen commit 3cd14285a1bb58eaa98c44aec0db4d914fdc8c13 Author: Mike Christie Date: Thu Aug 2 12:12:22 2018 -0500 scsi: target: make transport_init_session_tags static transport_init_session_tags is only called from target_core_transport.c so make it static. Signed-off-by: Mike Christie Reviewed-by: Bart Van Assche Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen commit aeb502794b75f201d1df05f2f351346e0eb2eb83 Author: Mike Christie Date: Thu Aug 2 12:12:21 2018 -0500 scsi: iscsi target: have iscsit_start_nopin_timer call __iscsit_start_nopin_timer Just have iscsit_start_nopin_timer grab the lock and call __iscsit_start_nopin_timer. Signed-off-by: Mike Christie Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen commit 6a64f6e1591322beb8ce16e952a53582caf2a15c Author: Mike Christie Date: Thu Aug 2 12:12:20 2018 -0500 scsi: target: fix __transport_register_session locking When __transport_register_session is called from transport_register_session irqs will already have been disabled, so we do not want the unlock irq call to enable them until the higher level has done the final spin_unlock_irqrestore/ spin_unlock_irq. This has __transport_register_session use the save/restore call. Signed-off-by: Mike Christie Reviewed-by: Bart Van Assche Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen commit 9bbeab41ce50542624ef381e7852d70f2f39a2b1 Author: Arnd Bergmann Date: Fri Jul 13 22:18:36 2018 +0200 ceph: use timespec64 for inode timestamp Since the vfs structures are all using timespec64, we can now change the internal representation, using ceph_encode_timespec64 and ceph_decode_timespec64. In case of ceph_aux_inode however, we need to avoid doing a memcmp() on uninitialized padding data, so the members of the i_mtime field get copied individually into 64-bit integers. Signed-off-by: Arnd Bergmann Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit 63ecae7e439f766e88c91da56955bca4db06802a Author: Arnd Bergmann Date: Fri Jul 13 22:18:35 2018 +0200 ceph: stop using current_kernel_time() ceph_mdsc_create_request() is one of the last callers of the deprecated current_kernel_time() as well as timespec_trunc(). This changes it to use the timespec64 based interfaces instead, though we still need to convert the result until we are ready to change over req->r_stamp. The output of the two functions, ktime_get_coarse_real_ts64() and current_kernel_time() is the same coarse-granular timestamp, the only difference here is that ktime_get_coarse_real_ts64() doesn't overflow in 2038. Signed-off-by: Arnd Bergmann Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit 473bd2d780d1699d81b25f57c0ec4de633a28eb8 Author: Arnd Bergmann Date: Fri Jul 13 22:18:34 2018 +0200 libceph: use timespec64 in for keepalive2 and ticket validity ceph_con_keepalive_expired() is the last user of timespec_add() and some of the last uses of ktime_get_real_ts(). Replacing this with timespec64 based interfaces lets us remove that deprecated API. I'm introducing new ceph_encode_timespec64()/ceph_decode_timespec64() here that take timespec64 structures and convert to/from ceph_timespec, which is defined to have an unsigned 32-bit tv_sec member. This extends the range of valid times to year 2106, avoiding the year 2038 overflow. The ceph file system portion still uses the old functions for inode timestamps, this will be done separately after the VFS layer is converted. Signed-off-by: Arnd Bergmann Reviewed-by: Ilya Dryomov Signed-off-by: Ilya Dryomov commit 67fcd151400242757edbab710402161b2cd38989 Author: Chengguang Xu Date: Mon Jul 9 22:17:31 2018 +0800 ceph: add d_drop for some error cases in ceph_symlink() When file num exceeds quota limit, should call d_drop to drop dentry from cache as well. Signed-off-by: Chengguang Xu Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit 0459871c4995d0bd57d6b1694f0971ec5cabafc1 Author: Chengguang Xu Date: Mon Jul 9 22:17:30 2018 +0800 ceph: add d_drop for some error cases in ceph_mknod() When file num exceeds quota limit or fails from ceph_per_init_acls() should call d_drop to drop dentry from cache as well. Signed-off-by: Chengguang Xu Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit 61ad36d47dd273b7b8c3d63fc8359d96f7976c79 Author: Chengguang Xu Date: Mon Jul 9 22:48:07 2018 +0800 ceph: return errors from posix_acl_equiv_mode() correctly In order to return correct error code should replace variable ret using err in error case. Signed-off-by: Chengguang Xu Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit dfeb84d4adfda0448b013b8aae2cc5c95eb27ccd Author: Yan, Zheng Date: Mon Jul 2 15:55:23 2018 +0800 ceph: fix incorrect use of strncpy GCC8 prints following warning: fs/ceph/mds_client.c:3683:2: warning: ‘strncpy’ output may be truncated copying 64 bytes from a string of length 64 [-Wstringop-truncation] [ Change to strscpy() while at it. ] Signed-off-by: "Yan, Zheng" Reviewed-by: Ilya Dryomov Signed-off-by: Ilya Dryomov commit b26c047b940003295d3896b7f633a66aab95bebd Author: Ilya Dryomov Date: Tue Jul 3 15:28:43 2018 +0200 rbd: support for images within namespaces Cloning across namespaces isn't supported yet -- for now both the parent and the clone have to live in the same namespace, whether the default (i.e. "") or a user-created namespace. Signed-off-by: Ilya Dryomov commit c300156bc734796e251fa31b07dff2af2f572889 Author: Ilya Dryomov Date: Tue Jul 3 15:28:43 2018 +0200 rbd: pass rbd_spec into parse_rbd_opts_token() In preparation for _pool_ns client option, make rbd_spec available inside parse_rbd_opts_token(). Signed-off-by: Ilya Dryomov commit 2f56b6bae73b2d65ef4816ca89341facc53d3361 Author: Ilya Dryomov Date: Wed Jun 27 16:38:13 2018 +0200 libceph: amend "bad option arg" error message Don't mention "mount" -- in the rbd case it is "mapping". Signed-off-by: Ilya Dryomov commit 17173c82e3daa28742bf7732520e9bc2e0cb977d Author: Chengguang Xu Date: Wed Jun 27 21:05:08 2018 +0800 libceph: stop parsing when a bad int arg is detected There is no reason to continue option parsing after detecting bad option. [ Return match_int() errors from ceph_parse_options() to match the behaviour of parse_rbd_opts_token() and parse_fsopt_token(). ] Signed-off-by: Chengguang Xu Reviewed-by: Ilya Dryomov Signed-off-by: Ilya Dryomov commit c9ed51c9123ab5e8f79b7d53a9afd786b43d4fe6 Author: Ilya Dryomov Date: Wed Jun 27 16:42:51 2018 +0200 libceph: change ceph_pagelist_encode_string() to take u32 The wire format dictates that the length of string fits into 4 bytes. Take u32 instead of size_t to reflect that. We were already truncating len in ceph_pagelist_encode_32() -- this just pushes that truncation one level up. Signed-off-by: Ilya Dryomov commit 6d54228fd1f293d00576ab2c3d2e4992c7cce12f Author: Ilya Dryomov Date: Mon Jun 25 17:26:55 2018 +0200 libceph: make ceph_osdc_notify{,_ack}() payload_len u32 The wire format dictates that payload_len fits into 4 bytes. Take u32 instead of size_t to reflect that. All callers pass a small integer, so no changes required. Signed-off-by: Ilya Dryomov commit 93d35c754d97a57bda2a2c6c39dce9b67a9f3c99 Author: Chengguang Xu Date: Fri Jun 22 15:01:13 2018 +0800 ceph: restore ctime as well in the case of restoring old mode It's better to restore ctime as well in the case of restoring old mode in ceph_set_acl(). Signed-off-by: Chengguang Xu Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit f017754d6919f3bd9786710b07b4708293594f20 Author: Chengguang Xu Date: Wed Jun 20 15:42:55 2018 +0800 ceph: add retry logic for error -ERANGE in ceph_get_acl() When the size of acl extended attribution is larger than pre-allocated value buffer size, we will hit error '-ERANGE' and it's probabaly caused by concurrent get/set acl from different clients. In this case, current logic just sets acl to NULL so that we cannot get proper information but the operation looks successful. This patch adds retry logic for error -ERANGE and return -EIO if fail from the retry. Additionally, print real errno when failing from __ceph_getxattr(). Signed-off-by: Chengguang Xu Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov commit 28b9188483908b2579fc4bbb2ec07e9ffdca69f7 Author: Sergey Matyukevich Date: Thu Aug 2 13:40:43 2018 +0300 qtnfmac: implement basic WoWLAN support This patch implements basic WoWLAN support in qtnfmac driver, including processing of WoWLAN features reported by firmware and implementation of cfg80211 suspend/resume/wakeup callbacks. Currently the following WoWLAN triggers are supported: disconnect, magic packet, custom pattern packet. Signed-off-by: Sergey Matyukevich Signed-off-by: Kalle Valo commit a33ce21e2afcdc29b749f74a5ec489595c417907 Author: Stanislaw Gruszka Date: Tue Jul 31 14:41:04 2018 +0200 mt76x0: load firmware from mediatek subdir Firmware blob will be located in mediatek subdirectory. Add "u" suffix to indicate this is USB device firmware. Signed-off-by: Stanislaw Gruszka Signed-off-by: Kalle Valo commit 369bbecdbb2def6265c06512c44e1fbe6ad8e556 Author: Stanislaw Gruszka Date: Tue Jul 31 14:41:03 2018 +0200 mt76x0: disable HW before probe Disable HW before probe, otherwise after reboot we will fail to initialize MCU. Signed-off-by: Stanislaw Gruszka Signed-off-by: Kalle Valo commit 52abb142baa0f35291ac2f12b56e56fa071